diff options
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp | 5 | ||||
| -rw-r--r-- | clang/test/Analysis/inlining/inline-defensive-checks.c | 18 | ||||
| -rw-r--r-- | clang/test/Analysis/nullptr.cpp | 5 |
3 files changed, 25 insertions, 3 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp index 7304d789431..993c5857088 100644 --- a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -1142,9 +1142,12 @@ bool bugreporter::trackNullOrUndefValue(const ExplodedNode *N, else RVal = state->getSVal(L->getRegion()); - const MemRegion *RegionRVal = RVal.getAsRegion(); report.addVisitor(llvm::make_unique<UndefOrNullArgVisitor>(L->getRegion())); + if (Optional<KnownSVal> KV = RVal.getAs<KnownSVal>()) + report.addVisitor(llvm::make_unique<FindLastStoreBRVisitor>( + *KV, L->getRegion(), EnableNullFPSuppression)); + const MemRegion *RegionRVal = RVal.getAsRegion(); if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) { report.markInteresting(RegionRVal); report.addVisitor(llvm::make_unique<TrackConstraintBRVisitor>( diff --git a/clang/test/Analysis/inlining/inline-defensive-checks.c b/clang/test/Analysis/inlining/inline-defensive-checks.c index 9f211b502bc..7440c77736e 100644 --- a/clang/test/Analysis/inlining/inline-defensive-checks.c +++ b/clang/test/Analysis/inlining/inline-defensive-checks.c @@ -190,3 +190,21 @@ void idcTrackZeroValueThroughUnaryPointerOperatorsWithArrayField(struct S2 *s) { idc(s); *(&(s->a[0])) = 7; // no-warning } + +void idcTrackConstraintThroughSymbolicRegion(int **x) { + idc(*x); + // FIXME: Should not warn. + **x = 7; // expected-warning{{Dereference of null pointer}} +} + +int *idcPlainNull(int coin) { + if (coin) + return 0; + static int X; + return &X; +} + +void idcTrackZeroValueThroughSymbolicRegion(int coin, int **x) { + *x = idcPlainNull(coin); + **x = 7; // no-warning +} diff --git a/clang/test/Analysis/nullptr.cpp b/clang/test/Analysis/nullptr.cpp index b3e61c9defb..38e099b7fbd 100644 --- a/clang/test/Analysis/nullptr.cpp +++ b/clang/test/Analysis/nullptr.cpp @@ -142,8 +142,9 @@ void shouldNotCrash() { // expected-note@-1{{Passing null pointer value via 1st parameter 'x'}} if (getSymbol()) { // expected-note {{Assuming the condition is true}} // expected-note@-1{{Taking true branch}} - X *x = Type().x; // expected-note{{'x' initialized to a null pointer value}} - x->f(); // expected-warning{{Called C++ object pointer is null}} + X *xx = Type().x; // expected-note {{Null pointer value stored to field 'x'}} + // expected-note@-1{{'xx' initialized to a null pointer value}} + xx->f(); // expected-warning{{Called C++ object pointer is null}} // expected-note@-1{{Called C++ object pointer is null}} } } |
