Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work). This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values.

llvm-svn: 112766

clang/lib/Checker/RegionStore.cpp

@@ -1193,13 +1193,18 @@ SVal RegionStoreManager::RetrieveFieldOrElementCommon(Store store,
   }
 
   if (R->hasStackNonParametersStorage()) {
-    if (isa<ElementRegion>(R)) {
+    if (const ElementRegion *ER = dyn_cast<ElementRegion>(R)) {
       // Currently we don't reason specially about Clang-style vectors.  Check
       // if superR is a vector and if so return Unknown.
       if (const TypedRegion *typedSuperR = dyn_cast<TypedRegion>(superR)) {
         if (typedSuperR->getValueType()->isVectorType())
           return UnknownVal();
       }
+      
+      // FIXME: We also need to take ElementRegions with symbolic indexes into
+      // account.
+      if (!ER->getIndex().isConstant())
+        return UnknownVal();
     }
 
     return UndefinedVal();

clang/test/Analysis/misc-ps-region-store.m

@@ -1090,3 +1090,29 @@ pr8052(u_int boot_addr)
         *dst++ = *src++;
 }
 
+// PR 8015 - don't return undefined values for arrays when using a valid
+// symbolic index
+int pr8015_A();
+void pr8015_B(const char *);
+
+void pr8015_C() {
+  int number = pr8015_A();
+  const char *numbers[] = { "zero" };    
+  if (number == 0) {
+      pr8015_B(numbers[number]); // no-warning
+  }
+}
+
+// FIXME: This is a false positive due to not reasoning about symbolic
+// array indices correctly.  Discussion in PR 8015.
+void pr8015_D_FIXME() {
+  int number = pr8015_A();
+  const char *numbers[] = { "zero" };
+  if (number == 0) {
+    if (numbers[number] == numbers[0])
+      return;
+    int *p = 0;
+    *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer}}
+  }
+}
+