[analyzer] Check for returning null references in ReturnUndefChecker.
Officially in the C++ standard, a null reference cannot exist. However,
it's still very easy to create one:
int &getNullRef() {
int *p = 0;
return *p;
}
We already check that binds to reference regions don't create null references.
This patch checks that we don't create null references by returning, either.
<rdar://problem/13364378>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176601 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/test/Analysis/reference.cpp b/test/Analysis/reference.cpp
index ce0ee8e..ed05720 100644
--- a/test/Analysis/reference.cpp
+++ b/test/Analysis/reference.cpp
@@ -135,6 +135,20 @@
clang_analyzer_eval(x == 42); // expected-warning{{TRUE}}
}
+int &testReturnNullReference() {
+ int *x = 0;
+ return *x; // expected-warning{{Returning null reference}}
+}
+
+char &refFromPointer() {
+ return *ptr();
+}
+
+void testReturnReference() {
+ clang_analyzer_eval(ptr() == 0); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(&refFromPointer() == 0); // expected-warning{{FALSE}}
+}
+
// ------------------------------------
// False negatives
@@ -147,9 +161,4 @@
B *x = 0;
return *x; // should warn here!
}
-
- B &testRef() {
- B *x = 0;
- return *x; // should warn here!
- }
}