[clang] 99b94f2 - [analyzer] LoopUnrolling: fix crash when a parameter is a loop counter.

Artem Dergachev via cfe-commits cfe-commits at lists.llvm.org
Fri May 22 06:14:56 PDT 2020 

Author: Artem Dergachev
Date: 2020-05-22T16:14:48+03:00
New Revision: 99b94f29ac5dbbce0585d16f631359a66f279ea4

URL: https://github.com/llvm/llvm-project/commit/99b94f29ac5dbbce0585d16f631359a66f279ea4
DIFF: https://github.com/llvm/llvm-project/commit/99b94f29ac5dbbce0585d16f631359a66f279ea4.diff

LOG: [analyzer] LoopUnrolling: fix crash when a parameter is a loop counter.

When loop counter is a function parameter "isPossiblyEscaped" will not find
the variable declaration which lead to hitting "llvm_unreachable".
Parameters of reference type should be escaped like global variables;
otherwise treat them as unescaped.

Patch by Abbas Sabra!

Differential Revision: https://reviews.llvm.org/D80171

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
    clang/test/Analysis/loop-unrolling.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
index 6bc937567800..dc268e562237 100644
--- a/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
+++ b/clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp
@@ -164,6 +164,11 @@ static bool isPossiblyEscaped(const VarDecl *VD, ExplodedNode *N) {
   if (VD->hasGlobalStorage())
     return true;
 
+  const bool isParm = isa<ParmVarDecl>(VD);
+  // Reference parameters are assumed as escaped variables.
+  if (isParm && VD->getType()->isReferenceType())
+    return true;
+
   while (!N->pred_empty()) {
     // FIXME: getStmtForDiagnostics() does nasty things in order to provide
     // a valid statement for body farms, do we need this behavior here?
@@ -193,6 +198,11 @@ static bool isPossiblyEscaped(const VarDecl *VD, ExplodedNode *N) {
 
     N = N->getFirstPred();
   }
+
+  // Parameter declaration will not be found.
+  if (isParm)
+    return false;
+
   llvm_unreachable("Reached root without finding the declaration of VD");
 }
 

diff  --git a/clang/test/Analysis/loop-unrolling.cpp b/clang/test/Analysis/loop-unrolling.cpp
index 761bf5af6a8b..e8ba8b9476ae 100644
--- a/clang/test/Analysis/loop-unrolling.cpp
+++ b/clang/test/Analysis/loop-unrolling.cpp
@@ -499,3 +499,15 @@ void pr34943() {
     clang_analyzer_numTimesReached(); // expected-warning {{6}}
   }
 }
+
+void parm_by_value_as_loop_counter(int i) {
+  for (i = 0; i < 10; ++i) {
+    clang_analyzer_numTimesReached(); // expected-warning {{10}}
+  }
+}
+
+void parm_by_ref_as_loop_counter(int &i) {
+  for (i = 0; i < 10; ++i) {
+    clang_analyzer_numTimesReached(); // expected-warning {{4}}
+  }
+}

More information about the cfe-commits mailing list