2018-08-30 04:29:17 +08:00
|
|
|
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -verify -analyzer-config eagerly-assume=false %s
|
|
|
|
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true -DTEMPORARIES -verify -analyzer-config eagerly-assume=false %s
|
|
|
|
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++17 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true -DTEMPORARIES -analyzer-config eagerly-assume=false %s
|
|
|
|
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -DMOVES -verify -analyzer-config eagerly-assume=false %s
|
|
|
|
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true -DTEMPORARIES -DMOVES -verify -analyzer-config eagerly-assume=false %s
|
|
|
|
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++17 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true -DTEMPORARIES -DMOVES -analyzer-config eagerly-assume=false %s
|
2018-03-23 05:54:48 +08:00
|
|
|
|
|
|
|
// Note: The C++17 run-lines don't -verify yet - it is a no-crash test.
|
[analyzer] Construct temporary objects of correct types, destroy them properly.
When constructing a temporary object region, which represents the result of
MaterializeTemporaryExpr, track down the sub-expression for which the temporary
is necessary with a trick similar to the approach used in CodeGen, namely
by using Expr::skipRValueSubobjectAdjustments().
Then, create the temporary object region with type of that sub-expression.
That type would propagate further in a path-sensitive manner.
During destruction of lifetime-extened temporaries, consult the type of
the temporary object region, rather than the type of the lifetime-extending
variable, in order to call the correct destructor (fixes pr17001) and,
at least, not to crash by trying to call a destructor of a plain type
(fixes pr19539).
rdar://problem/29131302
rdar://problem/29131576
Differential Revision: https://reviews.llvm.org/D26839
llvm-svn: 288263
2016-12-01 03:02:44 +08:00
|
|
|
|
|
|
|
void clang_analyzer_eval(bool);
|
2018-03-13 07:22:35 +08:00
|
|
|
void clang_analyzer_checkInlined(bool);
|
[analyzer] Construct temporary objects of correct types, destroy them properly.
When constructing a temporary object region, which represents the result of
MaterializeTemporaryExpr, track down the sub-expression for which the temporary
is necessary with a trick similar to the approach used in CodeGen, namely
by using Expr::skipRValueSubobjectAdjustments().
Then, create the temporary object region with type of that sub-expression.
That type would propagate further in a path-sensitive manner.
During destruction of lifetime-extened temporaries, consult the type of
the temporary object region, rather than the type of the lifetime-extending
variable, in order to call the correct destructor (fixes pr17001) and,
at least, not to crash by trying to call a destructor of a plain type
(fixes pr19539).
rdar://problem/29131302
rdar://problem/29131576
Differential Revision: https://reviews.llvm.org/D26839
llvm-svn: 288263
2016-12-01 03:02:44 +08:00
|
|
|
|
|
|
|
namespace pr17001_call_wrong_destructor {
|
|
|
|
bool x;
|
|
|
|
struct A {
|
|
|
|
int *a;
|
|
|
|
A() {}
|
|
|
|
~A() {}
|
|
|
|
};
|
|
|
|
struct B : public A {
|
|
|
|
B() {}
|
|
|
|
~B() { x = true; }
|
|
|
|
};
|
|
|
|
|
|
|
|
void f() {
|
|
|
|
{
|
|
|
|
const A &a = B();
|
|
|
|
}
|
|
|
|
clang_analyzer_eval(x); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
} // end namespace pr17001_call_wrong_destructor
|
|
|
|
|
|
|
|
namespace pr19539_crash_on_destroying_an_integer {
|
|
|
|
struct A {
|
|
|
|
int i;
|
|
|
|
int j[2];
|
|
|
|
A() : i(1) {
|
|
|
|
j[0] = 2;
|
|
|
|
j[1] = 3;
|
|
|
|
}
|
|
|
|
~A() {}
|
|
|
|
};
|
|
|
|
|
|
|
|
void f() {
|
|
|
|
const int &x = A().i; // no-crash
|
|
|
|
const int &y = A().j[1]; // no-crash
|
|
|
|
const int &z = (A().j[1], A().j[0]); // no-crash
|
|
|
|
|
2018-06-05 04:18:37 +08:00
|
|
|
clang_analyzer_eval(x == 1);
|
|
|
|
clang_analyzer_eval(y == 3);
|
|
|
|
clang_analyzer_eval(z == 2);
|
|
|
|
#ifdef TEMPORARIES
|
|
|
|
// expected-warning@-4{{TRUE}}
|
|
|
|
// expected-warning@-4{{TRUE}}
|
|
|
|
// expected-warning@-4{{TRUE}}
|
|
|
|
#else
|
|
|
|
// expected-warning@-8{{UNKNOWN}}
|
|
|
|
// expected-warning@-8{{UNKNOWN}}
|
|
|
|
// expected-warning@-8{{UNKNOWN}}
|
|
|
|
#endif
|
[analyzer] Construct temporary objects of correct types, destroy them properly.
