From: Artem Dergachev Date: Thu, 15 Feb 2018 19:34:19 +0000 (+0000) Subject: [analyzer] Suppress temporary destructors for temporary arrays. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=015d21eba5d1c8488e495ddb931b61ce357c4501;p=clang [analyzer] Suppress temporary destructors for temporary arrays. Array destructors, like constructors, need to be called for each element of the array separately. We do not have any mechanisms to do this in the analyzer, so for now all we do is evaluate a single constructor or destructor conservatively and give up. It automatically causes the necessary invalidation and pointer escape for the whole array, because this is how RegionStore works. Implement this conservative behavior for temporary destructors. This fixes the crash on the provided test. Differential Revision: https://reviews.llvm.org/D43149 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@325286 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index d1e3a8e86d..8808e95aed 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -957,7 +957,7 @@ void ExprEngine::ProcessTemporaryDtor(const CFGTemporaryDtor D, } StmtBldr.generateNode(D.getBindTemporaryExpr(), Pred, State); - QualType varType = D.getBindTemporaryExpr()->getSubExpr()->getType(); + QualType T = D.getBindTemporaryExpr()->getSubExpr()->getType(); // FIXME: Currently CleanDtorState can be empty here due to temporaries being // bound to default parameters. assert(CleanDtorState.size() <= 1); @@ -966,9 +966,22 @@ void ExprEngine::ProcessTemporaryDtor(const CFGTemporaryDtor D, EvalCallOptions CallOpts; CallOpts.IsTemporaryCtorOrDtor = true; - if (!MR) + if (!MR) { CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true; - VisitCXXDestructor(varType, MR, D.getBindTemporaryExpr(), + + // If we have no MR, we still need to unwrap the array to avoid destroying + // the whole array at once. Regardless, we'd eventually need to model array + // destructors properly, element-by-element. + while (const ArrayType *AT = getContext().getAsArrayType(T)) { + T = AT->getElementType(); + CallOpts.IsArrayCtorOrDtor = true; + } + } else { + // We'd eventually need to makeZeroElementRegion() trick here, + // but for now we don't have the respective construction contexts, + // so MR would always be null in this case. Do nothing for now. + } + VisitCXXDestructor(T, MR, D.getBindTemporaryExpr(), /*IsBase=*/false, CleanPred, Dst, CallOpts); } diff --git a/test/Analysis/temporaries.cpp b/test/Analysis/temporaries.cpp index fb0a0fdd6c..2587e4ed56 100644 --- a/test/Analysis/temporaries.cpp +++ b/test/Analysis/temporaries.cpp @@ -6,6 +6,8 @@ extern bool clang_analyzer_eval(bool); extern bool clang_analyzer_warnIfReached(); void clang_analyzer_checkInlined(bool); +#include "Inputs/system-header-simulator-cxx.h"; + struct Trivial { Trivial(int x) : value(x) {} int value; @@ -892,3 +894,17 @@ void test_ternary_temporary_with_copy(int coin) { } } } // namespace test_match_constructors_and_destructors + +#if __cplusplus >= 201103L +namespace temporary_list_crash { +class C { +public: + C() {} + ~C() {} +}; + +void test() { + std::initializer_list{C(), C()}; // no-crash +} +} // namespace temporary_list_crash +#endif // C++11