return;
}
- if (L.isZeroConstant()) {
+ ProgramStateRef StNonNull, StNull;
+ llvm::tie(StNonNull, StNull) = State->assume(cast<DefinedOrUnknownSVal>(L));
+
+ // FIXME: Do we want to record the non-null assumption here?
+ if (StNull && !StNonNull) {
if (!BT_call_null)
BT_call_null.reset(
new BuiltinBug("Called function pointer is null (null dereference)"));
emitBadCall(BT_cxx_call_undef.get(), C, CC->getCXXThisExpr());
return;
}
- if (V.isZeroConstant()) {
+
+ ProgramStateRef State = C.getState();
+ ProgramStateRef StNonNull, StNull;
+ llvm::tie(StNonNull, StNull) = State->assume(cast<DefinedOrUnknownSVal>(V));
+
+ // FIXME: Do we want to record the non-null assumption here?
+ if (StNull && !StNonNull) {
if (!BT_cxx_call_null)
BT_cxx_call_null.reset(new BuiltinBug("Called C++ object pointer "
"is null"));
const Rdar9212495_A& val = dynamic_cast<const Rdar9212495_A&>(*ptr);
// This is not valid C++; dynamic_cast with a reference type will throw an
- // exception if the pointer does not match the expected type.
+ // exception if the pointer does not match the expected type. However, our
+ // implementation of dynamic_cast will pass through a null pointer...or a
+ // "null reference"! So this branch is actually possible.
if (&val == 0) {
- val.bar(); // no warning (unreachable)
- int *p = 0;
- *p = 0xDEAD; // no warning (unreachable)
+ val.bar(); // expected-warning{{Called C++ object pointer is null}}
}
return val;
projects / clang / commitdiff