This is an archive of the discontinued LLVM Phabricator instance.

IMO std::addressof() should be modelled via evalCall as a pure function, instead of hacking it into the InnerPtrChecker.
It is overloaded to accept const T& as well, so the comment about "std::addressof function accepts a non-const reference as an argument" is not entirely true.

In D99260#2650201, @steakhal wrote:

I recommend splitting this into two. I would happily accept the part about std::data().

IMO std::addressof() should be modelled via evalCall as a pure function, instead of hacking it into the InnerPtrChecker.

It does make sense to split these in two, but I'm not so sure about evalCall. It is definitely not something that InnerPtrChecker should be bothered with. Another point is that std::addressof might be only one of the function receiving a non-const reference and not modifying it, so it would
be nice to have a place in this checker where such exception is made.

It is overloaded to accept const T& as well, so the comment about "std::addressof function accepts a non-const reference as an argument" is not entirely true.

But it has a T & overload as well, and this is the one causing the FP.

martong added inline comments.Mar 30 2021, 6:47 AM

clang/test/Analysis/inner-pointer.cpp
23	Seems like all test are exercising with std::string, this looks like a legacy in this Checker. Still, I miss a bit at least one test for the other overloads of `std::data`, maybe in a follow up patch?
378–392	So these are the FP cases that you are trying to solve? Would be nice to see more details about the bug report (rdar://73463300) if that is not proprietary.

vsavchenko added inline comments.Mar 31 2021, 7:16 AM

clang/test/Analysis/inner-pointer.cpp
23	I can add it here, but what other test you suggest to add?
378–392	std::optional<std::string> str = "example"; char* dup = strndup(str->c_str(), str->size()); `std::optional::operator->` uses `std::addressof` and the analyzer thinks that the pointer might get changed and raises the alarm. I decided not to replicate `std::optional` in tests, and get straight to the point.

martong added inline comments.Mar 31 2021, 7:47 AM

clang/test/Analysis/inner-pointer.cpp

For example,

char a[20];
auto c = std::data(s);
consume(c);

Would this produce a warning?

Similarly to initializer list:

template <class E> 
constexpr const E* data(std::initializer_list<E> il) noexcept
{
    return il.begin();
}

int test() {
    auto IL = {0,1,2};
    const auto I = data(IL);
    consume(I);
    return 0;
}

378–392

Okay, thanks, makes sense.

It does make sense to split these in two, but I'm not so sure about evalCall.

evalCall should work great for this purpose but definitely not in this checker. Also this checker would still exercise its checkPostCall so it would still need to be silenced even if evalCall is implemented.

clang/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp
234	This will crash if someone overloads `std::data` with 0 arguments because your `CallDescription`s don't require a specific number of arguments. (They're not allowed to do that, yes, but we're still not allowed to crash.)

Require std::data to accept exactly 1 argument

vsavchenko marked an inline comment as done.Apr 8 2021, 6:18 AM

Harbormaster completed remote builds in B97704: Diff 336077.Apr 8 2021, 6:51 AM

Looks great now, thanks!

This revision is now accepted and ready to land.Apr 8 2021, 9:35 AM

I'm still not satisfied with the addressof, but I won't block this either.

This revision was landed with ongoing or failed builds.Apr 8 2021, 10:30 AM

Closed by commit rG663ac91ed1d6: [analyzer] Fix false positives in inner pointer checker (PR49628) (authored by vsavchenko). · Explain Why

This revision was automatically updated to reflect the committed changes.

vsavchenko added a commit: rG663ac91ed1d6: [analyzer] Fix false positives in inner pointer checker (PR49628).

In https://bugs.llvm.org/show_bug.cgi?id=45786 the godbolt link shows that there are still problems with addressof (yes, their "trunk" clang is fresh enough). They seem to have __addressof instead of addressof so maybe we should cover that case real quick. Or maybe outright suppress reference invalidation on double-underscore functions because the checker generally relies on the number of standard functions that don't invalidate references while taking a non-const reference being very limited but this limit definitely doesn't take double-underscore functions into account.

