[cfe-commits] r143215 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m

Ted Kremenek kremenek at apple.com
Fri Oct 28 12:05:11 PDT 2011 

Author: kremenek
Date: Fri Oct 28 14:05:10 2011
New Revision: 143215

URL: http://llvm.org/viewvc/llvm-project?rev=143215&view=rev
Log:
[analyzer] ObjC message sends to nil receivers that return structs are now okay (compiler zeroes out the data).  Fixes <rdar://problem/9151319>.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
    cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m
    cfe/trunk/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp?rev=143215&r1=143214&r2=143215&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp Fri Oct 28 14:05:10 2011
@@ -297,26 +297,16 @@
   // Check the return type of the message expression.  A message to nil will
   // return different values depending on the return type and the architecture.
   QualType RetTy = msg.getType(Ctx);
-
   CanQualType CanRetTy = Ctx.getCanonicalType(RetTy);
 
   if (CanRetTy->isStructureOrClassType()) {
-    // FIXME: At some point we shouldn't rely on isConsumedExpr(), but instead
-    // have the "use of undefined value" be smarter about where the
-    // undefined value came from.
-    if (C.getPredecessor()->getParentMap().isConsumedExpr(msg.getOriginExpr())){
-      if (ExplodedNode *N = C.generateSink(state))
-        emitNilReceiverBug(C, msg, N);
-      return;
-    }
-
-    // The result is not consumed by a surrounding expression.  Just propagate
-    // the current state.
-    C.addTransition(state);
+    // Structure returns are safe since the compiler zeroes them out.
+    SVal V = C.getSValBuilder().makeZeroVal(msg.getType(Ctx));
+    C.addTransition(state->BindExpr(msg.getOriginExpr(), V));
     return;
   }
 
-  // Other cases: check if the return type is smaller than void*.
+  // Other cases: check if sizeof(return type) > sizeof(void*)
   if (CanRetTy != Ctx.VoidTy &&
       C.getPredecessor()->getParentMap().isConsumedExpr(msg.getOriginExpr())) {
     // Compute: sizeof(void *) and sizeof(return type)

Modified: cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m?rev=143215&r1=143214&r2=143215&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m (original)
+++ cfe/trunk/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m Fri Oct 28 14:05:10 2011
@@ -2,37 +2,31 @@
 
 // <rdar://problem/6888289> - This test case shows that a nil instance
 // variable can possibly be initialized by a method.
-typedef struct RDar6888289_data {
-  long data[100];
-} RDar6888289_data;
-
 @interface RDar6888289
 {
-  RDar6888289 *x;
+  id *x;
 }
-- (RDar6888289_data) test;
-- (RDar6888289_data) test2;
+- (void) test:(id) y;
+- (void) test2:(id) y;
 - (void) invalidate;
-- (RDar6888289_data) getData;
 @end
 
+id *getVal(void);
+
 @implementation RDar6888289
-- (RDar6888289_data) test {
+- (void) test:(id)y {
   if (!x)
     [self invalidate];
-  return [x getData];
+  *x = y;
 }
-- (RDar6888289_data) test2 {
+- (void) test2:(id)y {
   if (!x) {}
-  return [x getData]; // expected-warning{{The receiver of message 'getData' is nil and returns a value of type 'RDar6888289_data' that will be garbage}}
+  *x = y; // expected-warning {{null}}
 }
 
 - (void) invalidate {
-  x = self;
+  x = getVal();
 }
 
-- (RDar6888289_data) getData {
-  return (RDar6888289_data) { 0 };
-}
 @end
 

Modified: cfe/trunk/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m?rev=143215&r1=143214&r2=143215&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m (original)
+++ cfe/trunk/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m Fri Oct 28 14:05:10 2011
@@ -14,12 +14,12 @@
 
 void createFoo() {
   MyClass *obj = 0;  
-  Bar f = [obj foo]; // expected-warning{{The receiver of message 'foo' is nil and returns a value of type 'Bar' that will be garbage}}
+  Bar f = [obj foo]; // no-warning
 }
 
 void createFoo2() {
   MyClass *obj = 0;  
   [obj foo]; // no-warning
-  Bar f = [obj foo]; // expected-warning{{The receiver of message 'foo' is nil and returns a value of type 'Bar' that will be garbage}}
+  Bar f = [obj foo]; // no-warning
 }

More information about the cfe-commits mailing list