[analyzer] For now, treat pointers-to-members as non-null void * symbols.
Until we have full support for pointers-to-members, we can at least
approximate some of their use by tracking null and non-null values.
We thus treat &A::m_ptr as a non-null void * symbol, and MemberPointer(0)
as a pointer-sized null constant.
This enables support for what is sometimes called the "safe bool" idiom,
demonstrated in the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162495 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/test/Analysis/pointer-to-member.cpp b/test/Analysis/pointer-to-member.cpp
new file mode 100644
index 0000000..cef5dc5
--- /dev/null
+++ b/test/Analysis/pointer-to-member.cpp
@@ -0,0 +1,44 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,debug.ExprInspection -analyzer-ipa=inlining -verify %s
+
+void clang_analyzer_eval(bool);
+
+struct A {
+ // This conversion operator allows implicit conversion to bool but not to other integer types.
+ typedef A * (A::*MemberPointer);
+ operator MemberPointer() const { return m_ptr ? &A::m_ptr : 0; }
+
+ A *m_ptr;
+};
+
+void testConditionalUse() {
+ A obj;
+
+ obj.m_ptr = &obj;
+ clang_analyzer_eval(obj.m_ptr); // expected-warning{{TRUE}}
+ clang_analyzer_eval(&A::m_ptr); // expected-warning{{TRUE}}
+ clang_analyzer_eval(obj); // expected-warning{{TRUE}}
+
+ obj.m_ptr = 0;
+ clang_analyzer_eval(obj.m_ptr); // expected-warning{{FALSE}}
+ clang_analyzer_eval(A::MemberPointer(0)); // expected-warning{{FALSE}}
+ clang_analyzer_eval(obj); // expected-warning{{FALSE}}
+}
+
+// ---------------
+// FALSE NEGATIVES
+// ---------------
+
+bool testDereferencing() {
+ A obj;
+ obj.m_ptr = 0;
+
+ A::MemberPointer member = &A::m_ptr;
+
+ // FIXME: Should be TRUE.
+ clang_analyzer_eval(obj.*member == 0); // expected-warning{{UNKNOWN}}
+
+ member = 0;
+
+ // FIXME: Should emit a null dereference.
+ return obj.*member; // no-warning
+}