[analyzer] Don't assume values bound to references are automatically non-null.
While there is no such thing as a "null reference" in the C++ standard,
many implementations of references (including Clang's) do not actually
check that the location bound to them is non-null. Thus unlike a regular
null dereference, this will not cause a problem at runtime until the
reference is actually used. In order to catch these cases, we need to not
prune out paths on which the input pointer is null.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161288 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/test/Analysis/reference.cpp b/test/Analysis/reference.cpp
index c9bfadc..06e4a50 100644
--- a/test/Analysis/reference.cpp
+++ b/test/Analysis/reference.cpp
@@ -91,12 +91,25 @@
}
}
-void testRef() {
+void testNullReference() {
int *x = 0;
int &y = *x; // expected-warning{{Dereference of null pointer}}
y = 5;
}
+void testRetroactiveNullReference(int *x) {
+ // According to the C++ standard, there is no such thing as a
+ // "null reference". So the 'if' statement ought to be dead code.
+ // However, Clang (and other compilers) don't actually check that a pointer
+ // value is non-null in the implementation of references, so it is possible
+ // to produce a supposed "null reference" at runtime. The analyzer shoeuld
+ // still warn when it can prove such errors.
+ int &y = *x;
+ if (x != 0)
+ return;
+ y = 5; // expected-warning{{Dereference of null pointer}}
+}
+
// ------------------------------------
// False negatives