[cfe-dev] [StaticAnalyzer] Potential bug in MemRegion.cpp?
Aditya Kumar
hiraditya at codeaurora.org
Fri Sep 20 09:02:23 PDT 2013
Karthik,
You are right. This is basically the reason I got the error.
--- lib/StaticAnalyzer/Core/MemRegion.cpp (revision 190992)
+++ lib/StaticAnalyzer/Core/MemRegion.cpp (working copy)
@@ -1244,6 +1244,7 @@
if (!Child) {
// We cannot compute the offset of the base class.
SymbolicOffsetBase = R;
+ continue;
}
In addition to what you have suggested, I think we should also return false
(in MemRegion.cpp:isImmediateBase), or may be assert when the Child pointer
is NULL.
@file: MemRegion.cpp
static bool isImmediateBase(const CXXRecordDecl *Child,
const CXXRecordDecl *Base) {
+ if (!Child)
+ return false;
From: Karthik Bhat [mailto:blitz.opensource at gmail.com]
Sent: Friday, September 20, 2013 12:01 AM
To: Jordan Rose
Cc: Aditya Kumar; Clang Dev
Subject: Re: [cfe-dev] [StaticAnalyzer] Potential bug in MemRegion.cpp?
I'm not sure of the test case but the problem seems to be in
MemRegion::getAsOffset().
In switch case case CXXBaseObjectRegionKind:
if we cannot compute the offset of the base class we need to continue in the
loop instead of moving further down-
Index: lib/StaticAnalyzer/Core/MemRegion.cpp
===================================================================
--- lib/StaticAnalyzer/Core/MemRegion.cpp (revision 190992)
+++ lib/StaticAnalyzer/Core/MemRegion.cpp (working copy)
@@ -1244,6 +1244,7 @@
if (!Child) {
// We cannot compute the offset of the base class.
SymbolicOffsetBase = R;
+ continue;
}
if (RootIsSymbolic) {
What do you think Jordan?
Regards
Karthik Bhat
On Fri, Sep 20, 2013 at 5:51 AM, Jordan Rose <jordan_rose at apple.com> wrote:
If it's not a private program you can create a bug at http://llvm.org/bugs/
and attach the preprocessed file. If it is a private program (corporate or
something) well...you could at least report where the caller is and what the
original MemRegion is (using MemRegion::dump) and I can try to figure it out
from that.
Jordan
On Sep 19, 2013, at 17:15 , Aditya Kumar <hiraditya at codeaurora.org> wrote:
> I was compiling a program when I hit this segmentation fault. The program
is
> kind of big and I don't know how to reduce it to a minimal test case.
>
>
>
>> -----Original Message-----
>> From: Jordan Rose [mailto:jordan_rose at apple.com]
>> Sent: Thursday, September 19, 2013 11:13 AM
>> To: Aditya Kumar
>> Cc: 'Clang Dev'
>> Subject: Re: [cfe-dev] [StaticAnalyzer] Potential bug in MemRegion.cpp?
>>
>> I think the bug here is that "Child" should never be NULL. How are you
>> getting into this situation?
>>
>> Jordan
>>
>> On Sep 19, 2013, at 8:15 , Aditya Kumar <hiraditya at codeaurora.org> wrote:
>>
>>> When the following function is called by (RegionOffset
>>> MemRegion::getAsOffset() const:1257), and the first parameter (Child)
>>> is a NULL pointer I get a segmentation fault.
>>>
>>> @file: MemRegion.cpp
>>> 01164 static bool isImmediateBase(const CXXRecordDecl *Child,
>>> 01165 const CXXRecordDecl *Base) {
>>> 01166 // Note that we do NOT canonicalize the base class here, because
>>> 01167 // ASTRecordLayout doesn't either. If that leads us down the
> wrong
>>> path,
>>> 01168 // so be it; at least we won't crash.
>>> 01169 for (CXXRecordDecl::base_class_const_iterator I =
>>> Child->bases_begin(),
>>> 01170 E =
>>> Child->bases_end();
>>> 01171 I != E; ++I) {
>>> 01172 if (I->getType()->getAsCXXRecordDecl() == Base)
>>> 01173 return true;
>>> 01174 }
>>> 01175
>>> 01176 return false;
>>> 01177 }
>>>
>>> For now I just return `false' when `Child' pointer is NULL. Is this
>>> fix okay or there is something else required to be done?
>>>
>>>
>>> Thanks,
>>> -Aditya
>>>
>>>
>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
_______________________________________________
cfe-dev mailing list
cfe-dev at cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130920/8fa56017/attachment.html>
More information about the cfe-dev
mailing list