From 16e6a7cb41319459ded69b4d47f405c1035dd347 Mon Sep 17 00:00:00 2001 From: Anna Zaks Date: Wed, 12 Sep 2012 22:57:40 +0000 Subject: [PATCH] [analyzer] Do not report use of undef on "return foo();" when the return type is void. Fixes a false positive found by analyzing LLVM code base. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163750 91177308-0d34-0410-b5e6-96231b3b80d8 --- .../StaticAnalyzer/Core/PathSensitive/CallEvent.h | 3 +++ lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp | 14 ++++++++++++++ lib/StaticAnalyzer/Core/CallEvent.cpp | 10 ++++++++++ test/Analysis/uninit-vals-ps.c | 12 ++++++++++++ 4 files changed, 39 insertions(+) diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h b/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h index c403622c77..7cbeb201c7 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h @@ -293,6 +293,9 @@ public: /// of some kind. static bool isCallStmt(const Stmt *S); + /// \brief Returns the result type of a function, method declaration. + static QualType getDeclaredResultType(const Decl *D); + // Iterator access to formal parameters and their types. private: typedef std::const_mem_fun_t get_type_fun; diff --git a/lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp b/lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp index 7e95199685..33706123e8 100644 --- a/lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp @@ -16,6 +16,7 @@ #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" @@ -41,6 +42,19 @@ void ReturnUndefChecker::checkPreStmt(const ReturnStmt *RS, if (!C.getState()->getSVal(RetE, C.getLocationContext()).isUndef()) return; + // "return;" is modeled to evaluate to an UndefinedValue. Allow UndefinedValue + // to be returned in functions returning void to support the following pattern: + // void foo() { + // return; + // } + // void test() { + // return foo(); + // } + const StackFrameContext *SFC = C.getStackFrame(); + QualType RT = CallEvent::getDeclaredResultType(SFC->getDecl()); + if (!RT.isNull() && RT->isSpecificBuiltinType(BuiltinType::Void)) + return; + ExplodedNode *N = C.generateSink(); if (!N) diff --git a/lib/StaticAnalyzer/Core/CallEvent.cpp b/lib/StaticAnalyzer/Core/CallEvent.cpp index 7742d1b6b6..3b4c13471b 100644 --- a/lib/StaticAnalyzer/Core/CallEvent.cpp +++ b/lib/StaticAnalyzer/Core/CallEvent.cpp @@ -252,6 +252,16 @@ bool CallEvent::isCallStmt(const Stmt *S) { || isa(S); } +/// \brief Returns the result type, adjusted for references. +QualType CallEvent::getDeclaredResultType(const Decl *D) { + assert(D); + if (const FunctionDecl* FD = dyn_cast(D)) + return FD->getResultType(); + else if (const ObjCMethodDecl* MD = dyn_cast(D)) + return MD->getResultType(); + return QualType(); +} + static void addParameterValuesToBindings(const StackFrameContext *CalleeCtx, CallEvent::BindingsTy &Bindings, SValBuilder &SVB, diff --git a/test/Analysis/uninit-vals-ps.c b/test/Analysis/uninit-vals-ps.c index f3011570a8..09736ef1e3 100644 --- a/test/Analysis/uninit-vals-ps.c +++ b/test/Analysis/uninit-vals-ps.c @@ -122,3 +122,15 @@ int pr4631_f1_b(void) return x; // no-warning } +void foo_radar12278788() { return; } +void test_radar12278788() { + return foo_radar12278788(); // no-warning +} + +void foo_radar12278788_fp() { return; } +typedef int (*RetIntFuncType)(); +typedef void (*RetVoidFuncType)(); +int test_radar12278788_FP() { + RetVoidFuncType f = foo_radar12278788_fp; + return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}} +} -- 2.40.0