In D99260#2704102, @NoQ wrote:

In https://bugs.llvm.org/show_bug.cgi?id=45786 the godbolt link shows that there are still problems with addressof (yes, their "trunk" clang is fresh enough). They seem to have __addressof instead of addressof so maybe we should cover that case real quick. Or maybe outright suppress reference invalidation on double-underscore functions because the checker generally relies on the number of standard functions that don't invalidate references while taking a non-const reference being very limited but this limit definitely doesn't take double-underscore functions into account.

What is the status quo of this issue? @vsavchenko

In D99260#2751967, @steakhal wrote:

In D99260#2704102, @NoQ wrote:

In https://bugs.llvm.org/show_bug.cgi?id=45786 the godbolt link shows that there are still problems with addressof (yes, their "trunk" clang is fresh enough). They seem to have __addressof instead of addressof so maybe we should cover that case real quick. Or maybe outright suppress reference invalidation on double-underscore functions because the checker generally relies on the number of standard functions that don't invalidate references while taking a non-const reference being very limited but this limit definitely doesn't take double-underscore functions into account.

What is the status quo of this issue? @vsavchenko

Ah, yep. Just got back from my vacation!
I'm not sure about shooting off double underscore functions because one never knows what weird coding conventions people have in their project (all TU-local static functions should be named like this for better visibility at their call sites, for example). Being more specific and dealing with std::__ can be better, but I think a quick hack specifically for std::__addressof is better atm.

Based on the comment from @vsavchenko , I had made an addition for a check for __addressof alongside addressof in the checker. What would be the correct way of pushing the diff here? Should I reopen this revision or use the update diff button on the top? I apologize, I'm completely new to pushing changes to LLVM.

Thanks,

Herald added a subscriber: manas. · View Herald TranscriptAug 4 2021, 11:31 AM

alishuja mentioned this in D109467: [analyzer] check for std::__addressof for inner pointer checker.Sep 8 2021, 2:49 PM

steakhal mentioned this in rGcf7cd664f3fd: [analyzer] Check for std::__addressof for inner pointer checker.May 3 2022, 5:05 AM

Revision Contents

Path

Size

clang/

lib/

StaticAnalyzer/

Checkers/

InnerPointerChecker.cpp

80 lines

test/

Analysis/

inner-pointer.cpp

30 lines

Diff 336163

clang/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp

Show All 28 Lines
REGISTER_MAP_WITH_PROGRAMSTATE(RawPtrMap, const MemRegion *, PtrSet)		REGISTER_MAP_WITH_PROGRAMSTATE(RawPtrMap, const MemRegion *, PtrSet)


namespace {		namespace {

class InnerPointerChecker		class InnerPointerChecker
: public Checker<check::DeadSymbols, check::PostCall> {		: public Checker<check::DeadSymbols, check::PostCall> {

CallDescription AppendFn, AssignFn, ClearFn, CStrFn, DataFn, EraseFn,		CallDescription AppendFn, AssignFn, AddressofFn, ClearFn, CStrFn, DataFn,
InsertFn, PopBackFn, PushBackFn, ReplaceFn, ReserveFn, ResizeFn,		DataMemberFn, EraseFn, InsertFn, PopBackFn, PushBackFn, ReplaceFn,
ShrinkToFitFn, SwapFn;		ReserveFn, ResizeFn, ShrinkToFitFn, SwapFn;

public:		public:
class InnerPointerBRVisitor : public BugReporterVisitor {		class InnerPointerBRVisitor : public BugReporterVisitor {
SymbolRef PtrToBuf;		SymbolRef PtrToBuf;

public:		public:
InnerPointerBRVisitor(SymbolRef Sym) : PtrToBuf(Sym) {}		InnerPointerBRVisitor(SymbolRef Sym) : PtrToBuf(Sym) {}

Show All 20 Lines	bool isSymbolTracked(ProgramStateRef State, SymbolRef Sym) {
}		}
return false;		return false;
}		}
};		};

