From: Artem Dergachev <artem.dergachev@gmail.com>
Date: Mon, 31 Oct 2016 21:11:20 +0000 (+0000)
Subject: [analyzer] Allow undefined values in performTrivialCopy.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5faafe70edbf4cfed20759a8fbad7363690b127d;p=clang

[analyzer] Allow undefined values in performTrivialCopy.

Reading from a garbage pointer should be modeled as garbage,
and performTrivialCopy should be able to deal with any SVal input.

Patch by Ilya Palachev!

Differential Revision: https://reviews.llvm.org/D25727


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@285640 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 68c66ed07b..011f776d0b 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -65,7 +65,7 @@ void ExprEngine::performTrivialCopy(NodeBuilder &Bldr, ExplodedNode *Pred,
   if (Optional<Loc> L = V.getAs<Loc>())
     V = Pred->getState()->getSVal(*L);
   else
-    assert(V.isUnknown());
+    assert(V.isUnknownOrUndef());
 
   const Expr *CallExpr = Call.getOriginExpr();
   evalBind(Dst, CallExpr, Pred, ThisVal, V, true);
diff --git a/test/Analysis/uninit-vals.cpp b/test/Analysis/uninit-vals.cpp
new file mode 100644
index 0000000000..387c3754da
--- /dev/null
+++ b/test/Analysis/uninit-vals.cpp
@@ -0,0 +1,34 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core.builtin -verify -DCHECK_FOR_CRASH %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify %s
+
+#ifdef CHECK_FOR_CRASH
+// expected-no-diagnostics
+#endif
+
+namespace PerformTrivialCopyForUndefs {
+struct A {
+  int x;
+};
+
+struct B {
+  A a;
+};
+
+struct C {
+  B b;
+};
+
+void foo() {
+  C c1;
+  C *c2;
+#ifdef CHECK_FOR_CRASH
+  // If the value of variable is not defined and checkers that check undefined
+  // values are not enabled, performTrivialCopy should be able to handle the
+  // case with undefined values, too.
+  c1.b.a = c2->b.a;
+#else
+  c1.b.a = c2->b.a; // expected-warning{{Function call argument is an uninitialized value}}
+#endif
+}
+}
+