commit 2064e8227723542cd0f1a5ed71f69a5e388e7f5f
author Artem Dergachev <artem.dergachev@gmail.com> Wed Sep 27 09:33:37 2017 +0000
committer Artem Dergachev <artem.dergachev@gmail.com> Wed Sep 27 09:33:37 2017 +0000
tree 554a68aec6fc30753d7e12dcbffd5bb8ffb71bc0
parent 622c563b5a828764a99eac8d950b833ae1b2c68a

[analyzer] Fix and refactor bugreporter::getDerefExpr() API.

This API is used by checkers (and other entities) in order to track where does
a value originate from, by jumping from an expression value of which is equal
to that value to the expression from which this value has "appeared". For
example, it may be an lvalue from which the rvalue was loaded, or a function
call from which the dereferenced pointer was returned.

The function now avoids incorrectly unwrapping implicit lvalue-to-rvalue casts,
which caused crashes and incorrect intermediate diagnostic pieces. It also no
longer relies on how the expression is written when guessing what it means.

Fixes pr34373 and pr34731.

rdar://problem/33594502

Differential Revision: https://reviews.llvm.org/D37023

llvm-svn: 314287

clang/test/Analysis/null-deref-path-notes.c

diff --git a/clang/test/Analysis/null-deref-path-notes.c b/clang/test/Analysis/null-deref-path-notes.c
new file mode 100644
index 0000000..7070bc4
--- /dev/null
+++ b/clang/test/Analysis/null-deref-path-notes.c
@@ -0,0 +1,10 @@
+// RUN: %clang_analyze_cc1 -w -x c -analyzer-checker=core -analyzer-output=text -verify %s
+
+// Avoid the crash when finding the expression for tracking the origins
+// of the null pointer for path notes. Apparently, not much actual tracking
+// needs to be done in this example.
+void pr34373() {
+  int *a = 0;
+  (a + 0)[0]; // expected-warning{{Array access results in a null pointer dereference}}
+              // expected-note@-1{{Array access results in a null pointer dereference}}
+}