diff options
| author | Ted Kremenek <kremenek@apple.com> | 2011-04-22 18:01:30 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2011-04-22 18:01:30 +0000 |
| commit | e970c60dadaf22019743724bac879dbefbc4f5e3 (patch) | |
| tree | 04ef89463539ab91fecbc207eddad187bd983a32 | |
| parent | e0afc892e75f526f7ecce7dd152d946337632efe (diff) | |
Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130003 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Core/Environment.cpp | 3 | ||||
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 2 | ||||
| -rw-r--r-- | test/Analysis/nullptr.cpp | 41 |
3 files changed, 45 insertions, 1 deletions
diff --git a/lib/StaticAnalyzer/Core/Environment.cpp b/lib/StaticAnalyzer/Core/Environment.cpp index 1ebb4ac5d4..0d43c37587 100644 --- a/lib/StaticAnalyzer/Core/Environment.cpp +++ b/lib/StaticAnalyzer/Core/Environment.cpp @@ -64,6 +64,9 @@ SVal Environment::getSVal(const Stmt *E, SValBuilder& svalBuilder) const { else return svalBuilder.makeIntVal(cast<IntegerLiteral>(E)); } + // For special C0xx nullptr case, make a null pointer SVal. + case Stmt::CXXNullPtrLiteralExprClass: + return svalBuilder.makeNull(); case Stmt::ImplicitCastExprClass: case Stmt::CXXFunctionalCastExprClass: case Stmt::CStyleCastExprClass: { diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 621b46e1ff..ac7e687b93 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -424,7 +424,6 @@ void ExprEngine::Visit(const Stmt* S, ExplodedNode* Pred, case Stmt::CXXCatchStmtClass: case Stmt::CXXDependentScopeMemberExprClass: case Stmt::CXXForRangeStmtClass: - case Stmt::CXXNullPtrLiteralExprClass: case Stmt::CXXPseudoDestructorExprClass: case Stmt::CXXTemporaryObjectExprClass: case Stmt::CXXThrowExprClass: @@ -523,6 +522,7 @@ void ExprEngine::Visit(const Stmt* S, ExplodedNode* Pred, case Stmt::ExprWithCleanupsClass: case Stmt::FloatingLiteralClass: case Stmt::SizeOfPackExprClass: + case Stmt::CXXNullPtrLiteralExprClass: Dst.Add(Pred); // No-op. Simply propagate the current state unchanged. break; diff --git a/test/Analysis/nullptr.cpp b/test/Analysis/nullptr.cpp new file mode 100644 index 0000000000..b74a5abcdf --- /dev/null +++ b/test/Analysis/nullptr.cpp @@ -0,0 +1,41 @@ +// RUN: %clang_cc1 -std=c++0x -analyze -analyzer-checker=core -analyzer-store region -verify %s + +// test to see if nullptr is detected as a null pointer +void foo1(void) { + char *np = nullptr; + *np = 0; // expected-warning{{Dereference of null pointer}} +} + +// check if comparing nullptr to nullptr is detected properly +void foo2(void) { + char *np1 = nullptr; + char *np2 = np1; + char c; + if (np1 == np2) + np1 = &c; + *np1 = 0; // no-warning +} + +// invoving a nullptr in a more complex operation should be cause a warning +void foo3(void) { + struct foo { + int a, f; + }; + char *np = nullptr; + // casting a nullptr to anything should be caught eventually + int *ip = &(((struct foo *)np)->f); + *ip = 0; // expected-warning{{Dereference of null pointer}} + // should be error here too, but analysis gets stopped +// *np = 0; +} + +// nullptr is implemented as a zero integer value, so should be able to compare +void foo4(void) { + char *np = nullptr; + if (np != 0) + *np = 0; // no-warning + char *cp = 0; + if (np != cp) + *np = 0; // no-warning +} + |