[PATCH] D37023: [analyzer] Fix bugreporter::getDerefExpr() again.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 22 14:01:45 PDT 2017
NoQ created this revision.
This patch continues work that was started in https://reviews.llvm.org/D32291.
Our `bugreporter::getDerefExpr()` API tries to find out what has been dereferenced. For example, if we have an lvalue expression `x->y.z` which causes a null dereference when dereferenced, the function returns lvalue `x->y` - the object from which the null pointer must have been loaded. Similarly, unwrapping lvalue `x->y` would result in `x`.
I believe i found a more correct way to implement it, namely to see where lvalue-to-rvalue casts are located in the expression. In our example, `x->y` is surrounded by an lvalue-to-rvalue cast, which indicates that we should not unwrap the expression further. And it is irrelevant whether the member expression is a dot or an arrow, or whether C++ `this->` or ObjC `self->` is written explicitly or assumed implicitly, or whether the expression or a sub-expression is a pointer or a reference (we used to look at these).
This patch refactors `getDerefExpr()` with this design in mind. Now the function must be much easier to understand, and also behave correctly.
Unwrapping of binary operators that caused the dereference (eg. `*x = 2` -> `*x`) was removed from `getDerefExpr()` because it contradicts its purpose and seems to have never actually been used (we should be receiving `*x` in this function instead in all cases).
Current implementation has the benefit of not crashing on the newly added test case. The crash was caused by the fact that the old `getDerefExpr()` was thinking that `self` was dereferenced, even though in fact it wasn't.
I should probably have a look at what else might have changed and add more test cases, because the old code was quite strange.
https://reviews.llvm.org/D37023
Files:
lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
test/Analysis/null-deref-path-notes.m
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D37023.112218.patch
Type: text/x-patch
Size: 14980 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170822/08d6e11e/attachment-0001.bin>
More information about the cfe-commits
mailing list