[clang] c76cb2b - [analyzer] Refine default binding preservation in RegionStore (#189319)

via cfe-commits cfe-commits at lists.llvm.org
Mon Apr 13 00:59:17 PDT 2026 

Author: Chandana Mudda
Date: 2026-04-13T13:29:12+05:30
New Revision: c76cb2ba3c43d09d4a273bf0fe14be55789d9370

URL: https://github.com/llvm/llvm-project/commit/c76cb2ba3c43d09d4a273bf0fe14be55789d9370
DIFF: https://github.com/llvm/llvm-project/commit/c76cb2ba3c43d09d4a273bf0fe14be55789d9370.diff

LOG: [analyzer] Refine default binding preservation in RegionStore (#189319)

Narrow the new setImplicitDefaultValue() guard so existing default
bindings are preserved only for aggregate-like cases.

The previous change was too broad and regressed normal
zero-initialization, causing new int[10]{} to be modeled as undefined
and emit a garbage-value warning instead of the expected analyzer
reports.

Added: 
    clang/test/Analysis/regionstore-zero-init.cpp

Modified: 
    clang/lib/StaticAnalyzer/Core/RegionStore.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
index 6ec66298e8c45..e1c031e5bb90e 100644
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -2566,11 +2566,12 @@ RegionStoreManager::setImplicitDefaultValue(LimitedRegionBindingsConstRef B,
   if (B.hasExhaustedBindingLimit())
     return B;
 
-  // Prefer to keep the previous default binding if we had one; that is likely a
-  // better choice than setting some arbitrary new default value.
-  // This isn't ideal (more of a hack), but better than dropping the more
-  // accurate default binding.
-  if (B.getDefaultBinding(R).has_value()) {
+  // Preserve an existing aggregate default binding. This handles partially
+  // initialized union-containing aggregates where bindAggregate() may already
+  // have installed a more precise default value at offset 0. Still allow
+  // implicit defaults for scalars and pointers so regular zero-initialization
+  // continues to work, e.g. for `new int[10]{}`.
+  if (T->isAggregateType() && B.getDefaultBinding(R).has_value()) {
     return B;
   }
 

diff  --git a/clang/test/Analysis/regionstore-zero-init.cpp b/clang/test/Analysis/regionstore-zero-init.cpp
new file mode 100644
index 0000000000000..7b9f6fe43c51b
--- /dev/null
+++ b/clang/test/Analysis/regionstore-zero-init.cpp
@@ -0,0 +1,9 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+
+void clang_analyzer_eval(int);
+
+void test_zero_initialized_new_array() {
+  int *p = new int[10]{};
+  clang_analyzer_eval(*p == 0); // expected-warning{{TRUE}}
+  delete[] p;
+}

More information about the cfe-commits mailing list