[PATCH] D155084: [analyzer] Fix crash in MoveChecker when it tries to report duplicate issue.

Tomasz KamiƄski via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jul 12 07:07:00 PDT 2023


tomasz-kaminski-sonarsource created this revision.
Herald added subscribers: steakhal, manas, ASDenysPetrov, martong, dkrupp, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun.
Herald added a reviewer: NoQ.
Herald added a project: All.
tomasz-kaminski-sonarsource requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

The 'MoveChecker' was missing the check if the error node was
successfully generated (non-null value was returned). This happens
if duplicate of the report is emitted.

This patch contains NFC, where 'reportBug' is renamed to 'tryReportBug',
to better indicated conditional behavior of function.

Author: Arseniy Zaostrovnykh <arseniy.zaostrovnykh at sonarsource.com>


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D155084

Files:
  clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp


Index: clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
@@ -213,8 +213,9 @@
 
   // Returns the exploded node against which the report was emitted.
   // The caller *must* add any further transitions against this node.
-  ExplodedNode *reportBug(const MemRegion *Region, const CXXRecordDecl *RD,
-                          CheckerContext &C, MisuseKind MK) const;
+  // Returns nullptr and does not report if such node already exists.
+  ExplodedNode *tryToReportBug(const MemRegion *Region, const CXXRecordDecl *RD,
+                               CheckerContext &C, MisuseKind MK) const;
 
   bool isInMoveSafeContext(const LocationContext *LC) const;
   bool isStateResetMethod(const CXXMethodDecl *MethodDec) const;
@@ -377,19 +378,20 @@
     return;
   }
 
-  ExplodedNode *N = reportBug(Region, RD, C, MK);
+  ExplodedNode *N = tryToReportBug(Region, RD, C, MK);
 
   // If the program has already crashed on this path, don't bother.
-  if (N->isSink())
+  if (!N || N->isSink())
     return;
 
   State = State->set<TrackedRegionMap>(Region, RegionState::getReported());
   C.addTransition(State, N);
 }
 
-ExplodedNode *MoveChecker::reportBug(const MemRegion *Region,
-                                     const CXXRecordDecl *RD, CheckerContext &C,
-                                     MisuseKind MK) const {
+ExplodedNode *MoveChecker::tryToReportBug(const MemRegion *Region,
+                                          const CXXRecordDecl *RD,
+                                          CheckerContext &C,
+                                          MisuseKind MK) const {
   if (ExplodedNode *N = misuseCausesCrash(MK) ? C.generateErrorNode()
                                               : C.generateNonFatalErrorNode()) {
     // Uniqueing report to the same object.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D155084.539546.patch
Type: text/x-patch
Size: 1958 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230712/7e5575d5/attachment.bin>


More information about the cfe-commits mailing list