[clang] 0b4fe80 - [Analyzer] Fix for dereferece of smart pointer after branching on unknown inner pointer
Nithin Vadukkumchery Rajendrakumar via cfe-commits
cfe-commits at lists.llvm.org
Fri Oct 9 04:43:07 PDT 2020
Author: Nithin Vadukkumchery Rajendrakumar
Date: 2020-10-09T13:42:25+02:00
New Revision: 0b4fe8086f03294907180007e7de98c80a83b0d7
URL: https://github.com/llvm/llvm-project/commit/0b4fe8086f03294907180007e7de98c80a83b0d7
DIFF: https://github.com/llvm/llvm-project/commit/0b4fe8086f03294907180007e7de98c80a83b0d7.diff
LOG: [Analyzer] Fix for dereferece of smart pointer after branching on unknown inner pointer
Summary: Enabling warning after dereferece of smart pointer after branching on unknown inner pointer.
Reviewers: NoQ, Szelethus, vsavchenko, xazax.hun
Reviewed By: NoQ
Subscribers: martong, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D87043
Added:
Modified:
clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
clang/test/Analysis/smart-ptr-text-output.cpp
clang/test/Analysis/smart-ptr.cpp
Removed:
################################################################################
diff --git a/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp b/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
index 1ca53590e06c..6ee7bd9252b3 100644
--- a/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
@@ -103,7 +103,8 @@ bool isStdSmartPtrCall(const CallEvent &Call) {
bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion) {
const auto *InnerPointVal = State->get<TrackedRegionMap>(ThisRegion);
- return InnerPointVal && InnerPointVal->isZeroConstant();
+ return InnerPointVal &&
+ !State->assume(InnerPointVal->castAs<DefinedOrUnknownSVal>(), true);
}
} // namespace smartptr
} // namespace ento
diff --git a/clang/test/Analysis/smart-ptr-text-output.cpp b/clang/test/Analysis/smart-ptr-text-output.cpp
index 16c1bddc55e1..f8ecf9192c73 100644
--- a/clang/test/Analysis/smart-ptr-text-output.cpp
+++ b/clang/test/Analysis/smart-ptr-text-output.cpp
@@ -304,3 +304,12 @@ struct S {
// expected-note at -1 {{Division by zero}}
}
};
+
+void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) {
+ A *RP = P.get();
+ if (!RP) { // expected-note {{Assuming 'RP' is null}}
+ // expected-note at -1 {{Taking true branch}}
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+ // expected-note at -1{{Dereference of null smart pointer 'P'}}
+ }
+}
diff --git a/clang/test/Analysis/smart-ptr.cpp b/clang/test/Analysis/smart-ptr.cpp
index 8e8156011eb5..7761ac4cb431 100644
--- a/clang/test/Analysis/smart-ptr.cpp
+++ b/clang/test/Analysis/smart-ptr.cpp
@@ -333,7 +333,7 @@ std::unique_ptr<A> &&returnRValRefOfUniquePtr();
void drefOnAssignedNullFromMethodPtrValidSmartPtr() {
std::unique_ptr<A> P(new A());
P = returnRValRefOfUniquePtr();
- P->foo(); // No warning.
+ P->foo(); // No warning.
}
void derefMoveConstructedWithValidPtr() {
@@ -374,7 +374,7 @@ std::unique_ptr<A> &&functionReturnsRValueRef();
void derefMoveConstructedWithRValueRefReturn() {
std::unique_ptr<A> P(functionReturnsRValueRef());
- P->foo(); // No warning.
+ P->foo(); // No warning.
}
void derefConditionOnNullPtr() {
@@ -450,3 +450,10 @@ int derefConditionOnUnKnownPtr(int *q) {
else
return *P; // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
}
+
+void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) {
+ A *RP = P.get();
+ if (!RP) {
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+ }
+}
More information about the cfe-commits
mailing list