NagyDonat wrote:
Since suggesting that "matrix" testcase I realized that it won't work, because
`ArrayBoundV2` doesn't perform bounds checking for the lower-dimensional
sub-arrays of a multidimensional array (it only checks that the accessed memory
location is within the full array). For example in `int matrix[10][10];` it
reports that `matrix[1][200]` overflows the bounds of "matrix", but doesn't
report `matrix[1][50]`. I tried to eliminate this limitation, but that patch
had to be reverted because the meaning of `ElementRegion` is ambiguous.
Due to this limitation, it's a bit difficult to ensure that `ArrayBoundV2`
calls `getDescriptiveName()` on an `ElementRegion`, but I think adding a
`FieldRegion` layer should work:
```
struct {
int numbers[10];
} table[100];
int func(int x, int y) {
int tmp = x;
x = y;
y = tmp;
return table[x].numbers[-1];
}
```
Here I expect that the checker would (incorrectly) report something like
`Access of 'table[y].numbers' at negative byte offset`.
https://github.com/llvm/llvm-project/pull/85104
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
