Google Git
Sign in
android / platform / external / clang / dc9c160^! / .
commitdc9c160dede7e2f5cc11755db6aaa57e7fccbcec[log] [tgz]
authorAnna Zaks <ganna@apple.com>Fri Mar 15 01:15:12 2013 +0000
committerAnna Zaks <ganna@apple.com>Fri Mar 15 01:15:12 2013 +0000
tree731ed969fc71cad6130f88082828275664b703d3
parentd92277928eefcf958080707ed6e154f406a5d054 [diff]
[analyzer] Teach trackNullOrUndef to look through ternary operators

Allows the suppression visitors trigger more often.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177137 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
index 22c148b..550a746 100644
--- a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp

@@ -772,16 +772,27 @@
   return 0;
 }
 
-bool bugreporter::trackNullOrUndefValue(const ExplodedNode *ErrorNode,
+bool bugreporter::trackNullOrUndefValue(const ExplodedNode *N,
                                         const Stmt *S,
                                         BugReport &report, bool IsArg) {
-  if (!S || !ErrorNode)
+  if (!S || !N)
     return false;
 
+  // Peel off OpaqueValueExpr.
   if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(S))
     S = OVE->getSourceExpr();
 
-  const ExplodedNode *N = ErrorNode;
+  // Peel off the ternary operator.
+  if (const ConditionalOperator *CO = dyn_cast<ConditionalOperator>(S)) {
+    ProgramStateRef State = N->getState();
+    SVal CondVal = State->getSVal(CO->getCond(), N->getLocationContext());
+    if (State->isNull(CondVal).isConstrainedTrue()) {
+      S = CO->getTrueExpr();
+    } else {
+      assert(State->isNull(CondVal).isConstrainedFalse());
+      S =  CO->getFalseExpr();
+    }
+  }
 
   const Expr *Inner = 0;
   if (const Expr *Ex = dyn_cast<Expr>(S)) {

diff --git a/test/Analysis/inlining/false-positive-suppression.c b/test/Analysis/inlining/false-positive-suppression.c
index bed64f1..fbdb165 100644
--- a/test/Analysis/inlining/false-positive-suppression.c
+++ b/test/Analysis/inlining/false-positive-suppression.c

@@ -191,3 +191,39 @@
 #endif
 }
 
+int derefArg(int *p) {
+	return *p;
+#ifndef SUPPRESSED
+  // expected-warning@-2 {{Dereference of null pointer}}
+#endif
+}
+void ternaryArg(char cond) {
+	static int x;
+	derefArg(cond ? &x : getNull());
+}
+
+int derefAssignment(int *p) {
+	return *p;
+#ifndef SUPPRESSED
+  // expected-warning@-2 {{Dereference of null pointer}}
+#endif
+}
+void ternaryAssignment(char cond) {
+  static int x;
+  int *p = cond ? &x : getNull();
+  derefAssignment(p);
+}
+
+int *retNull(char cond) {
+  static int x;
+  return cond ? &x : getNull();
+}
+int ternaryRetNull(char cond) {
+  int *p = retNull(cond);
+  return *p;
+#ifndef SUPPRESSED
+  // expected-warning@-2 {{Dereference of null pointer}}
+#endif
+}
+
+