6078f5eb21
Closes #57270. This PR changes the `Stmt *` field in `SymbolConjured` with `CFGBlock::ConstCFGElementRef`. The motivation is that, when conjuring a symbol, there might not always be a statement available, causing information to be lost for conjured symbols, whereas the CFGElementRef can always be provided at the callsite. Following the idea, this PR changes callsites of functions to create conjured symbols, and replaces them with appropriate `CFGElementRef`s. There is a caveat at loop widening, where the correct location is the CFG terminator (which is not an element and does not have a ref). In this case, the first element in the block is passed as a location. Previous PR #128251, Reverted at #137304.
31 lines
719 B
C++
31 lines
719 B
C++
// RUN: %clang_analyze_cc1 -analyzer-checker=debug.ExprInspection -verify %s
|
|
|
|
using size_t = __typeof(sizeof(int));
|
|
|
|
void clang_analyzer_explain(int);
|
|
void clang_analyzer_dump(int);
|
|
void *memset(void *, int, size_t);
|
|
|
|
struct S
|
|
{
|
|
static int a;
|
|
~S(){};
|
|
};
|
|
|
|
int S::a = 0;
|
|
|
|
void foo()
|
|
{
|
|
S::a = 0;
|
|
|
|
int x = 3;
|
|
memset(&x, 1, sizeof(x));
|
|
|
|
S *arr = new S[x];
|
|
delete[] arr;
|
|
|
|
clang_analyzer_dump(S::a); // expected-warning-re{{{{derived_\$[0-9]+{conj_\$[0-9]+{int, LC[0-9]+, S[0-9]+, #[0-9]+},a}}}}}
|
|
|
|
clang_analyzer_explain(S::a); // expected-warning-re{{{{value derived from \(symbol of type 'int' conjured at CFG element '->~S\(\) \(Implicit destructor\)'\) for global variable 'S::a'}}}}
|
|
}
|