mirror of
https://github.com/llvm/llvm-project.git
synced 2025-04-16 12:06:36 +00:00
536606f6f6
In `VisitObjCForCollectionStmt`, the function does `evalLocation` for the current element at the original source state `Pred`. The evaluation may result in a new state, say `PredNew`. I.e., there is a transition: `Pred -> PredNew`, though it is a very rare case that `Pred` is NOT identical to `PredNew`. (This explains why the bug exists for many years but no one noticed until recently a crash observed downstream.) Later, the original code does NOT use `PredNew` as the new source state in `StmtNodeBuilder` for next transitions. In cases `Pred != PredNew`, the program ill behaves. (rdar://143280254)
40 lines
829 B
Objective-C
40 lines
829 B
Objective-C
// RUN: %clang_analyze_cc1 -analyzer-checker=core,apiModeling,nullability.NullableDereferenced,nullability.NullabilityBase -x objective-c %s
|
|
/*
|
|
This test is reduced from a static analyzer crash. The bug causing
|
|
the crash is explained in #124477. It can only be triggered in some
|
|
rare cases so please do not modify this reproducer.
|
|
*/
|
|
|
|
#pragma clang assume_nonnull begin
|
|
# 15 "some-sys-header.h" 1 3
|
|
@class NSArray, NSObject;
|
|
|
|
@interface Base
|
|
@property (readonly, copy) NSArray *array;
|
|
@end
|
|
|
|
#pragma clang assume_nonnull end
|
|
# 8 "this-file.m" 2
|
|
|
|
|
|
@interface Test : Base
|
|
|
|
@property (readwrite, copy, nullable) NSObject *label;
|
|
@property (readwrite, strong, nullable) Test * field;
|
|
|
|
- (void)f;
|
|
|
|
@end
|
|
|
|
@implementation Test
|
|
- (void)f
|
|
{
|
|
NSObject * X;
|
|
|
|
for (NSObject *ele in self.field.array) {}
|
|
self.label = X;
|
|
}
|
|
@end
|
|
|
|
|