r207486 - [analyzer] Don't crash when a construction is followed by an uninitialized variable.

David Blaikie dblaikie at gmail.com
Mon Apr 28 19:32:36 PDT 2014 

On Mon, Apr 28, 2014 at 6:56 PM, Jordan Rose <jordan_rose at apple.com> wrote:
> Author: jrose
> Date: Mon Apr 28 20:56:12 2014
> New Revision: 207486
>
> URL: http://llvm.org/viewvc/llvm-project?rev=207486&view=rev
> Log:
> [analyzer] Don't crash when a construction is followed by an uninitialized variable.

"Don't crash" is a pretty low bar for a test case - what was the
actual expected behavior that was hiding behind the crash and is still
not verified by this test, if any?

>
> This could happen due to unfortunate CFG coincidences.
>
> PR19579
>
> Modified:
>     cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
>     cfe/trunk/test/Analysis/ctor.mm
>
> Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=207486&r1=207485&r2=207486&view=diff
> ==============================================================================
> --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original)
> +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Mon Apr 28 20:56:12 2014
> @@ -128,7 +128,7 @@ static const MemRegion *getRegionForCons
>      if (Optional<CFGStmt> StmtElem = Next.getAs<CFGStmt>()) {
>        if (const DeclStmt *DS = dyn_cast<DeclStmt>(StmtElem->getStmt())) {
>          if (const VarDecl *Var = dyn_cast<VarDecl>(DS->getSingleDecl())) {
> -          if (Var->getInit()->IgnoreImplicit() == CE) {
> +          if (Var->getInit() && Var->getInit()->IgnoreImplicit() == CE) {
>              SVal LValue = State->getLValue(Var, LCtx);
>              QualType Ty = Var->getType();
>              LValue = makeZeroElementRegion(State, LValue, Ty);
>
> Modified: cfe/trunk/test/Analysis/ctor.mm
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ctor.mm?rev=207486&r1=207485&r2=207486&view=diff
> ==============================================================================
> --- cfe/trunk/test/Analysis/ctor.mm (original)
> +++ cfe/trunk/test/Analysis/ctor.mm Mon Apr 28 20:56:12 2014
> @@ -674,3 +674,30 @@ namespace InitializerList {
>      clang_analyzer_eval(list->usedInitializerList); // expected-warning{{UNKNOWN}}
>    }
>  }
> +
> +namespace PR19579 {
> +  class C {};
> +
> +  struct S {
> +    C c;
> +    int i;
> +  };
> +
> +  void f() {
> +    C();
> +    int a;
> +  }
> +
> +  void g() {
> +    // This order triggers the initialization of the inner "a" after the
> +    // constructor for "C" is run, which used to confuse the analyzer
> +    // (is "C()" the initialization of "a"?).
> +    struct S s = {
> +      C(),
> +      ({
> +        int a, b = 0;
> +        0;
> +      })
> +    };
> +  }
> +}
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list