Bug hunting; Better result from function that returns unknown pointer result

2020-12-14 17:53:28 +01:00 · 2020-12-14 17:53:28 +01:00 · 116119083b
parent ab3614b4e2
commit 116119083b
2 changed files with 24 additions and 3 deletions
--- a/lib/exprengine.cpp
+++ b/lib/exprengine.cpp
@ -1635,6 +1635,19 @@ static ExprEngine::ValuePtr getValueRangeFromValueType(const std::string &name,

 static ExprEngine::ValuePtr getValueRangeFromValueType(const ValueType *valueType, Data &data)
 {
+    if (valueType && valueType->pointer) {
+        ExprEngine::ValuePtr val;
+        if (valueType->pointer == 0 && valueType->isIntegral()) {
+            ValueType datatype(*valueType);
+            datatype.pointer = 0;
+            val = getValueRangeFromValueType(data.getNewSymbolName(), &datatype, *data.settings);
+        }
+        if (!val)
+            val = std::make_shared<ExprEngine::BailoutValue>();
+        auto bufferSize = std::make_shared<ExprEngine::IntRange>(data.getNewSymbolName(), 1, ExprEngine::ArrayValue::MAXSIZE);
+        return std::make_shared<ExprEngine::ArrayValue>(data.getNewSymbolName(), bufferSize, val, true, true, false);
+    }
+
    if (!valueType || valueType->pointer)
        return ExprEngine::ValuePtr();
    if (valueType->container) {
@ -1837,11 +1850,10 @@ static ExprEngine::ValuePtr executeAssign(const Token *tok, Data &data)
            if (rhsValue)
                call(data.callbacks, tok->astOperand2(), rhsValue, &data);
        }
+        if (!rhsValue)
+            rhsValue = std::make_shared<ExprEngine::BailoutValue>();
    }

-    if (!rhsValue)
-        rhsValue = std::make_shared<ExprEngine::BailoutValue>();
-
    ExprEngine::ValuePtr assignValue;
    if (tok->str() == "=")
        assignValue = rhsValue;
--- a/test/testexprengine.cpp
+++ b/test/testexprengine.cpp
@ -98,6 +98,7 @@ private:
        TEST_CASE(functionCall2);
        TEST_CASE(functionCall3);
        TEST_CASE(functionCall4);
+        TEST_CASE(functionCall5);

        TEST_CASE(functionCallContract1);

@ -724,6 +725,14 @@ private:
        ASSERT_EQUALS("1:2147483647", getRange("void f() { sizeof(data); }", "sizeof(data)"));
    }

+    void functionCall5() { // unknown result from function, pointer type..
+        ASSERT_EQUALS("1:36: $3=ArrayValue([$2],[:]=bailout,null)\n"
+                      "1:36: $2=IntRange(1:2147483647)\n"
+                      "1:36: bailout=BailoutValue(bailout)\n"
+                      "1:46: 0:memory:{p=($3,[$2],[:]=bailout)}\n",
+                      trackExecution("char *foo(int); void bar() { char *p = foo(1); }"));
+    }
+
    void functionCallContract1() {
        const char code[] = "void foo(int x);\n"
                            "void bar(unsigned short x) { foo(x); }";