Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
FangSoftSoft
/
clang
2
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Forráskód Böngészése

[analyzer] Skip Pre/Post handlers for ObjC calls when receiver is nil.

In Objective-C, method calls with nil receivers are essentially no-ops. They
do not fault (although the returned value may be garbage depending on the
declared return type and architecture). Programmers are aware of this
behavior and will complain about a false alarm when the analyzer
diagnoses API violations for method calls when the receiver is known to
be nil.

Rather than require each individual checker to be aware of this behavior
and suppress a warning when the receiver is nil, this commit
changes ExprEngineObjC so that VisitObjCMessage skips calling checker
pre/post handlers when the receiver is definitely nil. Instead, it adds a
new event, ObjCMessageNil, that is only called in that case.

The CallAndMessageChecker explicitly cares about this case, so I've changed it
to add a callback for ObjCMessageNil and moved the logic in PreObjCMessage
that handles nil receivers to the new callback.

rdar://problem/18092611

Differential Revision: http://reviews.llvm.org/D12123

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@247653 91177308-0d34-0410-b5e6-96231b3b80d8
Devin Coughlin 10 éve
szülő
f4a9596475
commit
0e7d51e976
8 módosított fájl, 230 hozzáadás és 50 törlés
Egyesített Nézet Diff Statisztika Mutatása
  1. 15 0
      include/clang/StaticAnalyzer/Core/Checker.h
  2. 27 3
      include/clang/StaticAnalyzer/Core/CheckerManager.h
  3. 12 13
      lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
  4. 10 0
      lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
  5. 39 8
      lib/StaticAnalyzer/Core/CheckerManager.cpp
  6. 68 26
      lib/StaticAnalyzer/Core/ExprEngineObjC.cpp
  7. 19 0
      test/Analysis/NSContainers.m
  8. 40 0
      test/Analysis/objc-message.m

+ 15 - 0
include/clang/StaticAnalyzer/Core/Checker.h
Fájl Megtekintése 

@@ -131,6 +131,21 @@ public:
 
   }
 
   }
 
 };
 
 };
 
 
 
+class ObjCMessageNil {
 
+  template <typename CHECKER>
 
+  static void _checkObjCMessage(void *checker, const ObjCMethodCall &msg,
 
+                                CheckerContext &C) {
 
+    ((const CHECKER *)checker)->checkObjCMessageNil(msg, C);
 
+  }
 
+
 
+public:
 
+  template <typename CHECKER>
 
+  static void _register(CHECKER *checker, CheckerManager &mgr) {
 
+    mgr._registerForObjCMessageNil(
 
+     CheckerManager::CheckObjCMessageFunc(checker, _checkObjCMessage<CHECKER>));
 
+  }
 
+};
 
+
 
 class PostObjCMessage {
 
 class PostObjCMessage {
 
   template <typename CHECKER>
 
   template <typename CHECKER>
 
   static void _checkObjCMessage(void *checker, const ObjCMethodCall &msg,
 
   static void _checkObjCMessage(void *checker, const ObjCMethodCall &msg,

+ 27 - 3
include/clang/StaticAnalyzer/Core/CheckerManager.h
Fájl Megtekintése 

@@ -93,6 +93,12 @@ public:
 
   StringRef getName() const { return Name; }
 
   StringRef getName() const { return Name; }
 
 };
 
 };
 
 
 
+enum class ObjCMessageVisitKind {
 
+  Pre,
 
+  Post,
 
+  MessageNil
 
+};
 
+
 
 class CheckerManager {
 
 class CheckerManager {
 
   const LangOptions LangOpts;
 
   const LangOptions LangOpts;
 
   AnalyzerOptionsRef AOptions;
 
   AnalyzerOptionsRef AOptions;
 
@@ -211,7 +217,7 @@ public:
 
                                     const ExplodedNodeSet &Src,
 
                                     const ExplodedNodeSet &Src,
 
                                     const ObjCMethodCall &msg,
 
                                     const ObjCMethodCall &msg,
 
                                     ExprEngine &Eng) {
 
                                     ExprEngine &Eng) {
 
-    runCheckersForObjCMessage(/*isPreVisit=*/true, Dst, Src, msg, Eng);
 
+    runCheckersForObjCMessage(ObjCMessageVisitKind::Pre, Dst, Src, msg, Eng);
 
   }
 
   }
 
 
 
   /// \brief Run checkers for post-visiting obj-c messages.
 
