[PATCH] D80669: [analyzer] LoopWidening: fix crash by avoiding aliased references invalidation

Abbas Sabra via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed May 27 15:50:04 PDT 2020


AbbasSabra created this revision.
Herald added subscribers: cfe-commits, ASDenysPetrov, martong, Charusso, dkrupp, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun.
Herald added a project: clang.
AbbasSabra edited the summary of this revision.
AbbasSabra added reviewers: xazax.hun, vsavchenko, NoQ.
Herald added a subscriber: rnkovacs.
AbbasSabra retitled this revision from "[analyzer] LoopWidening: fix crash by avoiding aliased references invalidationSummary: LoopWidening is invalidating references comming from type aliases which lead to a crashReviewers: xazax.hun vsavchenko NoQSubscribers:" to "[analyzer] LoopWidening: fix crash by avoiding aliased references invalidation".

LoopWidening is invalidating references coming from type aliases which lead to a crash.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D80669

Files:
  clang/lib/StaticAnalyzer/Core/LoopWidening.cpp
  clang/test/Analysis/loop-widening-preserve-reference-type.cpp


Index: clang/test/Analysis/loop-widening-preserve-reference-type.cpp
===================================================================
--- clang/test/Analysis/loop-widening-preserve-reference-type.cpp
+++ clang/test/Analysis/loop-widening-preserve-reference-type.cpp
@@ -12,3 +12,10 @@
   for (int i = 0; i < 10; ++i) { }
   clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}}
 }                               // expected-warning at -1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}}
+
+using AR = const A&;
+void invalid_type_alias_region_access() {
+  AR x = B();
+  for (int i = 0; i < 10; ++i) { }
+  clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}}
+}                               // expected-warning at -1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}}
Index: clang/lib/StaticAnalyzer/Core/LoopWidening.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/LoopWidening.cpp
+++ clang/lib/StaticAnalyzer/Core/LoopWidening.cpp
@@ -67,8 +67,10 @@
   }
 
   // References should not be invalidated.
-  auto Matches = match(findAll(stmt(hasDescendant(varDecl(hasType(referenceType())).bind(MatchRef)))),
-                       *LCtx->getDecl()->getBody(), ASTCtx);
+  auto Matches = match(
+      findAll(stmt(hasDescendant(
+          varDecl(hasType(hasCanonicalType(referenceType()))).bind(MatchRef)))),
+      *LCtx->getDecl()->getBody(), ASTCtx);
   for (BoundNodes Match : Matches) {
     const VarDecl *VD = Match.getNodeAs<VarDecl>(MatchRef);
     assert(VD);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D80669.266684.patch
Type: text/x-patch
Size: 1713 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200527/825364cb/attachment-0001.bin>


More information about the cfe-commits mailing list