This is an archive of the discontinued LLVM Phabricator instance.

Differential D19851

Warn on binding reference to null in copy initialization
ClosedPublic

Authored by nicholas on May 2 2016, 10:09 PM.

Details

Reviewers
aaron.ballman
cfe-commits
rsmith
Summary

The attached patch adds a warning when placing a call like:

func(*static_cast<mystruct*>(nullptr));

to the existing -Wnull-dereference warning.

The existing warning catches the case where the empty lvalue undergoes lvalue-to-rvalue conversion. The attached patch adds the check when it is used for copy initialization.

There's some significant opportunity for refactoring with the static CheckForNullPointerDereference function in SemaExpr.cpp (not to be confused with the one I'm adding to SemaInit.cpp). Also, I've chosen different warning text since all cases where the existing warning fires get compiled to nothing, while cases where this warning fires may generate object code (creating "null references" usually).

Please review!

Diff Detail

Event Timeline

nicholas updated this revision to Diff 55941.May 2 2016, 10:09 PM
nicholas retitled this revision from to Warn on binding reference to null in copy initialization.
nicholas updated this object.
nicholas added a reviewer: cfe-commits.
aaron.ballman added a subscriber: aaron.ballman.May 3 2016, 5:33 AM
aaron.ballman added inline comments.
lib/Sema/SemaInit.cpp
3513

Can this take a const Expr * instead?

3632

const Expr * (or const auto *) instead?

test/CXX/expr/expr.prim/expr.prim.lambda/p5.cpp
39

Missing > in the diagnostic text (I know it's not required, but it looks a bit strange if that's the only part missing from the diagnostic text).

aaron.ballman added reviewers: rsmith, aaron.ballman.May 3 2016, 5:33 AM
nicholas marked 2 inline comments as done.May 4 2016, 12:16 AM

Richard Smith gave me some review feedback in person, the diagnostic should not be generated when setting up the Steps for the initializer sequence, but instead when InitializerSequence::Perform is called. This appears to work correctly and also catches a few more cases.

I did not expand this to SK_BindReferenceToTemporary, please review this decision. It's also missing missing bit-field and vector element checks that SK_BindReference has.

Also, I'd appreciate comments on the factoring with CheckForNullPointerDereference which was copied+pasted from SemaExpr.cpp. Please review this issue too, I did not expect to land the patch the way it's currently written.

test/CXX/expr/expr.prim/expr.prim.lambda/p5.cpp
39

What follows lambda is the path to the file, then the closing )>. I'd rather not include that part. I could make it up with .* just to balance the parens, but I think that's not worth it.

nicholas updated this revision to Diff 56100.May 4 2016, 12:22 AM
aaron.ballman accepted this revision.May 4 2016, 12:11 PM
aaron.ballman edited edge metadata.

This generally LGTM, but you should wait for @rsmith to sign off before committing.

test/CXX/expr/expr.prim/expr.prim.lambda/p5.cpp
39

Yeah, totally not worth it then. Thank you for the explanation.

This revision is now accepted and ready to land.May 4 2016, 12:11 PM
rsmith edited edge metadata.May 4 2016, 7:42 PM
In D19851#420762, @nicholas wrote:

I did not expand this to SK_BindReferenceToTemporary, please review this decision. It's also missing missing bit-field and vector element checks that SK_BindReference has.

That's fine. SK_BindReferenceToTemporary can never bind to a dereferenced null pointer.

lib/Sema/SemaInit.cpp
3514–3518

This comment doesn't make sense for this case. Binding a reference to a dereferenced null pointer isn't something that people would expect to trap. But the idea is the same: we might delete people's code and they're probably not expecting that.

3519–3522

It seems -- borderline -- worth factoring out these four lines between here and SemaExpr. Maybe isProvablyEmptyLvalue or similar, if you feel inclined to do so?

3523

I don't think we need to, or should, care whether the type is volatile-qualified here. The reference binding has undefined behavior either way. In SemaExpr we had this check because we wanted to warn people that we were going to delete their code, which we didn't do in the volatile case, but in this case we may delete the code even if it's a reference-to-volatile.

nicholas marked 2 inline comments as done.May 4 2016, 8:15 PM
nicholas added inline comments.
lib/Sema/SemaInit.cpp
3514–3518

We don't delete it, generally we "create a null reference" which is exactly what some programmers expect, when they think that references are just syntactically different pointers.