   /// \brief Run checkers for post-visiting obj-c messages.
 
@@ -220,12 +226,22 @@ public:
 
                                      const ObjCMethodCall &msg,
 
                                      const ObjCMethodCall &msg,
 
                                      ExprEngine &Eng,
 
                                      ExprEngine &Eng,
 
                                      bool wasInlined = false) {
 
                                      bool wasInlined = false) {
 
-    runCheckersForObjCMessage(/*isPreVisit=*/false, Dst, Src, msg, Eng,
 
+    runCheckersForObjCMessage(ObjCMessageVisitKind::Post, Dst, Src, msg, Eng,
 
                               wasInlined);
 
                               wasInlined);
 
   }
 
   }
 
 
 
+  /// \brief Run checkers for visiting an obj-c message to nil.
 
+  void runCheckersForObjCMessageNil(ExplodedNodeSet &Dst,
 
+                                    const ExplodedNodeSet &Src,
 
+                                    const ObjCMethodCall &msg,
 
+                                    ExprEngine &Eng) {
 
+    runCheckersForObjCMessage(ObjCMessageVisitKind::MessageNil, Dst, Src, msg,
 
+                              Eng);
 
+  }
 
+
 
+
 
   /// \brief Run checkers for visiting obj-c messages.
 
   /// \brief Run checkers for visiting obj-c messages.
 
-  void runCheckersForObjCMessage(bool isPreVisit,
 
+  void runCheckersForObjCMessage(ObjCMessageVisitKind visitKind,
 
                                  ExplodedNodeSet &Dst,
 
                                  ExplodedNodeSet &Dst,
 
                                  const ExplodedNodeSet &Src,
 
                                  const ExplodedNodeSet &Src,
 
                                  const ObjCMethodCall &msg, ExprEngine &Eng,
 
                                  const ObjCMethodCall &msg, ExprEngine &Eng,
 
@@ -457,6 +473,8 @@ public:
 
   void _registerForPreObjCMessage(CheckObjCMessageFunc checkfn);
 
   void _registerForPreObjCMessage(CheckObjCMessageFunc checkfn);
 
   void _registerForPostObjCMessage(CheckObjCMessageFunc checkfn);
 
   void _registerForPostObjCMessage(CheckObjCMessageFunc checkfn);
 
 
 
+  void _registerForObjCMessageNil(CheckObjCMessageFunc checkfn);
 
+
 
   void _registerForPreCall(CheckCallFunc checkfn);
 
   void _registerForPreCall(CheckCallFunc checkfn);
 
   void _registerForPostCall(CheckCallFunc checkfn);
 
   void _registerForPostCall(CheckCallFunc checkfn);
 
 
 
@@ -557,8 +575,14 @@ private:
 
   const CachedStmtCheckers &getCachedStmtCheckersFor(const Stmt *S,
 
   const CachedStmtCheckers &getCachedStmtCheckersFor(const Stmt *S,
 
                                                      bool isPreVisit);
 
                                                      bool isPreVisit);
 
 
 
+  /// Returns the checkers that have registered for callbacks of the
 
+  /// given \p Kind.
 
+  const std::vector<CheckObjCMessageFunc> &
 
+  getObjCMessageCheckers(ObjCMessageVisitKind Kind);
 
+
 
   std::vector<CheckObjCMessageFunc> PreObjCMessageCheckers;
 
   std::vector<CheckObjCMessageFunc> PreObjCMessageCheckers;
 
   std::vector<CheckObjCMessageFunc> PostObjCMessageCheckers;
 
   std::vector<CheckObjCMessageFunc> PostObjCMessageCheckers;
 
+  std::vector<CheckObjCMessageFunc> ObjCMessageNilCheckers;
 
 
 
   std::vector<CheckCallFunc> PreCallCheckers;
 
   std::vector<CheckCallFunc> PreCallCheckers;
 
   std::vector<CheckCallFunc> PostCallCheckers;
 
   std::vector<CheckCallFunc> PostCallCheckers;