When constructing a temporary object region, which represents the result of
MaterializeTemporaryExpr, track down the sub-expression for which the temporary
is necessary with a trick similar to the approach used in CodeGen, namely
by using Expr::skipRValueSubobjectAdjustments().
Then, create the temporary object region with type of that sub-expression.
That type would propagate further in a path-sensitive manner.
During destruction of lifetime-extened temporaries, consult the type of
the temporary object region, rather than the type of the lifetime-extending
variable, in order to call the correct destructor (fixes pr17001) and,
at least, not to crash by trying to call a destructor of a plain type
(fixes pr19539).
rdar://problem/29131302
rdar://problem/29131576
Differential Revision: https://reviews.llvm.org/D26839
llvm-svn: 288263
2016-12-01 03:02:44 +08:00
|
|
|
}
|
|
|
|
} // end namespace pr19539_crash_on_destroying_an_integer
|
2018-02-28 03:47:49 +08:00
|
|
|
|
|
|
|
namespace maintain_original_object_address_on_lifetime_extension {
|
|
|
|
class C {
|
|
|
|
C **after, **before;
|
|
|
|
|
|
|
|
public:
|
|
|
|
bool x;
|
|
|
|
|
|
|
|
C(bool x, C **after, C **before) : x(x), after(after), before(before) {
|
|
|
|
*before = this;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Don't track copies in our tests.
|
|
|
|
C(const C &c) : x(c.x), after(nullptr), before(nullptr) {}
|
|
|
|
|
|
|
|
~C() { if (after) *after = this; }
|
|
|
|
|
|
|
|
operator bool() const { return x; }
|
2018-03-13 07:22:35 +08:00
|
|
|
|
|
|
|
static C make(C **after, C **before) { return C(false, after, before); }
|
2018-02-28 03:47:49 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
void f1() {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
const C &c = C(true, &after, &before);
|
|
|
|
}
|
|
|
|
clang_analyzer_eval(after == before);
|
|
|
|
#ifdef TEMPORARIES
|
|
|
|
// expected-warning@-2{{TRUE}}
|
|
|
|
#else
|
|
|
|
// expected-warning@-4{{UNKNOWN}}
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
void f2() {
|
|
|
|
C *after, *before;
|
2018-06-28 08:30:18 +08:00
|
|
|
{
|
|
|
|
C c = C(1, &after, &before);
|
|
|
|
}
|
|
|
|
clang_analyzer_eval(after == before); // expected-warning{{TRUE}}
|
2018-02-28 03:47:49 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void f3(bool coin) {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
const C &c = coin ? C(true, &after, &before) : C(false, &after, &before);
|
|
|
|
}
|
|
|
|
clang_analyzer_eval(after == before);
|
|
|
|
#ifdef TEMPORARIES
|
|
|
|
// expected-warning@-2{{TRUE}}
|
|
|
|
#else
|
|
|
|
// expected-warning@-4{{UNKNOWN}}
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
void f4(bool coin) {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
// no-crash
|
|
|
|
const C &c = C(coin, &after, &before) ?: C(false, &after, &before);
|
|
|
|
}
|
|
|
|
// FIXME: Add support for lifetime extension through binary conditional
|
|
|
|
// operator. Ideally also add support for the binary conditional operator in
|
|
|
|
// C++. Because for now it calls the constructor for the condition twice.
|
|
|
|
if (coin) {
|
2018-06-28 08:30:18 +08:00
|
|
|
// FIXME: Should not warn.
|
2018-02-28 03:47:49 +08:00
|
|
|
clang_analyzer_eval(after == before);
|
|
|
|
#ifdef TEMPORARIES
|
|
|
|
// expected-warning@-2{{The left operand of '==' is a garbage value}}
|
|
|
|
#else
|
|
|
|
// expected-warning@-4{{UNKNOWN}}
|
|
|
|
#endif
|
|
|
|
} else {
|
2018-06-28 08:30:18 +08:00
|
|
|
// FIXME: Should be TRUE.
|
2018-02-28 03:47:49 +08:00
|
|
|
clang_analyzer_eval(after == before);
|
|
|
|
#ifdef TEMPORARIES
|
2018-06-28 08:30:18 +08:00
|
|
|
// expected-warning@-2{{FALSE}}
|
2018-02-28 03:47:49 +08:00
|
|
|
#else
|
2018-06-28 08:30:18 +08:00
|
|
|
// expected-warning@-4{{UNKNOWN}}
|
2018-02-28 03:47:49 +08:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void f5() {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
const bool &x = C(true, &after, &before).x; // no-crash
|
|
|
|
}
|
2018-06-05 04:18:37 +08:00
|
|
|
clang_analyzer_eval(after == before);
|
|
|
|
#ifdef TEMPORARIES
|
|
|
|
// expected-warning@-2{{TRUE}}
|
|
|
|
#else
|
|
|
|
// expected-warning@-4{{UNKNOWN}}
|
|
|
|
#endif
|
2018-02-28 03:47:49 +08:00
|
|
|
}
|
2018-04-26 07:02:06 +08:00
|
|
|
|
|
|
|
struct A { // A is an aggregate.