InnerPointerChecker()		InnerPointerChecker()
: AppendFn({"std", "basic_string", "append"}),		: AppendFn({"std", "basic_string", "append"}),
AssignFn({"std", "basic_string", "assign"}),		AssignFn({"std", "basic_string", "assign"}),
		AddressofFn({"std", "addressof"}),
ClearFn({"std", "basic_string", "clear"}),		ClearFn({"std", "basic_string", "clear"}),
CStrFn({"std", "basic_string", "c_str"}),		CStrFn({"std", "basic_string", "c_str"}), DataFn({"std", "data"}, 1),
DataFn({"std", "basic_string", "data"}),		DataMemberFn({"std", "basic_string", "data"}),
EraseFn({"std", "basic_string", "erase"}),		EraseFn({"std", "basic_string", "erase"}),
InsertFn({"std", "basic_string", "insert"}),		InsertFn({"std", "basic_string", "insert"}),
PopBackFn({"std", "basic_string", "pop_back"}),		PopBackFn({"std", "basic_string", "pop_back"}),
PushBackFn({"std", "basic_string", "push_back"}),		PushBackFn({"std", "basic_string", "push_back"}),
ReplaceFn({"std", "basic_string", "replace"}),		ReplaceFn({"std", "basic_string", "replace"}),
ReserveFn({"std", "basic_string", "reserve"}),		ReserveFn({"std", "basic_string", "reserve"}),
ResizeFn({"std", "basic_string", "resize"}),		ResizeFn({"std", "basic_string", "resize"}),
ShrinkToFitFn({"std", "basic_string", "shrink_to_fit"}),		ShrinkToFitFn({"std", "basic_string", "shrink_to_fit"}),
SwapFn({"std", "basic_string", "swap"}) {}		SwapFn({"std", "basic_string", "swap"}) {}

/// Check whether the called member function potentially invalidates		/// Check whether the called member function potentially invalidates
/// pointers referring to the container object's inner buffer.		/// pointers referring to the container object's inner buffer.
bool isInvalidatingMemberFunction(const CallEvent &Call) const;		bool isInvalidatingMemberFunction(const CallEvent &Call) const;

		/// Check whether the called function returns a raw inner pointer.
		bool isInnerPointerAccessFunction(const CallEvent &Call) const;

/// Mark pointer symbols associated with the given memory region released		/// Mark pointer symbols associated with the given memory region released
/// in the program state.		/// in the program state.
void markPtrSymbolsReleased(const CallEvent &Call, ProgramStateRef State,		void markPtrSymbolsReleased(const CallEvent &Call, ProgramStateRef State,
const MemRegion *ObjRegion,		const MemRegion *ObjRegion,
CheckerContext &C) const;		CheckerContext &C) const;

/// Standard library functions that take a non-const `basic_string` argument by		/// Standard library functions that take a non-const `basic_string` argument by
/// reference may invalidate its inner pointers. Check for these cases and		/// reference may invalidate its inner pointers. Check for these cases and
Show All 24 Lines	return (isa<CXXDestructorCall>(Call) \|\| Call.isCalled(AppendFn) \|\|
Call.isCalled(AssignFn) \|\| Call.isCalled(ClearFn) \|\|		Call.isCalled(AssignFn) \|\| Call.isCalled(ClearFn) \|\|
Call.isCalled(EraseFn) \|\| Call.isCalled(InsertFn) \|\|		Call.isCalled(EraseFn) \|\| Call.isCalled(InsertFn) \|\|
Call.isCalled(PopBackFn) \|\| Call.isCalled(PushBackFn) \|\|		Call.isCalled(PopBackFn) \|\| Call.isCalled(PushBackFn) \|\|
Call.isCalled(ReplaceFn) \|\| Call.isCalled(ReserveFn) \|\|		Call.isCalled(ReplaceFn) \|\| Call.isCalled(ReserveFn) \|\|
Call.isCalled(ResizeFn) \|\| Call.isCalled(ShrinkToFitFn) \|\|		Call.isCalled(ResizeFn) \|\| Call.isCalled(ShrinkToFitFn) \|\|
Call.isCalled(SwapFn));		Call.isCalled(SwapFn));
}		}

		bool InnerPointerChecker::isInnerPointerAccessFunction(
		const CallEvent &Call) const {
		return (Call.isCalled(CStrFn) \|\| Call.isCalled(DataFn) \|\|
		Call.isCalled(DataMemberFn));
		}

