Index: clang/lib/StaticAnalyzer/Core/RegionStore.cpp =================================================================== --- clang/lib/StaticAnalyzer/Core/RegionStore.cpp +++ clang/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -2337,9 +2337,38 @@ const nonloc::CompoundVal& CV = V.castAs(); nonloc::CompoundVal::iterator VI = CV.begin(), VE = CV.end(); - RecordDecl::field_iterator FI, FE; RegionBindingsRef NewB(B); + // In C++17 aggregates may have base classes, handle those as well. + // They appear before fields in the initializer list / compound value. + if (const auto *CRD = dyn_cast(RD)) { + assert(CRD->isAggregate() && + "Non-aggregates are constructed with a constructor!"); + + for (const auto &B : CRD->bases()) { + // (Multiple inheritance is fine though.) + assert(!B.isVirtual() && "Aggregates cannot have virtual base classes!"); + + if (VI == VE) + break; + + QualType BTy = B.getType(); + assert(BTy->isStructureOrClassType() && "Base classes must be classes!"); + + const CXXRecordDecl *BRD = BTy->getAsCXXRecordDecl(); + assert(BRD && "Base classes must be C++ classes!"); + + const CXXBaseObjectRegion *BR = + MRMgr.getCXXBaseObjectRegion(BRD, R, /*IsVirtual=*/false); + + NewB = bindStruct(NewB, BR, *VI); + + ++VI; + } + } + + RecordDecl::field_iterator FI, FE; + for (FI = RD->field_begin(), FE = RD->field_end(); FI != FE; ++FI) { if (VI == VE) Index: clang/test/Analysis/array-struct-region.cpp =================================================================== --- clang/test/Analysis/array-struct-region.cpp +++ clang/test/Analysis/array-struct-region.cpp @@ -1,7 +1,21 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -x c %s -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -x c++ -analyzer-config c++-inlining=constructors %s -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -DINLINE -verify -x c %s -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -DINLINE -verify -x c++ -analyzer-config c++-inlining=constructors %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core\ +// RUN: -analyzer-checker=debug.ExprInspection -verify\ +// RUN: -x c %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core\ +// RUN: -analyzer-checker=debug.ExprInspection -verify\ +// RUN: -x c++ -std=c++14 %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core\ +// RUN: -analyzer-checker=debug.ExprInspection -verify\ +// RUN: -x c++ -std=c++17 %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core\ +// RUN: -analyzer-checker=debug.ExprInspection -verify\ +// RUN: -DINLINE -x c %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core\ +// RUN: -analyzer-checker=debug.ExprInspection -verify\ +// RUN: -DINLINE -x c++ -std=c++14 %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core\ +// RUN: -analyzer-checker=debug.ExprInspection -verify\ +// RUN: -DINLINE -x c++ -std=c++17 %s void clang_analyzer_eval(int); @@ -196,4 +210,49 @@ } } +#if __cplusplus >= 201703L +namespace aggregate_inheritance_cxx17 { +struct A { + int x; +}; + +struct B { + int y; +}; + +struct C: B { + int z; +}; + +struct D: A, C { + int w; +}; + +void foo() { + D d{1, 2, 3, 4}; + clang_analyzer_eval(d.x == 1); // expected-warning{{TRUE}} + clang_analyzer_eval(d.y == 2); // expected-warning{{TRUE}} + clang_analyzer_eval(d.z == 3); // expected-warning{{TRUE}} + clang_analyzer_eval(d.w == 4); // expected-warning{{TRUE}} +} +} // namespace aggregate_inheritance_cxx17 +#endif + +namespace flex_array_inheritance_cxx17 { +struct A { + int flexible_array[]; +}; + +struct B { + long cookie; +}; + +struct C : B { + A a; +}; + +void foo() { + C c{}; // no-crash +} +} // namespace flex_array_inheritance_cxx17 #endif