[PATCH] D50855: [analyzer] pr37578: Fix lvalue/rvalue problem in field-of-temporary adjustments.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Aug 16 11:19:51 PDT 2018
NoQ created this revision.
NoQ added reviewers: dcoughlin, xazax.hun, a.sidorin, george.karpenkov, szepet, rnkovacs.
Herald added subscribers: cfe-commits, Szelethus, mikhail.ramalho, baloghadamsoftware.
Despite the effort to eliminate the need for `skipRValueSubobjectAdjustments()`, we still encounter ASTs that require it from time to time, for example in https://bugs.llvm.org/show_bug.cgi?id=37578
One way of properly modeling such expressions would be to include the member-expression "adjustment" into the //construction context// of the temporary, but that's not something i'm planning to do, because such ASTs are rare and seem to be only becoming more rare over time, so for now i'm just fixing the old code.
The root cause of the problem in this example is that while evaluating the `MemberExpr` in
`-MemberExpr 0x7fd5ef0035b8 <col:9, col:13> 'a::(anonymous struct at test.cpp:2:3)' . 0x7fd5ee06a068
`-CXXTemporaryObjectExpr 0x7fd5ef001f70 <col:9, col:11> 'a' 'void () noexcept' zeroing
there's no way for `createTemporaryRegionIfNeeded()` to communicate the newly created temporary region through the Environment (as it usually does), because all expressions so far have been prvalues.
The current code works around that problem by binding the region to the `CXXTemporaryObjectExpr`, which is of course a bad thing to do because we should not bind `Loc`s to prvalue expressions, and it leads to a crash when eventually this bad binding propagates to the Store and the Store is unable to load it.
The solution is to bind the correct [lazy compound] value to the `CXXTemporaryObjectExpr` and then communicate the region to the caller directly via an out-parameter.
Repository:
rC Clang
https://reviews.llvm.org/D50855
Files:
include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
lib/StaticAnalyzer/Core/ExprEngine.cpp
test/Analysis/temporaries.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D50855.161069.patch
Type: text/x-patch
Size: 4608 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180816/7a0aeb95/attachment.bin>
More information about the cfe-commits
mailing list