Index: lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp
+++ lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp
@@ -58,9 +58,36 @@
/// Note that this class is immutable, and new fields may only be added through
/// constructor calls.
class FieldChainInfo {
+ using FieldChainImpl = llvm::ImmutableListImpl<const FieldRegion *>;
+
+ // If the fieldchain has void pointers or nonloc::LocAsInteger objects,
+ // they have to be casted back in order to dereference them.
+ //
+ // struct B {
+ // void *ptr;
+ // B(void *ptr) : ptr(ptr) {}
+ // };
+ // struct A { int x; } a; // say this isn't zero initialized
+ //
+ // B b(&a); // warning
+ //
+ // For cases like this, we can't report that 'this->ptr->a' is uninitialized,
+ // since void pointers can't be dereferenced, but rather the note message
+ // should say 'static_cast<A *>(this->ptr)->a' is uninitialized.
+ //
+ // We'll store which elements of the fieldchain needs to be casted back,
+ // and the type it needs to be casted to.
+ using CastBack = const std::pair<QualType, const FieldChainImpl *>;
+ using CastBacksListImpl = llvm::ImmutableListImpl<CastBack>;
+
+public:
+ // We'll expose these types for a nicer looking factory instantionation.
using FieldChain = llvm::ImmutableList<const FieldRegion *>;
+ using CastBackList = llvm::ImmutableList<CastBack>;
+private:
FieldChain Chain;
+ CastBackList CastBacks;
const bool IsDereferenced = false;
@@ -68,11 +95,15 @@
FieldChainInfo() = default;
FieldChainInfo(const FieldChainInfo &Other, const bool IsDereferenced)
- : Chain(Other.Chain), IsDereferenced(IsDereferenced) {}
+ : Chain(Other.Chain), CastBacks(Other.CastBacks),
+ IsDereferenced(IsDereferenced) {}
FieldChainInfo(const FieldChainInfo &Other, const FieldRegion *FR,
const bool IsDereferenced = false);
+ FieldChainInfo(const FieldChainInfo &Other, const FieldRegion *FR,
+ const bool IsDereferenced, QualType CastBackType);
+
bool contains(const FieldRegion *FR) const { return Chain.contains(FR); }
bool isPointer() const;
@@ -88,8 +119,8 @@
/// elements in reverse order, and have no reverse iterators, we use a
/// recursive function to print the fieldchain correctly. The last element in
/// the chain is to be printed by `print`.
- static void printTail(llvm::raw_ostream &Out,
- const llvm::ImmutableListImpl<const FieldRegion *> *L);
+ static void printTail(llvm::raw_ostream &Out, const FieldChainImpl *L,
+ const CastBacksListImpl *C);
friend struct FieldChainInfoComparator;
};
@@ -201,7 +232,8 @@
// Static variable instantionations.
-static llvm::ImmutableListFactory<const FieldRegion *> Factory;
+static FieldChainInfo::FieldChain::Factory ChainFactory;
+static FieldChainInfo::CastBackList::Factory CastBackFactory;
// Utility function declarations.
@@ -489,6 +521,9 @@
}
QualType DynT = DynTInfo.getType();
+ // If the static type of the field is a void pointer, we need to cast it back
+ // to the dynamic type before dereferencing.
+ bool NeedsCastBack = isVoidPointer(FR->getDecl()->getType());
if (isVoidPointer(DynT)) {
IsAnyFieldInitialized = true;
@@ -528,11 +563,18 @@
const TypedValueRegion *R = RecordV->getRegion();
- if (DynT->getPointeeType()->isStructureOrClassType())
+ if (DynT->getPointeeType()->isStructureOrClassType()) {
+ if (NeedsCastBack)
+ return isNonUnionUninit(
+ R, {LocalChain, FR, /*IsDereferenced */ false, DynT});
return isNonUnionUninit(R, {LocalChain, FR});
+ }
if (DynT->getPointeeType()->isUnionType()) {
if (isUnionUninit(R)) {
+ if (NeedsCastBack)
+ return addFieldToUninits(
+ {LocalChain, FR, /*IsDereferenced*/ true, DynT});
return addFieldToUninits({LocalChain, FR, /*IsDereferenced*/ true});
} else {
IsAnyFieldInitialized = true;
@@ -553,8 +595,11 @@
"At this point FR must either have a primitive dynamic type, or it "
"must be a null, undefined, unknown or concrete pointer!");
- if (isPrimitiveUninit(DerefdV))
+ if (isPrimitiveUninit(DerefdV)) {
+ if (NeedsCastBack)
+ return addFieldToUninits({LocalChain, FR, /*IsDereferenced*/ true, DynT});
return addFieldToUninits({LocalChain, FR, /*IsDereferenced*/ true});
+ }
IsAnyFieldInitialized = true;
return false;
@@ -577,7 +622,16 @@
: FieldChainInfo(Other, IsDereferenced) {
assert(!contains(FR) && "Can't add a field that is already a part of the "
"fieldchain! Is this a cyclic reference?");
- Chain = Factory.add(FR, Other.Chain);
+ Chain = ChainFactory.add(FR, Other.Chain);
+}
+
+FieldChainInfo::FieldChainInfo(const FieldChainInfo &Other,
+ const FieldRegion *FR, const bool IsDereferenced,
+ QualType CastBackType)
+ : FieldChainInfo(Other, FR, IsDereferenced) {
+ CastBacks = CastBackFactory.add(
+ std::make_pair(CastBackType, Chain.getInternalPointer()),
+ Other.CastBacks);
}
bool FieldChainInfo::isPointer() const {
@@ -595,25 +649,6 @@
return (*Chain.begin())->getDecl();
}
-// TODO: This function constructs an incorrect string if a void pointer is a
-// part of the chain:
-//
-// struct B { int x; }
-//
-// struct A {
-// void *vptr;
-// A(void* vptr) : vptr(vptr) {}
-// };
-//
-// void f() {
-// B b;
-// A a(&b);
-// }
-//
-// The note message will be "uninitialized field 'this->vptr->x'", even though
-// void pointers can't be dereferenced. This should be changed to "uninitialized
-// field 'static_cast<B*>(this->vptr)->x'".
