[PATCH] D26839: [analyzer] An attempt to fix pr19539 - crashes on temporaries life-extended via members
Devin Coughlin via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 28 16:44:50 PST 2016
dcoughlin accepted this revision.
dcoughlin added a comment.
This revision is now accepted and ready to land.
This is great!
================
Comment at: lib/StaticAnalyzer/Core/ExprEngine.cpp:205
- // We need to be careful about treating a derived type's value as
- // bindings for a base type. Unless we're creating a temporary pointer region,
- // start by stripping and recording base casts.
- SmallVector<const CastExpr *, 4> Casts;
- const Expr *Inner = Ex->IgnoreParens();
- if (!Loc::isLocType(Result->getType())) {
- while (const CastExpr *CE = dyn_cast<CastExpr>(Inner)) {
- if (CE->getCastKind() == CK_DerivedToBase ||
- CE->getCastKind() == CK_UncheckedDerivedToBase)
- Casts.push_back(CE);
- else if (CE->getCastKind() != CK_NoOp)
- break;
-
- Inner = CE->getSubExpr()->IgnoreParens();
- }
- }
+ // MaterializeTemporaryExpr may appear out of place, after a few field and
+ // base-class accesses have been made to the object, even though semantically
----------------
I think it would good to show an AST representation in the comment to make it clear what "out of place" means. This could be a very simplified version of the dumped AST for a temporary with a field access.
https://reviews.llvm.org/D26839
More information about the cfe-commits
mailing list