Author: dergachev Date: Tue Dec 19 16:47:17 2017 New Revision: 321130 URL: http://llvm.org/viewvc/llvm-project?rev=321130&view=rev Log: [analyzer] trackNullOrUndefValue: track last store to non-variables.
When reporting certain kinds of analyzer warnings, we use the bugreporter::trackNullOrUndefValue mechanism, which is part of public checker API, to understand where a zero, null-pointer, or garbage value came from, which would highlight important events with respect to that value in the diagnostic path notes, and help us suppress various false positives that result from values appearing from particular sources. Previously, we've lost track of the value when it was written into a memory region that is not a plain variable. Now try to resume tracking in this situation by finding where the last write to this region has occured. Differential revision: https://reviews.llvm.org/D41253 Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c cfe/trunk/test/Analysis/nullptr.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=321130&r1=321129&r2=321130&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Tue Dec 19 16:47:17 2017 @@ -1142,9 +1142,12 @@ bool bugreporter::trackNullOrUndefValue( else RVal = state->getSVal(L->getRegion()); - const MemRegion *RegionRVal = RVal.getAsRegion(); report.addVisitor(llvm::make_unique<UndefOrNullArgVisitor>(L->getRegion())); + if (Optional<KnownSVal> KV = RVal.getAs<KnownSVal>()) + report.addVisitor(llvm::make_unique<FindLastStoreBRVisitor>( + *KV, L->getRegion(), EnableNullFPSuppression)); + const MemRegion *RegionRVal = RVal.getAsRegion(); if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) { report.markInteresting(RegionRVal); report.addVisitor(llvm::make_unique<TrackConstraintBRVisitor>( Modified: cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c?rev=321130&r1=321129&r2=321130&view=diff ============================================================================== --- cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c (original) +++ cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c Tue Dec 19 16:47:17 2017 @@ -190,3 +190,21 @@ void idcTrackZeroValueThroughUnaryPointe idc(s); *(&(s->a[0])) = 7; // no-warning } + +void idcTrackConstraintThroughSymbolicRegion(int **x) { + idc(*x); + // FIXME: Should not warn. + **x = 7; // expected-warning{{Dereference of null pointer}} +} + +int *idcPlainNull(int coin) { + if (coin) + return 0; + static int X; + return &X; +} + +void idcTrackZeroValueThroughSymbolicRegion(int coin, int **x) { + *x = idcPlainNull(coin); + **x = 7; // no-warning +} Modified: cfe/trunk/test/Analysis/nullptr.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nullptr.cpp?rev=321130&r1=321129&r2=321130&view=diff ============================================================================== --- cfe/trunk/test/Analysis/nullptr.cpp (original) +++ cfe/trunk/test/Analysis/nullptr.cpp Tue Dec 19 16:47:17 2017 @@ -142,8 +142,9 @@ void shouldNotCrash() { // expected-note@-1{{Passing null pointer value via 1st parameter 'x'}} if (getSymbol()) { // expected-note {{Assuming the condition is true}} // expected-note@-1{{Taking true branch}} - X *x = Type().x; // expected-note{{'x' initialized to a null pointer value}} - x->f(); // expected-warning{{Called C++ object pointer is null}} + X *xx = Type().x; // expected-note {{Null pointer value stored to field 'x'}} + // expected-note@-1{{'xx' initialized to a null pointer value}} + xx->f(); // expected-warning{{Called C++ object pointer is null}} // expected-note@-1{{Called C++ object pointer is null}} } } _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