+ 12 - 13
lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
Fájl Megtekintése 

@@ -40,6 +40,7 @@ class CallAndMessageChecker
 
   : public Checker< check::PreStmt<CallExpr>,
 
   : public Checker< check::PreStmt<CallExpr>,
 
                     check::PreStmt<CXXDeleteExpr>,
 
                     check::PreStmt<CXXDeleteExpr>,
 
                     check::PreObjCMessage,
 
                     check::PreObjCMessage,
 
+                    check::ObjCMessageNil,
 
                     check::PreCall > {
 
                     check::PreCall > {
 
   mutable std::unique_ptr<BugType> BT_call_null;
 
   mutable std::unique_ptr<BugType> BT_call_null;
 
   mutable std::unique_ptr<BugType> BT_call_undef;
 
   mutable std::unique_ptr<BugType> BT_call_undef;
 
@@ -60,6 +61,12 @@ public:
 
   void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
 
   void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
 
   void checkPreStmt(const CXXDeleteExpr *DE, CheckerContext &C) const;
 
   void checkPreStmt(const CXXDeleteExpr *DE, CheckerContext &C) const;
 
   void checkPreObjCMessage(const ObjCMethodCall &msg, CheckerContext &C) const;
 
   void checkPreObjCMessage(const ObjCMethodCall &msg, CheckerContext &C) const;
 
+
 
+  /// Fill in the return value that results from messaging nil based on the
 
+  /// return type and architecture and diagnose if the return value will be
 
+  /// garbage.
 
+  void checkObjCMessageNil(const ObjCMethodCall &msg, CheckerContext &C) const;
 
+
 
   void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
 
   void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
 
 
 
 private:
 
 private:
 
@@ -471,22 +478,14 @@ void CallAndMessageChecker::checkPreObjCMessage(const ObjCMethodCall &msg,
 
       C.emitReport(std::move(R));
 
       C.emitReport(std::move(R));
 
     }
 
     }
 
     return;
 
     return;
 
-  } else {
 
-    // Bifurcate the state into nil and non-nil ones.
 
-    DefinedOrUnknownSVal receiverVal = recVal.castAs<DefinedOrUnknownSVal>();
 
-
 
-    ProgramStateRef state = C.getState();
 
-    ProgramStateRef notNilState, nilState;
 
-    std::tie(notNilState, nilState) = state->assume(receiverVal);
 
-
 
-    // Handle receiver must be nil.
 
-    if (nilState && !notNilState) {
 
-      HandleNilReceiver(C, state, msg);
 
-      return;
 
-    }
 
   }
 
   }
 
 }
 
 }
 
 
 
+void CallAndMessageChecker::checkObjCMessageNil(const ObjCMethodCall &msg,
 
+                                                CheckerContext &C) const {
 
+  HandleNilReceiver(C, C.getState(), msg);
 
+}
 
+
 
 void CallAndMessageChecker::emitNilReceiverBug(CheckerContext &C,
 
 void CallAndMessageChecker::emitNilReceiverBug(CheckerContext &C,
 
                                                const ObjCMethodCall &msg,
 
                                                const ObjCMethodCall &msg,
 
                                                ExplodedNode *N) const {
 
                                                ExplodedNode *N) const {

+ 10 - 0
lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
Fájl Megtekintése 

@@ -38,6 +38,7 @@ class CheckerDocumentation : public Checker< check::PreStmt<ReturnStmt>,
 
                                        check::PostStmt<DeclStmt>,
 
                                        check::PostStmt<DeclStmt>,
 
                                        check::PreObjCMessage,
 
                                        check::PreObjCMessage,
 
                                        check::PostObjCMessage,
 
                                        check::PostObjCMessage,
 
+                                       check::ObjCMessageNil,
 
                                        check::PreCall,
 
                                        check::PreCall,
 
                                        check::PostCall,
 
                                        check::PostCall,
 
                                        check::BranchCondition,
 
                                        check::BranchCondition,
 
@@ -95,6 +96,15 @@ public:
 
   /// check::PostObjCMessage
 
   /// check::PostObjCMessage
 
   void checkPostObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const {}
 
   void checkPostObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const {}
 
 
 
+  /// \brief Visit an Objective-C message whose receiver is nil.
 
