[clang] a9e90f7 - [clang][dataflow] Fix a null pointer crash in `computeBlockInputState()`.
Martin Braenne via cfe-commits
cfe-commits at lists.llvm.org
Mon May 22 05:20:04 PDT 2023
Author: Martin Braenne
Date: 2023-05-22T12:19:55Z
New Revision: a9e90f7994222dde987154ed009504afbf3c2166
URL: https://github.com/llvm/llvm-project/commit/a9e90f7994222dde987154ed009504afbf3c2166
DIFF: https://github.com/llvm/llvm-project/commit/a9e90f7994222dde987154ed009504afbf3c2166.diff
LOG: [clang][dataflow] Fix a null pointer crash in `computeBlockInputState()`.
The crash was due to unconditionally calling
`Block.succ_begin()->getReachableBlock()->hasNoReturnElement()`, but
`getReachableBlock()` can return null now that we have turned
`PruneTriviallyFalseEdges` on.
This patch adds two tests that crash without the fix.
Reviewed By: ymandel
Differential Revision: https://reviews.llvm.org/D151071
Added:
Modified:
clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp
clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp
Removed:
################################################################################
diff --git a/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp b/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp
index 4fc8f27ffc9b2..37dd7081ae986 100644
--- a/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp
+++ b/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp
@@ -216,7 +216,8 @@ computeBlockInputState(const CFGBlock &Block, AnalysisContext &AC) {
// operator includes a branch that contains a noreturn destructor call.
//
// See `NoreturnDestructorTest` for concrete examples.
- if (Block.succ_begin()->getReachableBlock()->hasNoReturnElement()) {
+ if (Block.succ_begin()->getReachableBlock() != nullptr &&
+ Block.succ_begin()->getReachableBlock()->hasNoReturnElement()) {
auto &StmtToBlock = AC.CFCtx.getStmtToBlock();
auto StmtBlock = StmtToBlock.find(Block.getTerminatorStmt());
assert(StmtBlock != StmtToBlock.end());
diff --git a/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp b/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp
index 30aef86e7a26e..5bfb9e53778b0 100644
--- a/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp
@@ -296,6 +296,22 @@ TEST_F(NoreturnDestructorTest, ConditionalOperatorLeftBranchReturns) {
UnorderedElementsAre("foo"))))));
}
+TEST_F(NoreturnDestructorTest,
+ ConditionalOperatorConstantCondition_LeftBranchReturns) {
+ std::string Code = R"(
+ #include "noreturn_destructor_test_defs.h"
+
+ void target() {
+ int value = true ? foo() : Fatal().bar();
+ (void)0;
+ // [[p]]
+ }
+ )";
+ runDataflow(Code, UnorderedElementsAre(IsStringMapEntry(
+ "p", HoldsFunctionCallLattice(HasCalledFunctions(
+ UnorderedElementsAre("foo"))))));
+}
+
TEST_F(NoreturnDestructorTest, ConditionalOperatorRightBranchReturns) {
std::string Code = R"(
#include "noreturn_destructor_test_defs.h"
@@ -311,6 +327,22 @@ TEST_F(NoreturnDestructorTest, ConditionalOperatorRightBranchReturns) {
UnorderedElementsAre("foo"))))));
}
+TEST_F(NoreturnDestructorTest,
+ ConditionalOperatorConstantCondition_RightBranchReturns) {
+ std::string Code = R"(
+ #include "noreturn_destructor_test_defs.h"
+
+ void target() {
+ int value = false ? Fatal().bar() : foo();
+ (void)0;
+ // [[p]]
+ }
+ )";
+ runDataflow(Code, UnorderedElementsAre(IsStringMapEntry(
+ "p", HoldsFunctionCallLattice(HasCalledFunctions(
+ UnorderedElementsAre("foo"))))));
+}
+
TEST_F(NoreturnDestructorTest, ConditionalOperatorNestedBranchesDoNotReturn) {
std::string Code = R"(
#include "noreturn_destructor_test_defs.h"
More information about the cfe-commits
mailing list