r207486 - [analyzer] Don't crash when a construction is followed by an uninitialized variable.
David Blaikie
dblaikie at gmail.com
Mon Apr 28 19:32:36 PDT 2014
On Mon, Apr 28, 2014 at 6:56 PM, Jordan Rose <jordan_rose at apple.com> wrote:
> Author: jrose
> Date: Mon Apr 28 20:56:12 2014
> New Revision: 207486
>
> URL: http://llvm.org/viewvc/llvm-project?rev=207486&view=rev
> Log:
> [analyzer] Don't crash when a construction is followed by an uninitialized variable.
"Don't crash" is a pretty low bar for a test case - what was the
actual expected behavior that was hiding behind the crash and is still
not verified by this test, if any?
>
> This could happen due to unfortunate CFG coincidences.
>
> PR19579
>
> Modified:
> cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
> cfe/trunk/test/Analysis/ctor.mm
>
> Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=207486&r1=207485&r2=207486&view=diff
> ==============================================================================
> --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original)
> +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Mon Apr 28 20:56:12 2014
> @@ -128,7 +128,7 @@ static const MemRegion *getRegionForCons
> if (Optional<CFGStmt> StmtElem = Next.getAs<CFGStmt>()) {
> if (const DeclStmt *DS = dyn_cast<DeclStmt>(StmtElem->getStmt())) {
> if (const VarDecl *Var = dyn_cast<VarDecl>(DS->getSingleDecl())) {
> - if (Var->getInit()->IgnoreImplicit() == CE) {
> + if (Var->getInit() && Var->getInit()->IgnoreImplicit() == CE) {
> SVal LValue = State->getLValue(Var, LCtx);
> QualType Ty = Var->getType();
> LValue = makeZeroElementRegion(State, LValue, Ty);
>
> Modified: cfe/trunk/test/Analysis/ctor.mm
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ctor.mm?rev=207486&r1=207485&r2=207486&view=diff
> ==============================================================================
> --- cfe/trunk/test/Analysis/ctor.mm (original)
> +++ cfe/trunk/test/Analysis/ctor.mm Mon Apr 28 20:56:12 2014
> @@ -674,3 +674,30 @@ namespace InitializerList {
> clang_analyzer_eval(list->usedInitializerList); // expected-warning{{UNKNOWN}}
> }
> }
> +
> +namespace PR19579 {
> + class C {};
> +
> + struct S {
> + C c;
> + int i;
> + };
> +
> + void f() {
> + C();
> + int a;
> + }
> +
> + void g() {
> + // This order triggers the initialization of the inner "a" after the
> + // constructor for "C" is run, which used to confuse the analyzer
> + // (is "C()" the initialization of "a"?).
> + struct S s = {
> + C(),
> + ({
> + int a, b = 0;
> + 0;
> + })
> + };
> + }
> +}
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list