https://bugs.llvm.org/show_bug.cgi?id=42423
Bug ID: 42423
Summary: static analyzer makes incorrect assumption of dynamic
type
Product: clang
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: C++
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected],
[email protected]
Created attachment 22153
--> https://bugs.llvm.org/attachment.cgi?id=22153&action=edit
reproducer
The following lit test fails, but it should pass.
1 // RUN: %clang_analyze_cc1 -triple x86_64-pc-linux-gnu \
2 // RUN: -analyzer-checker=core,debug.ExprInspection \
3 // RUN: -verify %s
4
5 void clang_analyzer_eval(int);
6
7 struct B {
8 virtual int f(int x) { return 0; }
9 };
10
11 struct D : B {
12 virtual int f(int x) { return 1; }
13 };
14
15 void test_virt2(B* obj) {
16 // The dynamic type is known.
17 clang_analyzer_eval(B().f(1)); // expected-warning{{FALSE}}
18 clang_analyzer_eval(D().f(1)); // expected-warning{{TRUE}}
19 // We cannot decide about the dynamic type.
20 clang_analyzer_eval(obj->f(1)); // expected-warning{{UNKNOWN}}
22 }
This is the error:
Command Output (stderr):
--
error: 'warning' diagnostics seen but not expected:
File
/home/egbomrt/WORK/llvm5/git/llvm-project/clang/test/Analysis/virtual_func_bug.cpp
Line 20: FALSE
1 error generated.
So, it seems like there is a state split at line 20. Maybe the analyzer assumes
that the `obj` has a concrete type `B` at one branch and at the other branch it
is unknown?
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
