[PATCH] D39803: [analyzer] pr34766: Fix a crash on explicit construction of std::initializer_list.

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Nov 8 08:03:11 PST 2017

NoQ created this revision.

`std::initializer_list` objects can be constructed sort of explicitly, eg. `(std::initializer_list<int>){12}`. This produces an AST that looks like

  CompoundLiteralExpr 0x11987f1a0 'std::initializer_list<int>':'class std::initializer_list<int>'
  `-CXXStdInitializerListExpr 0x11987f188 'std::initializer_list<int>':'class std::initializer_list<int>'
    `-MaterializeTemporaryExpr 0x11987f170 'const int [1]' xvalue
      `-InitListExpr 0x11987f128 'const int [1]'
        `-IntegerLiteral 0x11987cd18 'int' 12

We crash because we did not expect to see `CompoundLiteralExpr` containing `CXXStdInitializerListExpr`.

It seems correct to pass the value through `CompoundLiteralExpr` transparently (the value is currently a conjured structure-symbol of `initializer_list` type, which sounds like a correct value for the expression, even if not super verbose), hence the patch.



Index: test/Analysis/initializer.cpp
--- test/Analysis/initializer.cpp
+++ test/Analysis/initializer.cpp
@@ -211,12 +211,16 @@
 struct C {
   C(std::initializer_list<int *> list);
-void foo() {
+void testPointerEscapeIntoLists() {
   C empty{}; // no-crash
   // Do not warn that 'x' leaks. It might have been deleted by
   // the destructor of 'c'.
   int *x = new int;
   C c{x}; // no-warning
+void testPassListsWithExplicitConstructors() {
+  (void)(std::initializer_list<int>){12}; // no-crash
Index: lib/StaticAnalyzer/Core/ExprEngineC.cpp
--- lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -530,7 +530,7 @@
   const Expr *Init = CL->getInitializer();
   SVal V = State->getSVal(CL->getInitializer(), LCtx);
-  if (isa<CXXConstructExpr>(Init)) {
+  if (isa<CXXConstructExpr>(Init) || isa<CXXStdInitializerListExpr>(Init)) {
     // No work needed. Just pass the value up to this expression.
   } else {

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D39803.122094.patch
Type: text/x-patch
Size: 1142 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20171108/ca8bfd64/attachment.bin>

More information about the cfe-commits mailing list