This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/StaticAnalyzer/Core/
-
StaticAnalyzer/
-
Core/
-
BugReporterVisitors.cpp
-
test/Analysis/inlining/
-
Analysis/
-
inlining/
2
inline-defensive-checks.cpp

Differential D48204

[analyzer] Make getDerefExpr() skip cleanups.
ClosedPublic

Authored by NoQ on Jun 14 2018, 6:51 PM.

Download Raw Diff

Details

Reviewers

dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
rnkovacs

Commits

rG57790c56853d: [analyzer] Track null and undef values through expressions with cleanups.
rL335559: [analyzer] Track null and undef values through expressions with cleanups.
rC335559: [analyzer] Track null and undef values through expressions with cleanups.

Summary

ExprWithCleanups that cleans up function arguments (or any other stuff) at the end of the full-expression may break AST pattern-matching for figuring out that a null pointer was produced by the inlined function during trackNullOrUndefValue(). Because this expression doesn't do anything, skip it during getDerefExpr().

Diff Detail

Repository: rC Clang

Event Timeline

NoQ created this revision.Jun 14 2018, 6:51 PM

Herald added subscribers: cfe-commits, mikhail.ramalho, baloghadamsoftware, eraman. · View Herald TranscriptJun 14 2018, 6:51 PM

This is supposed to suppress a few Inlined-Defensive-Checks-related false positives that accidentally spiked up during my testing of copy elision.

george.karpenkov added inline comments.Jun 15 2018, 9:40 AM

test/Analysis/inlining/inline-defensive-checks.cpp
93	what is the argument doing?

george.karpenkov accepted this revision.Jun 15 2018, 9:40 AM

This revision is now accepted and ready to land.Jun 15 2018, 9:40 AM

NoQ added inline comments.Jun 15 2018, 12:19 PM

test/Analysis/inlining/inline-defensive-checks.cpp
93	Causing cleanups (:

Closed by commit rC335559: [analyzer] Track null and undef values through expressions with cleanups. (authored by NoQ). · Explain WhyJun 25 2018, 4:59 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

StaticAnalyzer/

Core/

BugReporterVisitors.cpp

2 lines

test/

Analysis/

inlining/

inline-defensive-checks.cpp

17 lines

Diff 152810

lib/StaticAnalyzer/Core/BugReporterVisitors.cpp

Show First 20 Lines • Show All 135 Lines • ▼ Show 20 Lines	while (true) {
else if (const auto *ME = dyn_cast<MemberExpr>(E)) {		else if (const auto *ME = dyn_cast<MemberExpr>(E)) {
E = ME->getBase();		E = ME->getBase();
} else if (const auto *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) {		} else if (const auto *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) {
E = IvarRef->getBase();		E = IvarRef->getBase();
} else if (const auto *AE = dyn_cast<ArraySubscriptExpr>(E)) {		} else if (const auto *AE = dyn_cast<ArraySubscriptExpr>(E)) {
E = AE->getBase();		E = AE->getBase();
} else if (const auto *PE = dyn_cast<ParenExpr>(E)) {		} else if (const auto *PE = dyn_cast<ParenExpr>(E)) {
E = PE->getSubExpr();		E = PE->getSubExpr();
		} else if (const auto *EWC = dyn_cast<ExprWithCleanups>(E)) {
		E = EWC->getSubExpr();
} else {		} else {
// Other arbitrary stuff.		// Other arbitrary stuff.
break;		break;
}		}
}		}

// Special case: remove the final lvalue-to-rvalue cast, but do not recurse		// Special case: remove the final lvalue-to-rvalue cast, but do not recurse
// deeper into the sub-expression. This way we return the lvalue from which		// deeper into the sub-expression. This way we return the lvalue from which
▲ Show 20 Lines • Show All 2,249 Lines • Show Last 20 Lines

test/Analysis/inlining/inline-defensive-checks.cpp

Show First 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	void idcBar(Bar *b) {
if (b)		if (b)
;		;
}		}
void testRefToField(Bar *b) {		void testRefToField(Bar *b) {
idcBar(b);		idcBar(b);
int &x = b->x; // no-warning		int &x = b->x; // no-warning
x = 5;		x = 5;
}		}

		namespace get_deref_expr_with_cleanups {
		struct S {
		~S();
		};
		S *conjure();
		// The argument won't be used, but it'll cause cleanups
		george.karpenkovUnsubmitted Not Done Reply Inline Actions what is the argument doing? george.karpenkov: what is the argument doing?
		NoQAuthorUnsubmitted Not Done Reply Inline Actions Causing cleanups (: NoQ: Causing cleanups (:
		// to appear around the call site.
		S *get_conjured(S _) {
		S *s = conjure();
		if (s) {}
		return s;
		}
		void test_conjured() {
		S &s = *get_conjured(S()); // no-warning
		}
		} // namespace get_deref_expr_with_cleanups