void InnerPointerChecker::markPtrSymbolsReleased(const CallEvent &Call,		void InnerPointerChecker::markPtrSymbolsReleased(const CallEvent &Call,
ProgramStateRef State,		ProgramStateRef State,
const MemRegion *MR,		const MemRegion *MR,
CheckerContext &C) const {		CheckerContext &C) const {
if (const PtrSet *PS = State->get<RawPtrMap>(MR)) {		if (const PtrSet *PS = State->get<RawPtrMap>(MR)) {
const Expr *Origin = Call.getOriginExpr();		const Expr *Origin = Call.getOriginExpr();
for (const auto Symbol : *PS) {		for (const auto Symbol : *PS) {
// NOTE: `Origin` may be null, and will be stored so in the symbol's		// NOTE: `Origin` may be null, and will be stored so in the symbol's
Show All 26 Lines	for (unsigned I = 0, E = FD->getNumParams(); I != E; ++I) {
unsigned ArgI = isaMemberOpCall ? I+1 : I;		unsigned ArgI = isaMemberOpCall ? I+1 : I;

SVal Arg = FC->getArgSVal(ArgI);		SVal Arg = FC->getArgSVal(ArgI);
const auto *ArgRegion =		const auto *ArgRegion =
dyn_cast_or_null<TypedValueRegion>(Arg.getAsRegion());		dyn_cast_or_null<TypedValueRegion>(Arg.getAsRegion());
if (!ArgRegion)		if (!ArgRegion)
continue;		continue;

		// std::addressof function accepts a non-const reference as an argument,
		// but doesn't modify it.
		if (Call.isCalled(AddressofFn))
		continue;

markPtrSymbolsReleased(Call, State, ArgRegion, C);		markPtrSymbolsReleased(Call, State, ArgRegion, C);
}		}
}		}
}		}

// [string.require]		// [string.require]
//		//
// "References, pointers, and iterators referring to the elements of a		// "References, pointers, and iterators referring to the elements of a
// basic_string sequence may be invalidated by the following uses of that		// basic_string sequence may be invalidated by the following uses of that
// basic_string object:		// basic_string object:
//		//
// -- As an argument to any standard library function taking a reference		// -- As an argument to any standard library function taking a reference
// to non-const basic_string as an argument. For example, as an argument to		// to non-const basic_string as an argument. For example, as an argument to
// non-member functions swap(), operator>>(), and getline(), or as an argument		// non-member functions swap(), operator>>(), and getline(), or as an argument
// to basic_string::swap().		// to basic_string::swap().
//		//
// -- Calling non-const member functions, except operator[], at, front, back,		// -- Calling non-const member functions, except operator[], at, front, back,
// begin, rbegin, end, and rend."		// begin, rbegin, end, and rend."

void InnerPointerChecker::checkPostCall(const CallEvent &Call,		void InnerPointerChecker::checkPostCall(const CallEvent &Call,
CheckerContext &C) const {		CheckerContext &C) const {
ProgramStateRef State = C.getState();		ProgramStateRef State = C.getState();

if (const auto *ICall = dyn_cast<CXXInstanceCall>(&Call)) {
// TODO: Do we need these to be typed?		// TODO: Do we need these to be typed?
const auto *ObjRegion = dyn_cast_or_null<TypedValueRegion>(		const TypedValueRegion *ObjRegion = nullptr;

		if (const auto *ICall = dyn_cast<CXXInstanceCall>(&Call)) {
		ObjRegion = dyn_cast_or_null<TypedValueRegion>(
ICall->getCXXThisVal().getAsRegion());		ICall->getCXXThisVal().getAsRegion());

		// Check [string.require] / second point.
		if (isInvalidatingMemberFunction(Call)) {
		markPtrSymbolsReleased(Call, State, ObjRegion, C);
		return;
		}
		}

		if (isInnerPointerAccessFunction(Call)) {

		if (isa<SimpleFunctionCall>(Call)) {
		// NOTE: As of now, we only have one free access function: std::data.
		// If we add more functions like this in the list, hardcoded
		// argument index should be changed.
		ObjRegion =
		dyn_cast_or_null<TypedValueRegion>(Call.getArgSVal(0).getAsRegion());
		NoQUnsubmitted Done Reply Inline Actions This will crash if someone overloads `std::data` with 0 arguments because your `CallDescription`s don't require a specific number of arguments. (They're not allowed to do that, yes, but we're still not allowed to crash.) NoQ: This will crash if someone overloads `std::data` with 0 arguments because your…
		}

if (!ObjRegion)		if (!ObjRegion)
return;		return;

if (Call.isCalled(CStrFn) \|\| Call.isCalled(DataFn)) {
SVal RawPtr = Call.getReturnValue();		SVal RawPtr = Call.getReturnValue();
if (SymbolRef Sym = RawPtr.getAsSymbol(/IncludeBaseRegions=/true)) {		if (SymbolRef Sym = RawPtr.getAsSymbol(/IncludeBaseRegions=/true)) {
// Start tracking this raw pointer by adding it to the set of symbols		// Start tracking this raw pointer by adding it to the set of symbols
// associated with this container object in the program state map.		// associated with this container object in the program state map.

PtrSet::Factory &F = State->getStateManager().get_context<PtrSet>();		PtrSet::Factory &F = State->getStateManager().get_context<PtrSet>();
const PtrSet *SetPtr = State->get<RawPtrMap>(ObjRegion);		const PtrSet *SetPtr = State->get<RawPtrMap>(ObjRegion);
PtrSet Set = SetPtr ? *SetPtr : F.getEmptySet();		PtrSet Set = SetPtr ? *SetPtr : F.getEmptySet();
assert(C.wasInlined \|\| !Set.contains(Sym));		assert(C.wasInlined \|\| !Set.contains(Sym));
Set = F.add(Set, Sym);		Set = F.add(Set, Sym);

State = State->set<RawPtrMap>(ObjRegion, Set);		State = State->set<RawPtrMap>(ObjRegion, Set);
C.addTransition(State);		C.addTransition(State);
}		}
return;
}

// Check [string.require] / second point.
if (isInvalidatingMemberFunction(Call)) {
markPtrSymbolsReleased(Call, State, ObjRegion, C);
return;		return;
}		}
}

// Check [string.require] / first point.		// Check [string.require] / first point.
checkFunctionArguments(Call, State, C);		checkFunctionArguments(Call, State, C);
}		}

void InnerPointerChecker::checkDeadSymbols(SymbolReaper &SymReaper,		void InnerPointerChecker::checkDeadSymbols(SymbolReaper &SymReaper,
CheckerContext &C) const {		CheckerContext &C) const {
ProgramStateRef State = C.getState();		ProgramStateRef State = C.getState();
▲ Show 20 Lines • Show All 76 Lines • Show Last 20 Lines

clang/test/Analysis/inner-pointer.cpp

Show All 11 Lines
void func_const_ref(const T &a);		void func_const_ref(const T &a);

template <typename T>		template <typename T>
void func_value(T a);		void func_value(T a);

string my_string = "default";		string my_string = "default";
void default_arg(int a = 42, string &b = my_string);		void default_arg(int a = 42, string &b = my_string);

		template <class T>
		T *addressof(T &arg);

		char *data(std::string &c);
		martongUnsubmitted Not Done Reply Inline Actions Seems like all test are exercising with std::string, this looks like a legacy in this Checker. Still, I miss a bit at least one test for the other overloads of `std::data`, maybe in a follow up patch? martong: Seems like all test are exercising with std::string, this looks like a legacy in this Checker.
		vsavchenkoAuthorUnsubmitted Done Reply Inline Actions I can add it here, but what other test you suggest to add? vsavchenko: I can add it here, but what other test you suggest to add?
		martongUnsubmitted Not Done Reply Inline Actions For example, char a[20]; auto c = std::data(s); consume(c); Would this produce a warning? Similarly to initializer list: template <class E> constexpr const E* data(std::initializer_list<E> il) noexcept { return il.begin(); } int test() { auto IL = {0,1,2}; const auto I = data(IL); consume(I); return 0; } martong: For example, ``` char a[20]; auto c = std::data(s); consume(c); ``` Would this…

} // end namespace std		} // end namespace std

void consume(const char *) {}		void consume(const char *) {}
void consume(const wchar_t *) {}		void consume(const wchar_t *) {}
void consume(const char16_t *) {}		void consume(const char16_t *) {}
void consume(const char32_t *) {}		void consume(const char32_t *) {}

