This revision was not accepted when it landed; it landed in state "Needs
Review".
This revision was automatically updated to reflect the committed changes.
Closed by commit rL330882: [analyzer] Fix a crash on lifetime extension through
aggregate initialization. (authored by dergachev, committed by ).
Herald added a subscriber: llvm-commits.
Changed prior to commit:
https://reviews.llvm.org/D46037?vs=143850&id=144032#toc
Repository:
rL LLVM
https://reviews.llvm.org/D46037
Files:
cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
cfe/trunk/test/Analysis/lifetime-extension.cpp
Index: cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
===================================================================
--- cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
+++ cfe/trunk/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
@@ -110,6 +110,11 @@
/// 'const int &x = C().x;'.
bool IsTemporaryLifetimeExtendedViaSubobject = false;
+ /// This call is a constructor for a temporary that is lifetime-extended
+ /// by binding it to a reference-type field within an aggregate,
+ /// for example 'A { const C &c; }; A a = { C() };'
+ bool IsTemporaryLifetimeExtendedViaAggregate = false;
+
EvalCallOptions() {}
};
Index: cfe/trunk/test/Analysis/lifetime-extension.cpp
===================================================================
--- cfe/trunk/test/Analysis/lifetime-extension.cpp
+++ cfe/trunk/test/Analysis/lifetime-extension.cpp
@@ -147,6 +147,37 @@
// FIXME: Should be TRUE. Should not warn about garbage value.
clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
}
+
+struct A { // A is an aggregate.
+ const C &c;
+};
+
+void f6() {
+ C *after, *before;
+ {
+ A a{C(true, &after, &before)};
+ }
+ // FIXME: Should be TRUE. Should not warn about garbage value.
+ clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
+}
+
+void f7() {
+ C *after, *before;
+ {
+ A a = {C(true, &after, &before)};
+ }
+ // FIXME: Should be TRUE. Should not warn about garbage value.
+ clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
+}
+
+void f8() {
+ C *after, *before;
+ {
+ A a[2] = {C(false, nullptr, nullptr), C(true, &after, &before)};
+ }
+ // FIXME: Should be TRUE. Should not warn about garbage value.
+ clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
+}
} // end namespace maintain_original_object_address_on_lifetime_extension
namespace maintain_original_object_address_on_move {
Index: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -180,14 +180,25 @@
}
case ConstructionContext::TemporaryObjectKind: {
const auto *TOCC = cast<TemporaryObjectConstructionContext>(CC);
- // See if we're lifetime-extended via our field. If so, take a note.
- // Because automatic destructors aren't quite working in this case.
if (const auto *MTE = TOCC->getMaterializedTemporaryExpr()) {
if (const ValueDecl *VD = MTE->getExtendingDecl()) {
- assert(VD->getType()->isReferenceType());
- if (VD->getType()->getPointeeType().getCanonicalType() !=
- MTE->GetTemporaryExpr()->getType().getCanonicalType()) {
- CallOpts.IsTemporaryLifetimeExtendedViaSubobject = true;
+ // Pattern-match various forms of lifetime extension that aren't
+ // currently supported by the CFG.
+ // FIXME: Is there a better way to retrieve this information from
+ // the MaterializeTemporaryExpr?
+ assert(MTE->getStorageDuration() != SD_FullExpression);
+ if (VD->getType()->isReferenceType()) {
+ assert(VD->getType()->isReferenceType());
+ if (VD->getType()->getPointeeType().getCanonicalType() !=
+ MTE->GetTemporaryExpr()->getType().getCanonicalType()) {
+ // We're lifetime-extended via our field. Automatic destructors
+ // aren't quite working in this case.
+ CallOpts.IsTemporaryLifetimeExtendedViaSubobject = true;
+ }
+ } else {
+ // We're lifetime-extended by a surrounding aggregate.
+ // Automatic destructors aren't quite working in this case.
+ CallOpts.IsTemporaryLifetimeExtendedViaAggregate = true;
}
}
}
Index: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -699,6 +699,11 @@
// within it to a reference, automatic destructors don't work properly.
if (CallOpts.IsTemporaryLifetimeExtendedViaSubobject)
return CIP_DisallowedOnce;
+
+ // If the temporary is lifetime-extended by binding it to a reference-typ
+ // field within an aggregate, automatic destructors don't work properly.
+ if (CallOpts.IsTemporaryLifetimeExtendedViaAggregate)
+ return CIP_DisallowedOnce;
}
break;
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
