[clang] d7fa1bc - [clang][dataflow] Fix crash on base-to-derived cast of unmodeled pointer value. (#179060)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Feb 6 08:16:56 PST 2026
Author: Artem Dergachev
Date: 2026-02-06T11:16:51-05:00
New Revision: d7fa1bc0fab3d69a0a92a8b6ee2cd6e357c23e2a
URL: https://github.com/llvm/llvm-project/commit/d7fa1bc0fab3d69a0a92a8b6ee2cd6e357c23e2a
DIFF: https://github.com/llvm/llvm-project/commit/d7fa1bc0fab3d69a0a92a8b6ee2cd6e357c23e2a.diff
LOG: [clang][dataflow] Fix crash on base-to-derived cast of unmodeled pointer value. (#179060)
Remove the assertion because null values occur naturally on a regular
basis.
Un-crashes the newly added test.
Added:
Modified:
clang/lib/Analysis/FlowSensitive/Transfer.cpp
clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
Removed:
################################################################################
diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index 5a5e43e19e024..445f39b43f683 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -336,7 +336,6 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
RecordStorageLocation *Loc = nullptr;
if (S->getType()->isPointerType()) {
auto *PV = Env.get<PointerValue>(*SubExpr);
- assert(PV != nullptr);
if (PV == nullptr)
break;
Loc = cast<RecordStorageLocation>(&PV->getPointeeLoc());
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index b4e7e0cb47967..3c79c367415aa 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -3834,6 +3834,34 @@ TEST(TransferTest, StaticCastBaseToDerived) {
});
}
+TEST(TransferTest, StaticCastBaseToDerivedUnknown) {
+ // This code used to crash.
+ std::string Code = R"(
+ struct Base {};
+ struct Derived: Base {};
+
+ Base *unknown();
+ void target() {
+ Derived *DPtr = static_cast<Derived *>(unknown());
+ // [[p]]
+ }
+ )";
+ runDataflow(
+ Code,
+ [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+ ASTContext &ASTCtx) {
+ ASSERT_THAT(Results.keys(), UnorderedElementsAre("p"));
+ const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
+
+ const ValueDecl *DPtrDecl = findValueDecl(ASTCtx, "DPtr");
+ ASSERT_THAT(DPtrDecl, NotNull());
+
+ const auto *DPtrVal =
+ dyn_cast_or_null<PointerValue>(Env.getValue(*DPtrDecl));
+ EXPECT_THAT(DPtrVal, NotNull());
+ });
+}
+
TEST(TransferTest, MultipleConstructionsFromStaticCastsBaseToDerived) {
std::string Code = R"cc(
struct Base {};
More information about the cfe-commits
mailing list