[cfe-dev] [Analyzer] C++ Constructors Do Not Work

Anna Zaks via cfe-dev cfe-dev at lists.llvm.org
Mon Sep 14 11:31:10 PDT 2015 

Scott,

I suspect that the analyzer does not step into the constructor during the analysis but instead treats it as an opaque function. The temporary variable destructor support is lacking, so we choose not to “inline” or step into the constructors in some cases as well.

When this program is analyzed, objectCreate() is analyzed and the constructor of S is also analyzed as a top-level function. You can pass -analyzer-display-progress option to the analyzer to see the order in which the top-level functions are being analyzed. (http://clang-analyzer.llvm.org/checker_dev_manual.html)

Anna.

> On Sep 10, 2015, at 10:29 AM, scott constable via cfe-dev <cfe-dev at lists.llvm.org> wrote:
> 
> Hi All,
> 
> It seems that the clang static analyzer does not correctly handle C++ constructors. For example, I have the following code:
> 
> struct S {
> 	S(int x, int y, int z) {
> 		a = x;
> 		b = y;
> 		c = z;
> 	}
> 	int a;
> 	int b;
> 	int c;
> };
> 
> void objectCreate() {
> 	S *newS = new S(12, 0, 15);
> 	if (newS->b)
> 		newS->c++;
> 	else
> 		newS->a++;
> 	delete newS;
> }
> 
> Since newS->b initializes to 0, the expression "newS->a++" should never execute. However, the analyzer in fact generates two new states and evaluates both branches. If I replace the newS->b condition with the integer literal 0, then only the first branch is evaluated, as I would expect. I dug into this further, and found that newS's constructor is called AFTER objectCreate() has been evaluated. In other words, newS's constructor is called after "delete newS". This is clearly the wrong behavior.
> 
> This is not the first time I have observed C++ constructors being handled incorrectly. I also posted several weeks ago with the same observation regarding implicit copy constructors.
> 
> Any help would be so very appreciated, as this has been driving me crazy!
> 
> ~Scott Constable
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150914/ce2ccc75/attachment.html>

More information about the cfe-dev mailing list