3519–3522

I'll pass. Initially I thought the two CheckForNullPointerDereference functions might be the same but for a diag::ID argument, but they're growing more and more different.

As for isProvablyEmptyLvalue we would still need to get the UO for the diagnostic anyways.

nicholas updated this revision to Diff 56235.May 4 2016, 8:15 PM
nicholas updated this revision to Diff 56236.
nicholas edited edge metadata.
nicholas marked an inline comment as done.

(Whoops, forgot to generate diff with full context for phab.)

nicholas updated this revision to Diff 56526.May 8 2016, 11:02 PM

Unsure why, but the previous diff didn't have the 'volatile' check removed.

rsmith accepted this revision.May 13 2016, 6:42 PM
rsmith edited edge metadata.
rsmith added inline comments.
include/clang/Basic/DiagnosticSemaKinds.td
5369

Maybe "binding dereferenced null pointer [...]"?

lib/Sema/SemaInit.cpp
6203

Something fishy in the indentation here?

nicholas closed this revision.May 14 2016, 10:50 AM

Closed by r269572.

Revision Contents

PathSize
include/
clang/
Basic/
2 lines
lib/
Sema/
15 lines
test/
CXX/
expr/
expr.prim/
expr.prim.lambda/
4 lines
Parser/
2 lines
SemaCXX/
6 lines
6 lines
4 lines
6 lines

Diff 56526

include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 5,359 Lines▼ Show 20 Linesdef err_typecheck_unary_expr : Error<
"invalid argument type %0 to unary expression">; "invalid argument type %0 to unary expression">;
def err_typecheck_indirection_requires_pointer : Error< def err_typecheck_indirection_requires_pointer : Error<
"indirection requires pointer operand (%0 invalid)">; "indirection requires pointer operand (%0 invalid)">;
def ext_typecheck_indirection_through_void_pointer : ExtWarn< def ext_typecheck_indirection_through_void_pointer : ExtWarn<
"ISO C++ does not allow indirection on operand of type %0">, "ISO C++ does not allow indirection on operand of type %0">,
InGroup<DiagGroup<"void-ptr-dereference">>; InGroup<DiagGroup<"void-ptr-dereference">>;
def warn_indirection_through_null : Warning< def warn_indirection_through_null : Warning<
"indirection of non-volatile null pointer will be deleted, not trap">, InGroup<NullDereference>; "indirection of non-volatile null pointer will be deleted, not trap">, InGroup<NullDereference>;
def warn_binding_null_to_reference : Warning<
"binding null pointer to reference has undefined behavior">, InGroup<NullDereference>;
rsmithUnsubmitted
Not Done
ReplyInline Actions

Maybe "binding dereferenced null pointer [...]"?

rsmith: Maybe "binding dereferenced null pointer [...]"?
def note_indirection_through_null : Note< def note_indirection_through_null : Note<
"consider using __builtin_trap() or qualifying pointer with 'volatile'">; "consider using __builtin_trap() or qualifying pointer with 'volatile'">;
def warn_pointer_indirection_from_incompatible_type : Warning< def warn_pointer_indirection_from_incompatible_type : Warning<
"dereference of type %1 that was reinterpret_cast from type %0 has undefined " "dereference of type %1 that was reinterpret_cast from type %0 has undefined "
"behavior">, "behavior">,
InGroup<UndefinedReinterpretCast>, DefaultIgnore; InGroup<UndefinedReinterpretCast>, DefaultIgnore;
def err_objc_object_assignment : Error< def err_objc_object_assignment : Error<
▲ Show 20 LinesShow All 3,114 LinesShow Last 20 Lines

lib/Sema/SemaInit.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,504 Lines▼ Show 20 Lines if (!Constructor->isInvalidDecl() &&
} }
} }
} }
// Perform overload resolution and return the result. // Perform overload resolution and return the result.
return CandidateSet.BestViableFunction(S, DeclLoc, Best); return CandidateSet.BestViableFunction(S, DeclLoc, Best);
} }
/// \brief Attempt initialization by constructor (C++ [dcl.init]), which /// \brief Attempt initialization by constructor (C++ [dcl.init]), which
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Can this take a const Expr * instead?