+  ///
 
+  /// This will be called when the analyzer core processes a method call whose
 
+  /// receiver is definitely nil. In this case, check{Pre/Post}ObjCMessage and
 
+  /// check{Pre/Post}Call will not be called.
 
+  ///
 
+  /// check::ObjCMessageNil
 
+  void checkObjCMessageNil(const ObjCMethodCall &M, CheckerContext &C) const {}
 
+
 
   /// \brief Pre-visit an abstract "call" event.
 
   /// \brief Pre-visit an abstract "call" event.
 
   ///
 
   ///
 
   /// This is used for checkers that want to check arguments or attributed
 
   /// This is used for checkers that want to check arguments or attributed

+ 39 - 8
lib/StaticAnalyzer/Core/CheckerManager.cpp
Fájl Megtekintése 

@@ -177,7 +177,9 @@ void CheckerManager::runCheckersForStmt(bool isPreVisit,
 
 namespace {
 
 namespace {
 
   struct CheckObjCMessageContext {
 
   struct CheckObjCMessageContext {
 
     typedef std::vector<CheckerManager::CheckObjCMessageFunc> CheckersTy;
 
     typedef std::vector<CheckerManager::CheckObjCMessageFunc> CheckersTy;
 
-    bool IsPreVisit, WasInlined;
 
+
 
+    ObjCMessageVisitKind Kind;
 
+    bool WasInlined;
 
     const CheckersTy &Checkers;
 
     const CheckersTy &Checkers;
 
     const ObjCMethodCall &Msg;
 
     const ObjCMethodCall &Msg;
 
     ExprEngine &Eng;
 
     ExprEngine &Eng;
 
@@ -185,14 +187,28 @@ namespace {
 
     CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
 
     CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
 
     CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
 
     CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
 
 
 
-    CheckObjCMessageContext(bool isPreVisit, const CheckersTy &checkers,
 
+    CheckObjCMessageContext(ObjCMessageVisitKind visitKind,
 
+                            const CheckersTy &checkers,
 
                             const ObjCMethodCall &msg, ExprEngine &eng,
 
                             const ObjCMethodCall &msg, ExprEngine &eng,
 
                             bool wasInlined)
 
                             bool wasInlined)
 
-      : IsPreVisit(isPreVisit), WasInlined(wasInlined), Checkers(checkers),
 
+      : Kind(visitKind), WasInlined(wasInlined), Checkers(checkers),
 
         Msg(msg), Eng(eng) { }
 
         Msg(msg), Eng(eng) { }
 
 
 
     void runChecker(CheckerManager::CheckObjCMessageFunc checkFn,
 
     void runChecker(CheckerManager::CheckObjCMessageFunc checkFn,
 
                     NodeBuilder &Bldr, ExplodedNode *Pred) {
 
                     NodeBuilder &Bldr, ExplodedNode *Pred) {
 
+
 
+      bool IsPreVisit;
 
+
 
+      switch (Kind) {
 
+        case ObjCMessageVisitKind::Pre:
 
+          IsPreVisit = true;
 
+          break;
 
+        case ObjCMessageVisitKind::MessageNil:
 
+        case ObjCMessageVisitKind::Post:
 
+          IsPreVisit = false;
 
+          break;
 
+      }
 
+
 
       const ProgramPoint &L = Msg.getProgramPoint(IsPreVisit,checkFn.Checker);
 
       const ProgramPoint &L = Msg.getProgramPoint(IsPreVisit,checkFn.Checker);
 
       CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
 
       CheckerContext C(Bldr, Eng, Pred, L, WasInlined);
 
 
 
@@ -202,19 +218,29 @@ namespace {
 
 }
 
 }
 
 
 
 /// \brief Run checkers for visiting obj-c messages.
 
 /// \brief Run checkers for visiting obj-c messages.
 
