Open peckto opened 1 year ago
The alpha.cplusplus.IteratorRange checker is missing the following trivial example:
#include <vector> int main() { std::vector<int> v; v.erase(v.begin(), v.begin() + 5); return 0; }
v.begin() + 5 is clearly past-the-end iterator.
v.begin() + 5
Whereas, in the following example the bug is reported:
#include <vector> int main() { std::vector<int> v; for (auto &c : v) { } v.erase(v.begin(), v.begin() + 5); return 0; }
$ clang++-16 --analyze -Xclang -analyzer-config -Xclang aggressive-binary-operation-simplification=true -Xanalyzer -analyzer-checker=alpha.cplusplus main.cpp main.cpp:7:24: warning: Iterator incremented behind the past-the-end iterator [alpha.cplusplus.IteratorRange] v.erase(v.begin(), v.begin() + 5); ^~~~~~~~~~~~~
(Same behavior when running via CodeChecker)
I have no clue why for loop is necessary to find the bug. Maybe it's too trivial and clangsa thinks, the variable is not used and cut by the optimizer? When executing, both example crash as expected with Segmentation fault.
Segmentation fault
Tested with clang-14 and clang-16:
Debian clang version 14.0.6 Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/bin
Debian clang version 16.0.0 (++20230317013132+08d094a0e457-1~exp1~20230317133238.60) Target: x86_64-pc-linux-gnu Thread model: posix InstalledDir: /usr/bin
@llvm/issue-subscribers-clang-static-analyzer
The alpha.cplusplus.IteratorRange checker is missing the following trivial example:
v.begin() + 5
is clearly past-the-end iterator.Whereas, in the following example the bug is reported:
(Same behavior when running via CodeChecker)
I have no clue why for loop is necessary to find the bug. Maybe it's too trivial and clangsa thinks, the variable is not used and cut by the optimizer? When executing, both example crash as expected with
Segmentation fault
.Tested with clang-14 and clang-16: