[cfe-dev] segmentation fault while building dominator tree in clang
Jakub Kuderski via cfe-dev
cfe-dev at lists.llvm.org
Sat Apr 6 12:57:59 PDT 2019
>
> However, I'm not sure whether the CFG is supposed to have nullpointers --
> logically, maybe this isn't where we should fix this issue
DomTree requires llvm::children and llvm::inverse_children to return valid
node pointers.
A proper fix would be not to return nulls from llvm::children. I'm not
familiar with the Clang CFG -- why do nullptr appear there in the first
place?
Best,
Kuba
On Sat, Apr 6, 2019 at 1:05 PM Kristóf Umann via cfe-dev <
cfe-dev at lists.llvm.org> wrote:
> Hi!
>
> I recently fiddled around this part of the code as well when trying to
> implement an improvement for my checker in the StaticAnalyzer. For the
> following invocation:
>
> clang -cc1 -analyze -analyzer-checker=debug.DumpDominators (clang
> repository)test/Analysis/cxx-uninitialized-object-unguarded-access.cpp
>
> I received a segfault. I eventually figured that Clang's CFG contains
> nullpointers, and the following patch on LLVM fixed the issue:
>
> diff --git a/include/llvm/Support/GenericDomTreeConstruction.h
> b/include/llvm/Support/GenericDomTreeConstruction.h
> index ccceba88171..a4a238c310b 100644
> --- a/include/llvm/Support/GenericDomTreeConstruction.h
> +++ b/include/llvm/Support/GenericDomTreeConstruction.h
> @@ -235,6 +235,9 @@ struct SemiNCAInfo {
> constexpr bool Direction = IsReverse != IsPostDom; // XOR.
> for (const NodePtr Succ :
> ChildrenGetter<Direction>::Get(BB, BatchUpdates)) {
> + if (!Succ)
> + continue;
> const auto SIT = NodeToInfo.find(Succ);
> // Don't visit nodes more than once but remember to collect
> // ReverseChildren.
>
> However, I'm not sure whether the CFG is supposed to have nullpointers --
> logically, maybe this isn't where we should fix this issue. An assert
> wouldn't hurt though.
>
> Good luck!
> Kristóf
>
> On Sat, 6 Apr 2019 at 15:57, Abu Naser Masud via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
>> Hello,
>>
>> This is my first post in this list. I am building an analysis tool in
>> ClangTool.I am getting segmentation fault while building a dominator
>> tree in clang. The sample code that I am using to build the dominator
>> tree is the following:
>>
>> *const* Decl* D=*static_cast*<Decl *>(f); // FunctionDecl f
>>
>> AnalysisDeclContextManager *analDeclCtxMgr=*new *
>> AnalysisDeclContextManager(context);
>>
>> *if*(AnalysisDeclContext *analDeclCtx=analDeclCtxMgr->getContext(D)){
>>
>> DominatorTree domTree;
>>
>> domTree.buildDominatorTree(*analDeclCtx);
>>
>> }
>>
>>
>> The input function for my tool is the following code from perlbench(CPU
>> 2017)
>>
>>
>> *static* *bool*
>>
>> S_adjust_index(pTHX_ AV *av, *const* MAGIC *mg, SSize_t *keyp)
>>
>> {
>>
>> *bool* adjust_index = 1;
>>
>> *if* (mg) {
>>
>> */* Handle negative array indices 20020222 MJD */*
>>
>> SV * *const* ref = SvTIED_obj(MUTABLE_SV(av), mg);
>>
>> SvGETMAGIC(ref);
>>
>> *if* (SvROK(ref) && SvOBJECT(SvRV(ref))) {
>>
>> SV * *const* * *const* negative_indices_glob =
>>
>> hv_fetchs(SvSTASH(SvRV(ref)), NEGATIVE_INDICES_VAR, 0);
>>
>>
>> *if* (negative_indices_glob && isGV(*negative_indices_glob)
>>
>> && SvTRUE(GvSV(*negative_indices_glob)))
>>
>> adjust_index = 0;
>>
>> }
>>
>> }
>>
>>
>> *if* (adjust_index) {
>>
>> *keyp += AvFILL(av) + 1;
>>
>> *if* (*keyp < 0)
>>
>> *return* *FALSE*;
>>
>> }
>>
>> *return* *TRUE*;
>>
>> }
>>
>>
>> Would you please let me know where the problem is?
>>
>>
>> Thanks,
>>
>> Masud
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190406/51288c55/attachment.html>
More information about the cfe-dev
mailing list