diff options
3 files changed, 16 insertions, 32 deletions
diff --git a/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp b/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp index 8a7f48b6f8..944bff6626 100644 --- a/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp @@ -297,26 +297,16 @@ void CallAndMessageChecker::HandleNilReceiver(CheckerContext &C, // Check the return type of the message expression. A message to nil will // return different values depending on the return type and the architecture. QualType RetTy = msg.getType(Ctx); - CanQualType CanRetTy = Ctx.getCanonicalType(RetTy); if (CanRetTy->isStructureOrClassType()) { - // FIXME: At some point we shouldn't rely on isConsumedExpr(), but instead - // have the "use of undefined value" be smarter about where the - // undefined value came from. - if (C.getPredecessor()->getParentMap().isConsumedExpr(msg.getOriginExpr())){ - if (ExplodedNode *N = C.generateSink(state)) - emitNilReceiverBug(C, msg, N); - return; - } - - // The result is not consumed by a surrounding expression. Just propagate - // the current state. - C.addTransition(state); + // Structure returns are safe since the compiler zeroes them out. + SVal V = C.getSValBuilder().makeZeroVal(msg.getType(Ctx)); + C.addTransition(state->BindExpr(msg.getOriginExpr(), V)); return; } - // Other cases: check if the return type is smaller than void*. + // Other cases: check if sizeof(return type) > sizeof(void*) if (CanRetTy != Ctx.VoidTy && C.getPredecessor()->getParentMap().isConsumedExpr(msg.getOriginExpr())) { // Compute: sizeof(void *) and sizeof(return type) diff --git a/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m b/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m index e2ad1176e3..7e8d96ac57 100644 --- a/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m +++ b/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret-region.m @@ -2,37 +2,31 @@ // <rdar://problem/6888289> - This test case shows that a nil instance // variable can possibly be initialized by a method. -typedef struct RDar6888289_data { - long data[100]; -} RDar6888289_data; - @interface RDar6888289 { - RDar6888289 *x; + id *x; } -- (RDar6888289_data) test; -- (RDar6888289_data) test2; +- (void) test:(id) y; +- (void) test2:(id) y; - (void) invalidate; -- (RDar6888289_data) getData; @end +id *getVal(void); + @implementation RDar6888289 -- (RDar6888289_data) test { +- (void) test:(id)y { if (!x) [self invalidate]; - return [x getData]; + *x = y; } -- (RDar6888289_data) test2 { +- (void) test2:(id)y { if (!x) {} - return [x getData]; // expected-warning{{The receiver of message 'getData' is nil and returns a value of type 'RDar6888289_data' that will be garbage}} + *x = y; // expected-warning {{null}} } - (void) invalidate { - x = self; + x = getVal(); } -- (RDar6888289_data) getData { - return (RDar6888289_data) { 0 }; -} @end diff --git a/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m b/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m index e9711e70c2..48bac623b5 100644 --- a/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m +++ b/test/Analysis/rdar-6600344-nil-receiver-undefined-struct-ret.m @@ -14,12 +14,12 @@ typedef struct Foo { int x; } Bar; void createFoo() { MyClass *obj = 0; - Bar f = [obj foo]; // expected-warning{{The receiver of message 'foo' is nil and returns a value of type 'Bar' that will be garbage}} + Bar f = [obj foo]; // no-warning } void createFoo2() { MyClass *obj = 0; [obj foo]; // no-warning - Bar f = [obj foo]; // expected-warning{{The receiver of message 'foo' is nil and returns a value of type 'Bar' that will be garbage}} + Bar f = [obj foo]; // no-warning } |