//=--------------------------------------=//		//=--------------------------------------=//
▲ Show 20 Lines • Show All 240 Lines • ▼ Show 20 Lines	void deref_after_swap() {
const char *c;		const char *c;
std::string s1, s2;		std::string s1, s2;
c = s1.data(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}		c = s1.data(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}
s1.swap(s2); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'swap'}}		s1.swap(s2); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'swap'}}
consume(c); // expected-warning {{Inner pointer of container used after re/deallocation}}		consume(c); // expected-warning {{Inner pointer of container used after re/deallocation}}
// expected-note@-1 {{Inner pointer of container used after re/deallocation}}		// expected-note@-1 {{Inner pointer of container used after re/deallocation}}
}		}

		void deref_after_std_data() {
		const char *c;
		std::string s;
		c = std::data(s); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}
		s.push_back('c'); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'push_back'}}
		consume(c); // expected-warning {{Inner pointer of container used after re/deallocation}}
		// expected-note@-1 {{Inner pointer of container used after re/deallocation}}
		}

struct S {		struct S {
std::string s;		std::string s;
const char *name() {		const char *name() {
return s.c_str(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}		return s.c_str(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}
// expected-note@-1 {{Pointer to inner buffer of 'std::string' obtained here}}		// expected-note@-1 {{Pointer to inner buffer of 'std::string' obtained here}}
}		}
void clear() {		void clear() {
s.clear(); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'clear'}}		s.clear(); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'clear'}}
▲ Show 20 Lines • Show All 72 Lines • ▼ Show 20 Lines	void func_default_arg() {
const char *c;		const char *c;
std::string s;		std::string s;
c = s.c_str(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}		c = s.c_str(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}
default_arg(3, s); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'default_arg'}}		default_arg(3, s); // expected-note {{Inner buffer of 'std::string' reallocated by call to 'default_arg'}}
consume(c); // expected-warning {{Inner pointer of container used after re/deallocation}}		consume(c); // expected-warning {{Inner pointer of container used after re/deallocation}}
// expected-note@-1 {{Inner pointer of container used after re/deallocation}}		// expected-note@-1 {{Inner pointer of container used after re/deallocation}}
}		}

		void func_addressof() {
		const char *c;
		std::string s;
		c = s.c_str();
		addressof(s);
		consume(c); // no-warning
		}

		void func_std_data() {
		const char *c;
		std::string s;
		c = std::data(s);
		consume(c); // no-warning
		}

		martongUnsubmitted Not Done Reply Inline Actions So these are the FP cases that you are trying to solve? Would be nice to see more details about the bug report (rdar://73463300) if that is not proprietary. martong: So these are the FP cases that you are trying to solve? Would be nice to see more details about…
		vsavchenkoAuthorUnsubmitted Done Reply Inline Actions std::optional<std::string> str = "example"; char* dup = strndup(str->c_str(), str->size()); `std::optional::operator->` uses `std::addressof` and the analyzer thinks that the pointer might get changed and raises the alarm. I decided not to replicate `std::optional` in tests, and get straight to the point. vsavchenko: ``` std::optional<std::string> str = "example"; char* dup = strndup(str->c_str(), str->size())…
		martongUnsubmitted Not Done Reply Inline Actions Okay, thanks, makes sense. martong: Okay, thanks, makes sense.
struct T {		struct T {
std::string to_string() { return s; }		std::string to_string() { return s; }

private:		private:
std::string s;		std::string s;
};		};

const char *escape_via_return_temp() {		const char *escape_via_return_temp() {
T x;		T x;
return x.to_string().c_str(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}		return x.to_string().c_str(); // expected-note {{Pointer to inner buffer of 'std::string' obtained here}}
// expected-note@-1 {{Inner buffer of 'std::string' deallocated by call to destructor}}		// expected-note@-1 {{Inner buffer of 'std::string' deallocated by call to destructor}}
Show All 25 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[analyzer] Fix false positives in inner pointer checker (PR49628)ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 336163

clang/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp

clang/test/Analysis/inner-pointer.cpp

[analyzer] Fix false positives in inner pointer checker (PR49628)
ClosedPublic