[analyzer] Fix assertion on casting SVal to NonLoc inside the Iterato…

…rRange checker The checker assumed that it could safely cast an SVal to Nonloc. This surfaced because, with std::ranges, we can unintentionally match on other APIs as well, thus increasing the likelihood of violating checker assumptions about the context it's invoked. https://godbolt.org/z/13vEb3K76 See the discourse post on CallDescriptions and std::ranges here. https://discourse.llvm.org/t/calldescriptions-should-not-skip-the-ranges-part-in-std-names-when-matching/73076 Fixes #65009 Differential Revision: https://reviews.llvm.org/D158968
llvm · Aug 28, 2023 · 985e399 · 985e399
1 parent b91b4ec
commit 985e399
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/IteratorRangeChecker.cpp
@@ -228,7 +228,7 @@ void IteratorRangeChecker::verifyRandomIncrOrDecr(CheckerContext &C,
     Value = State->getRawSVal(*ValAsLoc);
   }
 
-  if (Value.isUnknownOrUndef())
+  if (Value.isUnknownOrUndef() || !isa<NonLoc>(Value))
     return;
 
   // Incremention or decremention by 0 is never a bug.

diff --git a/clang/test/Analysis/iterator-range.cpp b/clang/test/Analysis/iterator-range.cpp
@@ -946,3 +946,14 @@ int uninit_var(int n) {
   // expected-warning@-1 {{The right operand of '-' is a garbage value}}
   // expected-note@-2 {{The right operand of '-' is a garbage value}}
 }
+
+namespace std {
+namespace ranges {
+  template <class InOutIter, class Sentinel>
+  InOutIter next(InOutIter, Sentinel);
+} // namespace ranges
+} // namespace std
+
+void gh65009__no_crash_on_ranges_next(int **begin, int **end) {
+  (void)std::ranges::next(begin, end); // no-crash
+}