Fix bug in BasicStore::getLValueElement where if the base of an array subscript expression was an ElementRegion we stacked another ElementRegion on top of that.

This fixes PR 3422. llvm-svn: 63110
2009-01-27 18:29:03 +00:00 · 2009-01-27 18:29:03 +00:00 · 422d81dcd4
parent a3402cd524
commit 422d81dcd4
2 changed files with 20 additions and 2 deletions
--- a/clang/lib/Analysis/BasicStore.cpp
+++ b/clang/lib/Analysis/BasicStore.cpp
@ -203,7 +203,6 @@ SVal BasicStoreManager::getLValueField(const GRState* St, SVal Base,
 SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base,
                                         SVal Offset) {

-  
  if (Base.isUnknownOrUndef())
    return Base;
  
@ -233,6 +232,17 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base,
      
    case loc::MemRegionKind: {
      const MemRegion *R = cast<loc::MemRegionVal>(BaseL).getRegion();
+      
+      if (isa<ElementRegion>(R)) {
+        // Basic example:
+        //   char buf[100];
+        //   char *q = &buf[1];  // p points to ElementRegion(buf,Unknown)
+        //   &q[10]
+        assert(cast<ElementRegion>(R)->getIndex().isUnknown());
+        return Base;
+      }
+      
+      
      if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) {
        BaseR = TR;
        break;
@ -244,7 +254,7 @@ SVal BasicStoreManager::getLValueElement(const GRState* St, SVal Base,
      
      break;
    }
-      
+
    case loc::ConcreteIntKind:
      // While these seem funny, this can happen through casts.
      // FIXME: What we should return is the field offset.  For example,
--- a/clang/test/Analysis/misc-ps.m
+++ b/clang/test/Analysis/misc-ps.m
@ -100,3 +100,11 @@ void handle_sizeof_void(unsigned flag) {
  *p = 1; // no-warning
 }

+// PR 3422
+void pr3422_helper(char *p);
+void pr3422() {
+  char buf[100];
+  char *q = &buf[10];
+  pr3422_helper(&q[1]);
+}
+