-void CheckerManager::runCheckersForObjCMessage(bool isPreVisit,
 
+void CheckerManager::runCheckersForObjCMessage(ObjCMessageVisitKind visitKind,
 
                                                ExplodedNodeSet &Dst,
 
                                                ExplodedNodeSet &Dst,
 
                                                const ExplodedNodeSet &Src,
 
                                                const ExplodedNodeSet &Src,
 
                                                const ObjCMethodCall &msg,
 
                                                const ObjCMethodCall &msg,
 
                                                ExprEngine &Eng,
 
                                                ExprEngine &Eng,
 
                                                bool WasInlined) {
 
                                                bool WasInlined) {
 
-  CheckObjCMessageContext C(isPreVisit,
 
-                            isPreVisit ? PreObjCMessageCheckers
 
-                                       : PostObjCMessageCheckers,
 
-                            msg, Eng, WasInlined);
 
+  auto &checkers = getObjCMessageCheckers(visitKind);
 
+  CheckObjCMessageContext C(visitKind, checkers, msg, Eng, WasInlined);
 
   expandGraphWithCheckers(C, Dst, Src);
 
   expandGraphWithCheckers(C, Dst, Src);
 
 }
 
 }
 
 
 
+const std::vector<CheckerManager::CheckObjCMessageFunc> &
 
+CheckerManager::getObjCMessageCheckers(ObjCMessageVisitKind Kind) {
 
+  switch (Kind) {
 
+  case ObjCMessageVisitKind::Pre:
 
+    return PreObjCMessageCheckers;
 
+    break;
 
+  case ObjCMessageVisitKind::Post:
 
+    return PostObjCMessageCheckers;
 
+  case ObjCMessageVisitKind::MessageNil:
 
+    return ObjCMessageNilCheckers;
 
+  }
 
+}
 
 namespace {
 
 namespace {
 
   // FIXME: This has all the same signatures as CheckObjCMessageContext.
 
   // FIXME: This has all the same signatures as CheckObjCMessageContext.
 
   // Is there a way we can merge the two?
 
   // Is there a way we can merge the two?
 
@@ -616,6 +642,11 @@ void CheckerManager::_registerForPostStmt(CheckStmtFunc checkfn,
 
 void CheckerManager::_registerForPreObjCMessage(CheckObjCMessageFunc checkfn) {
 
 void CheckerManager::_registerForPreObjCMessage(CheckObjCMessageFunc checkfn) {
 
   PreObjCMessageCheckers.push_back(checkfn);
 
   PreObjCMessageCheckers.push_back(checkfn);
 
 }
 
 }
 
+
 
+void CheckerManager::_registerForObjCMessageNil(CheckObjCMessageFunc checkfn) {
 
+  ObjCMessageNilCheckers.push_back(checkfn);
 
+}
 
+
 
 void CheckerManager::_registerForPostObjCMessage(CheckObjCMessageFunc checkfn) {
 
 void CheckerManager::_registerForPostObjCMessage(CheckObjCMessageFunc checkfn) {
 
   PostObjCMessageCheckers.push_back(checkfn);
 
   PostObjCMessageCheckers.push_back(checkfn);
 
 }
 
 }

+ 68 - 26
lib/StaticAnalyzer/Core/ExprEngineObjC.cpp
Fájl Megtekintése 

@@ -139,6 +139,74 @@ void ExprEngine::VisitObjCMessage(const ObjCMessageExpr *ME,
 
   CallEventRef<ObjCMethodCall> Msg =
 
   CallEventRef<ObjCMethodCall> Msg =
 
     CEMgr.getObjCMethodCall(ME, Pred->getState(), Pred->getLocationContext());
 
     CEMgr.getObjCMethodCall(ME, Pred->getState(), Pred->getLocationContext());
 
 
 
+  // There are three cases for the receiver:
 
+  //   (1) it is definitely nil,
 
+  //   (2) it is definitely non-nil, and
 
+  //   (3) we don't know.
 
+  //
 
+  // If the receiver is definitely nil, we skip the pre/post callbacks and
 
+  // instead call the ObjCMessageNil callbacks and return.
 
+  //
 
+  // If the receiver is definitely non-nil, we call the pre- callbacks,
 
+  // evaluate the call, and call the post- callbacks.
 
+  //
 
+  // If we don't know, we drop the potential nil flow and instead
 
+  // continue from the assumed non-nil state as in (2). This approach
 
+  // intentionally drops coverage in order to prevent false alarms
 
+  // in the following scenario:
 
+  //
 
+  // id result = [o someMethod]
 
+  // if (result) {
 
+  //   if (!o) {
 
+  //     // <-- This program point should be unreachable because if o is nil
 
+  //     // it must the case that result is nil as well.
 
