r207486 - [analyzer] Don't crash when a construction is followed by an uninitialized variable.

Mon, 28 Apr 2014 19:05:26 -0700 

Author: jrose
Date: Mon Apr 28 20:56:12 2014
New Revision: 207486

URL: http://llvm.org/viewvc/llvm-project?rev=207486&view=rev
Log:
[analyzer] Don't crash when a construction is followed by an uninitialized 
variable.

This could happen due to unfortunate CFG coincidences.

PR19579

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
    cfe/trunk/test/Analysis/ctor.mm

Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
URL: 
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=207486&r1=207485&r2=207486&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Mon Apr 28 20:56:12 2014
@@ -128,7 +128,7 @@ static const MemRegion *getRegionForCons
     if (Optional<CFGStmt> StmtElem = Next.getAs<CFGStmt>()) {
       if (const DeclStmt *DS = dyn_cast<DeclStmt>(StmtElem->getStmt())) {
         if (const VarDecl *Var = dyn_cast<VarDecl>(DS->getSingleDecl())) {
-          if (Var->getInit()->IgnoreImplicit() == CE) {
+          if (Var->getInit() && Var->getInit()->IgnoreImplicit() == CE) {
             SVal LValue = State->getLValue(Var, LCtx);
             QualType Ty = Var->getType();
             LValue = makeZeroElementRegion(State, LValue, Ty);

Modified: cfe/trunk/test/Analysis/ctor.mm
URL: 
http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ctor.mm?rev=207486&r1=207485&r2=207486&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/ctor.mm (original)
+++ cfe/trunk/test/Analysis/ctor.mm Mon Apr 28 20:56:12 2014
@@ -674,3 +674,30 @@ namespace InitializerList {
     clang_analyzer_eval(list->usedInitializerList); // 
expected-warning{{UNKNOWN}}
   }
 }
+
+namespace PR19579 {
+  class C {};
+
+  struct S {
+    C c;
+    int i;
+  };
+
+  void f() {
+    C();
+    int a;
+  }
+
+  void g() {
+    // This order triggers the initialization of the inner "a" after the
+    // constructor for "C" is run, which used to confuse the analyzer
+    // (is "C()" the initialization of "a"?).
+    struct S s = {
+      C(),
+      ({
+        int a, b = 0;
+        0;
+      })
+    };
+  }
+}


_______________________________________________
cfe-commits mailing list
cfe-commits@cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

Reply via email to