diff options
| author | Anna Zaks <ganna@apple.com> | 2013-03-15 01:15:12 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2013-03-15 01:15:12 +0000 |
| commit | dc9c160dede7e2f5cc11755db6aaa57e7fccbcec (patch) | |
| tree | 731ed969fc71cad6130f88082828275664b703d3 | |
| parent | d92277928eefcf958080707ed6e154f406a5d054 (diff) | |
[analyzer] Teach trackNullOrUndef to look through ternary operators
Allows the suppression visitors trigger more often.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177137 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Core/BugReporterVisitors.cpp | 17 | ||||
| -rw-r--r-- | test/Analysis/inlining/false-positive-suppression.c | 36 |
2 files changed, 50 insertions, 3 deletions
diff --git a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp index 22c148be93..550a74667f 100644 --- a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -772,16 +772,27 @@ static const MemRegion *getLocationRegionIfReference(const Expr *E, return 0; } -bool bugreporter::trackNullOrUndefValue(const ExplodedNode *ErrorNode, +bool bugreporter::trackNullOrUndefValue(const ExplodedNode *N, const Stmt *S, BugReport &report, bool IsArg) { - if (!S || !ErrorNode) + if (!S || !N) return false; + // Peel off OpaqueValueExpr. if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(S)) S = OVE->getSourceExpr(); - const ExplodedNode *N = ErrorNode; + // Peel off the ternary operator. + if (const ConditionalOperator *CO = dyn_cast<ConditionalOperator>(S)) { + ProgramStateRef State = N->getState(); + SVal CondVal = State->getSVal(CO->getCond(), N->getLocationContext()); + if (State->isNull(CondVal).isConstrainedTrue()) { + S = CO->getTrueExpr(); + } else { + assert(State->isNull(CondVal).isConstrainedFalse()); + S = CO->getFalseExpr(); + } + } const Expr *Inner = 0; if (const Expr *Ex = dyn_cast<Expr>(S)) { diff --git a/test/Analysis/inlining/false-positive-suppression.c b/test/Analysis/inlining/false-positive-suppression.c index bed64f1837..fbdb1650ff 100644 --- a/test/Analysis/inlining/false-positive-suppression.c +++ b/test/Analysis/inlining/false-positive-suppression.c @@ -191,3 +191,39 @@ void testAlwaysReturnNull(void *input) { #endif } +int derefArg(int *p) { + return *p; +#ifndef SUPPRESSED + // expected-warning@-2 {{Dereference of null pointer}} +#endif +} +void ternaryArg(char cond) { + static int x; + derefArg(cond ? &x : getNull()); +} + +int derefAssignment(int *p) { + return *p; +#ifndef SUPPRESSED + // expected-warning@-2 {{Dereference of null pointer}} +#endif +} +void ternaryAssignment(char cond) { + static int x; + int *p = cond ? &x : getNull(); + derefAssignment(p); +} + +int *retNull(char cond) { + static int x; + return cond ? &x : getNull(); +} +int ternaryRetNull(char cond) { + int *p = retNull(cond); + return *p; +#ifndef SUPPRESSED + // expected-warning@-2 {{Dereference of null pointer}} +#endif +} + + |