[PATCH] D132030: [analyzer] Pass correct bldrCtx to computeObjectUnderConstruction
Tomasz KamiĆski via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 17 08:42:46 PDT 2022
tomasz-kaminski-sonarsource created this revision.
Herald added subscribers: steakhal, manas, ASDenysPetrov, martong, dkrupp, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun.
Herald added a reviewer: NoQ.
Herald added a project: All.
tomasz-kaminski-sonarsource added a reviewer: xazax.hun.
Herald added a subscriber: rnkovacs.
tomasz-kaminski-sonarsource edited the summary of this revision.
tomasz-kaminski-sonarsource updated this revision to Diff 453294.
tomasz-kaminski-sonarsource added a comment.
tomasz-kaminski-sonarsource published this revision for review.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
Fixed warrning checks and added newline.
tomasz-kaminski-sonarsource added a comment.
This is now ready for review.
In case when the prvalue is returned from the function (kind is one
of `SimpleReturnedValueKind`, `CXX17ElidedCopyReturnedValueKind`),
then it construction happens in context of the caller.
We pass `BldrCtx` explicitly, as `currBldrCtx` will always refer to callee
context.
In the following example:
`
struct Result {int value; };
Result create() { return Result{10}; }
int accessValue(Result r) { return r.value; }
void test() {
for (int i = 0; i < 2; ++i)
accessValue(create());
}
In case when the returned object was constructed directly into the
argument to a function call `accessValue(create())`, this led to
inappropriate value of `blockCount` being used to locate parameter region,
and as a consequence resulting object (from `create()`) was constructed
into a different region, that was later read by inlined invocation of
outer function (`accessValue`).
This manifests itself only in case when calling block is visited more
than once (loop in above example), as otherwise there is no in `blockCount`
value between callee and caller context.
This happens only in case when copy elision is disabled (before C++17).
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D132030
Files:
clang/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
clang/lib/StaticAnalyzer/Core/CallEvent.cpp
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
clang/test/Analysis/copy-elision.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D132030.453294.patch
Type: text/x-patch
Size: 6839 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220817/5af285d4/attachment-0001.bin>
More information about the cfe-commits
mailing list