diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2012-10-01 19:07:15 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2012-10-01 19:07:15 +0000 |
| commit | d27a368f4800b447b970b7c438d0fb4da00838dc (patch) | |
| tree | e229918cda9b24a312e6ea0fe4bef7d2536bc94b /lib/StaticAnalyzer/Core/ExprEngine.cpp | |
| parent | faab5618b5beed350d7444de97cf513ef1a42ca6 (diff) | |
Revert "[analyzer] Check that a member expr is valid even when the result is an lvalue."
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
This reverts r164441 / 9be016dcd1ca3986873a7b66bd4bc027309ceb59.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164958 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core/ExprEngine.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 0e48864645..007bcf5208 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1515,30 +1515,22 @@ void ExprEngine::VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred, return; } + // FIXME: Should we insert some assumption logic in here to determine + // if "Base" is a valid piece of memory? Before we put this assumption + // later when using FieldOffset lvals (which we no longer have). + // For all other cases, compute an lvalue. SVal L = state->getLValue(field, baseExprVal); if (M->isGLValue()) { - ExplodedNodeSet Tmp; - Bldr.takeNodes(Pred); - evalLocation(Tmp, M, M, Pred, state, baseExprVal, - /*Tag=*/0, /*isLoad=*/true); - Bldr.addNodes(Tmp); - - const MemRegion *ReferenceRegion = 0; if (field->getType()->isReferenceType()) { - ReferenceRegion = L.getAsRegion(); - if (!ReferenceRegion) + if (const MemRegion *R = L.getAsRegion()) + L = state->getSVal(R); + else L = UnknownVal(); } - for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I != E; ++I){ - state = (*I)->getState(); - if (ReferenceRegion) - L = state->getSVal(ReferenceRegion); - - Bldr.generateNode(M, (*I), state->BindExpr(M, LCtx, L), 0, - ProgramPoint::PostLValueKind); - } + Bldr.generateNode(M, Pred, state->BindExpr(M, LCtx, L), 0, + ProgramPoint::PostLValueKind); } else { Bldr.takeNodes(Pred); evalLoad(Dst, M, M, Pred, state, L); |