[analyzer][NFC] Add ArrayBoundV2 testcase to document bad cast modeling #108799
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a FIXME testcase which documents less than ideal behavior of the analyzer when a `const char *` is converted to `const unsigned char *`. This testcase is motivated by an ArrayBoundV2 report produced on the source file `id3v2enc.c` within the ffmpeg project.
|
@llvm/pr-subscribers-clang Author: Donát Nagy (NagyDonat) ChangesAdd a FIXME testcase which documents less than ideal behavior of the analyzer when a Full diff: https://github.com/llvm/llvm-project/pull/108799.diff 1 Files Affected:
diff --git a/clang/test/Analysis/out-of-bounds.c b/clang/test/Analysis/out-of-bounds.c
index 1f771c2b3bd138..9b9cc368af94dc 100644
--- a/clang/test/Analysis/out-of-bounds.c
+++ b/clang/test/Analysis/out-of-bounds.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify %s
+// RUN: %clang_analyze_cc1 -Wno-array-bounds -Wno-pointer-sign -analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify %s
void clang_analyzer_eval(int);
@@ -194,3 +194,19 @@ char test_comparison_with_extent_symbol(struct incomplete *p) {
return ((char *)p)[-1]; // no-warning
}
+
+typedef unsigned char uint8_t;
+static int string_is_ascii(const uint8_t *str) {
+ while (*str && *str < 128) str++;
+ // expected-warning@-1 {{Out of bound access to memory}}
+ return !*str;
+}
+void test_charptr_ucharptr_conversion(void) {
+ const char *s = "";
+ // NOTE: This code passes a `const char *` to a `const unsigned char *`
+ // parameter, which is a bit dodgy (it would be reported by -Wpointer-sign),
+ // but works on platforms where `char` is unsigned.
+ // FIXME: The analyzer is confused by this conversion and cannot deduce that
+ // `*str` is immediately equal to zero within `string_is_ascii()`.
+ string_is_ascii(s);
+}
|
|
This PR is primarily a "note to self", but it is NFC and ready to be merged if we think that it'd be better to keep this reminder within the repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a FIXME testcase which documents less than ideal behavior of the analyzer when a
const char *is converted toconst unsigned char *. This testcase is motivated by an ArrayBoundV2 report produced on the source fileid3v2enc.cwithin the ffmpeg project.