diff --git a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp --- a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp +++ b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp @@ -755,8 +755,11 @@ // Does the decl that we found have an implementation? const FunctionDecl *Definition; - if (!Result->hasBody(Definition)) + if (!Result->hasBody(Definition)) { + if (!DynType.canBeASubClass()) + return AnyFunctionCall::getRuntimeDefinition(); return {}; + } // We found a definition. If we're not sure that this devirtualization is // actually what will happen at runtime, make sure to provide the region so diff --git a/clang/test/Analysis/Inputs/ctu-other.cpp b/clang/test/Analysis/Inputs/ctu-other.cpp --- a/clang/test/Analysis/Inputs/ctu-other.cpp +++ b/clang/test/Analysis/Inputs/ctu-other.cpp @@ -38,6 +38,7 @@ class mycls { public: int fcl(int x); + virtual int fvcl(int x); static int fscl(int x); class embed_cls2 { @@ -49,6 +50,9 @@ int mycls::fcl(int x) { return x + 5; } +int mycls::fvcl(int x) { + return x + 7; +} int mycls::fscl(int x) { return x + 6; } @@ -56,6 +60,15 @@ return x - 11; } +class derived : public mycls { +public: + virtual int fvcl(int x) override; +}; + +int derived::fvcl(int x) { + return x + 8; +} + namespace chns { int chf2(int x); diff --git a/clang/test/Analysis/Inputs/ctu-other.cpp.externalDefMap.txt b/clang/test/Analysis/Inputs/ctu-other.cpp.externalDefMap.txt --- a/clang/test/Analysis/Inputs/ctu-other.cpp.externalDefMap.txt +++ b/clang/test/Analysis/Inputs/ctu-other.cpp.externalDefMap.txt @@ -3,8 +3,10 @@ c:@F@g#I# ctu-other.cpp.ast c:@S@mycls@F@fscl#I#S ctu-other.cpp.ast c:@S@mycls@F@fcl#I# ctu-other.cpp.ast +c:@S@mycls@F@fvcl#I# ctu-other.cpp.ast c:@N@myns@S@embed_cls@F@fecl#I# ctu-other.cpp.ast c:@S@mycls@S@embed_cls2@F@fecl2#I# ctu-other.cpp.ast +c:@S@derived@F@fvcl#I# ctu-other.cpp.ast c:@F@f#I# ctu-other.cpp.ast c:@N@myns@F@fns#I# ctu-other.cpp.ast c:@F@h#I# ctu-other.cpp.ast diff --git a/clang/test/Analysis/ctu-main.cpp b/clang/test/Analysis/ctu-main.cpp --- a/clang/test/Analysis/ctu-main.cpp +++ b/clang/test/Analysis/ctu-main.cpp @@ -7,6 +7,7 @@ // RUN: cp %S/Inputs/ctu-other.cpp.externalDefMap.txt %t/ctudir/externalDefMap.txt // RUN: %clang_analyze_cc1 -triple x86_64-pc-linux-gnu \ // RUN: -analyzer-checker=core,debug.ExprInspection \ +// RUN: -analyzer-config ipa=inlining \ // RUN: -analyzer-config experimental-enable-naive-ctu-analysis=true \ // RUN: -analyzer-config ctu-dir=%t/ctudir \ // RUN: -verify %s @@ -45,6 +46,7 @@ class mycls { public: int fcl(int x); + virtual int fvcl(int x); static int fscl(int x); class embed_cls2 { @@ -53,6 +55,11 @@ }; }; +class derived : public mycls { +public: + virtual int fvcl(int x) override; +}; + namespace chns { int chf1(int x); } @@ -98,6 +105,14 @@ }; extern U extU; +void test_virtual_functions(mycls* obj) { + // The dynamic type is known. + clang_analyzer_eval(mycls().fvcl(1) == 8); // expected-warning{{TRUE}} + clang_analyzer_eval(derived().fvcl(1) == 9); // expected-warning{{TRUE}} + // We cannot decide about the dynamic type. + clang_analyzer_eval(obj->fvcl(1)); // expected-warning{{UNKNOWN}} +} + int main() { clang_analyzer_eval(f(3) == 2); // expected-warning{{TRUE}} clang_analyzer_eval(f(4) == 3); // expected-warning{{TRUE}} @@ -116,7 +131,7 @@ clang_analyzer_eval(fun_using_anon_struct(8) == 8); // expected-warning{{TRUE}} clang_analyzer_eval(other_macro_diag(1) == 1); // expected-warning{{TRUE}} - // expected-warning@Inputs/ctu-other.cpp:80{{REACHABLE}} + // expected-warning@Inputs/ctu-other.cpp:93{{REACHABLE}} MACRODIAG(); // expected-warning{{REACHABLE}} clang_analyzer_eval(extInt == 2); // expected-warning{{TRUE}}