[PATCH] D41253: [analyzer] WIP: trackNullOrUndefValue: track last store to symbolic pointers.
Phabricator via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Dec 19 16:48:12 PST 2017
This revision was automatically updated to reflect the committed changes.
Closed by commit rC321130: [analyzer] trackNullOrUndefValue: track last store to non-variables. (authored by dergachev, committed by ).
Repository:
rC Clang
https://reviews.llvm.org/D41253
Files:
lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
test/Analysis/inlining/inline-defensive-checks.c
test/Analysis/nullptr.cpp
Index: test/Analysis/inlining/inline-defensive-checks.c
===================================================================
--- test/Analysis/inlining/inline-defensive-checks.c
+++ test/Analysis/inlining/inline-defensive-checks.c
@@ -190,3 +190,21 @@
idc(s);
*(&(s->a[0])) = 7; // no-warning
}
+
+void idcTrackConstraintThroughSymbolicRegion(int **x) {
+ idc(*x);
+ // FIXME: Should not warn.
+ **x = 7; // expected-warning{{Dereference of null pointer}}
+}
+
+int *idcPlainNull(int coin) {
+ if (coin)
+ return 0;
+ static int X;
+ return &X;
+}
+
+void idcTrackZeroValueThroughSymbolicRegion(int coin, int **x) {
+ *x = idcPlainNull(coin);
+ **x = 7; // no-warning
+}
Index: test/Analysis/nullptr.cpp
===================================================================
--- test/Analysis/nullptr.cpp
+++ test/Analysis/nullptr.cpp
@@ -142,8 +142,9 @@
// expected-note at -1{{Passing null pointer value via 1st parameter 'x'}}
if (getSymbol()) { // expected-note {{Assuming the condition is true}}
// expected-note at -1{{Taking true branch}}
- X *x = Type().x; // expected-note{{'x' initialized to a null pointer value}}
- x->f(); // expected-warning{{Called C++ object pointer is null}}
+ X *xx = Type().x; // expected-note {{Null pointer value stored to field 'x'}}
+ // expected-note at -1{{'xx' initialized to a null pointer value}}
+ xx->f(); // expected-warning{{Called C++ object pointer is null}}
// expected-note at -1{{Called C++ object pointer is null}}
}
}
Index: lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
===================================================================
--- lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -1142,9 +1142,12 @@
else
RVal = state->getSVal(L->getRegion());
- const MemRegion *RegionRVal = RVal.getAsRegion();
report.addVisitor(llvm::make_unique<UndefOrNullArgVisitor>(L->getRegion()));
+ if (Optional<KnownSVal> KV = RVal.getAs<KnownSVal>())
+ report.addVisitor(llvm::make_unique<FindLastStoreBRVisitor>(
+ *KV, L->getRegion(), EnableNullFPSuppression));
+ const MemRegion *RegionRVal = RVal.getAsRegion();
if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) {
report.markInteresting(RegionRVal);
report.addVisitor(llvm::make_unique<TrackConstraintBRVisitor>(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D41253.127625.patch
Type: text/x-patch
Size: 2437 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20171220/90edb7ff/attachment.bin>
More information about the cfe-commits
mailing list