This is an archive of the discontinued LLVM Phabricator instance.

I find it a strange behavior that this-expression is sometimes a pointer, sometimes a record declaration. If references are resolved, why are pointers not?

This is an important fix, but I wonder how many other places are in the code where we do not handle this-expressions by pointers.

Well, i guess that's just one of those mildly infuriating aspects of the AST and/or the standard :)

If references are resolved, why are pointers not?

It's kinda understandable. References are simple aliases to glvalues. When you use a reference, you simply get *the* original glvalue, which is exactly what the AST gives you: a glvalue expression of object type. Here's what Expr::setType() says:

130   void setType(QualType t) {
131     // In C++, the type of an expression is always adjusted so that it
132     // will not have reference type (C++ [expr]p6). Use
133     // QualType::getNonReferenceType() to retrieve the non-reference
134     // type. Additionally, inspect Expr::isLvalue to determine whether
135     // an expression that is adjusted in this manner should be
136     // considered an lvalue.
137     assert((t.isNull() || !t->isReferenceType()) &&
138            "Expressions can't have reference type");
139
140     TR = t;
141   }

This code is still imperfect because it doesn't take dynamic type of the region into account, which may be more specific than the expression's type. I guess i'll add a FIXME.

LGTM!

This revision is now accepted and ready to land.Jun 24 2018, 9:58 AM

Closed by commit rC335555: [analyzer] Fix invalidation on C++ const methods with arrow syntax. (authored by NoQ). · Explain WhyJun 25 2018, 4:48 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

StaticAnalyzer/

Core/

CallEvent.cpp

9 lines

test/

Analysis/

const-method-call.cpp

24 lines

Diff 152805

lib/StaticAnalyzer/Core/CallEvent.cpp

Show First 20 Lines • Show All 528 Lines • ▼ Show 20 Lines	void CXXInstanceCall::getExtraInvalidatedValues(

// Don't invalidate if the method is const and there are no mutable fields.		// Don't invalidate if the method is const and there are no mutable fields.
if (const auto *D = cast_or_null<CXXMethodDecl>(getDecl())) {		if (const auto *D = cast_or_null<CXXMethodDecl>(getDecl())) {
if (!D->isConst())		if (!D->isConst())
return;		return;
// Get the record decl for the class of 'This'. D->getParent() may return a		// Get the record decl for the class of 'This'. D->getParent() may return a
// base class decl, rather than the class of the instance which needs to be		// base class decl, rather than the class of the instance which needs to be
// checked for mutable fields.		// checked for mutable fields.
		// TODO: We might as well look at the dynamic type of the object.
const Expr *Ex = getCXXThisExpr()->ignoreParenBaseCasts();		const Expr *Ex = getCXXThisExpr()->ignoreParenBaseCasts();
const CXXRecordDecl *ParentRecord = Ex->getType()->getAsCXXRecordDecl();		QualType T = Ex->getType();
if (!ParentRecord \|\| ParentRecord->hasMutableFields())		if (T->isPointerType()) // Arrow or implicit-this syntax?
		T = T->getPointeeType();
		const CXXRecordDecl *ParentRecord = T->getAsCXXRecordDecl();
		assert(ParentRecord);
		if (ParentRecord->hasMutableFields())
return;		return;
// Preserve CXXThis.		// Preserve CXXThis.
const MemRegion *ThisRegion = ThisVal.getAsRegion();		const MemRegion *ThisRegion = ThisVal.getAsRegion();
if (!ThisRegion)		if (!ThisRegion)
return;		return;

ETraits->setTrait(ThisRegion->getBaseRegion(),		ETraits->setTrait(ThisRegion->getBaseRegion(),
RegionAndSymbolInvalidationTraits::TK_PreserveContents);		RegionAndSymbolInvalidationTraits::TK_PreserveContents);
▲ Show 20 Lines • Show All 725 Lines • Show Last 20 Lines

test/Analysis/const-method-call.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s		// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s

void clang_analyzer_eval(bool);		void clang_analyzer_eval(bool);

struct A {		struct A {
int x;		int x;
void foo() const;		void foo() const;
void bar();		void bar();

		void testImplicitThisSyntax() {
		x = 3;
		foo();
		clang_analyzer_eval(x == 3); // expected-warning{{TRUE}}
		bar();
		clang_analyzer_eval(x == 3); // expected-warning{{UNKNOWN}}
		}
};		};

struct B {		struct B {
mutable int mut;		mutable int mut;
void foo() const;		void foo() const;
};		};

struct C {		struct C {
▲ Show 20 Lines • Show All 86 Lines • ▼ Show 20 Lines	void checkThatContainedConstMethodDoesNotInvalidateObjects() {
Outer t;		Outer t;
t.x = 1;		t.x = 1;
t.in.x = 2;		t.in.x = 2;
t.in.bar();		t.in.bar();
clang_analyzer_eval(t.x == 1); // expected-warning{{TRUE}}		clang_analyzer_eval(t.x == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(t.in.x == 2); // expected-warning{{TRUE}}		clang_analyzer_eval(t.in.x == 2); // expected-warning{{TRUE}}
}		}

		void checkPointerTypedThisExpression(A *a) {
		a->x = 3;
		a->foo();
		clang_analyzer_eval(a->x == 3); // expected-warning{{TRUE}}
		a->bar();
		clang_analyzer_eval(a->x == 3); // expected-warning{{UNKNOWN}}
		}

		void checkReferenceTypedThisExpression(A &a) {
		a.x = 3;
		a.foo();
		clang_analyzer_eval(a.x == 3); // expected-warning{{TRUE}}
		a.bar();
		clang_analyzer_eval(a.x == 3); // expected-warning{{UNKNOWN}}
		}

// --- Versions of the above tests where the const method is inherited --- //		// --- Versions of the above tests where the const method is inherited --- //

struct B1 {		struct B1 {
void foo() const;		void foo() const;
};		};

struct D1 : public B1 {		struct D1 : public B1 {
int x;		int x;
▲ Show 20 Lines • Show All 131 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[analyzer] Fix invalidation on C++ const methods.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 152805

lib/StaticAnalyzer/Core/CallEvent.cpp

test/Analysis/const-method-call.cpp

[analyzer] Fix invalidation on C++ const methods.
ClosedPublic