aaron.ballman: Can this take a `const Expr *` instead?
/// enumerates the constructors of the initialized entity and performs overload /// enumerates the constructors of the initialized entity and performs overload
/// resolution to select the best. /// resolution to select the best.
/// \param IsListInit Is this list-initialization? /// \param IsListInit Is this list-initialization?
/// \param IsInitListCopy Is this non-list-initialization resulting from a /// \param IsInitListCopy Is this non-list-initialization resulting from a
/// list-initialization from {x} where x is the same /// list-initialization from {x} where x is the same
rsmithUnsubmitted
Done
ReplyInline Actions

This comment doesn't make sense for this case. Binding a reference to a dereferenced null pointer isn't something that people would expect to trap. But the idea is the same: we might delete people's code and they're probably not expecting that.

rsmith: This comment doesn't make sense for this case. Binding a reference to a dereferenced null…
nicholasAuthorUnsubmitted
Not Done
ReplyInline Actions

We don't delete it, generally we "create a null reference" which is exactly what some programmers expect, when they think that references are just syntactically different pointers.

nicholas: We don't delete it, generally we "create a null reference" which is exactly what some…
/// type as the entity? /// type as the entity?
static void TryConstructorInitialization(Sema &S, static void TryConstructorInitialization(Sema &S,
const InitializedEntity &Entity, const InitializedEntity &Entity,
const InitializationKind &Kind, const InitializationKind &Kind,
rsmithUnsubmitted
Not Done
ReplyInline Actions

It seems -- borderline -- worth factoring out these four lines between here and SemaExpr. Maybe isProvablyEmptyLvalue or similar, if you feel inclined to do so?

rsmith: It seems -- borderline -- worth factoring out these four lines between here and SemaExpr. Maybe…
nicholasAuthorUnsubmitted
Not Done
ReplyInline Actions

I'll pass. Initially I thought the two CheckForNullPointerDereference functions might be the same but for a diag::ID argument, but they're growing more and more different.

As for isProvablyEmptyLvalue we would still need to get the UO for the diagnostic anyways.

nicholas: I'll pass. Initially I thought the two CheckForNullPointerDereference functions might be the…
MultiExprArg Args, QualType DestType, MultiExprArg Args, QualType DestType,
rsmithUnsubmitted
Done
ReplyInline Actions

I don't think we need to, or should, care whether the type is volatile-qualified here. The reference binding has undefined behavior either way. In SemaExpr we had this check because we wanted to warn people that we were going to delete their code, which we didn't do in the volatile case, but in this case we may delete the code even if it's a reference-to-volatile.

rsmith: I don't think we need to, or should, care whether the type is volatile-qualified here. The…
InitializationSequence &Sequence, InitializationSequence &Sequence,
bool IsListInit = false, bool IsListInit = false,
bool IsInitListCopy = false) { bool IsInitListCopy = false) {
assert((!IsListInit || (Args.size() == 1 && isa<InitListExpr>(Args[0]))) && assert((!IsListInit || (Args.size() == 1 && isa<InitListExpr>(Args[0]))) &&
"IsListInit must come with a single initializer list argument."); "IsListInit must come with a single initializer list argument.");
// The type we're constructing needs to be complete. // The type we're constructing needs to be complete.
if (!S.isCompleteType(Kind.getLocation(), DestType)) { if (!S.isCompleteType(Kind.getLocation(), DestType)) {
▲ Show 20 LinesShow All 92 Lines▼ Show 20 Linesstatic void TryConstructorInitialization(Sema &S,
// C++11 [over.match.list]p1: // C++11 [over.match.list]p1:
// In copy-list-initialization, if an explicit constructor is chosen, the // In copy-list-initialization, if an explicit constructor is chosen, the
// initializer is ill-formed. // initializer is ill-formed.
if (IsListInit && !Kind.AllowExplicit() && CtorDecl->isExplicit()) { if (IsListInit && !Kind.AllowExplicit() && CtorDecl->isExplicit()) {
Sequence.SetFailed(InitializationSequence::FK_ExplicitConstructor); Sequence.SetFailed(InitializationSequence::FK_ExplicitConstructor);
return; return;
} }
// Add the constructor initialization step. Any cv-qualification conversion is // Add the constructor initialization step. Any cv-qualification conversion is
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

const Expr * (or const auto *) instead?

