[cfe-commits] r168741 - in /cfe/trunk: lib/StaticAnalyzer/Core/RegionStore.cpp test/Analysis/misc-ps-region-store.cpp
Ted Kremenek
kremenek at apple.com
Tue Nov 27 15:05:37 PST 2012
Author: kremenek
Date: Tue Nov 27 17:05:37 2012
New Revision: 168741
URL: http://llvm.org/viewvc/llvm-project?rev=168741&view=rev
Log:
Provide stop-gap solution to crash reported in PR 14436.
This was also covered by <rdar://problem/12753384>. The static analyzer
evaluates a CXXConstructExpr within an initializer expression and
RegionStore doesn't know how to handle the resulting CXXTempObjectRegion
that gets created. We need a better solution than just dropping the
value, but we need to better understand how to implement the right
semantics here.
Thanks to Jordan for his help diagnosing the behavior here.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
cfe/trunk/test/Analysis/misc-ps-region-store.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=168741&r1=168740&r2=168741&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Tue Nov 27 17:05:37 2012
@@ -1581,14 +1581,16 @@
Size = CAT->getSize().getZExtValue();
// Check if the init expr is a string literal.
- if (loc::MemRegionVal *MRV = dyn_cast<loc::MemRegionVal>(&Init)) {
- const StringRegion *S = cast<StringRegion>(MRV->getRegion());
-
- // Treat the string as a lazy compound value.
- nonloc::LazyCompoundVal LCV =
- cast<nonloc::LazyCompoundVal>(svalBuilder.
- makeLazyCompoundVal(StoreRef(store, *this), S));
- return BindAggregate(store, R, LCV);
+ if (const MemRegion *Reg = Init.getAsRegion()) {
+ if (const StringRegion *S = dyn_cast<StringRegion>(Reg)) {
+ // Treat the string as a lazy compound value.
+ NonLoc V = svalBuilder.makeLazyCompoundVal(StoreRef(store, *this), S);
+ return BindAggregate(store, R, V);
+ }
+ // FIXME: Handle CXXTempObjectRegion, which can occur in cases
+ // where a struct contains an array of structs in C++.
+ assert(isa<CXXTempObjectRegion>(Reg));
+ return BindAggregate(store, R, UnknownVal());
}
// Handle lazy compound values.
Modified: cfe/trunk/test/Analysis/misc-ps-region-store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.cpp?rev=168741&r1=168740&r2=168741&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.cpp (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.cpp Tue Nov 27 17:05:37 2012
@@ -633,3 +633,26 @@
test_alloca_in_a_recursive_function(1);
test_alloca_in_a_recursive_function(2);
}
+
+//===---------------------------------------------------------------------===//
+// Random tests.
+//===---------------------------------------------------------------------===//
+
+// Tests assigning using a C-style initializer to a struct
+// variable whose sub-field is also a struct. This currently
+// results in a CXXTempObjectRegion being created, but not
+// properly handled. For now, we just ignore that value
+// to avoid a crash (<rdar://problem/12753384>).
+struct RDar12753384_ClassA {
+ unsigned z;
+};
+struct RDar12753384_ClassB {
+ unsigned x;
+ RDar12753384_ClassA y[ 8 ] ;
+};
+unsigned RDar12753384() {
+ RDar12753384_ClassB w = { 0x00 };
+ RDar12753384_ClassA y[8];
+ return w.x;
+}
+
More information about the cfe-commits
mailing list