r183359 - [analyzer] Fix a crash that occurs when processing an rvalue array.

Richard Smith richard at metafoo.co.uk
Wed Jun 5 17:51:57 PDT 2013 

On Wed, Jun 5, 2013 at 5:19 PM, Anna Zaks <ganna at apple.com> wrote:

> Author: zaks
> Date: Wed Jun  5 19:19:36 2013
> New Revision: 183359
>
> URL: http://llvm.org/viewvc/llvm-project?rev=183359&view=rev
> Log:
> [analyzer] Fix a crash that occurs when processing an rvalue array.
>
> When processing ArrayToPointerDecay, we expect the array to be a location,
> not a LazyCompoundVal.
> Special case the rvalue arrays by using a location to represent them. This
> case is handled similarly
> elsewhere in the code.
>

Hmm, maybe we should be generating a MaterializeTemporaryExpr between the
ImplicitCastExpr and the array temporary?


> Fixes PR16206.
>
> Modified:
>     cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
>     cfe/trunk/test/SemaTemplate/array-to-pointer-decay.cpp
>
> Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp?rev=183359&r1=183358&r2=183359&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp (original)
> +++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp Wed Jun  5 19:19:36
> 2013
> @@ -1724,7 +1724,24 @@ void ExprEngine::VisitMemberExpr(const M
>
>    FieldDecl *field = cast<FieldDecl>(Member);
>    SVal L = state->getLValue(field, baseExprVal);
> -  if (M->isGLValue()) {
> +
> +  if (M->isGLValue() || M->getType()->isArrayType()) {
> +
> +    // We special case rvalue of array type because the analyzer cannot
> reason
> +    // about it, since we expect all regions to be wrapped in Locs. So we
> will
> +    // treat these as lvalues assuming that they will decay to pointers
> as soon
> +    // as they are used. Below
> +    if (!M->isGLValue()) {
> +      assert(M->getType()->isArrayType());
> +      const ImplicitCastExpr *PE =
> +        dyn_cast<ImplicitCastExpr>(Pred->getParentMap().getParent(M));
> +      if (!PE || PE->getCastKind() != CK_ArrayToPointerDecay) {
> +        assert(false &&
> +               "We assume that array is always wrapped in
> ArrayToPointerDecay");
> +        L = UnknownVal();
> +      }
> +    }
> +
>      if (field->getType()->isReferenceType()) {
>        if (const MemRegion *R = L.getAsRegion())
>          L = state->getSVal(R);
>
> Modified: cfe/trunk/test/SemaTemplate/array-to-pointer-decay.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/SemaTemplate/array-to-pointer-decay.cpp?rev=183359&r1=183358&r2=183359&view=diff
>
> ==============================================================================
> --- cfe/trunk/test/SemaTemplate/array-to-pointer-decay.cpp (original)
> +++ cfe/trunk/test/SemaTemplate/array-to-pointer-decay.cpp Wed Jun  5
> 19:19:36 2013
> @@ -24,3 +24,15 @@ template <typename Type> static bool san
>    return !c->start;
>  }
>  bool closure = sanitize<int>();
> +
> +// PR16206
> +typedef struct {
> +       char x[4];
> +} chars;
> +
> +chars getChars();
> +void use(char *);
> +
> +void test() {
> +       use(getChars().x);
> +}
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20130605/a9b6930a/attachment.html>

More information about the cfe-commits mailing list