aaron.ballman: `const Expr *` (or `const auto *`) instead?
// subsumed by the initialization. // subsumed by the initialization.
bool HadMultipleCandidates = (CandidateSet.size() > 1); bool HadMultipleCandidates = (CandidateSet.size() > 1);
Sequence.AddConstructorInitializationStep( Sequence.AddConstructorInitializationStep(
CtorDecl, Best->FoundDecl.getAccess(), DestType, HadMultipleCandidates, CtorDecl, Best->FoundDecl.getAccess(), DestType, HadMultipleCandidates,
IsListInit | IsInitListCopy, AsInitializerList); IsListInit | IsInitListCopy, AsInitializerList);
} }
static bool static bool
▲ Show 20 LinesShow All 2,547 Lines▼ Show 20 Linesstatic void CheckMoveOnConstruction(Sema &S, const Expr *InitExpr,
LParen = ArgLoc.getLocWithOffset(-1); LParen = ArgLoc.getLocWithOffset(-1);
S.Diag(CE->getLocStart(), diag::note_remove_move) S.Diag(CE->getLocStart(), diag::note_remove_move)
<< FixItHint::CreateRemoval(SourceRange(CallBegin, LParen)) << FixItHint::CreateRemoval(SourceRange(CallBegin, LParen))
<< FixItHint::CreateRemoval(SourceRange(RParen, RParen)); << FixItHint::CreateRemoval(SourceRange(RParen, RParen));
} }
static void CheckForNullPointerDereference(Sema &S, const Expr *E) {
// Check to see if we are dereferencing a null pointer. If so, this is
// undefined behavior, so warn about it. This only handles the pattern
// "*null", which is a very syntactic check.
if (const UnaryOperator *UO = dyn_cast<UnaryOperator>(E->IgnoreParenCasts()))
if (UO->getOpcode() == UO_Deref &&
UO->getSubExpr()->IgnoreParenCasts()->
isNullPointerConstant(S.Context, Expr::NPC_ValueDependentIsNotNull)) {
rsmithUnsubmitted
Not Done
ReplyInline Actions

Something fishy in the indentation here?

rsmith: Something fishy in the indentation here?
S.DiagRuntimeBehavior(UO->getOperatorLoc(), UO,
S.PDiag(diag::warn_binding_null_to_reference)
<< UO->getSubExpr()->getSourceRange());
}
}
ExprResult ExprResult
InitializationSequence::Perform(Sema &S, InitializationSequence::Perform(Sema &S,
const InitializedEntity &Entity, const InitializedEntity &Entity,
const InitializationKind &Kind, const InitializationKind &Kind,
MultiExprArg Args, MultiExprArg Args,
QualType *ResultType) { QualType *ResultType) {
if (Failed()) { if (Failed()) {
Diagnose(S, Entity, Kind, Args); Diagnose(S, Entity, Kind, Args);
▲ Show 20 LinesShow All 236 Lines▼ Show 20 Lines case SK_BindReference:
// to the result of a cast to reference type. // to the result of a cast to reference type.
if (const InitializedEntity *ExtendingEntity = if (const InitializedEntity *ExtendingEntity =
getEntityForTemporaryLifetimeExtension(&Entity)) getEntityForTemporaryLifetimeExtension(&Entity))
if (performReferenceExtension(CurInit.get(), ExtendingEntity)) if (performReferenceExtension(CurInit.get(), ExtendingEntity))
warnOnLifetimeExtension(S, Entity, CurInit.get(), warnOnLifetimeExtension(S, Entity, CurInit.get(),
/*IsInitializerList=*/false, /*IsInitializerList=*/false,
ExtendingEntity->getDecl()); ExtendingEntity->getDecl());
CheckForNullPointerDereference(S, CurInit.get());
break; break;
case SK_BindReferenceToTemporary: { case SK_BindReferenceToTemporary: {
// Make sure the "temporary" is actually an rvalue. // Make sure the "temporary" is actually an rvalue.
assert(CurInit.get()->isRValue() && "not a temporary"); assert(CurInit.get()->isRValue() && "not a temporary");
// Check exception specifications // Check exception specifications
if (S.CheckExceptionSpecCompatibility(CurInit.get(), DestType)) if (S.CheckExceptionSpecCompatibility(CurInit.get(), DestType))
▲ Show 20 LinesShow All 1,387 LinesShow Last 20 Lines

