[PATCH] D58067: [Analyzer] Crash fix for FindLastStoreBRVisitor
Balogh, Ádám via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 11 11:48:47 PST 2019
baloghadamsoftware created this revision.
baloghadamsoftware added reviewers: NoQ, dcoughlin.
baloghadamsoftware added a project: clang.
Herald added subscribers: gamesh411, donat.nagy, mikhail.ramalho, a.sidorin, szepet.
This patch is a fix for bug 40625 <https://bugs.llvm.org/show_bug.cgi?id=40625>.
`FindLastStoreBRVisitor` tries to find the first node in the exploded graph where the current value was assigned to a region. This node is called the "store site". It is identified by a pair of `Pred` and `Succ` nodes where `Succ` already has the binding for the value while `Pred` does not have it. However the visitor mistakenly identifies a node pair as the store site where the value is a `LazyCompoundVal` and `Pred` does not have a store yet but `Succ` has it. In this case the `LazyCompoundVal` is different in the `Pred` node because it also contains the store which is different in the two nodes. This error may lead to crashes (a declaration is cast to a parameter declaration without check) or misleading bug path notes.
In this patch we fix this problem by checking for unequal `LazyCompoundVals`: if their region is equal, and their store is the same as the store of their nodes we consider them as equal when looking for the store site.
Repository:
rC Clang
https://reviews.llvm.org/D58067
Files:
lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
test/Analysis/PR40625.cpp
test/Analysis/const_array.cpp
test/Analysis/uninit-vals.m
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D58067.186301.patch
Type: text/x-patch
Size: 3980 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190211/bb5973a6/attachment.bin>
More information about the cfe-commits
mailing list