[static analyzer] Analyzer is skipping forward declared C/C++ functions

A patch by Karthik Bhat!

This patch fixes a regression introduced by r224398. Prior to r224398
we were able to analyze the following code in test-include.c and report
a null deref in this case. But post r224398 this analysis is being skipped.

E.g.
  // test-include.c
  #include "test-include.h"
  void test(int * data) {
    data = 0;
    *data = 1;
  }

   // test-include.h
  void test(int * data);

This patch uses the function body (instead of its declaration) as the location
of the function when deciding if the Decl should be analyzed with path-sensitive
analysis. (Prior to r224398, the call graph was guaranteed to have a definition
when available.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@240800 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp b/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
index fbeffb8aac80b08af69a4c982fe5c48ba05f5998..c957a654a84c2a579128295113f8b1bb8ae39c94 100644 (file)
--- a/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
+++ b/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
@@ -588,7 +588,10 @@ AnalysisConsumer::getModeForDecl(Decl *D, AnalysisMode Mode) {
   // - Header files: run non-path-sensitive checks only.
   // - System headers: don't run any checks.
   SourceManager &SM = Ctx->getSourceManager();
-  SourceLocation SL = SM.getExpansionLoc(D->getLocation());
+  SourceLocation SL = D->hasBody() ? D->getBody()->getLocStart()
+                                     : D->getLocation();
+  SL = SM.getExpansionLoc(SL);
+
   if (!Opts->AnalyzeAll && !SM.isWrittenInMainFile(SL)) {
     if (SL.isInvalid() || SM.isInSystemHeader(SL))
       return AM_None;

diff --git a/test/Analysis/test-include-cpp.cpp b/test/Analysis/test-include-cpp.cpp
new file mode 100644 (file)
index 0000000..2ac5e11
--- /dev/null
+++ b/test/Analysis/test-include-cpp.cpp
@@ -0,0 +1,13 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s
+
+#include "test-include-cpp.h"
+
+int TestIncludeClass::test1(int *p) {
+  p = 0;
+  return *p; // expected-warning{{Dereference of null pointer}}
+}
+
+int TestIncludeClass::test2(int *p) {
+  p = 0;
+  return *p; // expected-warning{{Dereference of null pointer}}
+}

diff --git a/test/Analysis/test-include-cpp.h b/test/Analysis/test-include-cpp.h
new file mode 100644 (file)
index 0000000..90ec27a
--- /dev/null
+++ b/test/Analysis/test-include-cpp.h
@@ -0,0 +1,9 @@
+#ifndef TEST_INCLUDE_CPP_H
+#define TEST_INCLUDE_CPP_H
+
+class TestIncludeClass {
+  int test1(int *);
+  static int test2(int *);
+};
+
+#endif

diff --git a/test/Analysis/test-include.c b/test/Analysis/test-include.c
new file mode 100644 (file)
index 0000000..6aa80b9
--- /dev/null
+++ b/test/Analysis/test-include.c
@@ -0,0 +1,21 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s
+
+#include "test-include.h"
+#define DIVYX(X,Y) Y/X
+
+void test_01(int *data) {
+  data = 0;
+  *data = 1; // expected-warning{{Dereference of null pointer}}
+}
+
+int test_02() {
+  int res = DIVXY(1,0); // expected-warning{{Division by zero}}
+                        // expected-warning@-1{{division by zero is undefined}}
+  return res;
+}
+
+int test_03() {
+  int res = DIVYX(0,1); // expected-warning{{Division by zero}}
+                        // expected-warning@-1{{division by zero is undefined}}
+  return res;
+}
\ No newline at end of file

diff --git a/test/Analysis/test-include.h b/test/Analysis/test-include.h
new file mode 100644 (file)
index 0000000..07cd1c9
--- /dev/null
+++ b/test/Analysis/test-include.h
@@ -0,0 +1,2 @@
+void test_01(int * data);
+#define DIVXY(X,Y) X/Y