+  //   }
 
+  // }
 
+  //
 
+  // We could avoid dropping coverage by performing an explicit case split
 
+  // on each method call -- but this would get very expensive. An alternative
 
+  // would be to introduce lazy constraints.
 
+  // FIXME: This ignores many potential bugs (<rdar://problem/11733396>).
 
+  // Revisit once we have lazier constraints.
 
+  if (Msg->isInstanceMessage()) {
 
+    SVal recVal = Msg->getReceiverSVal();
 
+    if (!recVal.isUndef()) {
 
+      // Bifurcate the state into nil and non-nil ones.
 
+      DefinedOrUnknownSVal receiverVal =
 
+          recVal.castAs<DefinedOrUnknownSVal>();
 
+      ProgramStateRef State = Pred->getState();
 
+
 
+      ProgramStateRef notNilState, nilState;
 
+      std::tie(notNilState, nilState) = State->assume(receiverVal);
 
+
 
+      // Receiver is definitely nil, so run ObjCMessageNil callbacks and return.
 
+      if (nilState && !notNilState) {
 
+        StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx);
 
+        bool HasTag = Pred->getLocation().getTag();
 
+        Pred = Bldr.generateNode(ME, Pred, nilState, nullptr,
 
+                                 ProgramPoint::PreStmtKind);
 
+        assert((Pred || HasTag) && "Should have cached out already!");
 
+        if (!Pred)
 
+          return;
 
+        getCheckerManager().runCheckersForObjCMessageNil(Dst, Pred,
 
+                                                         *Msg, *this);
 
+        return;
 
+      }
 
+
 
+      ExplodedNodeSet dstNonNil;
 
+      StmtNodeBuilder Bldr(Pred, dstNonNil, *currBldrCtx);
 
+      // Generate a transition to the non-nil state, dropping any potential
 
+      // nil flow.
 
+      if (notNilState != State) {
 
+        bool HasTag = Pred->getLocation().getTag();
 
+        Pred = Bldr.generateNode(ME, Pred, notNilState);
 
+        assert((Pred || HasTag) && "Should have cached out already!");
 
+        if (!Pred)
 
+          return;
 
+      }
 
+    }
 
+  }
 
+
 
   // Handle the previsits checks.
 
   // Handle the previsits checks.
 
   ExplodedNodeSet dstPrevisit;
 
   ExplodedNodeSet dstPrevisit;
 
   getCheckerManager().runCheckersForPreObjCMessage(dstPrevisit, Pred,
 
   getCheckerManager().runCheckersForPreObjCMessage(dstPrevisit, Pred,
 
@@ -160,38 +228,12 @@ void ExprEngine::VisitObjCMessage(const ObjCMessageExpr *ME,
 
     if (UpdatedMsg->isInstanceMessage()) {
 
     if (UpdatedMsg->isInstanceMessage()) {
 
       SVal recVal = UpdatedMsg->getReceiverSVal();
 
       SVal recVal = UpdatedMsg->getReceiverSVal();
 
       if (!recVal.isUndef()) {
 
       if (!recVal.isUndef()) {
 
-        // Bifurcate the state into nil and non-nil ones.
 
-        DefinedOrUnknownSVal receiverVal =
 
-            recVal.castAs<DefinedOrUnknownSVal>();
 
-
 
-        ProgramStateRef notNilState, nilState;
 
-        std::tie(notNilState, nilState) = State->assume(receiverVal);
 
-
 
-        // There are three cases: can be nil or non-nil, must be nil, must be
 
-        // non-nil. We ignore must be nil, and merge the rest two into non-nil.
 
-        // FIXME: This ignores many potential bugs (<rdar://problem/11733396>).
 
-        // Revisit once we have lazier constraints.
 
-        if (nilState && !notNilState) {
 
-          continue;
 
-        }
 
-
 
-        // Check if the "raise" message was sent.
 
-        assert(notNilState);
 
         if (ObjCNoRet.isImplicitNoReturn(ME)) {
 
         if (ObjCNoRet.isImplicitNoReturn(ME)) {
 
           // If we raise an exception, for now treat it as a sink.
 
