[cfe-dev] segmentation fault while building dominator tree in clang
Kristóf Umann via cfe-dev
cfe-dev at lists.llvm.org
Sat Apr 6 10:04:26 PDT 2019
Hi!
I recently fiddled around this part of the code as well when trying to
implement an improvement for my checker in the StaticAnalyzer. For the
following invocation:
clang -cc1 -analyze -analyzer-checker=debug.DumpDominators (clang
repository)test/Analysis/cxx-uninitialized-object-unguarded-access.cpp
I received a segfault. I eventually figured that Clang's CFG contains
nullpointers, and the following patch on LLVM fixed the issue:
diff --git a/include/llvm/Support/GenericDomTreeConstruction.h
b/include/llvm/Support/GenericDomTreeConstruction.h
index ccceba88171..a4a238c310b 100644
--- a/include/llvm/Support/GenericDomTreeConstruction.h
+++ b/include/llvm/Support/GenericDomTreeConstruction.h
@@ -235,6 +235,9 @@ struct SemiNCAInfo {
constexpr bool Direction = IsReverse != IsPostDom; // XOR.
for (const NodePtr Succ :
ChildrenGetter<Direction>::Get(BB, BatchUpdates)) {
+ if (!Succ)
+ continue;
const auto SIT = NodeToInfo.find(Succ);
// Don't visit nodes more than once but remember to collect
// ReverseChildren.
However, I'm not sure whether the CFG is supposed to have nullpointers --
logically, maybe this isn't where we should fix this issue. An assert
wouldn't hurt though.
Good luck!
Kristóf
On Sat, 6 Apr 2019 at 15:57, Abu Naser Masud via cfe-dev <
cfe-dev at lists.llvm.org> wrote:
> Hello,
>
> This is my first post in this list. I am building an analysis tool in
> ClangTool.I am getting segmentation fault while building a dominator tree
> in clang. The sample code that I am using to build the dominator tree is
> the following:
>
> *const* Decl* D=*static_cast*<Decl *>(f); // FunctionDecl f
>
> AnalysisDeclContextManager *analDeclCtxMgr=*new *
> AnalysisDeclContextManager(context);
>
> *if*(AnalysisDeclContext *analDeclCtx=analDeclCtxMgr->getContext(D)){
>
> DominatorTree domTree;
>
> domTree.buildDominatorTree(*analDeclCtx);
>
> }
>
>
> The input function for my tool is the following code from perlbench(CPU
> 2017)
>
>
> *static* *bool*
>
> S_adjust_index(pTHX_ AV *av, *const* MAGIC *mg, SSize_t *keyp)
>
> {
>
> *bool* adjust_index = 1;
>
> *if* (mg) {
>
> */* Handle negative array indices 20020222 MJD */*
>
> SV * *const* ref = SvTIED_obj(MUTABLE_SV(av), mg);
>
> SvGETMAGIC(ref);
>
> *if* (SvROK(ref) && SvOBJECT(SvRV(ref))) {
>
> SV * *const* * *const* negative_indices_glob =
>
> hv_fetchs(SvSTASH(SvRV(ref)), NEGATIVE_INDICES_VAR, 0);
>
>
> *if* (negative_indices_glob && isGV(*negative_indices_glob)
>
> && SvTRUE(GvSV(*negative_indices_glob)))
>
> adjust_index = 0;
>
> }
>
> }
>
>
> *if* (adjust_index) {
>
> *keyp += AvFILL(av) + 1;
>
> *if* (*keyp < 0)
>
> *return* *FALSE*;
>
> }
>
> *return* *TRUE*;
>
> }
>
>
> Would you please let me know where the problem is?
>
>
> Thanks,
>
> Masud
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190406/b41eba98/attachment.html>
More information about the cfe-dev
mailing list