r191805 - [analyzer] Add missing return after function pointer null check.

Jordan Rose jordan_rose at apple.com
Tue Oct 1 18:20:29 PDT 2013 

Author: jrose
Date: Tue Oct  1 20:20:28 2013
New Revision: 191805

URL: http://llvm.org/viewvc/llvm-project?rev=191805&view=rev
Log:
[analyzer] Add missing return after function pointer null check.

Also add some tests that there is actually a message and that the bug is
actually a hard error. This actually behaved correctly before, because:

- addTransition() doesn't actually add a transition if the new state is null;
  it assumes you want to propagate the predecessor forward and does nothing.
- generateSink() is called in order to emit a bug report.
- If at least one new node has been generated, the predecessor node is /not/
  propagated forward.

But now it's spelled out explicitly.

Found by Richard Mazorodze, who's working on a patch that may require this.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
    cfe/trunk/test/Analysis/func.c

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp?rev=191805&r1=191804&r2=191805&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp Tue Oct  1 20:20:28 2013
@@ -249,6 +249,7 @@ void CallAndMessageChecker::checkPreStmt
       BT_call_null.reset(
         new BuiltinBug("Called function pointer is null (null dereference)"));
     emitBadCall(BT_call_null.get(), C, Callee);
+    return;
   }
 
   C.addTransition(StNonNull);

Modified: cfe/trunk/test/Analysis/func.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/func.c?rev=191805&r1=191804&r2=191805&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/func.c (original)
+++ cfe/trunk/test/Analysis/func.c Tue Oct  1 20:20:28 2013
@@ -25,3 +25,16 @@ void f3(void (*f)(void), void (*g)(void)
   (*g)();
   clang_analyzer_eval(!g); // expected-warning{{FALSE}}
 }
+
+void nullFunctionPointerConstant() {
+  void (*f)(void) = 0;
+  f(); // expected-warning{{Called function pointer is null}}
+  clang_analyzer_eval(0); // no-warning
+}
+
+void nullFunctionPointerConstraint(void (*f)(void)) {
+  if (f)
+    return;
+  f(); // expected-warning{{Called function pointer is null}}
+  clang_analyzer_eval(0); // no-warning
+}

More information about the cfe-commits mailing list