[PATCH] D11433: [Static Analyzer] Make NonNullParamChecker emit implicit null dereference events.

Gábor Horváth via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 21 12:35:32 PDT 2015 

xazax.hun updated this revision to Diff 32854.
xazax.hun added a comment.

Only send implicit dereference events, when the null pointer was bound to a reference.


http://reviews.llvm.org/D11433

Files:
  lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp

Index: lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp
+++ lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp
@@ -28,7 +28,7 @@
 
 namespace {
 class NonNullParamChecker
-  : public Checker< check::PreCall > {
+  : public Checker< check::PreCall, EventDispatcher<ImplicitNullDerefEvent> > {
   mutable std::unique_ptr<BugType> BTAttrNonNull;
   mutable std::unique_ptr<BugType> BTNullRefArg;
 
@@ -139,26 +139,33 @@
     ProgramStateRef stateNotNull, stateNull;
     std::tie(stateNotNull, stateNull) = CM.assumeDual(state, *DV);
 
-    if (stateNull && !stateNotNull) {
-      // Generate an error node.  Check for a null node in case
-      // we cache out.
-      if (ExplodedNode *errorNode = C.generateSink(stateNull)) {
+    if (stateNull) {
+      if (!stateNotNull){
+        // Generate an error node.  Check for a null node in case
+        // we cache out.
+        if (ExplodedNode *errorNode = C.generateSink(stateNull)) {
 
-        std::unique_ptr<BugReport> R;
-        if (haveAttrNonNull)
-          R = genReportNullAttrNonNull(errorNode, ArgE);
-        else if (haveRefTypeParam)
-          R = genReportReferenceToNullPointer(errorNode, ArgE);
+          std::unique_ptr<BugReport> R;
+          if (haveAttrNonNull)
+            R = genReportNullAttrNonNull(errorNode, ArgE);
+          else if (haveRefTypeParam)
+            R = genReportReferenceToNullPointer(errorNode, ArgE);
 
-        // Highlight the range of the argument that was null.
-        R->addRange(Call.getArgSourceRange(idx));
+          // Highlight the range of the argument that was null.
+          R->addRange(Call.getArgSourceRange(idx));
 
-        // Emit the bug report.
-        C.emitReport(std::move(R));
-      }
+          // Emit the bug report.
+          C.emitReport(std::move(R));
+        }
 
-      // Always return.  Either we cached out or we just emitted an error.
-      return;
+        // Always return.  Either we cached out or we just emitted an error.
+        return;
+      }
+      ExplodedNode *N = C.generateSink(stateNull);
+      if (haveRefTypeParam && N) {
+        ImplicitNullDerefEvent event = { V, false, N, &C.getBugReporter() };
+        dispatchEvent(event);
+      }
     }
 
     // If a pointer value passed the check we should assume that it is


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D11433.32854.patch
Type: text/x-patch
Size: 2417 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150821/6e40ed7b/attachment.bin>

More information about the cfe-commits mailing list