From: Ted Kremenek Date: Thu, 31 Mar 2011 04:04:48 +0000 (+0000) Subject: Teach static analyzer about the basics of handling new[]. We still don't simulate... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=41c5f498b2d10fab683f1c5685ff79c90a737d24;p=clang Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128611 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/CXXExprEngine.cpp b/lib/StaticAnalyzer/Core/CXXExprEngine.cpp index b015d4f264..b299fcc1c1 100644 --- a/lib/StaticAnalyzer/Core/CXXExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/CXXExprEngine.cpp @@ -199,20 +199,23 @@ void ExprEngine::VisitCXXDestructor(const CXXDestructorDecl *DD, void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, ExplodedNodeSet &Dst) { - if (CNE->isArray()) { - // FIXME: allocating an array has not been handled. - return; - } - + unsigned Count = Builder->getCurrentBlockCount(); DefinedOrUnknownSVal symVal = svalBuilder.getConjuredSymbolVal(NULL, CNE, CNE->getType(), Count); - const MemRegion *NewReg = cast(symVal).getRegion(); - + const MemRegion *NewReg = cast(symVal).getRegion(); QualType ObjTy = CNE->getType()->getAs()->getPointeeType(); - const ElementRegion *EleReg = - getStoreManager().GetElementZeroRegion(NewReg, ObjTy); + getStoreManager().GetElementZeroRegion(NewReg, ObjTy); + + if (CNE->isArray()) { + // FIXME: allocating an array requires simulating the constructors. + // For now, just return a symbolicated region. + const GRState *state = GetState(Pred); + state = state->BindExpr(CNE, loc::MemRegionVal(EleReg)); + MakeNode(Dst, CNE, Pred, state); + return; + } // Evaluate constructor arguments. const FunctionProtoType *FnType = NULL; diff --git a/test/Analysis/misc-ps-region-store.cpp b/test/Analysis/misc-ps-region-store.cpp index 3b8d4e3782..26a31526b7 100644 --- a/test/Analysis/misc-ps-region-store.cpp +++ b/test/Analysis/misc-ps-region-store.cpp @@ -255,4 +255,12 @@ bool RDar9203355::foo(unsigned valA, int &result) const { return false; } +// Test handling of new[]. +void rdar9212512() { + int *x = new int[10]; + for (unsigned i = 0 ; i < 2 ; ++i) { + // This previously triggered an uninitialized values warning. + x[i] = 1; // no-warning + } +}