[analyzer] Allow undefined values in performTrivialCopy.

Reading from a garbage pointer should be modeled as garbage,
and performTrivialCopy should be able to deal with any SVal input.

Patch by Ilya Palachev!

Differential Revision: https://reviews.llvm.org/D25727

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@285640 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 68c66ed07b60ca31311a0a26a87480abfaef0e12..011f776d0b099aa7f84f2a835ab492aa624bcc3a 100644 (file)
--- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -65,7 +65,7 @@ void ExprEngine::performTrivialCopy(NodeBuilder &Bldr, ExplodedNode *Pred,
   if (Optional<Loc> L = V.getAs<Loc>())
     V = Pred->getState()->getSVal(*L);
   else
-    assert(V.isUnknown());
+    assert(V.isUnknownOrUndef());
 
   const Expr *CallExpr = Call.getOriginExpr();
   evalBind(Dst, CallExpr, Pred, ThisVal, V, true);

diff --git a/test/Analysis/uninit-vals.cpp b/test/Analysis/uninit-vals.cpp
new file mode 100644 (file)
index 0000000..387c375
--- /dev/null
+++ b/test/Analysis/uninit-vals.cpp
@@ -0,0 +1,34 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core.builtin -verify -DCHECK_FOR_CRASH %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s
+
+#ifdef CHECK_FOR_CRASH
+// expected-no-diagnostics
+#endif
+
+namespace PerformTrivialCopyForUndefs {
+struct A {
+  int x;
+};
+
+struct B {
+  A a;
+};
+
+struct C {
+  B b;
+};
+
+void foo() {
+  C c1;
+  C *c2;
+#ifdef CHECK_FOR_CRASH
+  // If the value of variable is not defined and checkers that check undefined
+  // values are not enabled, performTrivialCopy should be able to handle the
+  // case with undefined values, too.
+  c1.b.a = c2->b.a;
+#else
+  c1.b.a = c2->b.a; // expected-warning{{Function call argument is an uninitialized value}}
+#endif
+}
+}
+