dcoughlin added a comment.
This is such a nasty bug! It is great to see a fix. I have two comments inline,
one of which is just a nit.
================
Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1404
+ // When trying to dereference a void pointer, read the first byte.
+ T = Ctx.CharTy;
+ }
----------------
Nit: It seems a bit odd to read the first byte here since (unless I'm
misunderstanding) this would never be triggered by actual C semantics, only by
a checker. Did you consider just returning UnknownVal() in this case?
================
Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1408
}
+ assert(!T.isNull() && "Unable to auto-detect binding type!");
+ assert(!T->isVoidType() && "Attempted to retrieve a void value!");
----------------
I think you missed handling the AllocaRegion case from the old version in your
new version. This means the assert will fire on the following when core.alpha
is enabled:
```
void foo(void *dest) {
void *src = __builtin_alloca(5);
memcpy(dest, src, 1);
}
```
https://reviews.llvm.org/D38358
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
