Author: dergachev Date: Thu Apr 25 19:05:12 2019 New Revision: 359262 URL: http://llvm.org/viewvc/llvm-project?rev=359262&view=rev Log: [analyzer] Fix crash when returning C++ objects from ObjC messages-to-nil.
the assertion is in fact incorrect: there is a cornercase in Objective-C++ in which a C++ object is not constructed with a constructor, but merely zero-initialized. Namely, this happens when an Objective-C message is sent to a nil and it is supposed to return a C++ object. Differential Revision: https://reviews.llvm.org/D60988 Added: cfe/trunk/test/Analysis/nil-receiver.mm Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=359262&r1=359261&r2=359262&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Thu Apr 25 19:05:12 2019 @@ -2361,7 +2361,14 @@ RegionBindingsRef RegionStoreManager::bi // In C++17 aggregates may have base classes, handle those as well. // They appear before fields in the initializer list / compound value. if (const auto *CRD = dyn_cast<CXXRecordDecl>(RD)) { - assert(CRD->isAggregate() && + // If the object was constructed with a constructor, its value is a + // LazyCompoundVal. If it's a raw CompoundVal, it means that we're + // performing aggregate initialization. The only exception from this + // rule is sending an Objective-C++ message that returns a C++ object + // to a nil receiver; in this case the semantics is to return a + // zero-initialized object even if it's a C++ object that doesn't have + // this sort of constructor; the CompoundVal is empty in this case. + assert((CRD->isAggregate() || (Ctx.getLangOpts().ObjC && VI == VE)) && "Non-aggregates are constructed with a constructor!"); for (const auto &B : CRD->bases()) { Added: cfe/trunk/test/Analysis/nil-receiver.mm URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nil-receiver.mm?rev=359262&view=auto ============================================================================== --- cfe/trunk/test/Analysis/nil-receiver.mm (added) +++ cfe/trunk/test/Analysis/nil-receiver.mm Thu Apr 25 19:05:12 2019 @@ -0,0 +1,24 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection \ +// RUN: -verify %s + +#define nil ((id)0) + +void clang_analyzer_eval(int); + +struct S { + int x; + S(); +}; + +@interface I +@property S s; +@end + +void foo() { + // This produces a zero-initialized structure. + // FIXME: This very fact does deserve the warning, because zero-initialized + // structures aren't always valid in C++. It's particularly bad when the + // object has a vtable. + S s = ((I *)nil).s; + clang_analyzer_eval(s.x == 0); // expected-warning{{TRUE}} +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
