diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2013-01-26 01:28:23 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2013-01-26 01:28:23 +0000 |
| commit | 44ec3f00e64199667edf9f12c0f31f66916c95fe (patch) | |
| tree | ecbf43af2f2dd1af98c03b4536fbcdb8d0727d23 | |
| parent | dede2fd56d053a114a65ba72583981ce7aab27da (diff) | |
[analyzer] Track null object lvalues back through C++ method calls.
The expression 'a->b.c()' contains a call to the 'c' method of 'a->b'.
We emit an error if 'a' is NULL, but previously didn't actually track
the null value back through the 'a->b' expression, which caused us to
miss important false-positive-suppression cases, including
<rdar://problem/12676053>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173547 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp | 2 | ||||
| -rw-r--r-- | test/Analysis/inlining/false-positive-suppression.cpp | 36 |
2 files changed, 38 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp b/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp index 1285d321f0..e32091e228 100644 --- a/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp @@ -76,6 +76,8 @@ void CallAndMessageChecker::emitBadCall(BugType *BT, CheckerContext &C, BugReport *R = new BugReport(*BT, BT->getName(), N); if (BadE) { R->addRange(BadE->getSourceRange()); + if (BadE->isGLValue()) + BadE = bugreporter::getDerefExpr(BadE); bugreporter::trackNullOrUndefValue(N, BadE, *R); } C.emitReport(R); diff --git a/test/Analysis/inlining/false-positive-suppression.cpp b/test/Analysis/inlining/false-positive-suppression.cpp new file mode 100644 index 0000000000..6fbf739220 --- /dev/null +++ b/test/Analysis/inlining/false-positive-suppression.cpp @@ -0,0 +1,36 @@ +// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-config suppress-null-return-paths=false -verify %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -DSUPPRESSED=1 %s + +#ifdef SUPPRESSED +// expected-no-diagnostics +#endif + +namespace rdar12676053 { + // Delta-reduced from a preprocessed file. + template<class T> + class RefCount { + T *ref; + public: + T *operator->() const { + return ref ? ref : 0; + } + }; + + class string {}; + + class ParserInputState { + public: + string filename; + }; + + class Parser { + void setFilename(const string& f) { + inputState->filename = f; +#ifndef SUPPRESSED +// expected-warning@-2 {{Called C++ object pointer is null}} +#endif + } + protected: + RefCount<ParserInputState> inputState; + }; +}
\ No newline at end of file |