[PATCH] D28297: [StaticAnalyzer] Fix crash in CastToStructChecker
Daniel Marjamäki via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Feb 15 03:41:28 PST 2017
danielmarjamaki added a comment.
In https://reviews.llvm.org/D28297#642523, @NoQ wrote:
> Looks good. I assume the crash is in `getTypeInfo()`; do you have any idea what are exact prerequisites for using this method? So that there were no more crashes here.
Yes. The crash happens during the `getTypeInfo()` call. I don't know what prerequisites are interesting to check.
The Type pointer returned by getTypePtr() must be nonnull and valid. The method `clang::Type::getTypeClass()` is called using that type pointer. If that returns `Type::Record` then the Type pointer is casted to a RecordType. And `RecordType::getDecl()` is called. The RecordDecl that is returned by that call is passed to `getASTRecordLayout()` shown below.
The crash occurs on the first assert in this code:
const ASTRecordLayout &
ASTContext::getASTRecordLayout(const RecordDecl *D) const {
// These asserts test different things. A record has a definition
// as soon as we begin to parse the definition. That definition is
// not a complete definition (which is what isDefinition() tests)
// until we *finish* parsing the definition.
if (D->hasExternalLexicalStorage() && !D->getDefinition())
getExternalSource()->CompleteType(const_cast<RecordDecl*>(D));
D = D->getDefinition();
assert(D && "Cannot get layout of forward declarations!");
assert(!D->isInvalidDecl() && "Cannot get layout of invalid decl!");
assert(D->isCompleteDefinition() && "Cannot layout type before complete!");
....
I am not sure I can write testcases that prevent regressions but do you think I should add `isInvalidDecl()` and `isCompleteDefinition()` also?
Repository:
rL LLVM
https://reviews.llvm.org/D28297
More information about the cfe-commits
mailing list