Skip to content

Commit

Permalink
[analyzer] Fix false negative on post-increment of uninitialized vari…
Browse files Browse the repository at this point in the history
…able.

Summary:
Currently clang static analyzer does warn on:
```
int x;
x+=1;
x-=1;
x=x+1;
x=x-1;
```
But does warn on:
```
int x;
x++;
x--;
--x;
++x;
```

This differential should fix that.
Fixes https://bugs.llvm.org/show_bug.cgi?id=35419

Reviewers: dcoughlin, NoQ

Reviewed By: dcoughlin

Subscribers: NoQ, xazax.hun, szepet, cfe-commits, a.sidorin

Tags: #clang

Differential Revision: https://reviews.llvm.org/D40463

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@319411 91177308-0d34-0410-b5e6-96231b3b80d8
  • Loading branch information
LebedevRI committed Nov 30, 2017
1 parent e7af182 commit d9b383b
Show file tree
Hide file tree
Showing 6 changed files with 589 additions and 541 deletions.
3 changes: 3 additions & 0 deletions docs/ReleaseNotes.rst
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,9 @@ libclang
Static Analyzer
---------------

- Static Analyzer can now properly detect and diagnose unary pre-/post-
increment/decrement on an uninitialized value.

...

Undefined Behavior Sanitizer (UBSan)
Expand Down
8 changes: 8 additions & 0 deletions lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,14 @@ void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
const Expr *ex = nullptr;

while (StoreE) {
if (const UnaryOperator *U = dyn_cast<UnaryOperator>(StoreE)) {
str = "The expression is an uninitialized value. "
"The computed value will also be garbage";

ex = U->getSubExpr();
break;
}

if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
if (B->isCompoundAssignmentOp()) {
ProgramStateRef state = C.getState();
Expand Down
9 changes: 8 additions & 1 deletion lib/StaticAnalyzer/Core/ExprEngineC.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1043,7 +1043,14 @@ void ExprEngine::VisitIncrementDecrementOperator(const UnaryOperator* U,

// Propagate unknown and undefined values.
if (V2_untested.isUnknownOrUndef()) {
Bldr.generateNode(U, *I, state->BindExpr(U, LCtx, V2_untested));
state = state->BindExpr(U, LCtx, V2_untested);

// Perform the store, so that the uninitialized value detection happens.
Bldr.takeNodes(*I);
ExplodedNodeSet Dst3;
evalStore(Dst3, U, U, *I, state, loc, V2_untested);
Bldr.addNodes(Dst3);

continue;
}
DefinedSVal V2 = V2_untested.castAs<DefinedSVal>();
Expand Down
Loading

0 comments on commit d9b383b

Please sign in to comment.