maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Teach RegionStore::EnterStackFrame() to handle 

the case where the called function has fewer
formal arguments than actual arguments.  This
fixes a crash in the analyzer when doing
function call inlining.

Patch by Zhenbo Xu!

llvm-svn: 123458
This commit is contained in:
Ted Kremenek 2011-01-14 20:29:43 +00:00
parent b498f9aff3
commit 95d874fa5d
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clang/lib/StaticAnalyzer/RegionStore.cpp
View File

@ -1868,17 +1868,20 @@ Store RegionStoreManager::RemoveDeadBindings(Store store,
Store RegionStoreManager::EnterStackFrame(const GRState *state,
const StackFrameContext *frame) {
FunctionDecl const *FD = cast<FunctionDecl>(frame->getDecl());
FunctionDecl::param_const_iterator PI = FD->param_begin();
FunctionDecl::param_const_iterator PI = FD->param_begin(),
PE = FD->param_end();
Store store = state->getStore();
if (CallExpr const *CE = dyn_cast<CallExpr>(frame->getCallSite())) {
CallExpr::const_arg_iterator AI = CE->arg_begin(), AE = CE->arg_end();
// Copy the arg expression value to the arg variables.
for (; AI != AE; ++AI, ++PI) {
// Copy the arg expression value to the arg variables. We check that
// PI != PE because the actual number of arguments may be different than
// the function declaration.
for (; AI != AE && PI != PE; ++AI, ++PI) {
SVal ArgVal = state->getSVal(*AI);
store = Bind(store,
svalBuilder.makeLoc(MRMgr.getVarRegion(*PI,frame)), ArgVal);
svalBuilder.makeLoc(MRMgr.getVarRegion(*PI, frame)), ArgVal);
}
} else if (const CXXConstructExpr *CE =
dyn_cast<CXXConstructExpr>(frame->getCallSite())) {

16
clang/test/Analysis/inline.c
View File

@ -1,14 +1,14 @@
// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-inline-call -analyzer-store region -verify %s
int f1() {
int test1_f1() {
int y = 1;
y++;
return y;
}
void f2() {
void test1_f2() {
int x = 1;
x = f1();
x = test1_f1();
if (x == 1) {
int *p = 0;
*p = 3; // no-warning
@ -18,3 +18,13 @@ void f2() {
*p = 3; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}}
}
}
// Test that inlining works when the declared function has less arguments
// than the actual number in the declaration.
void test2_f1() {}
int test2_f2();
void test2_f3() {
test2_f1(test2_f2()); // expected-warning{{too many arguments in call to 'test2_f1'}}
}