[PATCH] D60988: [analyzer] Fix crash when returning C++ objects from ObjC messages-to-nil.

Phabricator via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Apr 25 19:05:29 PDT 2019 

This revision was automatically updated to reflect the committed changes.
Closed by commit rC359262: [analyzer] Fix crash when returning C++ objects from ObjC messages-to-nil. (authored by dergachev, committed by ).

Changed prior to commit:
  https://reviews.llvm.org/D60988?vs=196161&id=196780#toc

Repository:
  rC Clang

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D60988/new/

https://reviews.llvm.org/D60988

Files:
  lib/StaticAnalyzer/Core/RegionStore.cpp
  test/Analysis/nil-receiver.mm


Index: lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- lib/StaticAnalyzer/Core/RegionStore.cpp
+++ lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -2361,7 +2361,14 @@
   // In C++17 aggregates may have base classes, handle those as well.
   // They appear before fields in the initializer list / compound value.
   if (const auto *CRD = dyn_cast<CXXRecordDecl>(RD)) {
-    assert(CRD->isAggregate() &&
+    // If the object was constructed with a constructor, its value is a
+    // LazyCompoundVal. If it's a raw CompoundVal, it means that we're
+    // performing aggregate initialization. The only exception from this
+    // rule is sending an Objective-C++ message that returns a C++ object
+    // to a nil receiver; in this case the semantics is to return a
+    // zero-initialized object even if it's a C++ object that doesn't have
+    // this sort of constructor; the CompoundVal is empty in this case.
+    assert((CRD->isAggregate() || (Ctx.getLangOpts().ObjC && VI == VE)) &&
            "Non-aggregates are constructed with a constructor!");
 
     for (const auto &B : CRD->bases()) {
Index: test/Analysis/nil-receiver.mm
===================================================================
--- test/Analysis/nil-receiver.mm
+++ test/Analysis/nil-receiver.mm
@@ -0,0 +1,24 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection \
+// RUN:                    -verify %s
+
+#define nil ((id)0)
+
+void clang_analyzer_eval(int);
+
+struct S {
+  int x;
+  S();
+};
+
+ at interface I
+ at property S s;
+ at end
+
+void foo() {
+  // This produces a zero-initialized structure.
+  // FIXME: This very fact does deserve the warning, because zero-initialized
+  // structures aren't always valid in C++. It's particularly bad when the
+  // object has a vtable.
+  S s = ((I *)nil).s;
+  clang_analyzer_eval(s.x == 0); // expected-warning{{TRUE}}
+}


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D60988.196780.patch
Type: text/x-patch
Size: 1930 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190426/2ac01cb7/attachment-0001.bin>

More information about the cfe-commits mailing list