[cfe-commits] r163261 - in /cfe/trunk: lib/StaticAnalyzer/Core/BugReporterVisitors.cpp test/Analysis/diagnostics/deref-track-symbolic-region.c
Anna Zaks
ganna at apple.com
Wed Sep 5 15:31:55 PDT 2012
Author: zaks
Date: Wed Sep 5 17:31:55 2012
New Revision: 163261
URL: http://llvm.org/viewvc/llvm-project?rev=163261&view=rev
Log:
[analyzer] NullOrUndef diagnostics: track symbols binded to regions.
If a region is binded to a symbolic value, we should track the symbol.
(The code I changed was not previously exercised by the regression
tests.)
Added:
cfe/trunk/test/Analysis/diagnostics/deref-track-symbolic-region.c
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=163261&r1=163260&r2=163261&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Wed Sep 5 17:31:55 2012
@@ -54,7 +54,9 @@
return U->getSubExpr()->IgnoreParenCasts();
}
else if (const MemberExpr *ME = dyn_cast<MemberExpr>(S)) {
- return ME->getBase()->IgnoreParenCasts();
+ if (ME->isArrow()) {
+ return ME->getBase()->IgnoreParenCasts();
+ }
}
else if (const ArraySubscriptExpr *AE = dyn_cast<ArraySubscriptExpr>(S)) {
return AE->getBase();
@@ -504,13 +506,15 @@
// Is it a symbolic value?
if (loc::MemRegionVal *L = dyn_cast<loc::MemRegionVal>(&V)) {
- const MemRegion *Base = L->getRegion()->getBaseRegion();
- report.addVisitor(new UndefOrNullArgVisitor(Base));
-
- if (isa<SymbolicRegion>(Base)) {
- report.markInteresting(Base);
- report.addVisitor(new TrackConstraintBRVisitor(loc::MemRegionVal(Base),
- false));
+ // At this point we are dealing with the region's LValue.
+ // However, if the rvalue is a symbolic region, we should track it as well.
+ SVal RVal = state->getSVal(L->getRegion());
+ const MemRegion *RegionRVal = RVal.getAsRegion();
+
+ if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) {
+ report.markInteresting(RegionRVal);
+ report.addVisitor(new TrackConstraintBRVisitor(
+ loc::MemRegionVal(RegionRVal), false));
}
} else {
// Otherwise, if the value came from an inlined function call,
Added: cfe/trunk/test/Analysis/diagnostics/deref-track-symbolic-region.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/diagnostics/deref-track-symbolic-region.c?rev=163261&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/diagnostics/deref-track-symbolic-region.c (added)
+++ cfe/trunk/test/Analysis/diagnostics/deref-track-symbolic-region.c Wed Sep 5 17:31:55 2012
@@ -0,0 +1,354 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=text -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=plist-multi-file %s -o - | FileCheck %s
+
+struct S {
+ int *x;
+ int y;
+};
+
+int *foo();
+
+void inlined(struct S *s, int m) {
+ if (s->x)
+ //expected-note at -1{{Taking false branch}}
+ //expected-note at -2{{Assuming pointer value is null}}
+
+ m++;
+
+}
+void test(struct S syz, int *pp) {
+ int m = 0;
+ syz.x = foo();
+ inlined(&syz, m);
+ // expected-note at -1{{Calling 'inlined'}}
+ // expected-note at -2{{Returning from 'inlined'}}
+ m += *syz.x; // expected-warning{{Dereference of null pointer (loaded from field 'x')}}
+ // expected-note at -1{{Dereference of null pointer (loaded from field 'x')}}
+}
+
+//CHECK: <dict>
+//CHECK: <key>files</key>
+//CHECK: <array>
+//CHECK: </array>
+//CHECK: <key>diagnostics</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>path</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>control</string>
+//CHECK: <key>edges</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>start</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>20</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>20</integer>
+//CHECK: <key>col</key><integer>5</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: <key>end</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>9</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>event</string>
+//CHECK: <key>location</key>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <key>ranges</key>
+//CHECK: <array>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>18</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </array>
+//CHECK: <key>depth</key><integer>0</integer>
+//CHECK: <key>extended_message</key>
+//CHECK: <string>Calling 'inlined'</string>
+//CHECK: <key>message</key>
+//CHECK: <string>Calling 'inlined'</string>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>event</string>
+//CHECK: <key>location</key>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>11</integer>
+//CHECK: <key>col</key><integer>1</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <key>depth</key><integer>1</integer>
+//CHECK: <key>extended_message</key>
+//CHECK: <string>Entered call from 'test'</string>
+//CHECK: <key>message</key>
+//CHECK: <string>Entered call from 'test'</string>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>control</string>
+//CHECK: <key>edges</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>start</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>11</integer>
+//CHECK: <key>col</key><integer>1</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>11</integer>
+//CHECK: <key>col</key><integer>4</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: <key>end</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>4</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>control</string>
+//CHECK: <key>edges</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>start</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>4</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: <key>end</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>7</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>7</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>event</string>
+//CHECK: <key>location</key>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>7</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <key>ranges</key>
+//CHECK: <array>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>7</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>12</integer>
+//CHECK: <key>col</key><integer>10</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </array>
+//CHECK: <key>depth</key><integer>1</integer>
+//CHECK: <key>extended_message</key>
+//CHECK: <string>Assuming pointer value is null</string>
+//CHECK: <key>message</key>
+//CHECK: <string>Assuming pointer value is null</string>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>event</string>
+//CHECK: <key>location</key>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <key>ranges</key>
+//CHECK: <array>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>18</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </array>
+//CHECK: <key>depth</key><integer>1</integer>
+//CHECK: <key>extended_message</key>
+//CHECK: <string>Returning from 'inlined'</string>
+//CHECK: <key>message</key>
+//CHECK: <string>Returning from 'inlined'</string>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>control</string>
+//CHECK: <key>edges</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>start</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>22</integer>
+//CHECK: <key>col</key><integer>9</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: <key>end</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>control</string>
+//CHECK: <key>edges</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>start</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>3</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: <key>end</key>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>8</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>8</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>kind</key><string>event</string>
+//CHECK: <key>location</key>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>8</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <key>ranges</key>
+//CHECK: <array>
+//CHECK: <array>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>13</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>13</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </array>
+//CHECK: <key>depth</key><integer>0</integer>
+//CHECK: <key>extended_message</key>
+//CHECK: <string>Dereference of null pointer (loaded from field 'x')</string>
+//CHECK: <key>message</key>
+//CHECK: <string>Dereference of null pointer (loaded from field 'x')</string>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: <key>description</key><string>Dereference of null pointer (loaded from field 'x')</string>
+//CHECK: <key>category</key><string>Logic error</string>
+//CHECK: <key>type</key><string>Dereference of null pointer</string>
+//CHECK: <key>issue_context_kind</key><string>function</string>
+//CHECK: <key>issue_context</key><string>test</string>
+//CHECK: <key>issue_hash</key><integer>6</integer>
+//CHECK: <key>location</key>
+//CHECK: <dict>
+//CHECK: <key>line</key><integer>25</integer>
+//CHECK: <key>col</key><integer>8</integer>
+//CHECK: <key>file</key><integer>0</integer>
+//CHECK: </dict>
+//CHECK: </dict>
+//CHECK: </array>
+//CHECK: </dict>
+//CHECK: </plist>
More information about the cfe-commits
mailing list