diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2012-09-22 01:24:33 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2012-09-22 01:24:33 +0000 |
| commit | dd1d7d88f1fe6d7d7e79acaec3f83bc10d9f7b97 (patch) | |
| tree | 361d11291b72644e05fcbd9d2c04958809d0d060 /lib/StaticAnalyzer/Core/ExprEngine.cpp | |
| parent | 5d99a252c63a7745bcd71231ca5240d2a65e4f1d (diff) | |
[analyzer] Check that a member expr is valid even when the result is an lvalue.
We want to catch cases like this early, so that we can produce better
diagnostics and path notes:
Point *p = 0;
int *px = &p->x; // should warn here
*px = 1;
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164441 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Core/ExprEngine.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 3e5733f10c..8e2c159ca7 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1515,22 +1515,30 @@ void ExprEngine::VisitMemberExpr(const MemberExpr *M, ExplodedNode *Pred, return; } - // FIXME: Should we insert some assumption logic in here to determine - // if "Base" is a valid piece of memory? Before we put this assumption - // later when using FieldOffset lvals (which we no longer have). - // For all other cases, compute an lvalue. SVal L = state->getLValue(field, baseExprVal); if (M->isGLValue()) { + ExplodedNodeSet Tmp; + Bldr.takeNodes(Pred); + evalLocation(Tmp, M, M, Pred, state, baseExprVal, + /*Tag=*/0, /*isLoad=*/true); + Bldr.addNodes(Tmp); + + const MemRegion *ReferenceRegion = 0; if (field->getType()->isReferenceType()) { - if (const MemRegion *R = L.getAsRegion()) - L = state->getSVal(R); - else + ReferenceRegion = L.getAsRegion(); + if (!ReferenceRegion) L = UnknownVal(); } - Bldr.generateNode(M, Pred, state->BindExpr(M, LCtx, L), 0, - ProgramPoint::PostLValueKind); + for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I != E; ++I){ + state = (*I)->getState(); + if (ReferenceRegion) + L = state->getSVal(ReferenceRegion); + + Bldr.generateNode(M, (*I), state->BindExpr(M, LCtx, L), 0, + ProgramPoint::PostLValueKind); + } } else { Bldr.takeNodes(Pred); evalLoad(Dst, M, M, Pred, state, L); |