Description
Current definition of clang::ast_matchers::nullPointerConstant (in clang/include/clang/ASTMatchers.h) is
AST_MATCHER_FUNCTION(internal::Matcher<Expr>, nullPointerConstant) {
return anyOf(
gnuNullExpr(), cxxNullPtrLiteralExpr(),
integerLiteral(equals(0), hasParent(expr(hasType(pointerType())))));
}The third argument to anyOf here is weird: As the C standard (C99, C11, C17) says (6.3.2.3 p3)
An integer constant expression with the value 0, or such an expression cast to type
void *, is called a null pointer constant.
So, if nullPointerConstant() is supposed to match any null pointer constant based on this definition, why is it restricted with hasParent(expr(hasType(pointerType())))? If it is only supposed to match null pointer constants that are really used as null pointers, it is still problematic:
int main() {
int *p[1];
p[0];
}In this example, the integer literal 0 in p[0] is matched by expr(nullPointerConstant()), because its parent expression p[0] does have a pointer type.