diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2013-04-18 16:33:40 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2013-04-18 16:33:40 +0000 |
| commit | 476f41c4750421a7ead5014e75a0e790ff682754 (patch) | |
| tree | e64d0e472e11aaeb0b51098a331ecd46378207a2 | |
| parent | 324645a2cc058a86bc12c6a63a74da2b2590c74f (diff) | |
[analyzer] Don't crash if we cache out after making a temporary region.
A C++ overloaded operator may be implemented as an instance method, and
that instance method may be called on an rvalue object, which has no
associated region. The analyzer handles this by creating a temporary region
just for the evaluation of this call; however, it is possible that /by
creating the region/, the analyzer ends up in a previously-explored state.
In this case we don't need to continue along this path.
This doesn't actually show any behavioral change now, but it starts being
used with the next commit and prevents an assertion failure there.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179766 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 6 | ||||
| -rw-r--r-- | test/Analysis/operator-calls.cpp | 36 |
2 files changed, 41 insertions, 1 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 4759b51de7..885a5adeec 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -864,9 +864,13 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred, const LocationContext *LCtx = Pred->getLocationContext(); ProgramStateRef NewState = createTemporaryRegionIfNeeded(State, LCtx, OCE->getArg(0)); - if (NewState != State) + if (NewState != State) { Pred = Bldr.generateNode(OCE, Pred, NewState, /*Tag=*/0, ProgramPoint::PreStmtKind); + // Did we cache out? + if (!Pred) + break; + } } } // FALLTHROUGH diff --git a/test/Analysis/operator-calls.cpp b/test/Analysis/operator-calls.cpp index 4f686e55fd..7461d75f67 100644 --- a/test/Analysis/operator-calls.cpp +++ b/test/Analysis/operator-calls.cpp @@ -49,3 +49,39 @@ namespace UserDefinedConversions { clang_analyzer_eval(obj); // expected-warning{{TRUE}} } } + + +namespace RValues { + struct SmallOpaque { + float x; + int operator +() const { + return (int)x; + } + }; + + struct LargeOpaque { + float x[4]; + int operator +() const { + return (int)x[0]; + } + }; + + SmallOpaque getSmallOpaque() { + SmallOpaque obj; + obj.x = 1.0; + return obj; + } + + LargeOpaque getLargeOpaque() { + LargeOpaque obj = LargeOpaque(); + obj.x[0] = 1.0; + return obj; + } + + void test(int coin) { + // Force a cache-out when we try to conjure a temporary region for the operator call. + // ...then, don't crash. + clang_analyzer_eval(+(coin ? getSmallOpaque() : getSmallOpaque())); // expected-warning{{UNKNOWN}} + clang_analyzer_eval(+(coin ? getLargeOpaque() : getLargeOpaque())); // expected-warning{{UNKNOWN}} + } +} |