Skip to content

[Analyzer] No longer crash with VLA operands to unary type traits #154738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

[Analyzer] No longer crash with VLA operands to unary type traits #154738

merged 1 commit into from
Sep 3, 2025

Conversation

steakhal
Copy link
Contributor

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

(cherry picked from commit 1732748 with adjustments)
Dropping the ReleaseNotes part of the original patch.

The Static Analyzer release notes section will mention this patch in #154600

@steakhal steakhal added this to the LLVM 21.x Release milestone Aug 21, 2025
@steakhal steakhal requested a review from Xazax-hun August 21, 2025 11:52
@github-project-automation github-project-automation bot moved this to Needs Triage in LLVM Release Status Aug 21, 2025
@llvmbot llvmbot added the clang Clang issues not falling into any other category label Aug 21, 2025
@llvmbot
Copy link
Member

llvmbot commented Aug 21, 2025
edited
Loading

@llvm/pr-subscribers-clang

@llvm/pr-subscribers-clang-static-analyzer-1

Author: Balazs Benics (steakhal)

Changes

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

(cherry picked from commit 1732748 with adjustments)
Dropping the ReleaseNotes part of the original patch.

The Static Analyzer release notes section will mention this patch in #154600

Full diff: https://github.com/llvm/llvm-project/pull/154738.diff

2 Files Affected:

  • (modified) clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp (+2-1)
  • (added) clang/test/Analysis/engine/gh151711.cpp (+18)
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index fa8e669b6bb2f..ab29f86cec326 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -916,7 +916,8 @@ VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex,
   QualType T = Ex->getTypeOfArgument();
 
   for (ExplodedNode *N : CheckedSet) {
-    if (Ex->getKind() == UETT_SizeOf) {
+    if (Ex->getKind() == UETT_SizeOf || Ex->getKind() == UETT_DataSizeOf ||
+        Ex->getKind() == UETT_CountOf) {
       if (!T->isIncompleteType() && !T->isConstantSizeType()) {
         assert(T->isVariableArrayType() && "Unknown non-constant-sized type.");
 
diff --git a/clang/test/Analysis/engine/gh151711.cpp b/clang/test/Analysis/engine/gh151711.cpp
new file mode 100644
index 0000000000000..a9950a7a3b9d0
--- /dev/null
+++ b/clang/test/Analysis/engine/gh151711.cpp
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -x c %s
+
+void clang_analyzer_dump(int);
+
+// Ensure that VLA types are correctly handled by unary type traits in the
+// expression engine. Previously, __datasizeof and _Countof both caused failed
+// assertions.
+void gh151711(int i) {
+  clang_analyzer_dump(sizeof(int[i++]));       // expected-warning {{Unknown}}
+#ifdef __cplusplus
+  // __datasizeof is only available in C++.
+  clang_analyzer_dump(__datasizeof(int[i++])); // expected-warning {{Unknown}}
+#else
+  // _Countof is only available in C.
+  clang_analyzer_dump(_Countof(int[i++]));     // expected-warning {{Unknown}}
+#endif
+}

@steakhal steakhal mentioned this pull request Aug 21, 2025
Merged
@tru tru moved this from Needs Triage to Needs Review in LLVM Release Status Aug 25, 2025
@steakhal
Copy link
Contributor Author

@Xazax-hun Please have a look.

Xazax-hun
Xazax-hun approved these changes Aug 27, 2025
View reviewed changes
Copy link
Collaborator

@Xazax-hun Xazax-hun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG, this is also low risk and high value. Good candidate to backport. Thanks a lot for cherry picking!

@github-project-automation github-project-automation bot moved this from Needs Review to Needs Merge in LLVM Release Status Aug 27, 2025
@tru tru force-pushed the backport/vla-crash-fix branch from 4de2492 to 33e18ac Compare September 3, 2025 10:06
@tru tru merged commit 33e18ac into llvm:release/21.x Sep 3, 2025
@github-project-automation github-project-automation bot moved this from Needs Merge to Done in LLVM Release Status Sep 3, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 3, 2025

@steakhal (or anyone else). If you would like to add a note about this fix in the release notes (completely optional). Please reply to this comment with a one or two sentence description of the fix. When you are done, please add the release:note label to this PR.

@AaronBallman @tru
[Analyzer] No longer crash with VLA operands to unary type traits (ll…
33e18ac 
…vm#151719)

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes llvm#151711

(cherry picked from commit 1732748 with adjustments)
Dropping the ReleaseNotes part of the original patch.
@steakhal steakhal deleted the backport/vla-crash-fix branch September 3, 2025 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xazax-hun Xazax-hun Xazax-hun approved these changes

Assignees
No one assigned
Labels
clang:static analyzer clang Clang issues not falling into any other category release:backport
Projects
LLVM Release Status
Status: Done
Milestone
LLVM 21.x Release
Development

Successfully merging this pull request may close these issues.
5 participants
@steakhal @llvmbot @Xazax-hun @tru @AaronBallman