Segmentation fault with your recent new[]/delete[] warning patch
Diego Novillo
dnovillo at google.com
Thu May 14 12:20:29 PDT 2015
Ismail,
I ran into a segfault inside the new warning you added in
http://reviews.llvm.org/D4661. I don't have a repro case for you, but I'm
in a debugging session now and this may help you (and me getting a test
case for you).
We die in
clang: llvm/llvm/include/llvm/Support/Casting.h:95: static bool
llvm::isa_impl_cl<const clang::CXXNewExpr, const clang::Expr *>::doit(const
>From *) [To = const clang::CXXNewExpr, From = const clang::Expr *]:
Assertion `Val && "isa<> used on a null pointer"' failed.
The issue starts in
MismatchingNewDeleteDetector::analyzeInClassInitializer. The call to
Field->getInClassInitializer() returns the expression:
(gdb) call E->dump()
InitListExpr 0x7ffff6cdf010 'class Cord *'
`-ImplicitCastExpr 0x7ffff6cdf050 'class Cord *' <NullToPointer>
`-CXXNullPtrLiteralExpr 0x7ffff6cdefb0 'nullptr_t'
We then call MismatchingNewDeleteDetector::getNewExprFromInitListOrExpr()
with that expression. The function checks that the initial expression is
not null, but we then decide to get the first init from the list of inits,
which returns a nullptr:
2451 if (ILE->getNumInits() == 1)
(gdb) call ILE->dump()
InitListExpr 0x7ffff6cdf010 'class Cord *'
`-ImplicitCastExpr 0x7ffff6cdf050 'class Cord *' <NullToPointer>
`-CXXNullPtrLiteralExpr 0x7ffff6cdefb0 'nullptr_t'
(gdb) n
2452 E = dyn_cast<const
CXXNewExpr>(ILE->getInit(0)->IgnoreParenImpCasts());
(gdb) n
2453 }
(gdb) p E
$6 = (const clang::Expr *) 0x0
Then we try to dyn_cast<> it, which segfaults:
(gdb) n
2455 return dyn_cast<const CXXNewExpr>(E);
(gdb) n
clang: third_party/llvm/llvm/include/llvm/Support/Casting.h:95: static bool
llvm::isa_impl_cl<const clang::CXXNewExpr, const clang::Expr *>::doit(const
>From *) [To = const clang::CXXNewExpr, From = const clang::Expr *]:
Assertion `Val && "isa<> used on a null pointer"' failed.
Program received signal SIGABRT, Aborted.
I don't know whether we should just return nil when E gets nullfiied or
this is a sign of some other problem.
Thanks. Diego.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150514/4e02a944/attachment.html>
More information about the cfe-commits
mailing list