[cfe-dev] segmentation fault while building dominator tree in clang

Kristóf Umann via cfe-dev cfe-dev at lists.llvm.org
Sat Apr 6 13:08:21 PDT 2019 

On Sat, 6 Apr 2019 at 21:58, Jakub Kuderski <kubakuderski+llvm at gmail.com>
wrote:

> However, I'm not sure whether the CFG is supposed to have nullpointers --
>> logically, maybe this isn't where we should fix this issue
>
>  DomTree requires llvm::children and llvm::inverse_children to return
> valid node pointers.
>
> A proper fix would be not to return nulls from llvm::children. I'm not
> familiar with the Clang CFG -- why do nullptr appear there in the first
> place?
>
>
Maybe I'm just wrong, I didn't investigate that much :)


> Best,
> Kuba
>
> On Sat, Apr 6, 2019 at 1:05 PM Kristóf Umann via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
>> Hi!
>>
>> I recently fiddled around this part of the code as well when trying to
>> implement an improvement for my checker in the StaticAnalyzer. For the
>> following invocation:
>>
>> clang -cc1 -analyze -analyzer-checker=debug.DumpDominators (clang
>> repository)test/Analysis/cxx-uninitialized-object-unguarded-access.cpp
>>
>> I received a segfault. I eventually figured that Clang's CFG contains
>> nullpointers, and the following patch on LLVM fixed the issue:
>>
>> diff --git a/include/llvm/Support/GenericDomTreeConstruction.h
>> b/include/llvm/Support/GenericDomTreeConstruction.h
>> index ccceba88171..a4a238c310b 100644
>> --- a/include/llvm/Support/GenericDomTreeConstruction.h
>> +++ b/include/llvm/Support/GenericDomTreeConstruction.h
>> @@ -235,6 +235,9 @@ struct SemiNCAInfo {
>>        constexpr bool Direction = IsReverse != IsPostDom;  // XOR.
>>        for (const NodePtr Succ :
>>             ChildrenGetter<Direction>::Get(BB, BatchUpdates)) {
>> +        if (!Succ)
>> +          continue;
>>          const auto SIT = NodeToInfo.find(Succ);
>>          // Don't visit nodes more than once but remember to collect
>>          // ReverseChildren.
>>
>> However, I'm not sure whether the CFG is supposed to have nullpointers --
>> logically, maybe this isn't where we should fix this issue. An assert
>> wouldn't hurt though.
>>
>> Good luck!
>> Kristóf
>>
>> On Sat, 6 Apr 2019 at 15:57, Abu Naser Masud via cfe-dev <
>> cfe-dev at lists.llvm.org> wrote:
>>
>>> Hello,
>>>
>>> This is my first post in this list. I am building an analysis tool in
>>> ClangTool.I am getting segmentation fault while building a dominator
>>> tree in clang. The sample code that I am using to build the dominator
>>> tree is the following:
>>>
>>> *const* Decl* D=*static_cast*<Decl *>(f);     // FunctionDecl f
>>>
>>> AnalysisDeclContextManager  *analDeclCtxMgr=*new *
>>> AnalysisDeclContextManager(context);
>>>
>>> *if*(AnalysisDeclContext  *analDeclCtx=analDeclCtxMgr->getContext(D)){
>>>
>>>    DominatorTree domTree;
>>>
>>>    domTree.buildDominatorTree(*analDeclCtx);
>>>
>>> }
>>>
>>>
>>> The input function for my tool is the following code from perlbench(CPU
>>> 2017)
>>>
>>>
>>> *static* *bool*
>>>
>>> S_adjust_index(pTHX_ AV *av, *const* MAGIC *mg, SSize_t *keyp)
>>>
>>> {
>>>
>>>     *bool* adjust_index = 1;
>>>
>>>     *if* (mg) {
>>>
>>> */* Handle negative array indices 20020222 MJD */*
>>>
>>> SV * *const* ref = SvTIED_obj(MUTABLE_SV(av), mg);
>>>
>>> SvGETMAGIC(ref);
>>>
>>> *if* (SvROK(ref) && SvOBJECT(SvRV(ref))) {
>>>
>>>     SV * *const* * *const* negative_indices_glob =
>>>
>>> hv_fetchs(SvSTASH(SvRV(ref)), NEGATIVE_INDICES_VAR, 0);
>>>
>>>
>>>     *if* (negative_indices_glob && isGV(*negative_indices_glob)
>>>
>>>     && SvTRUE(GvSV(*negative_indices_glob)))
>>>
>>> adjust_index = 0;
>>>
>>> }
>>>
>>>     }
>>>
>>>
>>>     *if* (adjust_index) {
>>>
>>> *keyp += AvFILL(av) + 1;
>>>
>>> *if* (*keyp < 0)
>>>
>>>     *return* *FALSE*;
>>>
>>>     }
>>>
>>>     *return* *TRUE*;
>>>
>>> }
>>>
>>>
>>> Would you please let me know where the problem is?
>>>
>>>
>>> Thanks,
>>>
>>> Masud
>>>
>>>
>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at lists.llvm.org
>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190406/87c9437b/attachment.html>

More information about the cfe-dev mailing list