Teach CFGBuilder about null pointer constants in conditionals, and how they can be used to prune branches. Fixes false null pointer dereference warning in PR 8183.

llvm-svn: 126305

clang/lib/Analysis/CFG.cpp

@@ -17,6 +17,7 @@
 #include "clang/AST/DeclCXX.h"
 #include "clang/AST/StmtVisitor.h"
 #include "clang/AST/PrettyPrinter.h"
+#include "clang/AST/CharUnits.h"
 #include "llvm/Support/GraphWriter.h"
 #include "llvm/Support/Allocator.h"
 #include "llvm/Support/Format.h"
@@ -413,9 +414,16 @@ private:
 
     Expr::EvalResult Result;
     if (!S->isTypeDependent() && !S->isValueDependent() &&
-        S->Evaluate(Result, *Context) && Result.Val.isInt())
-      return Result.Val.getInt().getBoolValue();
-
+        S->Evaluate(Result, *Context)) {      
+      if (Result.Val.isInt())
+        return Result.Val.getInt().getBoolValue();
+      if (Result.Val.isLValue()) {
+        Expr *e = Result.Val.getLValueBase();
+        const CharUnits &c = Result.Val.getLValueOffset();        
+        if (!e && c.isZero())
+          return false;        
+      }
+    }
     return TryResult();
   }
 };

clang/test/Sema/exprs.c

@@ -18,6 +18,14 @@ int test_pr8876() {
   return 0;
 }
 
+// PR 8183 - Handle null pointer constants on the left-side of the '&&', and reason about
+// this when determining the reachability of the null pointer dereference on the right side.
+void pr8183(unsigned long long test)
+{
+  (void)((((void*)0)) && (*((unsigned long long*)(((void*)0))) = ((unsigned long long)((test)) % (unsigned long long)((1000000000)))));  // no-warning
+  (*((unsigned long long*)(((void*)0))) = ((unsigned long long)((test)) % (unsigned long long)((1000000000)))); // expected-warning {{indirection of non-volatile null pointer will be deleted, not trap}} expected-note {{consider using __builtin_trap() or qualifying pointer with 'volatile'}}
+}
+
 // PR1966
 _Complex double test1() {
   return __extension__ 1.0if;