[analyzer] Return an UnknownVal when we try to get the binding for a VLA.

This happens in C++ mode right at the declaration of a struct VLA; MallocChecker sees a bind and tries to get see if it's an escaping bind. It's likely that our handling of this is still incomplete, but it fixes a crash on valid without disturbing anything else for now. llvm-svn: 158587
2012-06-16 01:28:00 +00:00 · 2012-06-16 01:28:00 +00:00 · e42412be39
parent 144a2ac89d
commit e42412be39
2 changed files with 23 additions and 3 deletions
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@ -1055,8 +1055,12 @@ SVal RegionStoreManager::getBinding(Store store, Loc L, QualType T) {
  if (RTy->isUnionType())
    return UnknownVal();

-  if (RTy->isArrayType())
-    return getBindingForArray(store, R);
+  if (RTy->isArrayType()) {
+    if (RTy->isConstantArrayType())
+      return getBindingForArray(store, R);
+    else
+      return UnknownVal();
+  }

  // FIXME: handle Vector types.
  if (RTy->isVectorType())
--- a/clang/test/Analysis/cxx-crashes.cpp
+++ b/clang/test/Analysis/cxx-crashes.cpp
@ -1,4 +1,6 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -verify %s
+
+void clang_analyzer_eval(bool);

 int f1(char *dst) {
  char *p = dst + 4;
@ -54,3 +56,17 @@ struct C {
 void C::f() { }

 }
+
+
+void vla(int n) {
+  int nums[n];
+  nums[0] = 1;
+  clang_analyzer_eval(nums[0] == 1); // expected-warning{{TRUE}}
+  
+  // This used to fail with MallocChecker on, and /only/ in C++ mode.
+  // This struct is POD, though, so it should be fine to put it in a VLA.
+  struct { int x; } structs[n];
+  structs[0].x = 1;
+  clang_analyzer_eval(structs[0].x == 1); // expected-warning{{TRUE}}
+}
+