diff options
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | 18 | ||||
| -rw-r--r-- | clang/test/Analysis/fields.c | 11 | ||||
| -rw-r--r-- | clang/test/Analysis/reference.cpp | 4 | 
3 files changed, 13 insertions, 20 deletions
| diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp index 06216f83ea9..8e2c159ca7d 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1505,17 +1505,17 @@ void ExprEngine::VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred,    ProgramStateRef state = Pred->getState();    const LocationContext *LCtx = Pred->getLocationContext();    SVal baseExprVal = state->getSVal(baseExpr, Pred->getLocationContext()); - -  // If we're accessing a field of an rvalue, we need to treat it like a -  // temporary object. -  if (isa<NonLoc>(baseExprVal)) { -    const MemRegion *R  = -      svalBuilder.getRegionManager().getCXXTempObjectRegion(baseExpr, LCtx); -    SVal L = loc::MemRegionVal(R); -    state = state->bindLoc(L, baseExprVal); -    baseExprVal = L; +  if (isa<nonloc::LazyCompoundVal>(baseExprVal) || +      isa<nonloc::CompoundVal>(baseExprVal) || +      // FIXME: This can originate by conjuring a symbol for an unknown +      // temporary struct object, see test/Analysis/fields.c: +      // (p = getit()).x +      isa<nonloc::SymbolVal>(baseExprVal)) { +    Bldr.generateNode(M, Pred, state->BindExpr(M, LCtx, UnknownVal())); +    return;    } +  // For all other cases, compute an lvalue.        SVal L = state->getLValue(field, baseExprVal);    if (M->isGLValue()) {      ExplodedNodeSet Tmp; diff --git a/clang/test/Analysis/fields.c b/clang/test/Analysis/fields.c index a2b3dcf7384..a10d5a80601 100644 --- a/clang/test/Analysis/fields.c +++ b/clang/test/Analysis/fields.c @@ -1,6 +1,4 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection %s -analyzer-store=region -verify - -void clang_analyzer_eval(int); +// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core %s -analyzer-store=region -verify  unsigned foo();  typedef struct bf { unsigned x:2; } bf; @@ -35,10 +33,3 @@ void testNullAddress() {    int *px = &p->x; // expected-warning{{Access to field 'x' results in a dereference of a null pointer (loaded from variable 'p')}}    *px = 1; // No warning because analysis stops at the previous line.  } - -void testLazyCompoundVal() { -  Point p = {42, 0}; -  Point q; -  clang_analyzer_eval((q = p).x == 42); // expected-warning{{TRUE}} -  clang_analyzer_eval(q.x == 42); // expected-warning{{TRUE}} -} diff --git a/clang/test/Analysis/reference.cpp b/clang/test/Analysis/reference.cpp index ce0ee8ed57d..374f3f7261c 100644 --- a/clang/test/Analysis/reference.cpp +++ b/clang/test/Analysis/reference.cpp @@ -116,8 +116,10 @@ void testReferenceAddress(int &x) {    struct S { int &x; }; +  // FIXME: Should be TRUE. Fields of return-by-value structs are not yet +  // symbolicated. Tracked by <rdar://problem/12137950>.    extern S getS(); -  clang_analyzer_eval(&getS().x != 0); // expected-warning{{TRUE}} +  clang_analyzer_eval(&getS().x != 0); // expected-warning{{UNKNOWN}}    extern S *getSP();    clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{TRUE}} | 

