Skip to content

[Analyzer] No longer crash with VLA operands to unary type traits #151719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 1, 2025
Merged

[Analyzer] No longer crash with VLA operands to unary type traits #151719

merged 3 commits into from
Aug 1, 2025

Conversation

AaronBallman
Copy link
Collaborator

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

@AaronBallman
[Analyzer] No longer crash with VLA operands to unary type traits
0333c6c 
sizeof was handled correctly, but __datasizeof and _Countof were
not.

Fixes llvm#151711
@AaronBallman
Add test file
e9899c3
@AaronBallman AaronBallman added clang Clang issues not falling into any other category c++ clang:static analyzer crash-on-valid c2y labels Aug 1, 2025
@llvmbot
Copy link
Member

llvmbot commented Aug 1, 2025

@llvm/pr-subscribers-clang-static-analyzer-1

Author: Aaron Ballman (AaronBallman)

Changes

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

Full diff: https://github.com/llvm/llvm-project/pull/151719.diff

3 Files Affected:

  • (modified) clang/docs/ReleaseNotes.rst (+2)
  • (modified) clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp (+2-1)
  • (added) clang/test/Analysis/engine/gh151711.cpp (+18)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 4a2edae7509de..69b5605df52d6 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -241,6 +241,8 @@ Static Analyzer
 ---------------
 - The Clang Static Analyzer now handles parenthesized initialization.
   (#GH148875)
+- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion
+  when given an operand of VLA type. (#GH151711)
 
 New features
 ^^^^^^^^^^^^
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index f1a25a750dd0d..4ddf8fd5b4b0f 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -868,7 +868,8 @@ VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex,
   QualType T = Ex->getTypeOfArgument();
 
   for (ExplodedNode *N : CheckedSet) {
-    if (Ex->getKind() == UETT_SizeOf) {
+    if (Ex->getKind() == UETT_SizeOf || Ex->getKind() == UETT_DataSizeOf ||
+        Ex->getKind() == UETT_CountOf) {
       if (!T->isIncompleteType() && !T->isConstantSizeType()) {
         assert(T->isVariableArrayType() && "Unknown non-constant-sized type.");
 
diff --git a/clang/test/Analysis/engine/gh151711.cpp b/clang/test/Analysis/engine/gh151711.cpp
new file mode 100644
index 0000000000000..8d8488e3bc1f8
--- /dev/null
+++ b/clang/test/Analysis/engine/gh151711.cpp
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify -x c -std=c2y %s
+// expected-no-diagnostics
+
+// Ensure that VLA types are correctly handled by unary type traits in the
+// expression engine. Previously, __datasizeof and _Countof both caused failed
+// assertions.
+void gh151711(int i) {
+  (void)sizeof(int[i++]);
+
+#ifdef __cplusplus
+  // __datasizeof is only available in C++.
+  (void)__datasizeof(int[i++]);
+#else
+  // _Countof is only available in C.
+  (void)_Countof(int[i++]);
+#endif
+}

@llvmbot
Copy link
Member

llvmbot commented Aug 1, 2025

@llvm/pr-subscribers-clang

Author: Aaron Ballman (AaronBallman)

Changes

sizeof was handled correctly, but __datasizeof and _Countof were not.

Fixes #151711

Full diff: https://github.com/llvm/llvm-project/pull/151719.diff

3 Files Affected:

  • (modified) clang/docs/ReleaseNotes.rst (+2)
  • (modified) clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp (+2-1)
  • (added) clang/test/Analysis/engine/gh151711.cpp (+18)
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 4a2edae7509de..69b5605df52d6 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -241,6 +241,8 @@ Static Analyzer
 ---------------
 - The Clang Static Analyzer now handles parenthesized initialization.
   (#GH148875)
+- ``__datasizeof`` (C++) and ``_Countof`` (C) no longer cause a failed assertion
+  when given an operand of VLA type. (#GH151711)
 
 New features
 ^^^^^^^^^^^^
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index f1a25a750dd0d..4ddf8fd5b4b0f 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -868,7 +868,8 @@ VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex,
   QualType T = Ex->getTypeOfArgument();
 
   for (ExplodedNode *N : CheckedSet) {
-    if (Ex->getKind() == UETT_SizeOf) {
+    if (Ex->getKind() == UETT_SizeOf || Ex->getKind() == UETT_DataSizeOf ||
+        Ex->getKind() == UETT_CountOf) {
       if (!T->isIncompleteType() && !T->isConstantSizeType()) {
         assert(T->isVariableArrayType() && "Unknown non-constant-sized type.");
 
diff --git a/clang/test/Analysis/engine/gh151711.cpp b/clang/test/Analysis/engine/gh151711.cpp
new file mode 100644
index 0000000000000..8d8488e3bc1f8
--- /dev/null
+++ b/clang/test/Analysis/engine/gh151711.cpp
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify -x c -std=c2y %s
+// expected-no-diagnostics
+
+// Ensure that VLA types are correctly handled by unary type traits in the
+// expression engine. Previously, __datasizeof and _Countof both caused failed
+// assertions.
+void gh151711(int i) {
+  (void)sizeof(int[i++]);
+
+#ifdef __cplusplus
+  // __datasizeof is only available in C++.
+  (void)__datasizeof(int[i++]);
+#else
+  // _Countof is only available in C.
+  (void)_Countof(int[i++]);
+#endif
+}

steakhal
steakhal reviewed Aug 1, 2025
View reviewed changes
Copy link
Contributor

@steakhal steakhal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, thanks for the fix.

@steakhal
Copy link
Contributor

steakhal commented Aug 1, 2025

Hold on, the issue you fixed here was only opened like 30 minutes ago, how did you patch this in just 10 minutes?

@AaronBallman
Copy link
Collaborator Author

Hold on, the issue you fixed here was only opened like 30 minutes ago, how did you patch this in just 10 minutes?

I happened to triage the issue and went "I wonder what's going on?" then saw what was happening and realized "I just had to do this dance for _Countof and I think I missed this spot". :-D

steakhal
steakhal approved these changes Aug 1, 2025
View reviewed changes
Copy link
Contributor

@steakhal steakhal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please merge this once the CI is green. Thank you!

@AaronBallman AaronBallman merged commit 1732748 into llvm:main Aug 1, 2025
10 checks passed
@AaronBallman AaronBallman deleted the aballman-gh151711 branch August 1, 2025 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xazax-hun Xazax-hun Xazax-hun approved these changes

@steakhal steakhal steakhal approved these changes

@haoNoQ haoNoQ Awaiting requested review from haoNoQ

Assignees
No one assigned
Labels
c++ c2y clang:static analyzer clang Clang issues not falling into any other category crash-on-valid
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[analyzer] crashes on __datasizeof
4 participants
@AaronBallman @llvmbot @steakhal @Xazax-hun