[PATCH] D66593: [analyzer] CastValueChecker: Fix some assertions

Artem Dergachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Aug 22 16:00:21 PDT 2019 

NoQ added a comment.

These assertions are fundamental, so we can't remove them; i believe we messed up modeling at some point. I'll pick this up to address some nasty regressions quickly; i managed to reproduce the crashes and i already have 4 creduces running.



================
Comment at: clang/lib/StaticAnalyzer/Core/CallEvent.cpp:743-750
+  QualType RegionType = DynType.getType();
+  if (RegionType->isPointerType())
+    RegionType = RegionType->getPointeeType();
+  else
+    RegionType = RegionType.getNonReferenceType();
+
+  assert(!RegionType.isNull() &&
----------------
I don't think this does anything:
```lang=c++
   505 QualType Type::getPointeeType() const {
   506   if (const auto *PT = getAs<PointerType>())
   507     return PT->getPointeeType();
   508   if (const auto *OPT = getAs<ObjCObjectPointerType>())
   509     return OPT->getPointeeType();
   510   if (const auto *BPT = getAs<BlockPointerType>())
   511     return BPT->getPointeeType();
   512   if (const auto *RT = getAs<ReferenceType>())
   513     return RT->getPointeeType();
   514   if (const auto *MPT = getAs<MemberPointerType>())
   515     return MPT->getPointeeType();
   516   if (const auto *DT = getAs<DecayedType>())
   517     return DT->getPointeeType();
   518   return {};
   519 }
```
This getter usually works very reliably for both pointers and references.


================
Comment at: clang/lib/StaticAnalyzer/Core/DynamicType.cpp:118-122
+  for (const auto &Elem : Map) {
+    const MemRegion *MR = Elem.first;
+    if (MR && !SR.isLiveRegion(MR))
+      State = State->remove<DynamicCastMap>(MR);
+  }
----------------
We shouldn't put null regions into our maps.


================
Comment at: clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:329-336
+  // FIXME: Make this assertion great again.
+  /* else {
     // We need to create a region no matter what. For sanity, make sure we don't
     // try to stuff a Loc into a non-pointer temporary region.
     assert(!InitValWithAdjustments.getAs<Loc>() ||
            Loc::isLocType(Result->getType()) ||
            Result->getType()->isMemberPointerType());
----------------
This usually fails when we mess up lvalue/rvalue vs. loc/nonloc invariants in our modeling.


================
Comment at: clang/lib/StaticAnalyzer/Core/MemRegion.cpp:1079-1080
+    // FIXME: Make this assertion great again.
+    /*assert(isValidBaseClass(RD, dyn_cast<TypedValueRegion>(Super), IsVirtual));
+    (void)&isValidBaseClass;*/
 
----------------
Ugh, i suspect that we can't pass through the original pointer in our cast modeling; we need to actually model pointer casts, which is annoying but necessary, given that the cast doesn't necessarily yield the same pointer value even in run-time (see multiple inheritance).


Repository:
  rC Clang

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D66593/new/

https://reviews.llvm.org/D66593

More information about the cfe-commits mailing list