Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.

llvm-svn: 130003
2011-04-22 18:01:30 +00:00 · 2011-04-22 18:01:30 +00:00 · 11e5c8b31a
parent 0fed10e704
commit 11e5c8b31a
3 changed files with 45 additions and 1 deletions
--- a/clang/lib/StaticAnalyzer/Core/Environment.cpp
+++ b/clang/lib/StaticAnalyzer/Core/Environment.cpp
@ -64,6 +64,9 @@ SVal Environment::getSVal(const Stmt *E, SValBuilder& svalBuilder) const {
        else
          return svalBuilder.makeIntVal(cast<IntegerLiteral>(E));
      }
+      // For special C0xx nullptr case, make a null pointer SVal.
+      case Stmt::CXXNullPtrLiteralExprClass:
+        return svalBuilder.makeNull();
      case Stmt::ImplicitCastExprClass:
      case Stmt::CXXFunctionalCastExprClass:
      case Stmt::CStyleCastExprClass: {
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@ -424,7 +424,6 @@ void ExprEngine::Visit(const Stmt* S, ExplodedNode* Pred,
    case Stmt::CXXCatchStmtClass:
    case Stmt::CXXDependentScopeMemberExprClass:
    case Stmt::CXXForRangeStmtClass:
-    case Stmt::CXXNullPtrLiteralExprClass:
    case Stmt::CXXPseudoDestructorExprClass:
    case Stmt::CXXTemporaryObjectExprClass:
    case Stmt::CXXThrowExprClass:
@ -523,6 +522,7 @@ void ExprEngine::Visit(const Stmt* S, ExplodedNode* Pred,
    case Stmt::ExprWithCleanupsClass:
    case Stmt::FloatingLiteralClass:
    case Stmt::SizeOfPackExprClass:
+    case Stmt::CXXNullPtrLiteralExprClass:
      Dst.Add(Pred); // No-op. Simply propagate the current state unchanged.
      break;

--- a/clang/test/Analysis/nullptr.cpp
+++ b/clang/test/Analysis/nullptr.cpp
@ -0,0 +1,41 @@
+// RUN: %clang_cc1 -std=c++0x -analyze -analyzer-checker=core -analyzer-store region -verify %s
+
+// test to see if nullptr is detected as a null pointer
+void foo1(void) {
+  char  *np = nullptr;
+  *np = 0;  // expected-warning{{Dereference of null pointer}}
+}
+
+// check if comparing nullptr to nullptr is detected properly
+void foo2(void) {
+  char *np1 = nullptr;
+  char *np2 = np1;
+  char c;
+  if (np1 == np2)
+    np1 = &c;
+  *np1 = 0;  // no-warning
+}
+
+// invoving a nullptr in a more complex operation should be cause a warning
+void foo3(void) {
+  struct foo {
+    int a, f;
+  };
+  char *np = nullptr;
+  // casting a nullptr to anything should be caught eventually
+  int *ip = &(((struct foo *)np)->f);
+  *ip = 0;  // expected-warning{{Dereference of null pointer}}
+  // should be error here too, but analysis gets stopped
+//  *np = 0;
+}
+
+// nullptr is implemented as a zero integer value, so should be able to compare
+void foo4(void) {
+  char *np = nullptr;
+  if (np != 0)
+    *np = 0;  // no-warning
+  char  *cp = 0;
+  if (np != cp)
+    *np = 0;  // no-warning
+}
+