From 162132fe03c8c2b02735f2adfd4e2dc421488006 Mon Sep 17 00:00:00 2001 From: Devin Coughlin Date: Wed, 1 Mar 2017 17:48:39 +0000 Subject: [PATCH] [analyzer] pr32088: Don't destroy the temporary if its initializer causes return. In the following code involving GNU statement-expression extension: struct S { ~S(); }; void foo() { const S &x = ({ return; S(); }); } function 'foo()' returns before reference x is initialized. We shouldn't call the destructor for the temporary object lifetime-extended by 'x' in this case, because the object never gets constructed in the first place. The real problem is probably in the CFG somewhere, so this is a quick-and-dirty hotfix rather than the perfect solution. A patch by Artem Dergachev! rdar://problem/30759076 Differential Revision: https://reviews.llvm.org/D30499 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296646 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/ExprEngine.cpp | 10 +++++++++- test/Analysis/temporaries.cpp | 10 ++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 7d0c8b4bdf..350992849e 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -615,7 +615,15 @@ void ExprEngine::ProcessAutomaticObjDtor(const CFGAutomaticObjDtor Dtor, const MemRegion *Region = dest.castAs().getRegion(); if (varType->isReferenceType()) { - Region = state->getSVal(Region).getAsRegion()->getBaseRegion(); + const MemRegion *ValueRegion = state->getSVal(Region).getAsRegion(); + if (!ValueRegion) { + // FIXME: This should not happen. The language guarantees a presence + // of a valid initializer here, so the reference shall not be undefined. + // It seems that we're calling destructors over variables that + // were not initialized yet. + return; + } + Region = ValueRegion->getBaseRegion(); varType = cast(Region)->getValueType(); } diff --git a/test/Analysis/temporaries.cpp b/test/Analysis/temporaries.cpp index 49cf070177..cc39201b0c 100644 --- a/test/Analysis/temporaries.cpp +++ b/test/Analysis/temporaries.cpp @@ -493,3 +493,13 @@ namespace PR16629 { clang_analyzer_eval(x == 47); // expected-warning{{TRUE}} } } + +namespace PR32088 { + void testReturnFromStmtExprInitializer() { + // We shouldn't try to destroy the object pointed to by `obj' upon return. + const NonTrivial &obj = ({ + return; // no-crash + NonTrivial(42); + }); + } +} -- 2.40.0