diff options
| author | Devin Coughlin <dcoughlin@apple.com> | 2017-03-01 17:48:39 +0000 |
|---|---|---|
| committer | Devin Coughlin <dcoughlin@apple.com> | 2017-03-01 17:48:39 +0000 |
| commit | bfa8e28dbb980294dff83f13c4e78dbd76d32461 (patch) | |
| tree | 456ab77256ba5d996512e429b26770630f1e3193 | |
| parent | 8f23dd6d68b047f6d556808e7e3fc35db5f9bcca (diff) | |
| download | bcm5719-llvm-bfa8e28dbb980294dff83f13c4e78dbd76d32461.tar.gz bcm5719-llvm-bfa8e28dbb980294dff83f13c4e78dbd76d32461.zip | |
[analyzer] pr32088: Don't destroy the temporary if its initializer causes return.
In the following code involving GNU statement-expression extension:
struct S {
~S();
};
void foo() {
const S &x = ({ return; S(); });
}
function 'foo()' returns before reference x is initialized. We shouldn't call
the destructor for the temporary object lifetime-extended by 'x' in this case,
because the object never gets constructed in the first place.
The real problem is probably in the CFG somewhere, so this is a quick-and-dirty
hotfix rather than the perfect solution.
A patch by Artem Dergachev!
rdar://problem/30759076
Differential Revision: https://reviews.llvm.org/D30499
llvm-svn: 296646
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | 10 | ||||
| -rw-r--r-- | clang/test/Analysis/temporaries.cpp | 10 |
2 files changed, 19 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp index 7d0c8b4bdf8..350992849e0 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -615,7 +615,15 @@ void ExprEngine::ProcessAutomaticObjDtor(const CFGAutomaticObjDtor Dtor, const MemRegion *Region = dest.castAs<loc::MemRegionVal>().getRegion(); if (varType->isReferenceType()) { - Region = state->getSVal(Region).getAsRegion()->getBaseRegion(); + const MemRegion *ValueRegion = state->getSVal(Region).getAsRegion(); + if (!ValueRegion) { + // FIXME: This should not happen. The language guarantees a presence + // of a valid initializer here, so the reference shall not be undefined. + // It seems that we're calling destructors over variables that + // were not initialized yet. + return; + } + Region = ValueRegion->getBaseRegion(); varType = cast<TypedValueRegion>(Region)->getValueType(); } diff --git a/clang/test/Analysis/temporaries.cpp b/clang/test/Analysis/temporaries.cpp index 49cf070177f..cc39201b0c3 100644 --- a/clang/test/Analysis/temporaries.cpp +++ b/clang/test/Analysis/temporaries.cpp @@ -493,3 +493,13 @@ namespace PR16629 { clang_analyzer_eval(x == 47); // expected-warning{{TRUE}} } } + +namespace PR32088 { + void testReturnFromStmtExprInitializer() { + // We shouldn't try to destroy the object pointed to by `obj' upon return. + const NonTrivial &obj = ({ + return; // no-crash + NonTrivial(42); + }); + } +} |
