From b41977f85254c4f8512200e5006fa56d55316d52 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jordan_rose@apple.com>
Date: Thu, 7 Mar 2013 01:23:25 +0000
Subject: [analyzer] Check for returning null references in ReturnUndefChecker.

Officially in the C++ standard, a null reference cannot exist. However,
it's still very easy to create one:

int &getNullRef() {
  int *p = 0;
  return *p;
}

We already check that binds to reference regions don't create null references.
This patch checks that we don't create null references by returning, either.

<rdar://problem/13364378>

llvm-svn: 176601
---
 clang/test/Analysis/reference.cpp | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'clang/test/Analysis/reference.cpp')

diff --git a/clang/test/Analysis/reference.cpp b/clang/test/Analysis/reference.cpp
index ce0ee8ed57d..ed05720fe66 100644
--- a/clang/test/Analysis/reference.cpp
+++ b/clang/test/Analysis/reference.cpp
@@ -135,6 +135,20 @@ void testFunctionPointerReturn(void *opaque) {
   clang_analyzer_eval(x == 42); // expected-warning{{TRUE}}
 }
 
+int &testReturnNullReference() {
+  int *x = 0;
+  return *x; // expected-warning{{Returning null reference}}
+}
+
+char &refFromPointer() {
+  return *ptr();
+}
+
+void testReturnReference() {
+  clang_analyzer_eval(ptr() == 0); // expected-warning{{UNKNOWN}}
+  clang_analyzer_eval(&refFromPointer() == 0); // expected-warning{{FALSE}}
+}
+
 
 // ------------------------------------
 // False negatives
@@ -147,9 +161,4 @@ namespace rdar11212286 {
     B *x = 0;
     return *x; // should warn here!
   }
-
-  B &testRef() {
-    B *x = 0;
-    return *x; // should warn here!
-  }
 }
-- 
cgit v1.2.3