r287618 - [analyzer] Fix a crash on accessing a field within a literal-initialized union.

Artem Dergachev via cfe-commits cfe-commits at lists.llvm.org
Mon Nov 21 20:29:23 PST 2016 

Author: dergachev
Date: Mon Nov 21 22:29:23 2016
New Revision: 287618

URL: http://llvm.org/viewvc/llvm-project?rev=287618&view=rev
Log:
[analyzer] Fix a crash on accessing a field within a literal-initialized union.

Because in case of unions we currently default-bind compound values in the
store, this quick fix avoids the crash for this case.

Patch by Ilya Palachev and independently by Alexander Shaposhnikov!

Differential Revision: https://reviews.llvm.org/D26442

Added:
    cfe/trunk/test/Analysis/uninit-vals-union.c
Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=287618&r1=287617&r2=287618&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Mon Nov 21 22:29:23 2016
@@ -1674,7 +1674,8 @@ RegionStoreManager::getBindingForDerived
 
     // Lazy bindings are usually handled through getExistingLazyBinding().
     // We should unify these two code paths at some point.
-    if (val.getAs<nonloc::LazyCompoundVal>())
+    if (val.getAs<nonloc::LazyCompoundVal>() ||
+        val.getAs<nonloc::CompoundVal>())
       return val;
 
     llvm_unreachable("Unknown default value");

Added: cfe/trunk/test/Analysis/uninit-vals-union.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/uninit-vals-union.c?rev=287618&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/uninit-vals-union.c (added)
+++ cfe/trunk/test/Analysis/uninit-vals-union.c Mon Nov 21 22:29:23 2016
@@ -0,0 +1,13 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core.builtin -analyzer-store=region -verify -Wno-unused %s
+
+typedef union {
+  int y;
+} U;
+
+typedef struct { int x; } A;
+
+void foo() {
+  U u = {};
+  A *a = &u; // expected-warning{{incompatible pointer types}}
+  a->x;      // no-crash
+}

More information about the cfe-commits mailing list