diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2013-03-30 01:31:42 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2013-03-30 01:31:42 +0000 |
| commit | e6f2bf86288bc45060b21c4f55a6153b8ba80443 (patch) | |
| tree | a5020a7f6df2fb5e8eacb6c0e98cba87085c0b70 | |
| parent | 75f8bd01319000b3e1438847505302670514759d (diff) | |
[analyzer] Handle caching out while evaluating a C++ new expression.
Evaluating a C++ new expression now includes generating an intermediate
ExplodedNode, and this node could very well represent a previously-
reachable state in the ExplodedGraph. If so, we can short-circuit the
rest of the evaluation.
Caught by the assertion a few lines later.
<rdar://problem/13510065>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178401 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 7 | ||||
| -rw-r--r-- | test/Analysis/new.cpp | 8 |
2 files changed, 12 insertions, 3 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp index c1dd6b2220..64c361d4d8 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp @@ -351,15 +351,16 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, State = State->BindExpr(CNE, LCtx, symVal); } - Bldr.generateNode(CNE, Pred, State); + ExplodedNode *NewN = Bldr.generateNode(CNE, Pred, State); + if (!NewN) + return; // If the type is not a record, we won't have a CXXConstructExpr as an // initializer. Copy the value over. if (const Expr *Init = CNE->getInitializer()) { if (!isa<CXXConstructExpr>(Init)) { assert(Bldr.getResults().size() == 1); - ExplodedNode *TmpN = *Bldr.getResults().begin(); - Bldr.takeNodes(TmpN); + Bldr.takeNodes(NewN); assert(!CNE->getType()->getPointeeCXXRecordDecl()); diff --git a/test/Analysis/new.cpp b/test/Analysis/new.cpp index 004a05ef94..44ae9802f8 100644 --- a/test/Analysis/new.cpp +++ b/test/Analysis/new.cpp @@ -94,6 +94,14 @@ void testNewInvalidationScalarPlacement(int **p) { new (p) (int *)(static_cast<int *>(malloc(4))); // no-warning } +void testCacheOut(PtrWrapper w) { + extern bool coin(); + if (coin()) + w.x = 0; + new (&w.x) (int*)(0); // we cache out here; don't crash +} + + //-------------------------------------------------------------------- // Check for intersection with other checkers from MallocChecker.cpp // bounded with unix.Malloc |