granicus.if.org Git - clang/commit

author	Artem Dergachev <artem.dergachev@gmail.com>
	Mon, 24 Apr 2017 19:30:33 +0000 (19:30 +0000)
committer	Artem Dergachev <artem.dergachev@gmail.com>
	Mon, 24 Apr 2017 19:30:33 +0000 (19:30 +0000)
commit	28cbd0c0d33991602e0d6e08f02e99ae58f4211b
tree	967f24dd1bd88f81def4b63208d93423175d2fd1	tree \| snapshot
parent	43864bcdf23c093025ebc545d1a972a34db4838e	commit \| diff

[analyzer] Improve suppression for inlined defensive checks before operator &.

Null dereferences are suppressed if the lvalue was constrained to 0 for the
first time inside a sub-function that was inlined during analysis, because
such constraint is a valid defensive check that does not, by itself,
indicate that null pointer case is anyhow special for the caller.

If further operations on the lvalue are performed, the symbolic lvalue is
collapsed to concrete null pointer, and we need to track where does the null
pointer come from.

Improve such tracking for lvalue operations involving operator &.

rdar://problem/27876009

Differential Revision: https://reviews.llvm.org/D31982

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@301224 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Core/BugReporterVisitors.cpp		diff \| blob \| history
lib/StaticAnalyzer/Core/Store.cpp		diff \| blob \| history
test/Analysis/inlining/inline-defensive-checks.c		diff \| blob \| history
test/Analysis/inlining/inline-defensive-checks.cpp		diff \| blob \| history
test/Analysis/null-deref-offsets.c	[new file with mode: 0644]	blob
test/Analysis/uninit-const.cpp		diff \| blob \| history