[cfe-dev] segmentation fault while building dominator tree in clang

Jakub Kuderski via cfe-dev cfe-dev at lists.llvm.org
Sat Apr 6 12:57:59 PDT 2019


>
> However, I'm not sure whether the CFG is supposed to have nullpointers --
> logically, maybe this isn't where we should fix this issue

 DomTree requires llvm::children and llvm::inverse_children to return valid
node pointers.

A proper fix would be not to return nulls from llvm::children. I'm not
familiar with the Clang CFG -- why do nullptr appear there in the first
place?

Best,
Kuba

On Sat, Apr 6, 2019 at 1:05 PM Kristóf Umann via cfe-dev <
cfe-dev at lists.llvm.org> wrote:

> Hi!
>
> I recently fiddled around this part of the code as well when trying to
> implement an improvement for my checker in the StaticAnalyzer. For the
> following invocation:
>
> clang -cc1 -analyze -analyzer-checker=debug.DumpDominators (clang
> repository)test/Analysis/cxx-uninitialized-object-unguarded-access.cpp
>
> I received a segfault. I eventually figured that Clang's CFG contains
> nullpointers, and the following patch on LLVM fixed the issue:
>
> diff --git a/include/llvm/Support/GenericDomTreeConstruction.h
> b/include/llvm/Support/GenericDomTreeConstruction.h
> index ccceba88171..a4a238c310b 100644
> --- a/include/llvm/Support/GenericDomTreeConstruction.h
> +++ b/include/llvm/Support/GenericDomTreeConstruction.h
> @@ -235,6 +235,9 @@ struct SemiNCAInfo {
>        constexpr bool Direction = IsReverse != IsPostDom;  // XOR.
>        for (const NodePtr Succ :
>             ChildrenGetter<Direction>::Get(BB, BatchUpdates)) {
> +        if (!Succ)
> +          continue;
>          const auto SIT = NodeToInfo.find(Succ);
>          // Don't visit nodes more than once but remember to collect
>          // ReverseChildren.
>
> However, I'm not sure whether the CFG is supposed to have nullpointers --
> logically, maybe this isn't where we should fix this issue. An assert
> wouldn't hurt though.
>
> Good luck!
> Kristóf
>
> On Sat, 6 Apr 2019 at 15:57, Abu Naser Masud via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
>> Hello,
>>
>> This is my first post in this list. I am building an analysis tool in
>> ClangTool.I am getting segmentation fault while building a dominator
>> tree in clang. The sample code that I am using to build the dominator
>> tree is the following:
>>
>> *const* Decl* D=*static_cast*<Decl *>(f);     // FunctionDecl f
>>
>> AnalysisDeclContextManager  *analDeclCtxMgr=*new *
>> AnalysisDeclContextManager(context);
>>
>> *if*(AnalysisDeclContext  *analDeclCtx=analDeclCtxMgr->getContext(D)){
>>
>>    DominatorTree domTree;
>>
>>    domTree.buildDominatorTree(*analDeclCtx);
>>
>> }
>>
>>
>> The input function for my tool is the following code from perlbench(CPU
>> 2017)
>>
>>
>> *static* *bool*
>>
>> S_adjust_index(pTHX_ AV *av, *const* MAGIC *mg, SSize_t *keyp)
>>
>> {
>>
>>     *bool* adjust_index = 1;
>>
>>     *if* (mg) {
>>
>> */* Handle negative array indices 20020222 MJD */*
>>
>> SV * *const* ref = SvTIED_obj(MUTABLE_SV(av), mg);
>>
>> SvGETMAGIC(ref);
>>
>> *if* (SvROK(ref) && SvOBJECT(SvRV(ref))) {
>>
>>     SV * *const* * *const* negative_indices_glob =
>>
>> hv_fetchs(SvSTASH(SvRV(ref)), NEGATIVE_INDICES_VAR, 0);
>>
>>
>>     *if* (negative_indices_glob && isGV(*negative_indices_glob)
>>
>>     && SvTRUE(GvSV(*negative_indices_glob)))
>>
>> adjust_index = 0;
>>
>> }
>>
>>     }
>>
>>
>>     *if* (adjust_index) {
>>
>> *keyp += AvFILL(av) + 1;
>>
>> *if* (*keyp < 0)
>>
>>     *return* *FALSE*;
>>
>>     }
>>
>>     *return* *TRUE*;
>>
>> }
>>
>>
>> Would you please let me know where the problem is?
>>
>>
>> Thanks,
>>
>> Masud
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190406/51288c55/attachment-0001.html>


More information about the cfe-dev mailing list