[clang-tools-extra] [llvm] [clang] [analyzer] Trust base to derived casts for dynamic types (PR #69057)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Fri Dec 29 11:20:33 PST 2023
steakhal wrote:
To illustrate the case of my previous argument, here are two examples:
https://godbolt.org/z/5vWadfPM9
```c++
// base.h BEGIN:
class Base {
public:
virtual int fun() const = 0;
};
class Derived1 final : public Base {
public:
int fun() const override { return 1; }
};
// base.h END
Base *spawn(); // Defined in "secondary.cpp"
template <class T> void clang_analyzer_dump(T) {}
int main() {
Base *p = spawn();
int n = p->fun();
clang_analyzer_dump(n); // conj; and never "1"
int z = 100 / (n - 2);
(void)z;
}
```
And here is the example with definition of `spawn` inside a different translation unit, which would lead to a division by zero bug at the definition of `z`.
https://godbolt.org/z/eKMWvTPe6
```c++
// secondary.cpp
#include "base.h"
class Derived2 final : public Base {
public:
int fun() const override { return 2; }
};
Base *spawn() {
return new Derived2();
}
```
https://github.com/llvm/llvm-project/pull/69057
More information about the cfe-commits
mailing list