Analyzer: Teach analyzer how to handle TypeTraitExpr

Summary:
`TypeTraitExpr`s are not supported by the ExprEngine today. Analyzer
creates a sink, and aborts the block. Therefore, certain bugs that
involve type traits intrinsics cannot be detected (see PR24710).

This patch creates boolean `SVal`s for `TypeTraitExpr`s, which are
evaluated by the compiler.

Test within the patch is a summary of PR24710.

Reviewers: zaks.anna, dcoughlin, krememek

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12482

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@248314 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/Environment.cpp b/lib/StaticAnalyzer/Core/Environment.cpp
index 508f5d3119626e91cf4edd61347e5cdc54eb0455..d55858db576846c20b325234684ed639e53fd854 100644 (file)
--- a/lib/StaticAnalyzer/Core/Environment.cpp
+++ b/lib/StaticAnalyzer/Core/Environment.cpp
@@ -90,6 +90,7 @@ SVal Environment::getSVal(const EnvironmentEntry &Entry,
   case Stmt::CXXNullPtrLiteralExprClass:
   case Stmt::ObjCStringLiteralClass:
   case Stmt::StringLiteralClass:
+  case Stmt::TypeTraitExprClass:
     // Known constants; defer to SValBuilder.
     return svalBuilder.getConstantVal(cast<Expr>(S)).getValue();
 

diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp
index 00d9c7a961642be4d978d15be3d724c030403a24..0865189193d3cbecd9a7a8a9fd240211d6bd3bb0 100644 (file)
--- a/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -756,7 +756,6 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
     case Stmt::MSPropertyRefExprClass:
     case Stmt::CXXUnresolvedConstructExprClass:
     case Stmt::DependentScopeDeclRefExprClass:
-    case Stmt::TypeTraitExprClass:
     case Stmt::ArrayTypeTraitExprClass:
     case Stmt::ExpressionTraitExprClass:
     case Stmt::UnresolvedLookupExprClass:
@@ -902,7 +901,8 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
     case Stmt::CXXPseudoDestructorExprClass:
     case Stmt::SubstNonTypeTemplateParmExprClass:
     case Stmt::CXXNullPtrLiteralExprClass:
-    case Stmt::OMPArraySectionExprClass: {
+    case Stmt::OMPArraySectionExprClass:
+    case Stmt::TypeTraitExprClass: {
       Bldr.takeNodes(Pred);
       ExplodedNodeSet preVisit;
       getCheckerManager().runCheckersForPreStmt(preVisit, Pred, S, *this);

diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp
index d853286d7fa9a7bd62d1a24eb4a6ac5328536ada..4f8ccd0329de899b88e71d95c2bdc5e2a71e4688 100644 (file)
--- a/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -259,6 +259,11 @@ Optional<SVal> SValBuilder::getConstantVal(const Expr *E) {
   case Stmt::CXXBoolLiteralExprClass:
     return makeBoolVal(cast<CXXBoolLiteralExpr>(E));
 
+  case Stmt::TypeTraitExprClass: {
+    const TypeTraitExpr *TE = cast<TypeTraitExpr>(E);
+    return makeTruthVal(TE->getValue(), TE->getType());
+  }
+
   case Stmt::IntegerLiteralClass:
     return makeIntVal(cast<IntegerLiteral>(E));
 

diff --git a/test/Analysis/dtor.cpp b/test/Analysis/dtor.cpp
index bb1e6254fb73aef37a3b130d4d6365835e563f07..c67722283ff8ea586442beaad3844b8dd5c3f362 100644 (file)
--- a/test/Analysis/dtor.cpp
+++ b/test/Analysis/dtor.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config c++-inlining=destructors,cfg-temporary-dtors=true -Wno-null-dereference -Wno-inaccessible-base -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection,cplusplus -analyzer-config c++-inlining=destructors,cfg-temporary-dtors=true -Wno-null-dereference -Wno-inaccessible-base -verify %s
 
 void clang_analyzer_eval(bool);
 void clang_analyzer_checkInlined(bool);
@@ -505,3 +505,38 @@ namespace Incomplete {
   class Foo; // expected-note{{forward declaration}}
   void f(Foo *foo) { delete foo; } // expected-warning{{deleting pointer to incomplete type}}
 }
+
+namespace TypeTraitExpr {
+template <bool IsSimple, typename T>
+struct copier {
+  static void do_copy(T *dest, const T *src, unsigned count);
+};
+template <typename T, typename U>
+void do_copy(T *dest, const U *src, unsigned count) {
+  const bool IsSimple = __is_trivial(T) && __is_same(T, U);
+  copier<IsSimple, T>::do_copy(dest, src, count);
+}
+struct NonTrivial {
+  int *p;
+  NonTrivial() : p(new int[1]) { p[0] = 0; }
+  NonTrivial(const NonTrivial &other) {
+    p = new int[1];
+    do_copy(p, other.p, 1);
+  }
+  NonTrivial &operator=(const NonTrivial &other) {
+    p = other.p;
+    return *this;
+  }
+  ~NonTrivial() {
+    delete[] p; // expected-warning {{free released memory}}
+  }
+};
+
+void f() {
+  NonTrivial nt1;
+  NonTrivial nt2(nt1);
+  nt1 = nt2;
+  clang_analyzer_eval(__is_trivial(NonTrivial)); // expected-warning{{FALSE}}
+  clang_analyzer_eval(__alignof(NonTrivial) > 0); // expected-warning{{TRUE}}
+}
+}