2064e82277
This API is used by checkers (and other entities) in order to track where does a value originate from, by jumping from an expression value of which is equal to that value to the expression from which this value has "appeared". For example, it may be an lvalue from which the rvalue was loaded, or a function call from which the dereferenced pointer was returned. The function now avoids incorrectly unwrapping implicit lvalue-to-rvalue casts, which caused crashes and incorrect intermediate diagnostic pieces. It also no longer relies on how the expression is written when guessing what it means. Fixes pr34373 and pr34731. rdar://problem/33594502 Differential Revision: https://reviews.llvm.org/D37023 llvm-svn: 314287
26 lines
834 B
C++
26 lines
834 B
C++
// RUN: %clang_analyze_cc1 -w -x c++ -analyzer-checker=core -analyzer-output=text -analyzer-eagerly-assume -verify %s
|
|
|
|
namespace pr34731 {
|
|
int b;
|
|
class c {
|
|
class B {
|
|
public:
|
|
double ***d;
|
|
B();
|
|
};
|
|
void e(double **, int);
|
|
void f(B &, int &);
|
|
};
|
|
|
|
// Properly track the null pointer in the array field back to the default
|
|
// constructor of 'h'.
|
|
void c::f(B &g, int &i) {
|
|
e(g.d[9], i); // expected-warning{{Array access (via field 'd') results in a null pointer dereference}}
|
|
// expected-note@-1{{Array access (via field 'd') results in a null pointer dereference}}
|
|
B h, a; // expected-note{{Value assigned to 'h.d'}}
|
|
a.d == __null; // expected-note{{Assuming the condition is true}}
|
|
a.d != h.d; // expected-note{{Assuming pointer value is null}}
|
|
f(h, b); // expected-note{{Calling 'c::f'}}
|
|
}
|
|
}
|