[clang] [clang][dataflow] Fix buggy assertion: Compare an unqualified type to an unqualified type. (PR #71573)
Samira Bazuzi via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 8 06:54:41 PST 2023
https://github.com/bazuzi updated https://github.com/llvm/llvm-project/pull/71573
>From d6b87c3ff427d6425d2559e9731d88b89f2206c8 Mon Sep 17 00:00:00 2001
From: Samira Bazuzi <bazuzi at google.com>
Date: Tue, 7 Nov 2023 13:44:51 -0500
Subject: [PATCH 1/2] [clang][dataflow] Compare an unqualified type to an
unqualified type.
Includes crash-reproducing test case.
---
clang/lib/Analysis/FlowSensitive/Transfer.cpp | 6 +++---
.../Analysis/FlowSensitive/TransferTest.cpp | 20 +++++++++++++++++++
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index 8b2f8ecc5027e8a..839c04c65e39e7c 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -683,11 +683,11 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
assert(
// The types are same, or
Field->getType().getCanonicalType().getUnqualifiedType() ==
- Init->getType().getCanonicalType() ||
+ Init->getType().getCanonicalType().getUnqualifiedType() ||
// The field's type is T&, and initializer is T
(Field->getType()->isReferenceType() &&
- Field->getType().getCanonicalType()->getPointeeType() ==
- Init->getType().getCanonicalType()));
+ Field->getType().getCanonicalType()->getPointeeType() ==
+ Init->getType().getCanonicalType()));
auto& Loc = Env.createObject(Field->getType(), Init);
FieldLocs.insert({Field, &Loc});
}
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index bd9b98178b5d4e3..19136f24d666b66 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -3197,6 +3197,26 @@ TEST(TransferTest, AggregateInitialization_NotExplicitlyInitializedField) {
});
}
+TEST(TransferTest, AggregateInitializationFunctionPointer) {
+ // This is a crash repro.
+ // nullptr takes on the type of a const function pointer, but its type was
+ // asserted to be equal to the *unqualified* type of Field, which no longer
+ // included the const.
+ std::string Code = R"(
+ struct S {
+ void (*const Field)();
+ };
+
+ void target() {
+ S s{nullptr};
+ }
+ )";
+ runDataflow(
+ Code,
+ [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+ ASTContext &ASTCtx) {});
+}
+
TEST(TransferTest, AssignToUnionMember) {
std::string Code = R"(
union A {
>From 212eb3faf63525f87c11f0000229b03141b66b0f Mon Sep 17 00:00:00 2001
From: Samira Bazuzi <bazuzi at users.noreply.github.com>
Date: Wed, 8 Nov 2023 09:54:34 -0500
Subject: [PATCH 2/2] Update test comment.
Co-authored-by: martinboehme <mboehme at google.com>
---
clang/unittests/Analysis/FlowSensitive/TransferTest.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index 19136f24d666b66..ade0d202ced2f37 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -3198,7 +3198,7 @@ TEST(TransferTest, AggregateInitialization_NotExplicitlyInitializedField) {
}
TEST(TransferTest, AggregateInitializationFunctionPointer) {
- // This is a crash repro.
+ // This is a repro for an assertion failure.
// nullptr takes on the type of a const function pointer, but its type was
// asserted to be equal to the *unqualified* type of Field, which no longer
// included the const.
More information about the cfe-commits
mailing list