[PATCH] D95307: [StaticAnalyzer] Add checking for degenerate base class in MemRegion

[Deep Majumder via Phabricator via cfe-commits]

RedDocMD created this revision.
Herald added subscribers: steakhal, ASDenysPetrov, martong, dkrupp, donat.nagy, Szelethus, a.sidorin, szepet, baloghadamsoftware.
RedDocMD requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

In the function isValidBaseClass() of
clang/lib/StaticAnalyzer/Core/MemRegion.cpp,
added a case to return true when BaseClass and Super refer to
the same CXXRecordDecl. This case arises when a pointer-to-member
field is declared with a static cast from a pointer-to-member of
a sub-class.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D95307

Files:
  clang/lib/StaticAnalyzer/Core/MemRegion.cpp
  clang/test/Analysis/pointer-to-member.cpp


Index: clang/test/Analysis/pointer-to-member.cpp
===================================================================
--- clang/test/Analysis/pointer-to-member.cpp
+++ clang/test/Analysis/pointer-to-member.cpp
@@ -231,6 +231,23 @@
 }
 } // end of testPointerToMemberDiamond namespace
 
+namespace testPointerToMemberViaStaticCast {
+// From bug #48739
+struct Base {
+  int field;
+};
+
+struct Derived : public Base {};
+
+void static_cast_test() {
+  int Derived::* derived_field = &Derived::field;
+  Base base;
+  base.field = 5;
+  int Base::* base_field = static_cast<int Base::*>(derived_field);
+  clang_analyzer_eval(base.*base_field == 5); // expected-warning {{TRUE}}
+}
+}
+
 namespace testAnonymousMember {
 struct A {
   int a;
Index: clang/lib/StaticAnalyzer/Core/MemRegion.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/MemRegion.cpp
+++ clang/lib/StaticAnalyzer/Core/MemRegion.cpp
@@ -1172,6 +1172,9 @@
   if (!Class)
     return true;
 
+  if (Class == BaseClass)
+    return true;
+
   if (IsVirtual)
     return Class->isVirtuallyDerivedFrom(BaseClass);
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D95307.318816.patch
Type: text/x-patch
Size: 1134 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210124/d577f7e1/attachment.bin>