[PATCH] D52848: [analyzer] Do not crash if the assumption added in TrustNonNullChecker is enough to make the state unfeasible
George Karpenkov via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Oct 3 15:34:24 PDT 2018
This revision was automatically updated to reflect the committed changes.
Closed by commit rC343735: [analyzer] Do not crash if the assumption added in TrustNonNullChecker is… (authored by george.karpenkov, committed by ).
Herald added a subscriber: cfe-commits.
Changed prior to commit:
https://reviews.llvm.org/D52848?vs=168178&id=168191#toc
Repository:
rC Clang
https://reviews.llvm.org/D52848
Files:
lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp
test/Analysis/trustnonnullchecker_test.m
Index: test/Analysis/trustnonnullchecker_test.m
===================================================================
--- test/Analysis/trustnonnullchecker_test.m
+++ test/Analysis/trustnonnullchecker_test.m
@@ -170,3 +170,25 @@
if (k) {}
return k; // no-warning
}
+
+// Check that we don't crash when the added assumption is enough
+// to make the state unfeasible.
+ at class DummyClass;
+ at interface DictionarySubclass : NSDictionary {
+ DummyClass *g;
+ DictionarySubclass *d;
+}
+ at end
+ at implementation DictionarySubclass
+- (id) objectForKey:(id)e {
+ if (e) {}
+ return d;
+}
+- (void) coder {
+ for (id e in g) {
+ id f = [self objectForKey:e];
+ if (f)
+ (void)e;
+ }
+}
+ at end
Index: lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp
+++ lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp
@@ -212,20 +212,26 @@
/// the negation of \p Antecedent.
/// Checks NonNullImplicationMap and assumes \p Antecedent otherwise.
ProgramStateRef addImplication(SymbolRef Antecedent,
- ProgramStateRef State,
+ ProgramStateRef InputState,
bool Negated) const {
- SValBuilder &SVB = State->getStateManager().getSValBuilder();
+ if (!InputState)
+ return nullptr;
+ SValBuilder &SVB = InputState->getStateManager().getSValBuilder();
const SymbolRef *Consequent =
- Negated ? State->get<NonNullImplicationMap>(Antecedent)
- : State->get<NullImplicationMap>(Antecedent);
+ Negated ? InputState->get<NonNullImplicationMap>(Antecedent)
+ : InputState->get<NullImplicationMap>(Antecedent);
if (!Consequent)
- return State;
+ return InputState;
SVal AntecedentV = SVB.makeSymbolVal(Antecedent);
- if ((Negated && State->isNonNull(AntecedentV).isConstrainedTrue())
- || (!Negated && State->isNull(AntecedentV).isConstrainedTrue())) {
+ ProgramStateRef State = InputState;
+
+ if ((Negated && InputState->isNonNull(AntecedentV).isConstrainedTrue())
+ || (!Negated && InputState->isNull(AntecedentV).isConstrainedTrue())) {
SVal ConsequentS = SVB.makeSymbolVal(*Consequent);
- State = State->assume(ConsequentS.castAs<DefinedSVal>(), Negated);
+ State = InputState->assume(ConsequentS.castAs<DefinedSVal>(), Negated);
+ if (!State)
+ return nullptr;
// Drop implications from the map.
if (Negated) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D52848.168191.patch
Type: text/x-patch
Size: 2587 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20181003/4d6c22e4/attachment.bin>
More information about the cfe-commits
mailing list