test/CXX/expr/expr.prim/expr.prim.lambda/p5.cpp

// RUN: %clang_cc1 -std=c++11 %s -Winvalid-noreturn -verify // RUN: %clang_cc1 -std=c++11 %s -Winvalid-noreturn -verify
// An attribute-specifier-seq in a lambda-declarator appertains to the // An attribute-specifier-seq in a lambda-declarator appertains to the
// type of the corresponding function call operator. // type of the corresponding function call operator.
void test_attributes() { void test_attributes() {
auto nrl = [](int x) -> int { if (x > 0) return x; }; // expected-warning{{control may reach end of non-void lambda}} auto nrl = [](int x) -> int { if (x > 0) return x; }; // expected-warning{{control may reach end of non-void lambda}}
// FIXME: GCC accepts the [[gnu::noreturn]] attribute here. // FIXME: GCC accepts the [[gnu::noreturn]] attribute here.
auto nrl2 = []() [[gnu::noreturn]] { return; }; // expected-warning{{attribute 'noreturn' ignored}} auto nrl2 = []() [[gnu::noreturn]] { return; }; // expected-warning{{attribute 'noreturn' ignored}}
} }
template<typename T> template<typename T>
struct bogus_override_if_virtual : public T { struct bogus_override_if_virtual : public T {
bogus_override_if_virtual() : T(*(T*)0) { } bogus_override_if_virtual() : T(*(T*)0) { } // expected-warning {{binding null pointer to reference has undefined behavior}}
int operator()() const; int operator()() const;
}; };
void test_quals() { void test_quals() {
// This function call operator is declared const (9.3.1) if and only // This function call operator is declared const (9.3.1) if and only
// if the lambda- expression's parameter-declaration-clause is not // if the lambda- expression's parameter-declaration-clause is not
// followed by mutable. // followed by mutable.
auto l = [=](){}; // expected-note{{method is not marked volatile}} auto l = [=](){}; // expected-note{{method is not marked volatile}}
const decltype(l) lc = l; const decltype(l) lc = l;
l(); l();
lc(); lc();
auto ml = [=]() mutable{}; // expected-note{{method is not marked const}} \ auto ml = [=]() mutable{}; // expected-note{{method is not marked const}} \
// expected-note{{method is not marked volatile}} // expected-note{{method is not marked volatile}}
const decltype(ml) mlc = ml; const decltype(ml) mlc = ml;
ml(); ml();
mlc(); // expected-error{{no matching function for call to object of type}} mlc(); // expected-error{{no matching function for call to object of type}}
// It is neither virtual nor declared volatile. // It is neither virtual nor declared volatile.
volatile decltype(l) lv = l; volatile decltype(l) lv = l;
volatile decltype(ml) mlv = ml; volatile decltype(ml) mlv = ml;
lv(); // expected-error{{no matching function for call to object of type}} lv(); // expected-error{{no matching function for call to object of type}}
mlv(); // expected-error{{no matching function for call to object of type}} mlv(); // expected-error{{no matching function for call to object of type}}
bogus_override_if_virtual<decltype(l)> bogus; bogus_override_if_virtual<decltype(l)> bogus; // expected-note{{in instantiation of member function 'bogus_override_if_virtual<(lambda}}
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Missing > in the diagnostic text (I know it's not required, but it looks a bit strange if that's the only part missing from the diagnostic text).

aaron.ballman: Missing `>` in the diagnostic text (I know it's not required, but it looks a bit strange if…
nicholasAuthorUnsubmitted
Not Done
ReplyInline Actions

What follows lambda is the path to the file, then the closing )>. I'd rather not include that part. I could make it up with .* just to balance the parens, but I think that's not worth it.

