granicus.if.org Git - clang/commit

author	Devin Coughlin <dcoughlin@apple.com>
	Thu, 17 Dec 2015 00:28:33 +0000 (00:28 +0000)
committer	Devin Coughlin <dcoughlin@apple.com>
	Thu, 17 Dec 2015 00:28:33 +0000 (00:28 +0000)
commit	d4ba9bd25d746870e5a5e5d09a4f24cc3d72ac30
tree	06dbb028f7f063013d6154f689148db5e8aa2d42	tree \| snapshot
parent	815cde37f487611c4a710a04c849983b37ca4974	commit \| diff

[analyzer] Better detect when C++ object was constructed into existing region.

When the analyzer evaluates a CXXConstructExpr, it looks ahead in the CFG for
the current block to detect what region the object should be constructed into.
If the constructor was directly constructed into a local variable or field
region then there is no need to explicitly bind the constructed value to
the local or field when analyzing the DeclStmt or CXXCtorInitializer that
called the constructor.

Unfortunately, there were situations in which the CXXConstructExpr was
constructed into a temporary region but when evaluating the corresponding
DeclStmt or CXXCtorInitializer the analyzer assumed the object was constructed
into the local or field. This led to spurious warnings about uninitialized
values (PR25777).

To avoid these false positives, this commit factors out the logic for
determining when a CXXConstructExpr will be directly constructed into existing
storage, adds the inverse logic to detect when the corresponding later bind can
be safely skipped, and adds assertions to make sure these two checks are in
sync.

rdar://problem/21947725

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@255859 91177308-0d34-0410-b5e6-96231b3b80d8

include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h		diff \| blob \| history
lib/StaticAnalyzer/Core/ExprEngine.cpp		diff \| blob \| history
lib/StaticAnalyzer/Core/ExprEngineC.cpp		diff \| blob \| history
lib/StaticAnalyzer/Core/ExprEngineCXX.cpp		diff \| blob \| history
test/Analysis/initializer.cpp		diff \| blob \| history