r305211 - [analyzer] Fix a crash when an ObjC object is constructed in AllocaRegion.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Mon Jun 12 10:59:50 PDT 2017
Author: dergachev
Date: Mon Jun 12 12:59:50 2017
New Revision: 305211
URL: http://llvm.org/viewvc/llvm-project?rev=305211&view=rev
Log:
[analyzer] Fix a crash when an ObjC object is constructed in AllocaRegion.
Memory region allocated by alloca() carries no implicit type information.
Don't crash when resolving the init message for an Objective-C object
that is being constructed in such region.
rdar://problem/32517077
Differential Revision: https://reviews.llvm.org/D33828
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp
cfe/trunk/test/Analysis/DynamicTypePropagation.m
Modified: cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp?rev=305211&r1=305210&r2=305211&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp Mon Jun 12 12:59:50 2017
@@ -957,6 +957,12 @@ RuntimeDefinition ObjCMethodCall::getRun
return RuntimeDefinition();
DynamicTypeInfo DTI = getDynamicTypeInfo(getState(), Receiver);
+ if (!DTI.isValid()) {
+ assert(isa<AllocaRegion>(Receiver) &&
+ "Unhandled untyped region class!");
+ return RuntimeDefinition();
+ }
+
QualType DynType = DTI.getType();
CanBeSubClassed = DTI.canBeASubClass();
ReceiverT = dyn_cast<ObjCObjectPointerType>(DynType.getCanonicalType());
Modified: cfe/trunk/test/Analysis/DynamicTypePropagation.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/DynamicTypePropagation.m?rev=305211&r1=305210&r2=305211&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/DynamicTypePropagation.m (original)
+++ cfe/trunk/test/Analysis/DynamicTypePropagation.m Mon Jun 12 12:59:50 2017
@@ -4,6 +4,9 @@
# error Compiler does not support Objective-C generics?
#endif
+typedef __typeof(sizeof(int)) size_t;
+void *memset(void *, int, size_t);
+
#define nil 0
typedef unsigned long NSUInteger;
typedef int BOOL;
@@ -21,6 +24,7 @@ __attribute__((objc_root_class))
@end
@interface NSArray<ObjectType> : NSObject
+- (void) init;
- (BOOL)contains:(ObjectType)obj;
- (ObjectType)getObjAtIndex:(NSUInteger)idx;
- (ObjectType)objectAtIndexedSubscript:(NSUInteger)idx;
@@ -55,3 +59,11 @@ void testArgument(NSArray<MyType *> *arr
// MyType!
[element myFunction:0 myParam:0 ];
}
+
+// Do not try this at home! The analyzer shouldn't crash though when it
+// tries to figure out the dynamic type behind the alloca's return value.
+void testAlloca(size_t NSArrayClassSizeWeKnowSomehow) {
+ NSArray *arr = __builtin_alloca(NSArrayClassSizeWeKnowSomehow);
+ memset(arr, 0, NSArrayClassSizeWeKnowSomehow);
+ [arr init]; // no-crash
+}
More information about the cfe-commits
mailing list