nicholas: What follows lambda is the path to the file, then the closing )>. I'd rather not include that…
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Yeah, totally not worth it then. Thank you for the explanation.

aaron.ballman: Yeah, totally not worth it then. Thank you for the explanation.
} }
// Core issue 974: default arguments (8.3.6) may be specified in the // Core issue 974: default arguments (8.3.6) may be specified in the
// parameter-declaration-clause of a lambda-declarator. // parameter-declaration-clause of a lambda-declarator.
int test_default_args() { int test_default_args() {
return [](int i = 5, int j = 17) { return i+j;}(5, 6); return [](int i = 5, int j = 17) { return i+j;}(5, 6);
} }
Show All 16 Lines

test/Parser/cxx-casting.cpp

Show All 31 Lines
char postfix_expr_test() char postfix_expr_test()
{ {
return reinterpret_cast<char*>(0xdeadbeef)[0]; return reinterpret_cast<char*>(0xdeadbeef)[0];
} }
// This was being incorrectly tentatively parsed. // This was being incorrectly tentatively parsed.
namespace test1 { namespace test1 {
template <class T> class A {}; // expected-note 2{{here}} template <class T> class A {}; // expected-note 2{{here}}
void foo() { A<int>(*(A<int>*)0); } void foo() { A<int>(*(A<int>*)0); } // expected-warning {{binding null pointer to reference has undefined behavior}}
} }
typedef char* c; typedef char* c;
typedef A* a; typedef A* a;
void test2(char x, struct B * b) { void test2(char x, struct B * b) {
(void)const_cast<::c>(&x); (void)const_cast<::c>(&x);
#if __cplusplus <= 199711L #if __cplusplus <= 199711L
// expected-error@-2 {{found '<::' after a const_cast which forms the digraph '<:' (aka '[') and a ':', did you mean '< ::'?}} // expected-error@-2 {{found '<::' after a const_cast which forms the digraph '<:' (aka '[') and a ':', did you mean '< ::'?}}
▲ Show 20 LinesShow All 102 LinesShow Last 20 Lines

test/SemaCXX/cstyle-cast.cpp

Show First 20 LinesShow All 78 Lines▼ Show 20 Linesvoid t_529_2()
int ar[1]; int ar[1];
(void)(const int*)(ar); (void)(const int*)(ar);
(void)(void (*)())(t_529_2); (void)(void (*)())(t_529_2);
(void)(void*)(0); (void)(void*)(0);
(void)(void*)((int*)0); (void)(void*)((int*)0);
(void)(volatile const void*)((const int*)0); (void)(volatile const void*)((const int*)0);
(void)(A*)((B*)0); (void)(A*)((B*)0);
(void)(A&)(*((B*)0)); (void)(A&)(*((B*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)(const B*)((C1*)0); (void)(const B*)((C1*)0);
(void)(B&)(*((C1*)0)); (void)(B&)(*((C1*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)(A*)((D*)0); (void)(A*)((D*)0);
(void)(const A&)(*((D*)0)); (void)(const A&)(*((D*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)(int B::*)((int A::*)0); (void)(int B::*)((int A::*)0);
(void)(void (B::*)())((void (A::*)())0); (void)(void (B::*)())((void (A::*)())0);
(void)(A*)((E*)0); // C-style cast ignores access control (void)(A*)((E*)0); // C-style cast ignores access control
(void)(void*)((const int*)0); // const_cast appended (void)(void*)((const int*)0); // const_cast appended
(void)(int)(Co1()); (void)(int)(Co1());
(void)(Co2)(1); (void)(Co2)(1);
(void)(Co3)((Co4)(Co3())); (void)(Co3)((Co4)(Co3()));
▲ Show 20 LinesShow All 133 LinesShow Last 20 Lines

