[clang] 0b4fe80 - [Analyzer] Fix for dereferece of smart pointer after branching on unknown inner pointer

Nithin Vadukkumchery Rajendrakumar via cfe-commits Fri, 09 Oct 2020 04:43:34 -0700

Author: Nithin Vadukkumchery Rajendrakumar
Date: 2020-10-09T13:42:25+02:00
New Revision: 0b4fe8086f03294907180007e7de98c80a83b0d7


URL: 
https://github.com/llvm/llvm-project/commit/0b4fe8086f03294907180007e7de98c80a83b0d7
DIFF: 
https://github.com/llvm/llvm-project/commit/0b4fe8086f03294907180007e7de98c80a83b0d7.diff

LOG: [Analyzer] Fix for dereferece of smart pointer after branching on unknown 
inner pointer

Summary: Enabling warning after dereferece of smart pointer after branching on 
unknown inner pointer.

Reviewers: NoQ, Szelethus, vsavchenko, xazax.hun
Reviewed By: NoQ
Subscribers: martong, cfe-commits
Tags: #clang
Differential Revision: https://reviews.llvm.org/D87043

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
    clang/test/Analysis/smart-ptr-text-output.cpp
    clang/test/Analysis/smart-ptr.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp 
b/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
index 1ca53590e06c..6ee7bd9252b3 100644
--- a/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
@@ -103,7 +103,8 @@ bool isStdSmartPtrCall(const CallEvent &Call) {
 
 bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion) {
   const auto *InnerPointVal = State->get<TrackedRegionMap>(ThisRegion);
-  return InnerPointVal && InnerPointVal->isZeroConstant();
+  return InnerPointVal &&
+         !State->assume(InnerPointVal->castAs<DefinedOrUnknownSVal>(), true);
 }
 } // namespace smartptr
 } // namespace ento

diff  --git a/clang/test/Analysis/smart-ptr-text-output.cpp 
b/clang/test/Analysis/smart-ptr-text-output.cpp
index 16c1bddc55e1..f8ecf9192c73 100644
--- a/clang/test/Analysis/smart-ptr-text-output.cpp
+++ b/clang/test/Analysis/smart-ptr-text-output.cpp
@@ -304,3 +304,12 @@ struct S {
     // expected-note@-1 {{Division by zero}}
   }
 };
+
+void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) {
+  A *RP = P.get();
+  if (!RP) { // expected-note {{Assuming 'RP' is null}}
+    // expected-note@-1 {{Taking true branch}}
+    P->foo(); // expected-warning {{Dereference of null smart pointer 'P' 
[alpha.cplusplus.SmartPtr]}}
+    // expected-note@-1{{Dereference of null smart pointer 'P'}}
+  }
+}

diff  --git a/clang/test/Analysis/smart-ptr.cpp 
b/clang/test/Analysis/smart-ptr.cpp
index 8e8156011eb5..7761ac4cb431 100644
--- a/clang/test/Analysis/smart-ptr.cpp
+++ b/clang/test/Analysis/smart-ptr.cpp
@@ -333,7 +333,7 @@ std::unique_ptr<A> &&returnRValRefOfUniquePtr();
 void drefOnAssignedNullFromMethodPtrValidSmartPtr() {
   std::unique_ptr<A> P(new A());
   P = returnRValRefOfUniquePtr();
-  P->foo(); // No warning. 
+  P->foo(); // No warning.
 }
 
 void derefMoveConstructedWithValidPtr() {
@@ -374,7 +374,7 @@ std::unique_ptr<A> &&functionReturnsRValueRef();
 
 void derefMoveConstructedWithRValueRefReturn() {
   std::unique_ptr<A> P(functionReturnsRValueRef());
-  P->foo();  // No warning.
+  P->foo(); // No warning.
 }
 
 void derefConditionOnNullPtr() {
@@ -450,3 +450,10 @@ int derefConditionOnUnKnownPtr(int *q) {
   else
     return *P; // expected-warning {{Dereference of null smart pointer 'P' 
[alpha.cplusplus.SmartPtr]}}
 }
+
+void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) {
+  A *RP = P.get();
+  if (!RP) {
+    P->foo(); // expected-warning {{Dereference of null smart pointer 'P' 
[alpha.cplusplus.SmartPtr]}}
+  }
+}


        
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] 0b4fe80 - [Analyzer] Fix for dereferece of smart pointer after branching on unknown inner pointer

Reply via email to