[PATCH] D59622: [analyzer] C++17: PR41142: Ignore transparent InitListExprs in ExprEngine as well.

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 20 16:53:46 PDT 2019


NoQ created this revision.
NoQ added reviewers: dcoughlin, xazax.hun, a_sidorin, rnkovacs, mikhail.ramalho, Szelethus, baloghadamsoftware, Charusso.
Herald added subscribers: cfe-commits, jdoerfert, dkrupp, donat.nagy, a.sidorin, szepet.
Herald added a project: clang.
NoQ added a parent revision: D59573: [analyzer] C++17: PR41142: Ignore transparent InitListExprs when finding construction contexts..

When evaluating a transparent `InitListExpr`, eg. `{{{{{{X}}}}}}}` (when it's equivalent to a plain `X`), don't try to think of it as of a compound value of type `X` that contains an `X` - just think of it as of `X` itself.

I hope this should take care of the remaining problems that i identified in D59573 <https://reviews.llvm.org/D59573>, for which this patch is a follow-up.

On second thought, there shouldn't be any correctness problems because of multiple inheritance. If there's just one object in the initializer list, it's always at offset 0. So i don't think there are going to be any other changes in the actual behavior - just less crashes.

There's a chance that i missed other cases when a non-aggregate would be accidentally represented as a compound value, but i'm not immediately aware of such cases.

Add the original test from https://bugs.llvm.org/show_bug.cgi?id=41142 (the top-level recursive call would now evaluate into `Unknown` rather than `compoundVal{Unknown}` - which is still worse than the correct `Undefined` value, but it's at least not crashing). Btw, once we make sure it's `Undefined`, we should probably also add a path note indicating that the function returns a garbage value because there's no return statement in it on the current execution path.


Repository:
  rC Clang

https://reviews.llvm.org/D59622

Files:
  clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
  clang/test/Analysis/initializer.cpp


Index: clang/test/Analysis/initializer.cpp
===================================================================
--- clang/test/Analysis/initializer.cpp
+++ clang/test/Analysis/initializer.cpp
@@ -1,7 +1,17 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks,debug.ExprInspection -analyzer-config c++-inlining=constructors -std=c++11 -verify %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks,debug.ExprInspection -analyzer-config c++-inlining=constructors -std=c++17 -DCPLUSPLUS17 -verify %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks,debug.ExprInspection -analyzer-config c++-inlining=constructors -std=c++11 -DTEST_INLINABLE_ALLOCATORS -verify %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks,debug.ExprInspection -analyzer-config c++-inlining=constructors -std=c++17 -DCPLUSPLUS17 -DTEST_INLINABLE_ALLOCATORS -verify %s
+// RUN: %clang_analyze_cc1 -w -verify %s\
+// RUN:   -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks\
+// RUN:   -analyzer-checker=debug.ExprInspection -std=c++11
+// RUN: %clang_analyze_cc1 -w -verify %s\
+// RUN:   -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks\
+// RUN:   -analyzer-checker=debug.ExprInspection -std=c++17
+// RUN: %clang_analyze_cc1 -w -verify %s\
+// RUN:   -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks\
+// RUN:   -analyzer-checker=debug.ExprInspection -std=c++11\
+// RUN:   -DTEST_INLINABLE_ALLOCATORS
+// RUN: %clang_analyze_cc1 -w -verify %s\
+// RUN:   -analyzer-checker=core,unix.Malloc,cplusplus.NewDeleteLeaks\
+// RUN:   -analyzer-checker=debug.ExprInspection -std=c++17\
+// RUN:   -DTEST_INLINABLE_ALLOCATORS
 
 void clang_analyzer_eval(bool);
 
@@ -232,7 +242,7 @@
 
   D d = {}; // no-crash
 
-#ifdef CPLUSPLUS17
+#if __cplusplus >= 201703L
   C cd = {{}}; // no-crash
   const C &cdl = {{}}; // no-crash
   C &&cdr = {{}}; // no-crash
@@ -260,4 +270,8 @@
 void foo2() {
   C c { coo() }; // no-crash
 }
+
+B foo_recursive() {
+  B b { foo_recursive() };
+}
 } // namespace CXX17_transparent_init_list_exprs
Index: clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -702,7 +702,7 @@
   QualType T = getContext().getCanonicalType(IE->getType());
   unsigned NumInitElements = IE->getNumInits();
 
-  if (!IE->isGLValue() &&
+  if (!IE->isGLValue() && !IE->isTransparent() &&
       (T->isArrayType() || T->isRecordType() || T->isVectorType() ||
        T->isAnyComplexType())) {
     llvm::ImmutableList<SVal> vals = getBasicVals().getEmptySValList();


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D59622.191606.patch
Type: text/x-patch
Size: 2782 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190320/24ca882e/attachment-0001.bin>


More information about the cfe-commits mailing list