[clang] [clang][dataflow] Fix crash on unions introduced in ba279934c6ab09d5394a89d8318651aefd8d565b (PR #81918)

Yitzhak Mandelbaum via cfe-commits cfe-commits at lists.llvm.org
Thu Feb 15 12:54:36 PST 2024 

https://github.com/ymand created https://github.com/llvm/llvm-project/pull/81918

The commit was itself a crash fix, but inadvertently changed the behavior for unions, which results in crashes.


>From 86f1b2d4dded22eef613b9d92a4010e16fd1edc7 Mon Sep 17 00:00:00 2001
From: Yitzhak Mandelbaum <yitzhakm at google.com>
Date: Thu, 15 Feb 2024 20:47:51 +0000
Subject: [PATCH] [clang][dataflow] Fix crash on unions introduced in
 ba279934c6ab09d5394a89d8318651aefd8d565b

The commit was itself a crash fix, but inadvertently changed the behavior for unions, which results in crashes.
---
 clang/lib/Analysis/FlowSensitive/Transfer.cpp |  6 ++++++
 .../Analysis/FlowSensitive/TransferTest.cpp   | 21 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index fc7395457f551d..513f22d8aa0f9c 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -663,6 +663,12 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
   void VisitInitListExpr(const InitListExpr *S) {
     QualType Type = S->getType();
 
+    if (Type->isUnionType()) {
+      if (auto *Val = Env.createValue(Type))
+        Env.setValue(*S, *Val);
+      return;
+    }
+
     if (!Type->isStructureOrClassType()) {
       // Until array initialization is implemented, we don't need to care about
       // cases where `getNumInits() > 1`.
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index 87e6e83d2e03a9..a65b0446ac7818 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -2367,6 +2367,27 @@ TEST(TransferTest, InitListExprAsXValue) {
       });
 }
 
+TEST(TransferTest, InitListExprAsUnion) {
+  // This is a crash repro.
+  std::string Code = R"cc(
+    class target {
+      union {
+        int *a;
+        bool *b;
+      } F;
+
+     public:
+      constexpr target() : F{nullptr} {}
+    };
+  )cc";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        // Just verify that it doesn't crash.
+      });
+}
+
 TEST(TransferTest, CopyConstructor) {
   std::string Code = R"(
     struct A {

More information about the cfe-commits mailing list