r279181 - [analyzer] Weaken assertion in trackNullOrUndefValue()

Devin Coughlin via cfe-commits cfe-commits at lists.llvm.org
Thu Aug 18 18:05:32 PDT 2016 

Author: dcoughlin
Date: Thu Aug 18 20:05:31 2016
New Revision: 279181

URL: http://llvm.org/viewvc/llvm-project?rev=279181&view=rev
Log:
[analyzer] Weaken assertion in trackNullOrUndefValue()

We should ignore paren casts when making sure that the semantic expression
in a PseudoObjectExpr for an ObjC getter is a message send.

This has no other intended functionality change.

Adding a test for this exposed an interesting issue in another test case
that only manifests under ARC. trackNullOrUndefValue() is not properly
suppressing for nil values that are the result of nil propagation from a nil
receiver when the nil is returned from a function. I've added a FIXME for that
missing suppression.

rdar://problem/27290568

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
    cfe/trunk/test/Analysis/inlining/false-positive-suppression.m

Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=279181&r1=279180&r2=279181&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Thu Aug 18 20:05:31 2016
@@ -916,7 +916,7 @@ static const Expr *peelOffOuterExpr(cons
     if (PropRef && PropRef->isMessagingGetter()) {
       const Expr *GetterMessageSend =
           POE->getSemanticExpr(POE->getNumSemanticExprs() - 1);
-      assert(isa<ObjCMessageExpr>(GetterMessageSend));
+      assert(isa<ObjCMessageExpr>(GetterMessageSend->IgnoreParenCasts()));
       return peelOffOuterExpr(GetterMessageSend, N);
     }
   }

Modified: cfe/trunk/test/Analysis/inlining/false-positive-suppression.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inlining/false-positive-suppression.m?rev=279181&r1=279180&r2=279181&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/inlining/false-positive-suppression.m (original)
+++ cfe/trunk/test/Analysis/inlining/false-positive-suppression.m Thu Aug 18 20:05:31 2016
@@ -1,8 +1,11 @@
 // RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-config suppress-null-return-paths=false -verify %s
 // RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -DSUPPRESSED=1 %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -fobjc-arc -verify -DSUPPRESSED=1 %s
 // RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-config avoid-suppressing-null-argument-paths=true -DSUPPRESSED=1 -DNULL_ARGS=1 -verify %s
 
-#ifdef SUPPRESSED
+#define ARC __has_feature(objc_arc)
+
+#if defined(SUPPRESSED) && !ARC
 // expected-no-diagnostics
 #endif
 
@@ -24,8 +27,9 @@ void testNilReceiverHelperA(int *x) {
 
 void testNilReceiverHelperB(int *x) {
   *x = 1;
-#ifndef SUPPRESSED
-  // expected-warning at -2 {{Dereference of null pointer}}
+// FIXME: Suppression for this case isn't working under ARC. It should.
+#if !defined(SUPPRESSED) || (defined(SUPPRESSED) && ARC)
+  // expected-warning at -3 {{Dereference of null pointer}}
 #endif
 }
 
@@ -40,13 +44,17 @@ void testNilReceiver(int coin) {
 // FALSE NEGATIVES (over-suppression)
 
 __attribute__((objc_root_class))
- at interface SomeClass
+ at interface SomeClass {
+  int ivar;
+}
 -(int *)methodReturningNull;
 
 @property(readonly) int *propertyReturningNull;
 
 @property(readonly) int *synthesizedProperty;
 
+ at property(readonly) SomeClass *propertyReturningNil;
+
 @end
 
 @interface SubOfSomeClass : SomeClass
@@ -64,6 +72,10 @@ __attribute__((objc_root_class))
   return 0;
 }
 
+-(SomeClass *)propertyReturningNil {
+  return 0;
+}
+
 +(int *)classPropertyReturningNull {
   return 0;
 }
@@ -103,6 +115,16 @@ void testClassPropertyReturningNull() {
 #endif
 }
 
+ at implementation SomeClass (ForTestOfPropertyReturningNil)
+void testPropertyReturningNil(SomeClass *sc) {
+  SomeClass *result = sc.propertyReturningNil;
+  result->ivar = 1;
+#ifndef SUPPRESSED
+  // expected-warning at -2 {{Access to instance variable 'ivar' results in a dereference of a null pointer (loaded from variable 'result')}}
+#endif
+}
+ at end
+
 void testSynthesizedPropertyReturningNull(SomeClass *sc) {
   if (sc.synthesizedProperty)
     return;

More information about the cfe-commits mailing list