r207486 - [analyzer] Don't crash when a construction is followed by an uninitialized variable.

Jordan Rose jordan_rose at apple.com
Mon Apr 28 18:56:12 PDT 2014 

Author: jrose
Date: Mon Apr 28 20:56:12 2014
New Revision: 207486

URL: http://llvm.org/viewvc/llvm-project?rev=207486&view=rev
Log:
[analyzer] Don't crash when a construction is followed by an uninitialized variable.

This could happen due to unfortunate CFG coincidences.

PR19579

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
    cfe/trunk/test/Analysis/ctor.mm

Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=207486&r1=207485&r2=207486&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Mon Apr 28 20:56:12 2014
@@ -128,7 +128,7 @@ static const MemRegion *getRegionForCons
     if (Optional<CFGStmt> StmtElem = Next.getAs<CFGStmt>()) {
       if (const DeclStmt *DS = dyn_cast<DeclStmt>(StmtElem->getStmt())) {
         if (const VarDecl *Var = dyn_cast<VarDecl>(DS->getSingleDecl())) {
-          if (Var->getInit()->IgnoreImplicit() == CE) {
+          if (Var->getInit() && Var->getInit()->IgnoreImplicit() == CE) {
             SVal LValue = State->getLValue(Var, LCtx);
             QualType Ty = Var->getType();
             LValue = makeZeroElementRegion(State, LValue, Ty);

Modified: cfe/trunk/test/Analysis/ctor.mm
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ctor.mm?rev=207486&r1=207485&r2=207486&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/ctor.mm (original)
+++ cfe/trunk/test/Analysis/ctor.mm Mon Apr 28 20:56:12 2014
@@ -674,3 +674,30 @@ namespace InitializerList {
     clang_analyzer_eval(list->usedInitializerList); // expected-warning{{UNKNOWN}}
   }
 }
+
+namespace PR19579 {
+  class C {};
+
+  struct S {
+    C c;
+    int i;
+  };
+
+  void f() {
+    C();
+    int a;
+  }
+
+  void g() {
+    // This order triggers the initialization of the inner "a" after the
+    // constructor for "C" is run, which used to confuse the analyzer
+    // (is "C()" the initialization of "a"?).
+    struct S s = {
+      C(),
+      ({
+        int a, b = 0;
+        0;
+      })
+    };
+  }
+}

More information about the cfe-commits mailing list