           // If we raise an exception, for now treat it as a sink.
 
           // Eventually we will want to handle exceptions properly.
 
           // Eventually we will want to handle exceptions properly.
 
           Bldr.generateSink(ME, Pred, State);
 
           Bldr.generateSink(ME, Pred, State);
 
           continue;
 
           continue;
 
         }
 
         }
 
-
 
-        // Generate a transition to non-Nil state.
 
-        if (notNilState != State) {
 
-          bool HasTag = Pred->getLocation().getTag();
 
-          Pred = Bldr.generateNode(ME, Pred, notNilState);
 
-          assert((Pred || HasTag) && "Should have cached out already!");
 
-          if (!Pred)
 
-            continue;
 
-        }
 
       }
 
       }
 
     } else {
 
     } else {
 
       // Check for special class methods that are known to not return
 
       // Check for special class methods that are known to not return

+ 19 - 0
test/Analysis/NSContainers.m
Fájl Megtekintése 

@@ -24,6 +24,8 @@ typedef struct _NSZone NSZone;
 
 @interface NSObject <NSObject> {}
 
 @interface NSObject <NSObject> {}
 
 - (id)init;
 
 - (id)init;
 
 + (id)alloc;
 
 + (id)alloc;
 
+
 
+- (id)mutableCopy;
 
 @end
 
 @end
 
 
 
 typedef struct {
 
 typedef struct {
 
@@ -292,3 +294,20 @@ void testArrayCategory(NSMutableArray *arr) {
 
   [arr addObject:0 safe:1]; // no-warning
 
   [arr addObject:0 safe:1]; // no-warning
 
 }
 
 }
 
 
 
+@interface MyView : NSObject
 
+-(NSArray *)subviews;
 
+@end
 
+
 
+void testNoReportWhenReceiverNil(NSMutableArray *array, int b) {
 
+  // Don't warn about adding nil to a container when the receiver is also
 
+  // definitely nil.
 
+  if (array == 0) {
 
+    [array addObject:0]; // no-warning
 
+  }
 
+
 
+  MyView *view = b ? [[MyView alloc] init] : 0;
 
+  NSMutableArray *subviews = [[view subviews] mutableCopy];
 
+  // When view is nil, subviews is also nil so there should be no warning
 
+  // here either.
 
+  [subviews addObject:view]; // no-warning
 
+}

+ 40 - 0
test/Analysis/objc-message.m
Fájl Megtekintése 

@@ -0,0 +1,40 @@
 
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,debug.ExprInspection -analyzer-store=region -verify -Wno-objc-root-class %s
 
+
 
+extern void clang_analyzer_warnIfReached();
 
+void clang_analyzer_eval(int);
 
+
 
+@interface SomeClass
 
+-(id)someMethodWithReturn;
 
+-(void)someMethod;
 
+@end
 
+
 
+void consistencyOfReturnWithNilReceiver(SomeClass *o) {
 
+  id result = [o someMethodWithReturn];
 
+  if (result) {
 
+    if (!o) {
 
+      // It is impossible for both o to be nil and result to be non-nil,
 
+      // so this should not be reached.
 
+      clang_analyzer_warnIfReached(); // no-warning
 
+    }
 
+  }
 
+}
 
+
 
+void maybeNilReceiverIsNotNilAfterMessage(SomeClass *o) {
 
+  [o someMethod];
 
+
 
+  // We intentionally drop the nil flow (losing coverage) after a method
 
+  // call when the receiver may be nil in order to avoid inconsistencies of
 
+  // the kind tested for in consistencyOfReturnWithNilReceiver().
 
+  clang_analyzer_eval(o != 0); // expected-warning{{TRUE}}
 
+}
 
+
 
+void nilReceiverIsStillNilAfterMessage(SomeClass *o) {
 
+  if (o == 0) {
 
+    id result = [o someMethodWithReturn];
 
+
 
+    // Both the receiver and the result should be nil after a message
 
+    // sent to a nil receiver returning a value of type id.
 
+    clang_analyzer_eval(o == 0); // expected-warning{{TRUE}}
 
+    clang_analyzer_eval(result == 0); // expected-warning{{TRUE}}
 
+  }
 
+}