From fe266159d547b51ff4674f414f5276049756da76 Mon Sep 17 00:00:00 2001 From: Kristof Umann Date: Fri, 14 Sep 2018 09:13:36 +0000 Subject: [PATCH] [analyzer][UninitializedObjectChecker] Correct dynamic type is acquired for record pointees Differential Revision: https://reviews.llvm.org/D50892 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@342217 91177308-0d34-0410-b5e6-96231b3b80d8 --- .../UninitializedPointee.cpp | 8 +++ .../cxx-uninitialized-object-inheritance.cpp | 54 +++++++++++++++---- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp b/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp index 81ba04a230..13633af665 100644 --- a/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp +++ b/lib/StaticAnalyzer/Checkers/UninitializedObject/UninitializedPointee.cpp @@ -234,5 +234,13 @@ static llvm::Optional dereference(ProgramStateRef State, break; } + while (R->getAs()) { + NeedsCastBack = true; + + if (!isa(R->getSuperRegion())) + break; + R = R->getSuperRegion()->getAs(); + } + return std::make_pair(R, NeedsCastBack); } diff --git a/test/Analysis/cxx-uninitialized-object-inheritance.cpp b/test/Analysis/cxx-uninitialized-object-inheritance.cpp index 0ebb2954f9..b24783af05 100644 --- a/test/Analysis/cxx-uninitialized-object-inheritance.cpp +++ b/test/Analysis/cxx-uninitialized-object-inheritance.cpp @@ -781,21 +781,53 @@ void fVirtualDiamondInheritanceTest3() { // Dynamic type test. //===----------------------------------------------------------------------===// -struct DynTBase {}; -struct DynTDerived : DynTBase { - // TODO: we'd expect the note: {{uninitialized field 'this->x'}} - int x; // no-note +struct DynTBase1 {}; +struct DynTDerived1 : DynTBase1 { + int y; // expected-note{{uninitialized field 'static_cast(this->bptr)->y'}} }; -struct DynamicTypeTest { - DynTBase *bptr; +struct DynamicTypeTest1 { + DynTBase1 *bptr; int i = 0; - // TODO: we'd expect the warning: {{1 uninitialized field}} - DynamicTypeTest(DynTBase *bptr) : bptr(bptr) {} // no-warning + DynamicTypeTest1(DynTBase1 *bptr) : bptr(bptr) {} // expected-warning{{1 uninitialized field}} }; -void f() { - DynTDerived d; - DynamicTypeTest t(&d); +void fDynamicTypeTest1() { + DynTDerived1 d; + DynamicTypeTest1 t(&d); }; + +struct DynTBase2 { + int x; // expected-note{{uninitialized field 'static_cast(this->bptr)->DynTBase2::x'}} +}; +struct DynTDerived2 : DynTBase2 { + int y; // expected-note{{uninitialized field 'static_cast(this->bptr)->y'}} +}; + +struct DynamicTypeTest2 { + DynTBase2 *bptr; + int i = 0; + + DynamicTypeTest2(DynTBase2 *bptr) : bptr(bptr) {} // expected-warning{{2 uninitialized fields}} +}; + +void fDynamicTypeTest2() { + DynTDerived2 d; + DynamicTypeTest2 t(&d); +} + +struct SymbolicSuperRegionBase { + SymbolicSuperRegionBase() {} +}; + +struct SymbolicSuperRegionDerived : SymbolicSuperRegionBase { + SymbolicSuperRegionBase *bptr; // no-crash + SymbolicSuperRegionDerived(SymbolicSuperRegionBase *bptr) : bptr(bptr) {} +}; + +SymbolicSuperRegionDerived *getSymbolicRegion(); + +void fSymbolicSuperRegionTest() { + SymbolicSuperRegionDerived test(getSymbolicRegion()); +} -- 2.50.1