[PATCH] D47044: Ensure that we only visit a destructor for a reference if type information is available.
Matthew Voss via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu May 17 17:17:47 PDT 2018
ormris created this revision.
ormris added reviewers: dcoughlin, NoQ, xazax.hun, george.karpenkov.
Herald added a subscriber: rnkovacs.
Loop widening can invalidate an object reference. If the analyzer attempts to visit the destructor to a non-existent object it will crash. This patch ensures that type information is available before attempting to visit the object.
Repository:
rC Clang
https://reviews.llvm.org/D47044
Files:
lib/StaticAnalyzer/Core/ExprEngine.cpp
test/Analysis/loop-widening-invalid-type.cpp
Index: test/Analysis/loop-widening-invalid-type.cpp
===================================================================
--- /dev/null
+++ test/Analysis/loop-widening-invalid-type.cpp
@@ -0,0 +1,11 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s
+
+struct A {
+ ~A() {}
+};
+struct B : public A {};
+
+void invalid_type_region_access() { // expected-no-diagnostics
+ const A &x = B();
+ for(int i = 0; i < 10; ++i) {}
+}
Index: lib/StaticAnalyzer/Core/ExprEngine.cpp
===================================================================
--- lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1044,6 +1044,10 @@
return;
}
Region = ValueRegion->getBaseRegion();
+ if (!isa<TypedValueRegion>(Region))
+ // Loop widening will sometimes invalidate typed regions.
+ return;
+
varType = cast<TypedValueRegion>(Region)->getValueType();
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D47044.147417.patch
Type: text/x-patch
Size: 1012 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180518/be30618f/attachment.bin>
More information about the cfe-commits
mailing list