[PATCH] D15007: [analyzer] Improve modelling of nullptr_t in the analyzer. Fix PR25414.

Gábor Horváth via cfe-commits cfe-commits at lists.llvm.org
Thu Nov 26 02:24:26 PST 2015 

xazax.hun updated this revision to Diff 41221.
xazax.hun added a comment.

Improved test cases.


http://reviews.llvm.org/D15007

Files:
  lib/StaticAnalyzer/Core/RegionStore.cpp
  test/Analysis/nullptr.cpp

Index: test/Analysis/nullptr.cpp
===================================================================
--- test/Analysis/nullptr.cpp
+++ test/Analysis/nullptr.cpp
@@ -1,4 +1,6 @@
-// RUN: %clang_cc1 -std=c++11 -Wno-conversion-null -analyze -analyzer-checker=core -analyzer-store region -verify %s
+// RUN: %clang_cc1 -std=c++11 -Wno-conversion-null -analyze -analyzer-checker=core,debug.ExprInspection -analyzer-store region -verify %s
+
+void clang_analyzer_eval(int);
 
 // test to see if nullptr is detected as a null pointer
 void foo1(void) {
@@ -87,3 +89,35 @@
   // Create MaterializeTemporaryExpr with a nullptr inside.
   const nullptr_t &r = nullptr;
 }
+
+int getSymbol();
+
+struct X {
+  virtual void f() {}
+};
+
+void invokeF(X* x) {
+  x->f(); // expected-warning{{Called C++ object pointer is null}}
+}
+
+struct Type {
+  decltype(nullptr) x;
+};
+
+void shouldNotCrash() {
+  decltype(nullptr) p;
+  if (getSymbol())
+    invokeF(p);
+  if (getSymbol())
+    invokeF(nullptr);
+  if (getSymbol()) {
+    X *x = Type().x;
+    x->f(); // expected-warning{{Called C++ object pointer is null}}
+  }
+}
+
+void f(decltype(nullptr) p) {
+  int *q = nullptr;
+  clang_analyzer_eval(p == 0); // expected-warning{{TRUE}}
+  clang_analyzer_eval(q == 0); // expected-warning{{TRUE}}
+}
Index: lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- lib/StaticAnalyzer/Core/RegionStore.cpp
+++ lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1362,6 +1362,9 @@
   if (!L.getAs<loc::MemRegionVal>()) {
     return UnknownVal();
   }
+  if (!T.isNull() && T->isNullPtrType()) {
+    return svalBuilder.makeZeroVal(T);
+  }
 
   const MemRegion *MR = L.castAs<loc::MemRegionVal>().getRegion();
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D15007.41221.patch
Type: text/x-patch
Size: 1750 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20151126/bbaf770b/attachment.bin>

More information about the cfe-commits mailing list