test/SemaCXX/functional-cast.cpp

Show First 20 LinesShow All 120 Lines▼ Show 20 Linesvoid t_529_2()
typedef void *voidp; typedef void *voidp;
(void)voidp(0); (void)voidp(0);
(void)voidp((int*)0); (void)voidp((int*)0);
typedef volatile const void *vcvoidp; typedef volatile const void *vcvoidp;
(void)vcvoidp((const int*)0); (void)vcvoidp((const int*)0);
typedef A *Ap; typedef A *Ap;
(void)Ap((B*)0); (void)Ap((B*)0);
typedef A &Ar; typedef A &Ar;
(void)Ar(*((B*)0)); (void)Ar(*((B*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
typedef const B *cBp; typedef const B *cBp;
(void)cBp((C1*)0); (void)cBp((C1*)0);
typedef B &Br; typedef B &Br;
(void)Br(*((C1*)0)); (void)Br(*((C1*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)Ap((D*)0); (void)Ap((D*)0);
typedef const A &cAr; typedef const A &cAr;
(void)cAr(*((D*)0)); (void)cAr(*((D*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
typedef int B::*Bmp; typedef int B::*Bmp;
(void)Bmp((int A::*)0); (void)Bmp((int A::*)0);
typedef void (B::*Bmfp)(); typedef void (B::*Bmfp)();
(void)Bmfp((void (A::*)())0); (void)Bmfp((void (A::*)())0);
(void)Ap((E*)0); // functional-style cast ignores access control (void)Ap((E*)0); // functional-style cast ignores access control
(void)voidp((const int*)0); // const_cast appended (void)voidp((const int*)0); // const_cast appended
(void)int(Co1()); (void)int(Co1());
▲ Show 20 LinesShow All 178 LinesShow Last 20 Lines

test/SemaCXX/new-delete.cpp

Show First 20 LinesShow All 438 Lines▼ Show 20 Lines struct S {
S() { new Inner[1]; } S() { new Inner[1]; }
}; };
struct T { struct T {
}; };
template<typename X> template<typename X>
void tfn() { void tfn() {
new (*(PlacementArg*)0) T[1]; new (*(PlacementArg*)0) T[1]; // expected-warning 2 {{binding null pointer to reference has undefined behavior}}
} }
void fn() { void fn() {
tfn<int>(); tfn<int>(); // expected-note {{in instantiation of function template specialization 'r150682::tfn<int>' requested here}}
} }
} }
namespace P12023 { namespace P12023 {
struct CopyCounter struct CopyCounter
{ {
CopyCounter(); CopyCounter();
▲ Show 20 LinesShow All 75 LinesShow Last 20 Lines

test/SemaCXX/static-cast.cpp

Show All 37 Linesvoid t_529_2()
int ar[1]; int ar[1];
(void)static_cast<const int*>(ar); (void)static_cast<const int*>(ar);
(void)static_cast<void (*)()>(t_529_2); (void)static_cast<void (*)()>(t_529_2);
(void)static_cast<void*>(0); (void)static_cast<void*>(0);
(void)static_cast<void*>((int*)0); (void)static_cast<void*>((int*)0);
(void)static_cast<volatile const void*>((const int*)0); (void)static_cast<volatile const void*>((const int*)0);
(void)static_cast<A*>((B*)0); (void)static_cast<A*>((B*)0);
(void)static_cast<A&>(*((B*)0)); (void)static_cast<A&>(*((B*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)static_cast<const B*>((C1*)0); (void)static_cast<const B*>((C1*)0);
(void)static_cast<B&>(*((C1*)0)); (void)static_cast<B&>(*((C1*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)static_cast<A*>((D*)0); (void)static_cast<A*>((D*)0);
(void)static_cast<const A&>(*((D*)0)); (void)static_cast<const A&>(*((D*)0)); // expected-warning {{binding null pointer to reference has undefined behavior}}
(void)static_cast<int B::*>((int A::*)0); (void)static_cast<int B::*>((int A::*)0);
(void)static_cast<void (B::*)()>((void (A::*)())0); (void)static_cast<void (B::*)()>((void (A::*)())0);
(void)static_cast<int>(Co1()); (void)static_cast<int>(Co1());
(void)static_cast<Co2>(1); (void)static_cast<Co2>(1);
(void)static_cast<Co3>(static_cast<Co4>(Co3())); (void)static_cast<Co3>(static_cast<Co4>(Co3()));
// Bad code below // Bad code below
▲ Show 20 LinesShow All 146 LinesShow Last 20 Lines