|
|
|
|
const C &c;
|
|
|
|
};
|
|
|
|
|
|
|
|
void f6() {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
A a{C(true, &after, &before)};
|
|
|
|
}
|
|
|
|
// FIXME: Should be TRUE. Should not warn about garbage value.
|
|
|
|
clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
|
|
|
|
}
|
|
|
|
|
|
|
|
void f7() {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
A a = {C(true, &after, &before)};
|
|
|
|
}
|
|
|
|
// FIXME: Should be TRUE. Should not warn about garbage value.
|
|
|
|
clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
|
|
|
|
}
|
|
|
|
|
|
|
|
void f8() {
|
|
|
|
C *after, *before;
|
|
|
|
{
|
|
|
|
A a[2] = {C(false, nullptr, nullptr), C(true, &after, &before)};
|
|
|
|
}
|
|
|
|
// FIXME: Should be TRUE. Should not warn about garbage value.
|
|
|
|
clang_analyzer_eval(after == before); // expected-warning{{UNKNOWN}}
|
|
|
|
}
|
2018-02-28 03:47:49 +08:00
|
|
|
} // end namespace maintain_original_object_address_on_lifetime_extension
|
|
|
|
|
|
|
|
namespace maintain_original_object_address_on_move {
|
|
|
|
class C {
|
|
|
|
int *x;
|
|
|
|
|
|
|
|
public:
|
|
|
|
C() : x(nullptr) {}
|
|
|
|
C(int *x) : x(x) {}
|
|
|
|
C(const C &c) = delete;
|
|
|
|
C(C &&c) : x(c.x) { c.x = nullptr; }
|
|
|
|
C &operator=(C &&c) {
|
|
|
|
x = c.x;
|
|
|
|
c.x = nullptr;
|
|
|
|
return *this;
|
|
|
|
}
|
|
|
|
~C() {
|
|
|
|
// This was triggering the division by zero warning in f1() and f2():
|
|
|
|
// Because move-elision materialization was incorrectly causing the object
|
|
|
|
// to be relocated from one address to another before move, but destructor
|
|
|
|
// was operating on the old address, it was still thinking that 'x' is set.
|
|
|
|
if (x)
|
|
|
|
*x = 0;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
void f1() {
|
|
|
|
int x = 1;
|
|
|
|
// &x is replaced with nullptr in move-constructor before the temporary dies.
|
|
|
|
C c = C(&x);
|
|
|
|
// Hence x was not set to 0 yet.
|
|
|
|
1 / x; // no-warning
|
|
|
|
}
|
|
|
|
void f2() {
|
|
|
|
int x = 1;
|
|
|
|
C c;
|
|
|
|
// &x is replaced with nullptr in move-assignment before the temporary dies.
|
|
|
|
c = C(&x);
|
|
|
|
// Hence x was not set to 0 yet.
|
|
|
|
1 / x; // no-warning
|
|
|
|
}
|
|
|
|
} // end namespace maintain_original_object_address_on_move
|
2018-03-13 07:22:35 +08:00
|
|
|
|
|
|
|
namespace maintain_address_of_copies {
|
2018-06-28 08:30:18 +08:00
|
|
|
class C;
|
2018-03-13 07:22:35 +08:00
|
|
|
|
2018-06-28 08:30:18 +08:00
|
|
|
struct AddressVector {
|
|
|
|
C *buf[10];
|
2018-03-13 07:22:35 +08:00
|
|
|
int len;
|
|
|
|
|
|
|
|
AddressVector() : len(0) {}
|
|
|
|
|
2018-06-28 08:30:18 +08:00
|
|
|
void push(C *c) {
|
|
|
|
buf[len] = c;
|
2018-03-13 07:22:35 +08:00
|
|
|
++len;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
class C {
|
2018-06-28 08:30:18 +08:00
|
|
|
AddressVector &v;
|
2018-03-13 07:22:35 +08:00
|
|
|
|
|
|
|
public:
|
2018-06-28 08:30:18 +08:00
|
|
|
C(AddressVector &v) : v(v) { v.push(this); }
|
2018-03-13 07:22:35 +08:00
|
|
|
~C() { v.push(this); }
|
|
|
|
|
|
|
|
#ifdef MOVES
|
|
|
|
C(C &&c) : v(c.v) { v.push(this); }
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// Note how return-statements prefer move-constructors when available.
