Index: include/clang/Basic/DiagnosticGroups.td =================================================================== --- include/clang/Basic/DiagnosticGroups.td +++ include/clang/Basic/DiagnosticGroups.td @@ -38,7 +38,9 @@ def StringConversion : DiagGroup<"string-conversion">; def SignConversion : DiagGroup<"sign-conversion">; def PointerBoolConversion : DiagGroup<"pointer-bool-conversion">; -def BoolConversion : DiagGroup<"bool-conversion", [ PointerBoolConversion ] >; +def UndefinedBoolConversion : DiagGroup<"undefined-bool-conversion">; +def BoolConversion : DiagGroup<"bool-conversion", [PointerBoolConversion, + UndefinedBoolConversion]>; def IntConversion : DiagGroup<"int-conversion">; def EnumConversion : DiagGroup<"enum-conversion">; def FloatConversion : DiagGroup<"float-conversion">; @@ -298,10 +300,12 @@ def TautologicalOutOfRangeCompare : DiagGroup<"tautological-constant-out-of-range-compare">; def TautologicalPointerCompare : DiagGroup<"tautological-pointer-compare">; def TautologicalOverlapCompare : DiagGroup<"tautological-overlap-compare">; +def TautologicalUndefinedCompare : DiagGroup<"tautological-undefined-compare">; def TautologicalCompare : DiagGroup<"tautological-compare", [TautologicalOutOfRangeCompare, TautologicalPointerCompare, - TautologicalOverlapCompare]>; + TautologicalOverlapCompare, + TautologicalUndefinedCompare]>; def HeaderHygiene : DiagGroup<"header-hygiene">; def DuplicateDeclSpecifier : DiagGroup<"duplicate-decl-specifier">; def CompareDistinctPointerType : DiagGroup<"compare-distinct-pointer-types">; Index: include/clang/Basic/DiagnosticSemaKinds.td =================================================================== --- include/clang/Basic/DiagnosticSemaKinds.td +++ include/clang/Basic/DiagnosticSemaKinds.td @@ -2388,10 +2388,27 @@ "address of%select{| function| array}0 '%1' will always evaluate to " "'true'">, InGroup; +def warn_this_bool_conversion : Warning< + "'this' pointer cannot be null in well-defined C++ code; pointer may be " + "assumed always converted to a true value">, InGroup; +def warn_address_of_reference_bool_conversion : Warning< + "reference cannot be bound to dereferenced null pointer in well-defined C++ " + "code; pointer may be assumed always converted to a true value">, + InGroup; + def warn_null_pointer_compare : Warning< "comparison of %select{address of|function|array}0 '%1' %select{not |}2" "equal to a null pointer is always %select{true|false}2">, InGroup; +def warn_this_null_compare : Warning< + "'this' pointer cannot be null in well-defined C++ code; comparison may be " + "assumed to always evaluate to %select{true|false}0">, + InGroup; +def warn_address_of_reference_null_compare : Warning< + "reference cannot be bound to dereferenced null pointer in well-defined C++ " + "code; comparison maybe be assumed to always evaluate to " + "%select{true|false}0">, + InGroup; def note_function_warning_silence : Note< "prefix with the address-of operator to silence this warning">; Index: lib/Sema/SemaChecking.cpp =================================================================== --- lib/Sema/SemaChecking.cpp +++ lib/Sema/SemaChecking.cpp @@ -6168,6 +6168,13 @@ const bool IsCompare = NullKind != Expr::NPCK_NotNull; + if (isa(E)) { + unsigned DiagID = IsCompare ? diag::warn_this_null_compare + : diag::warn_this_bool_conversion; + Diag(E->getExprLoc(), DiagID) << E->getSourceRange() << Range << IsEqual; + return; + } + bool IsAddressOf = false; if (UnaryOperator *UO = dyn_cast(E)) { @@ -6197,9 +6204,14 @@ // Address of function is used to silence the function warning. if (IsFunction) return; - // Address of reference can be null. - if (T->isReferenceType()) + + if (T->isReferenceType()) { + unsigned DiagID = IsCompare + ? diag::warn_address_of_reference_null_compare + : diag::warn_address_of_reference_bool_conversion; + Diag(E->getExprLoc(), DiagID) << E->getSourceRange() << Range << IsEqual; return; + } } // Found nothing. Index: test/Analysis/inlining/path-notes.cpp =================================================================== --- test/Analysis/inlining/path-notes.cpp +++ test/Analysis/inlining/path-notes.cpp @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=text -analyzer-config c++-inlining=destructors -std=c++11 -verify %s -// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=plist-multi-file -analyzer-config c++-inlining=destructors -std=c++11 -analyzer-config path-diagnostics-alternate=false %s -o %t.plist +// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=text -analyzer-config c++-inlining=destructors -std=c++11 -verify -Wno-tautological-undefined-compare %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=plist-multi-file -analyzer-config c++-inlining=destructors -std=c++11 -analyzer-config path-diagnostics-alternate=false %s -o %t.plist -Wno-tautological-undefined-compare // RUN: FileCheck --input-file=%t.plist %s class Foo { Index: test/Analysis/misc-ps-region-store.cpp =================================================================== --- test/Analysis/misc-ps-region-store.cpp +++ test/Analysis/misc-ps-region-store.cpp @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -triple i386-apple-darwin9 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s -fexceptions -fcxx-exceptions -// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s -fexceptions -fcxx-exceptions +// RUN: %clang_cc1 -triple i386-apple-darwin9 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s -fexceptions -fcxx-exceptions -Wno-tautological-undefined-compare +// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s -fexceptions -fcxx-exceptions -Wno-tautological-undefined-compare void clang_analyzer_warnIfReached(); Index: test/Analysis/reference.cpp =================================================================== --- test/Analysis/reference.cpp +++ test/Analysis/reference.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-constraints=range -verify -Wno-null-dereference %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-constraints=range -verify -Wno-null-dereference -Wno-tautological-undefined-compare %s void clang_analyzer_eval(bool); Index: test/Analysis/stack-addr-ps.cpp =================================================================== --- test/Analysis/stack-addr-ps.cpp +++ test/Analysis/stack-addr-ps.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -verify %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -verify %s -Wno-undefined-bool-conversion typedef __INTPTR_TYPE__ intptr_t; Index: test/SemaCXX/warn-tautological-undefined-compare.cpp =================================================================== --- test/SemaCXX/warn-tautological-undefined-compare.cpp +++ test/SemaCXX/warn-tautological-undefined-compare.cpp @@ -0,0 +1,34 @@ +// RUN: %clang_cc1 -fsyntax-only -verify %s +// RUN: %clang_cc1 -fsyntax-only -verify -Wtautological-undefined-compare %s +// RUN: %clang_cc1 -fsyntax-only -verify -Wno-tautological-compare -Wtautological-undefined-compare %s +// RUN: %clang_cc1 -fsyntax-only -verify -Wtautological-compare %s + +void test1(int &x) { + if (x == 1) { } + if (&x == 0) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison maybe be assumed to always evaluate to false}} + if (&x != 0) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison maybe be assumed to always evaluate to true}} +} + +class test2 { + test2() : x(y) {} + + void foo() { + if (this == 0) { } + // expected-warning@-1{{'this' pointer cannot be null in well-defined C++ code; comparison may be assumed to always evaluate to false}} + if (this != 0) { } + // expected-warning@-1{{'this' pointer cannot be null in well-defined C++ code; comparison may be assumed to always evaluate to true}} + } + + void bar() { + if (x == 1) { } + if (&x == 0) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison maybe be assumed to always evaluate to false}} + if (&x != 0) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison maybe be assumed to always evaluate to true}} + } + + int &x; + int y; +}; Index: test/SemaCXX/warn-undefined-bool-conversion.cpp =================================================================== --- test/SemaCXX/warn-undefined-bool-conversion.cpp +++ test/SemaCXX/warn-undefined-bool-conversion.cpp @@ -0,0 +1,37 @@ +// RUN: %clang_cc1 -fsyntax-only -verify %s +// RUN: %clang_cc1 -fsyntax-only -verify -Wundefined-bool-conversion %s +// RUN: %clang_cc1 -fsyntax-only -verify -Wno-bool-conversion -Wundefined-bool-conversion %s +// RUN: %clang_cc1 -fsyntax-only -verify -Wbool-conversion %s + +void test1(int &x) { + if (x == 1) { } + if (&x) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; pointer may be assumed always converted to a true value}} + + if (!&x) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; pointer may be assumed always converted to a true value}} +} + +class test2 { + test2() : x(y) {} + + void foo() { + if (this) { } + // expected-warning@-1{{'this' pointer cannot be null in well-defined C++ code; pointer may be assumed always converted to a true value}} + + if (!this) { } + // expected-warning@-1{{'this' pointer cannot be null in well-defined C++ code; pointer may be assumed always converted to a true value}} + } + + void bar() { + if (x == 1) { } + if (&x) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; pointer may be assumed always converted to a true value}} + + if (!&x) { } + // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; pointer may be assumed always converted to a true value}} + } + + int &x; + int y; +};