This revision was landed with ongoing or failed builds. This revision was automatically updated to reflect the committed changes. vrnithinkumar marked an inline comment as done. Closed by commit rG0b4fe8086f03: [Analyzer] Fix for dereferece of smart pointer after branching on unknown inner… (authored by vrnithinkumar).
Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D87043/new/ https://reviews.llvm.org/D87043 Files: clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp clang/test/Analysis/smart-ptr-text-output.cpp clang/test/Analysis/smart-ptr.cpp Index: clang/test/Analysis/smart-ptr.cpp =================================================================== --- clang/test/Analysis/smart-ptr.cpp +++ clang/test/Analysis/smart-ptr.cpp @@ -333,7 +333,7 @@ void drefOnAssignedNullFromMethodPtrValidSmartPtr() { std::unique_ptr<A> P(new A()); P = returnRValRefOfUniquePtr(); - P->foo(); // No warning. + P->foo(); // No warning. } void derefMoveConstructedWithValidPtr() { @@ -374,7 +374,7 @@ void derefMoveConstructedWithRValueRefReturn() { std::unique_ptr<A> P(functionReturnsRValueRef()); - P->foo(); // No warning. + P->foo(); // No warning. } void derefConditionOnNullPtr() { @@ -450,3 +450,10 @@ else return *P; // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}} } + +void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) { + A *RP = P.get(); + if (!RP) { + P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}} + } +} Index: clang/test/Analysis/smart-ptr-text-output.cpp =================================================================== --- clang/test/Analysis/smart-ptr-text-output.cpp +++ clang/test/Analysis/smart-ptr-text-output.cpp @@ -304,3 +304,12 @@ // expected-note@-1 {{Division by zero}} } }; + +void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) { + A *RP = P.get(); + if (!RP) { // expected-note {{Assuming 'RP' is null}} + // expected-note@-1 {{Taking true branch}} + P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}} + // expected-note@-1{{Dereference of null smart pointer 'P'}} + } +} Index: clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp =================================================================== --- clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp +++ clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp @@ -103,7 +103,8 @@ bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion) { const auto *InnerPointVal = State->get<TrackedRegionMap>(ThisRegion); - return InnerPointVal && InnerPointVal->isZeroConstant(); + return InnerPointVal && + !State->assume(InnerPointVal->castAs<DefinedOrUnknownSVal>(), true); } } // namespace smartptr } // namespace ento
Index: clang/test/Analysis/smart-ptr.cpp =================================================================== --- clang/test/Analysis/smart-ptr.cpp +++ clang/test/Analysis/smart-ptr.cpp @@ -333,7 +333,7 @@ void drefOnAssignedNullFromMethodPtrValidSmartPtr() { std::unique_ptr<A> P(new A()); P = returnRValRefOfUniquePtr(); - P->foo(); // No warning. + P->foo(); // No warning. } void derefMoveConstructedWithValidPtr() { @@ -374,7 +374,7 @@ void derefMoveConstructedWithRValueRefReturn() { std::unique_ptr<A> P(functionReturnsRValueRef()); - P->foo(); // No warning. + P->foo(); // No warning. } void derefConditionOnNullPtr() { @@ -450,3 +450,10 @@ else return *P; // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}} } + +void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) { + A *RP = P.get(); + if (!RP) { + P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}} + } +} Index: clang/test/Analysis/smart-ptr-text-output.cpp =================================================================== --- clang/test/Analysis/smart-ptr-text-output.cpp +++ clang/test/Analysis/smart-ptr-text-output.cpp @@ -304,3 +304,12 @@ // expected-note@-1 {{Division by zero}} } }; + +void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) { + A *RP = P.get(); + if (!RP) { // expected-note {{Assuming 'RP' is null}} + // expected-note@-1 {{Taking true branch}} + P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}} + // expected-note@-1{{Dereference of null smart pointer 'P'}} + } +} Index: clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp =================================================================== --- clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp +++ clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp @@ -103,7 +103,8 @@ bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion) { const auto *InnerPointVal = State->get<TrackedRegionMap>(ThisRegion); - return InnerPointVal && InnerPointVal->isZeroConstant(); + return InnerPointVal && + !State->assume(InnerPointVal->castAs<DefinedOrUnknownSVal>(), true); } } // namespace smartptr } // namespace ento
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits