[PATCH] D63533: [analyzer] Fix clang-tidy crash on GCCAsmStmt

Nathan Huckleberry via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jun 19 14:41:10 PDT 2019 

Nathan-Huckleberry marked an inline comment as done.
Nathan-Huckleberry added inline comments.


================
Comment at: clang/test/Analysis/egraph-asm-goto-no-crash.cpp:1
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-dump-egraph=%t.dot %s
+// RUN: cat %t.dot | FileCheck %s
----------------
nickdesaulniers wrote:
> NoQ wrote:
> > NoQ wrote:
> > > NoQ wrote:
> > > > Ugh, you picked an exotic test as an example.
> > > > 
> > > > Let's try the following:
> > > > ```lang=c++
> > > > // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
> > > > 
> > > > // expected-no-diagnostics
> > > > 
> > > > void clang_analyzer_warnIfReached();
> > > > 
> > > > void testAsmGoto() {
> > > >   asm goto("xor %0, %0\n je %l[label1]\n jl %l[label2]"
> > > >            : /* no outputs */
> > > >            : /* inputs */
> > > >            : /* clobbers */
> > > >            : label1, label2 /* any labels used */);
> > > > 
> > > >   label1:
> > > >   // FIXME: Should be reachable.
> > > >   clang_analyzer_warnIfReached();
> > > >   return;
> > > > 
> > > >   label2:
> > > >   // FIXME: Should be reachable.
> > > >   clang_analyzer_warnIfReached();
> > > >   return;
> > > > }
> > > > ```
> > > > 
> > > >  (and the egraph part in the main file is also out of place)
> > > (wait, one of these shouldn't be reachable, right?)
> > (i mean, let's do something similar, just with the correct amount of FIXMEs)
> You'd have to "peak" into the assembly to tell.  Essentially `asm goto` is treated as a "black box" throughout Clang and LLVM, similar to vanilla inline assembly.  Basically, the explicit list of labels are valid branch targets from the inline assembly, as is fallthrough.  It's undefined behavior if the assembly jumps to a label not explicitly listed in the asm statement (but would likely fail to link, in the best case).
To answer the original question both labels and the 'fallthrough' case should all be technically reachable in this test case, but will not actually be reached during analysis since handling for `asm goto` branching doesn't exist.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D63533/new/

https://reviews.llvm.org/D63533

More information about the cfe-commits mailing list