When reporting certain kinds of analyzer warnings, we use the
bugreporter::trackNullOrUndefValue mechanism, which is part of public checker
API, to understand where a zero, null-pointer, or garbage value came from,
which would highlight important events with respect to that value in the
diagnostic path notes, and help us suppress various false positives that result
from values appearing from particular sources.
Previously, we've lost track of the value when it was written into a memory
region that is not a plain variable. Now try to resume tracking in this
situation by finding where the last write to this region has occured.
Differential revision: https://reviews.llvm.org/D41253
llvm-svn: 321130
This function can now track null pointer through simple pointer arithmetic,
such as '*&*(p + 2)' => 'p' and so on, displaying intermediate diagnostic pieces
for the user to understand where the null pointer is coming from.
Differential Revision: https://reviews.llvm.org/D37025
llvm-svn: 314290
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
This reverts r164441 / 9be016dcd1ca3986873a7b66bd4bc027309ceb59.
llvm-svn: 164958
We want to catch cases like this early, so that we can produce better
diagnostics and path notes:
Point *p = 0;
int *px = &p->x; // should warn here
*px = 1;
llvm-svn: 164441
Original commit message:
Provide -Wnull-conversion separately from -Wconversion.
Like GCC, provide a NULL conversion to non-pointer conversion as a separate
flag, on by default. GCC's flag is "conversion-null" which we provide for
cross compatibility, but in the interests of consistency (with
-Wint-conversion, -Wbool-conversion, etc) the canonical Clang flag is called
-Wnull-conversion.
Patch by Lubos Lunak.
Review feedback by myself, Chandler Carruth, and Chad Rosier.
llvm-svn: 152774
Like GCC, provide a NULL conversion to non-pointer conversion as a separate
flag, on by default. GCC's flag is "conversion-null" which we provide for
cross compatibility, but in the interests of consistency (with
-Wint-conversion, -Wbool-conversion, etc) the canonical Clang flag is called
-Wnull-conversion.
Patch by Lubos Lunak.
Review feedback by myself, Chandler Carruth, and Chad Rosier.
llvm-svn: 152745
Artem Dergachev