[PATCH] D62926: [analyzer] ReturnVisitor: Bypass everything to see inlined calls

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jun 5 19:44:36 PDT 2019 

NoQ added a comment.

Aha, that's something! And nice to see we've already had this bug covered with tests. Because, of course, i added these tests a year ago without even thinking about what the correct behavior should look like :/



================
Comment at: clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:835-842
     // First, find when we processed the statement.
     do {
       if (auto CEE = Node->getLocationAs<CallExitEnd>())
         if (CEE->getCalleeContext()->getCallSite() == S)
           break;
-      if (auto SP = Node->getLocationAs<StmtPoint>())
-        if (SP->getStmt() == S)
-          break;
 
       Node = Node->getFirstPred();
----------------
This iteration may now take us straight to the root of the graph. I don't think it's supposed to be that slow; i think it's supposed to only skip within maybe a full-expression at most.

Which statements in the AST are getting peeled off here that weren't before? Which statements are supposed to get peeled off?

Might it be that we should simply add one more case to `peelOffOuterExpr()` or something like that?


================
Comment at: clang/test/Analysis/new-ctor-null-throw.cpp:1-3
+// RUN: %clang_analyze_cc1 \
+// RUN:  -analyzer-checker=core,debug.ExprInspection \
+// RUN:  -std=c++11 -verify %s
----------------
Szelethus wrote:
> Hmm, how come you removed `-analyzer-config c++-allocator-inlining=true`?
It's on by default these days.


================
Comment at: clang/test/Analysis/new-ctor-null-throw.cpp:29
   S *s = new S[10]; // no-crash
-  s[0].x = 2; // expected-warning{{Dereference of null pointer}}
+  s[0].x = 2;
 }
----------------
Let's add a `// no-warning` here, probably with a comment that this the warning is intentionally suppressed.


================
Comment at: clang/test/Analysis/new-ctor-null.cpp:29
   S *s = new S[10]; // no-crash
-  s[0].x = 2; // expected-warning{{Dereference of null pointer}}
+  s[0].x = 2;
 }
----------------
Let's add a `// no-warning` here as well.


Repository:
  rC Clang

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D62926/new/

https://reviews.llvm.org/D62926

More information about the cfe-commits mailing list