[PATCH] D119601: [analyzer] Refactor makeNull to makeNullWithWidth (NFC)

Vince Bridgers via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Mar 18 17:17:45 PDT 2022 

vabridgers added inline comments.


================
Comment at: clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h:378
+    type = type->isReferenceType()
+               ? Context.getPointerType(type->getPointeeType())
+               : type;
----------------
NoQ wrote:
> How do you discover the pointer width by looking only at the pointee type? Are objects of specific type always restricted to a specific address space? I.e., does every `int *` have the same width everywhere in the program? If not, how is this code supposed to work?
The case this code addresses is represented in the test case clang/test/Analysis/cast-value-notes.cpp, this function ...

```
 24 void evalReferences(const Shape &S) {
 25   const auto &C = dyn_cast<Circle>(S);
 26   // expected-note at -1 {{Assuming 'S' is not a 'Circle'}}
 27   // expected-note at -2 {{Dereference of null pointer}}
 28   // expected-warning at -3 {{Dereference of null pointer}}
 29 }

```
The crash occurs from line 25 above. 

Debug printing what I see at this point in the code for this case ...

```
QualType type : LValueReferenceType 0xffea820 'const class clang::Circle &'
`-QualType 0xffea7c1 'const class clang::Circle' const
  `-SubstTemplateTypeParmType 0xffea7c0 'class clang::Circle' sugar
    |-TemplateTypeParmType 0xffe4f90 'X' dependent depth 0 index 0
    | `-TemplateTypeParm 0xffe4f40 'X'
    `-RecordType 0xffea090 'class clang::Circle'
      `-CXXRecord 0xffea000 'Circle'

Context.getPointerType(type) : PointerType 0x10006ab0 'const class clang::Circle &*'
`-LValueReferenceType 0xffea820 'const class clang::Circle &'
  `-QualType 0xffea7c1 'const class clang::Circle' const
    `-SubstTemplateTypeParmType 0xffea7c0 'class clang::Circle' sugar
      |-TemplateTypeParmType 0xffe4f90 'X' dependent depth 0 index 0
      | `-TemplateTypeParm 0xffe4f40 'X'
      `-RecordType 0xffea090 'class clang::Circle'
        `-CXXRecord 0xffea000 'Circle'

Context.getPointerType(type->getPointeeType()) : PointerType 0x10006ae0 'const class clang::Circle *'
`-QualType 0xffea7c1 'const class clang::Circle' const
  `-SubstTemplateTypeParmType 0xffea7c0 'class clang::Circle' sugar
    |-TemplateTypeParmType 0xffe4f90 'X' dependent depth 0 index 0
    | `-TemplateTypeParm 0xffe4f40 'X'
    `-RecordType 0xffea090 'class clang::Circle'
      `-CXXRecord 0xffea000 'Circle'

```
The LValueReferenceType causes a crash if I do not get a pointer type, looks like ... 

```
clang:  <root>/clang/include/clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h:219: const llvm::APSInt& clang::ento::BasicValueFactory::getZeroWithTypeSize(clang::QualType): Assertion `T->isScalarType()' failed.

```
I'm assuming the pointer type retains the address space attribute of the LValueReferenceType. 

Context.getPointerType(type->getPointeeType()) produces a QualType :  PointerType 'const class clang::Circle *' from an original QualType : LValueReferenceType 'const class clang::Circle &'

Is this not what's wanted - a pointer type instead of a reference, with the same address space qualifiers, or am I missing something in the query? 

Thanks


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D119601/new/

https://reviews.llvm.org/D119601

More information about the cfe-commits mailing list