diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2012-10-01 19:07:15 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2012-10-01 19:07:15 +0000 |
| commit | 12024f8776fdfbf2c85e1b366d6709db6e56576f (patch) | |
| tree | b859f1b59dd05a8a5facebf3f265491fe9c8e26b /clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | |
| parent | c491c3f27aabda38ff269c36c4de144b6905170b (diff) | |
| download | bcm5719-llvm-12024f8776fdfbf2c85e1b366d6709db6e56576f.tar.gz bcm5719-llvm-12024f8776fdfbf2c85e1b366d6709db6e56576f.zip | |
Revert "[analyzer] Check that a member expr is valid even when the result is an lvalue."
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
This reverts r164441 / 9be016dcd1ca3986873a7b66bd4bc027309ceb59.
llvm-svn: 164958
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/ExprEngine.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp index 0e488646458..007bcf52085 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1515,30 +1515,22 @@ void ExprEngine::VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred, return; } + // FIXME: Should we insert some assumption logic in here to determine + // if "Base" is a valid piece of memory? Before we put this assumption + // later when using FieldOffset lvals (which we no longer have). + // For all other cases, compute an lvalue. SVal L = state->getLValue(field, baseExprVal); if (M->isGLValue()) { - ExplodedNodeSet Tmp; - Bldr.takeNodes(Pred); - evalLocation(Tmp, M, M, Pred, state, baseExprVal, - /*Tag=*/0, /*isLoad=*/true); - Bldr.addNodes(Tmp); - - const MemRegion *ReferenceRegion = 0; if (field->getType()->isReferenceType()) { - ReferenceRegion = L.getAsRegion(); - if (!ReferenceRegion) + if (const MemRegion *R = L.getAsRegion()) + L = state->getSVal(R); + else L = UnknownVal(); } - for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I != E; ++I){ - state = (*I)->getState(); - if (ReferenceRegion) - L = state->getSVal(ReferenceRegion); - - Bldr.generateNode(M, (*I), state->BindExpr(M, LCtx, L), 0, - ProgramPoint::PostLValueKind); - } + Bldr.generateNode(M, Pred, state->BindExpr(M, LCtx, L), 0, + ProgramPoint::PostLValueKind); } else { Bldr.takeNodes(Pred); evalLoad(Dst, M, M, Pred, state, L); |
