On Mon, Apr 28, 2014 at 6:56 PM, Jordan Rose <jordan_r...@apple.com> wrote: > Author: jrose > Date: Mon Apr 28 20:56:12 2014 > New Revision: 207486 > > URL: http://llvm.org/viewvc/llvm-project?rev=207486&view=rev > Log: > [analyzer] Don't crash when a construction is followed by an uninitialized > variable.
"Don't crash" is a pretty low bar for a test case - what was the actual expected behavior that was hiding behind the crash and is still not verified by this test, if any? > > This could happen due to unfortunate CFG coincidences. > > PR19579 > > Modified: > cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp > cfe/trunk/test/Analysis/ctor.mm > > Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp?rev=207486&r1=207485&r2=207486&view=diff > ============================================================================== > --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (original) > +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp Mon Apr 28 20:56:12 > 2014 > @@ -128,7 +128,7 @@ static const MemRegion *getRegionForCons > if (Optional<CFGStmt> StmtElem = Next.getAs<CFGStmt>()) { > if (const DeclStmt *DS = dyn_cast<DeclStmt>(StmtElem->getStmt())) { > if (const VarDecl *Var = dyn_cast<VarDecl>(DS->getSingleDecl())) { > - if (Var->getInit()->IgnoreImplicit() == CE) { > + if (Var->getInit() && Var->getInit()->IgnoreImplicit() == CE) { > SVal LValue = State->getLValue(Var, LCtx); > QualType Ty = Var->getType(); > LValue = makeZeroElementRegion(State, LValue, Ty); > > Modified: cfe/trunk/test/Analysis/ctor.mm > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ctor.mm?rev=207486&r1=207485&r2=207486&view=diff > ============================================================================== > --- cfe/trunk/test/Analysis/ctor.mm (original) > +++ cfe/trunk/test/Analysis/ctor.mm Mon Apr 28 20:56:12 2014 > @@ -674,3 +674,30 @@ namespace InitializerList { > clang_analyzer_eval(list->usedInitializerList); // > expected-warning{{UNKNOWN}} > } > } > + > +namespace PR19579 { > + class C {}; > + > + struct S { > + C c; > + int i; > + }; > + > + void f() { > + C(); > + int a; > + } > + > + void g() { > + // This order triggers the initialization of the inner "a" after the > + // constructor for "C" is run, which used to confuse the analyzer > + // (is "C()" the initialization of "a"?). > + struct S s = { > + C(), > + ({ > + int a, b = 0; > + 0; > + }) > + }; > + } > +} > > > _______________________________________________ > cfe-commits mailing list > cfe-commits@cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list cfe-commits@cs.uiuc.edu http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
