r178401 - [analyzer] Handle caching out while evaluating a C++ new expression.
Jordan Rose
jordan_rose at apple.com
Fri Mar 29 18:31:42 PDT 2013
Author: jrose
Date: Fri Mar 29 20:31:42 2013
New Revision: 178401
URL: http://llvm.org/viewvc/llvm-project?rev=178401&view=rev
Log:
[analyzer] Handle caching out while evaluating a C++ new expression.
Evaluating a C++ new expression now includes generating an intermediate
ExplodedNode, and this node could very well represent a previously-
reachable state in the ExplodedGraph. If so, we can short-circuit the
rest of the evaluation.
Caught by the assertion a few lines later.
<rdar://problem/13510065>
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
cfe/trunk/test/Analysis/new.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=178401&r1=178400&r2=178401&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Fri Mar 29 20:31:42 2013
@@ -351,15 +351,16 @@ void ExprEngine::VisitCXXNewExpr(const C
State = State->BindExpr(CNE, LCtx, symVal);
}
- Bldr.generateNode(CNE, Pred, State);
+ ExplodedNode *NewN = Bldr.generateNode(CNE, Pred, State);
+ if (!NewN)
+ return;
// If the type is not a record, we won't have a CXXConstructExpr as an
// initializer. Copy the value over.
if (const Expr *Init = CNE->getInitializer()) {
if (!isa<CXXConstructExpr>(Init)) {
assert(Bldr.getResults().size() == 1);
- ExplodedNode *TmpN = *Bldr.getResults().begin();
- Bldr.takeNodes(TmpN);
+ Bldr.takeNodes(NewN);
assert(!CNE->getType()->getPointeeCXXRecordDecl());
Modified: cfe/trunk/test/Analysis/new.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/new.cpp?rev=178401&r1=178400&r2=178401&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/new.cpp (original)
+++ cfe/trunk/test/Analysis/new.cpp Fri Mar 29 20:31:42 2013
@@ -94,6 +94,14 @@ void testNewInvalidationScalarPlacement(
new (p) (int *)(static_cast<int *>(malloc(4))); // no-warning
}
+void testCacheOut(PtrWrapper w) {
+ extern bool coin();
+ if (coin())
+ w.x = 0;
+ new (&w.x) (int*)(0); // we cache out here; don't crash
+}
+
+
//--------------------------------------------------------------------
// Check for intersection with other checkers from MallocChecker.cpp
// bounded with unix.Malloc
More information about the cfe-commits
mailing list