-//
// TODO: This function constructs an incorrect fieldchain string in the
// following case:
//
@@ -632,21 +667,46 @@
if (Chain.isEmpty())
return;
- const llvm::ImmutableListImpl<const FieldRegion *> *L =
- Chain.getInternalPointer();
- printTail(Out, L->getTail());
- Out << getVariableName(L->getHead()->getDecl());
+ const FieldChainImpl *L = Chain.getInternalPointer();
+ const CastBacksListImpl *C = CastBacks.getInternalPointer();
+ const FieldDecl *Field = L->getHead()->getDecl();
+
+ // During the construction of a FieldChainInfo object, the CastBacks field
+ // will be filled in order with pointers to certain elements of the FieldChain
+ // that needs to be casted to another type.
+ // If L is the first element stored in CastBacks, we'll pass the rest of the
+ // CastBacks list to printTail. If not, we know that the first element of it
+ // will refer to another field in the fieldchain, unless no field needs to be
+ // casted back.
+ if (C && L == C->getHead().second) {
+ printTail(Out, L->getTail(), C->getTail());
+ Out << "static_cast<" << C->getHead().first.getAsString() << ">("
+ << getVariableName(Field) << ')';
+ } else {
+ printTail(Out, L->getTail(), C);
+ Out << getVariableName(Field);
+ }
}
-void FieldChainInfo::printTail(
- llvm::raw_ostream &Out,
- const llvm::ImmutableListImpl<const FieldRegion *> *L) {
- if (!L)
+void FieldChainInfo::printTail(llvm::raw_ostream &Out, const FieldChainImpl *L,
+ const CastBacksListImpl *C) {
+ if (!L) {
+ assert(!C && "Entire fieldchain printed but some elements of CastBacks is "
+ "unused!");
return;
+ }
+
+ if (C && L == C->getHead().second)
+ printTail(Out, L->getTail(), C->getTail());
+ else
+ printTail(Out, L->getTail(), C);
- printTail(Out, L->getTail());
const FieldDecl *Field = L->getHead()->getDecl();
- Out << getVariableName(Field);
+ if (C && L == C->getHead().second)
+ Out << "static_cast<" << C->getHead().first.getAsString() << ">("
+ << getVariableName(Field) << ')';
+ else
+ Out << getVariableName(Field);
Out << (Field->getType()->isPointerType() ? "->" : ".");
}
Index: test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
===================================================================
--- test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
+++ test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
@@ -287,7 +287,7 @@
}
struct IntDynTypedVoidPointerTest1 {
- void *vptr; // expected-note{{uninitialized pointee 'this->vptr'}}
+ void *vptr; // expected-note{{uninitialized pointee 'this->static_cast<int *>(vptr)'}}
int dontGetFilteredByNonPedanticMode = 0;
IntDynTypedVoidPointerTest1(void *vptr) : vptr(vptr) {} // expected-warning{{1 uninitialized field}}
@@ -300,8 +300,8 @@
struct RecordDynTypedVoidPointerTest {
struct RecordType {
- int x; // expected-note{{uninitialized field 'this->vptr->x'}}
- int y; // expected-note{{uninitialized field 'this->vptr->y'}}
+ int x; // expected-note{{uninitialized field 'this->static_cast<struct RecordDynTypedVoidPointerTest::RecordType *>(vptr)->x'}}
+ int y; // expected-note{{uninitialized field 'this->static_cast<struct RecordDynTypedVoidPointerTest::RecordType *>(vptr)->y'}}
};
void *vptr;
@@ -317,9 +317,9 @@
struct NestedNonVoidDynTypedVoidPointerTest {
struct RecordType {
- int x; // expected-note{{uninitialized field 'this->vptr->x'}}
- int y; // expected-note{{uninitialized field 'this->vptr->y'}}
- void *vptr; // expected-note{{uninitialized pointee 'this->vptr->vptr'}}
+ int x; // expected-note{{uninitialized field 'this->static_cast<struct NestedNonVoidDynTypedVoidPointerTest::RecordType *>(vptr)->x'}}
+ int y; // expected-note{{uninitialized field 'this->static_cast<struct NestedNonVoidDynTypedVoidPointerTest::RecordType *>(vptr)->y'}}
+ void *vptr; // expected-note{{uninitialized pointee 'this->static_cast<struct NestedNonVoidDynTypedVoidPointerTest::RecordType *>(vptr)->static_cast<char *>(vptr)'}}
};
void *vptr;