From c4b0c452d71edc03d9c447eeb305db13d789747b Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Tue, 29 Apr 2014 01:56:12 +0000 Subject: [PATCH] [analyzer] Don't crash when a construction is followed by an uninitialized variable. This could happen due to unfortunate CFG coincidences. PR19579 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@207486 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 2 +- test/Analysis/ctor.mm | 27 +++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp index e1eb728147..4251cdc729 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp @@ -128,7 +128,7 @@ static const MemRegion *getRegionForConstructedObject( if (Optional StmtElem = Next.getAs()) { if (const DeclStmt *DS = dyn_cast(StmtElem->getStmt())) { if (const VarDecl *Var = dyn_cast(DS->getSingleDecl())) { - if (Var->getInit()->IgnoreImplicit() == CE) { + if (Var->getInit() && Var->getInit()->IgnoreImplicit() == CE) { SVal LValue = State->getLValue(Var, LCtx); QualType Ty = Var->getType(); LValue = makeZeroElementRegion(State, LValue, Ty); diff --git a/test/Analysis/ctor.mm b/test/Analysis/ctor.mm index 77c87905e1..58db91e64d 100644 --- a/test/Analysis/ctor.mm +++ b/test/Analysis/ctor.mm @@ -674,3 +674,30 @@ namespace InitializerList { clang_analyzer_eval(list->usedInitializerList); // expected-warning{{UNKNOWN}} } } + +namespace PR19579 { + class C {}; + + struct S { + C c; + int i; + }; + + void f() { + C(); + int a; + } + + void g() { + // This order triggers the initialization of the inner "a" after the + // constructor for "C" is run, which used to confuse the analyzer + // (is "C()" the initialization of "a"?). + struct S s = { + C(), + ({ + int a, b = 0; + 0; + }) + }; + } +} -- 2.40.0