[analyzer] pr32088: Don't destroy the temporary if its initializer causes return.
In the following code involving GNU statement-expression extension:
struct S {
~S();
};
void foo() {
const S &x = ({ return; S(); });
}
function 'foo()' returns before reference x is initialized. We shouldn't call
the destructor for the temporary object lifetime-extended by 'x' in this case,
because the object never gets constructed in the first place.
The real problem is probably in the CFG somewhere, so this is a quick-and-dirty
hotfix rather than the perfect solution.
A patch by Artem Dergachev!
rdar://problem/30759076
Differential Revision: https://reviews.llvm.org/D30499
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296646 91177308-0d34-0410-b5e6-96231b3b80d8
(cherry picked from commit 162132fe03c8c2b02735f2adfd4e2dc421488006)
Integration into swift-3.1-branch is tracked by rdar://problem/30784915
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp
index b059060..5010245 100644
--- a/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -613,7 +613,15 @@
const MemRegion *Region = dest.castAs<loc::MemRegionVal>().getRegion();
if (varType->isReferenceType()) {
- Region = state->getSVal(Region).getAsRegion()->getBaseRegion();
+ const MemRegion *ValueRegion = state->getSVal(Region).getAsRegion();
+ if (!ValueRegion) {
+ // FIXME: This should not happen. The language guarantees a presence
+ // of a valid initializer here, so the reference shall not be undefined.
+ // It seems that we're calling destructors over variables that
+ // were not initialized yet.
+ return;
+ }
+ Region = ValueRegion->getBaseRegion();
varType = cast<TypedValueRegion>(Region)->getValueType();
}
diff --git a/test/Analysis/temporaries.cpp b/test/Analysis/temporaries.cpp
index 49cf070..cc39201 100644
--- a/test/Analysis/temporaries.cpp
+++ b/test/Analysis/temporaries.cpp
@@ -493,3 +493,13 @@
clang_analyzer_eval(x == 47); // expected-warning{{TRUE}}
}
}
+
+namespace PR32088 {
+ void testReturnFromStmtExprInitializer() {
+ // We shouldn't try to destroy the object pointed to by `obj' upon return.
+ const NonTrivial &obj = ({
+ return; // no-crash
+ NonTrivial(42);
+ });
+ }
+}