[analyzer] Treat std::initializer_list as opaque rather than aborting.

Previously, the use of a std::initializer_list (actually, a
CXXStdInitializerListExpr) would cause the analyzer to give up on the rest
of the path. Now, it just uses an opaque symbolic value for the
initializer_list and continues on.

At some point in the future we can add proper support for initializer_list,
with access to the elements in the InitListExpr.

<rdar://problem/14340207>

llvm-svn: 186519

clang/lib/StaticAnalyzer/Core/ExprEngine.cpp

@@ -615,7 +615,6 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
     case Stmt::CXXDefaultInitExprClass:
     case Stmt::CXXDependentScopeMemberExprClass:
     case Stmt::CXXPseudoDestructorExprClass:
-    case Stmt::CXXStdInitializerListExprClass:
     case Stmt::CXXTryStmtClass:
     case Stmt::CXXTypeidExprClass:
     case Stmt::CXXUuidofExprClass:
@@ -776,10 +775,10 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
       break;
     }
 
+    // Cases we evaluate as opaque expressions, conjuring a symbol.
+    case Stmt::CXXStdInitializerListExprClass:
     case Expr::ObjCArrayLiteralClass:
     case Expr::ObjCDictionaryLiteralClass:
-      // FIXME: explicitly model with a region and the actual contents
-      // of the container.  For now, conjure a symbol.
     case Expr::ObjCBoxedExprClass: {
       Bldr.takeNodes(Pred);
 

clang/test/Analysis/Inputs/system-header-simulator-cxx.h

@@ -74,6 +74,34 @@ namespace std {
 
   extern const nothrow_t nothrow;
 
+  // libc++'s implementation
+  template <class _E>
+  class initializer_list
+  {
+    const _E* __begin_;
+    size_t    __size_;
+
+    initializer_list(const _E* __b, size_t __s)
+      : __begin_(__b),
+        __size_(__s)
+    {}
+
+  public:
+    typedef _E        value_type;
+    typedef const _E& reference;
+    typedef const _E& const_reference;
+    typedef size_t    size_type;
+
+    typedef const _E* iterator;
+    typedef const _E* const_iterator;
+
+    initializer_list() : __begin_(0), __size_(0) {}
+
+    size_t    size()  const {return __size_;}
+    const _E* begin() const {return __begin_;}
+    const _E* end()   const {return __begin_ + __size_;}
+  };
+
   template<class InputIter, class OutputIter>
   OutputIter copy(InputIter II, InputIter IE, OutputIter OI) {
     while (II != IE)

clang/test/Analysis/ctor.mm

@@ -1,5 +1,7 @@
 // RUN: %clang_cc1 -analyze -analyzer-checker=core,debug.ExprInspection -fobjc-arc -analyzer-config c++-inlining=constructors -Wno-null-dereference -std=c++11 -verify %s
 
+#include "Inputs/system-header-simulator-cxx.h"
+
 void clang_analyzer_eval(bool);
 void clang_analyzer_checkInlined(bool);
 
@@ -625,3 +627,26 @@ namespace ZeroInitialization {
     }
   };
 }
+
+namespace InitializerList {
+  struct List {
+    bool usedInitializerList;
+
+    List() : usedInitializerList(false) {}
+    List(std::initializer_list<int>) : usedInitializerList(true) {}
+  };
+
+  void testStatic() {
+    List defaultCtor;
+    clang_analyzer_eval(!defaultCtor.usedInitializerList); // expected-warning{{TRUE}}
+
+    List list{1, 2};
+    clang_analyzer_eval(list.usedInitializerList); // expected-warning{{TRUE}}
+  }
+
+  void testDynamic() {
+    List *list = new List{1, 2};
+    // FIXME: When we handle constructors with 'new', this will be TRUE.
+    clang_analyzer_eval(list->usedInitializerList); // expected-warning{{UNKNOWN}}
+  }
+}

clang/test/Analysis/diagnostics/explicit-suppression.cpp

@@ -12,6 +12,6 @@ void clang_analyzer_eval(bool);
 void testCopyNull(int *I, int *E) {
   std::copy(I, E, (int *)0);
 #ifndef SUPPRESSED
-  // expected-warning@../Inputs/system-header-simulator-cxx.h:80 {{Dereference of null pointer}}
+  // expected-warning@../Inputs/system-header-simulator-cxx.h:108 {{Dereference of null pointer}}
 #endif
 }