From 3ef3dd7c8c26f2553ac9280c540622159510ac5b Mon Sep 17 00:00:00 2001 From: Kristof Umann Date: Fri, 14 Sep 2018 09:13:36 +0000 Subject: [PATCH] [analyzer][UninitializedObjectChecker] Correct dynamic type is acquired for record pointees Differential Revision: https://reviews.llvm.org/D50892 llvm-svn: 342217 --- .../UninitializedObject/UninitializedPointee.cpp | 8 ++++ .../cxx-uninitialized-object-inheritance.cpp | 54 +++++++++++++++++----- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp b/clang/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp index 81ba04a..13633af 100644 --- a/clang/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp @@ -234,5 +234,13 @@ static llvm::Optional dereference(ProgramStateRef State, break; } + while (R->getAs()) { + NeedsCastBack = true; + + if (!isa(R->getSuperRegion())) + break; + R = R->getSuperRegion()->getAs(); + } + return std::make_pair(R, NeedsCastBack); } diff --git a/clang/test/Analysis/cxx-uninitialized-object-inheritance.cpp b/clang/test/Analysis/cxx-uninitialized-object-inheritance.cpp index 0ebb295..b24783a 100644 --- a/clang/test/Analysis/cxx-uninitialized-object-inheritance.cpp +++ b/clang/test/Analysis/cxx-uninitialized-object-inheritance.cpp @@ -781,21 +781,53 @@ void fVirtualDiamondInheritanceTest3() { // Dynamic type test. //===----------------------------------------------------------------------===// -struct DynTBase {}; -struct DynTDerived : DynTBase { - // TODO: we'd expect the note: {{uninitialized field 'this->x'}} - int x; // no-note +struct DynTBase1 {}; +struct DynTDerived1 : DynTBase1 { + int y; // expected-note{{uninitialized field 'static_cast(this->bptr)->y'}} }; -struct DynamicTypeTest { - DynTBase *bptr; +struct DynamicTypeTest1 { + DynTBase1 *bptr; int i = 0; - // TODO: we'd expect the warning: {{1 uninitialized field}} - DynamicTypeTest(DynTBase *bptr) : bptr(bptr) {} // no-warning + DynamicTypeTest1(DynTBase1 *bptr) : bptr(bptr) {} // expected-warning{{1 uninitialized field}} }; -void f() { - DynTDerived d; - DynamicTypeTest t(&d); +void fDynamicTypeTest1() { + DynTDerived1 d; + DynamicTypeTest1 t(&d); }; + +struct DynTBase2 { + int x; // expected-note{{uninitialized field 'static_cast(this->bptr)->DynTBase2::x'}} +}; +struct DynTDerived2 : DynTBase2 { + int y; // expected-note{{uninitialized field 'static_cast(this->bptr)->y'}} +}; + +struct DynamicTypeTest2 { + DynTBase2 *bptr; + int i = 0; + + DynamicTypeTest2(DynTBase2 *bptr) : bptr(bptr) {} // expected-warning{{2 uninitialized fields}} +}; + +void fDynamicTypeTest2() { + DynTDerived2 d; + DynamicTypeTest2 t(&d); +} + +struct SymbolicSuperRegionBase { + SymbolicSuperRegionBase() {} +}; + +struct SymbolicSuperRegionDerived : SymbolicSuperRegionBase { + SymbolicSuperRegionBase *bptr; // no-crash + SymbolicSuperRegionDerived(SymbolicSuperRegionBase *bptr) : bptr(bptr) {} +}; + +SymbolicSuperRegionDerived *getSymbolicRegion(); + +void fSymbolicSuperRegionTest() { + SymbolicSuperRegionDerived test(getSymbolicRegion()); +} -- 2.7.4