|
|
|
|
C(const C &c) : v(c.v) {
|
|
|
|
#ifdef MOVES
|
|
|
|
clang_analyzer_checkInlined(false); // no-warning
|
|
|
|
#else
|
|
|
|
v.push(this);
|
|
|
|
#endif
|
|
|
|
} // no-warning
|
|
|
|
|
2018-06-28 08:30:18 +08:00
|
|
|
static C make(AddressVector &v) { return C(v); }
|
2018-03-13 07:22:35 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
void f1() {
|
2018-06-28 08:30:18 +08:00
|
|
|
AddressVector v;
|
2018-03-13 07:22:35 +08:00
|
|
|
{
|
|
|
|
C c = C(v);
|
|
|
|
}
|
2018-06-28 08:30:18 +08:00
|
|
|
// 0. Construct variable 'c' (copy/move elided).
|
|
|
|
// 1. Destroy variable 'c'.
|
|
|
|
clang_analyzer_eval(v.len == 2); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(v.buf[0] == v.buf[1]); // expected-warning{{TRUE}}
|
2018-03-13 07:22:35 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void f2() {
|
2018-06-28 08:30:18 +08:00
|
|
|
AddressVector v;
|
2018-03-13 07:22:35 +08:00
|
|
|
{
|
|
|
|
const C &c = C::make(v);
|
|
|
|
}
|
2018-06-28 08:30:18 +08:00
|
|
|
// 0. Construct the return value of make() (copy/move elided) and
|
|
|
|
// lifetime-extend it directly via reference 'c',
|
|
|
|
// 1. Destroy the temporary lifetime-extended by 'c'.
|
|
|
|
clang_analyzer_eval(v.len == 2);
|
|
|
|
clang_analyzer_eval(v.buf[0] == v.buf[1]);
|
2018-03-13 07:22:35 +08:00
|
|
|
#ifdef TEMPORARIES
|
2018-06-28 08:30:18 +08:00
|
|
|
// expected-warning@-3{{TRUE}}
|
|
|
|
// expected-warning@-3{{TRUE}}
|
2018-03-13 07:22:35 +08:00
|
|
|
#else
|
2018-06-28 08:30:18 +08:00
|
|
|
// expected-warning@-6{{UNKNOWN}}
|
|
|
|
// expected-warning@-6{{UNKNOWN}}
|
2018-03-13 07:22:35 +08:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
void f3() {
|
2018-06-28 08:30:18 +08:00
|
|
|
AddressVector v;
|
2018-03-13 07:22:35 +08:00
|
|
|
{
|
|
|
|
C &&c = C::make(v);
|
|
|
|
}
|
2018-06-28 08:30:18 +08:00
|
|
|
// 0. Construct the return value of make() (copy/move elided) and
|
|
|
|
// lifetime-extend it directly via reference 'c',
|
|
|
|
// 1. Destroy the temporary lifetime-extended by 'c'.
|
|
|
|
clang_analyzer_eval(v.len == 2);
|
|
|
|
clang_analyzer_eval(v.buf[0] == v.buf[1]);
|
2018-03-13 07:22:35 +08:00
|
|
|
#ifdef TEMPORARIES
|
2018-06-28 08:30:18 +08:00
|
|
|
// expected-warning@-3{{TRUE}}
|
|
|
|
// expected-warning@-3{{TRUE}}
|
2018-03-13 07:22:35 +08:00
|
|
|
#else
|
2018-06-28 08:30:18 +08:00
|
|
|
// expected-warning@-6{{UNKNOWN}}
|
|
|
|
// expected-warning@-6{{UNKNOWN}}
|
2018-03-13 07:22:35 +08:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2018-06-28 08:30:18 +08:00
|
|
|
C doubleMake(AddressVector &v) {
|
2018-03-13 07:22:35 +08:00
|
|
|
return C::make(v);
|
|
|
|
}
|
|
|
|
|
|
|
|
void f4() {
|
2018-06-28 08:30:18 +08:00
|
|
|
AddressVector v;
|
2018-03-13 07:22:35 +08:00
|
|
|
{
|
|
|
|
C c = doubleMake(v);
|
|
|
|
}
|
2018-06-28 08:30:18 +08:00
|
|
|
// 0. Construct variable 'c' (all copies/moves elided),
|
|
|
|
// 1. Destroy variable 'c'.
|
|
|
|
clang_analyzer_eval(v.len == 2); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(v.buf[0] == v.buf[1]); // expected-warning{{TRUE}}
|
2018-03-13 07:22:35 +08:00
|
|
|
}
|
|
|
|
} // end namespace maintain_address_of_copies
|