[llvm-branch-commits] [cfe-branch] r311378 - Merging r311182:

Hans Wennborg via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Mon Aug 21 13:27:26 PDT 2017 

Author: hans
Date: Mon Aug 21 13:27:26 2017
New Revision: 311378

URL: http://llvm.org/viewvc/llvm-project?rev=311378&view=rev
Log:
Merging r311182:
------------------------------------------------------------------------
r311182 | alexshap | 2017-08-18 11:20:43 -0700 (Fri, 18 Aug 2017) | 22 lines

[analyzer] Fix modeling of constructors

This diff fixes analyzer's crash (triggered assert) on the newly added test case.
The assert being discussed is assert(!B.lookup(R, BindingKey::Direct))
in lib/StaticAnalyzer/Core/RegionStore.cpp, however the root cause is different.
For classes with empty bases the offsets might be tricky.
For example, let's assume we have
 struct S: NonEmptyBase, EmptyBase {
     ...
 };
In this case Clang applies empty base class optimization and 
the offset of EmptyBase will be 0, it can be verified via
clang -cc1 -x c++ -v -fdump-record-layouts main.cpp -emit-llvm -o /dev/null.
When the analyzer tries to perform zero initialization of EmptyBase
it will hit the assert because that region
has already been "written" by the constructor of NonEmptyBase.

Test plan:
make check-all

Differential revision: https://reviews.llvm.org/D36851

------------------------------------------------------------------------

Modified:
    cfe/branches/release_50/   (props changed)
    cfe/branches/release_50/lib/StaticAnalyzer/Core/RegionStore.cpp
    cfe/branches/release_50/test/Analysis/ctor.mm

Propchange: cfe/branches/release_50/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 21 13:27:26 2017
@@ -1,4 +1,4 @@
 /cfe/branches/type-system-rewrite:134693-134817
-/cfe/trunk:308455,308722,308824,308897,308996,309054,309058,309112-309113,309226,309263,309327,309382-309383,309488,309503,309523,309569,309607,309633,309636,309640,309722,309752,309975,310006,310158,310191,310359,310516,310672,310691-310692,310694,310700,310704,310706,310776,310804,310829,311115
+/cfe/trunk:308455,308722,308824,308897,308996,309054,309058,309112-309113,309226,309263,309327,309382-309383,309488,309503,309523,309569,309607,309633,309636,309640,309722,309752,309975,310006,310158,310191,310359,310516,310672,310691-310692,310694,310700,310704,310706,310776,310804,310829,311115,311182
 /cfe/trunk/test:170344
 /cfe/trunk/test/SemaTemplate:126920

Modified: cfe/branches/release_50/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/release_50/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=311378&r1=311377&r2=311378&view=diff
==============================================================================
--- cfe/branches/release_50/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/branches/release_50/lib/StaticAnalyzer/Core/RegionStore.cpp Mon Aug 21 13:27:26 2017
@@ -409,6 +409,19 @@ public: // Part of public interface to c
 
   // BindDefault is only used to initialize a region with a default value.
   StoreRef BindDefault(Store store, const MemRegion *R, SVal V) override {
+    // FIXME: The offsets of empty bases can be tricky because of
+    // of the so called "empty base class optimization".
+    // If a base class has been optimized out
+    // we should not try to create a binding, otherwise we should.
+    // Unfortunately, at the moment ASTRecordLayout doesn't expose
+    // the actual sizes of the empty bases
+    // and trying to infer them from offsets/alignments
+    // seems to be error-prone and non-trivial because of the trailing padding.
+    // As a temporary mitigation we don't create bindings for empty bases.
+    if (R->getKind() == MemRegion::CXXBaseObjectRegionKind &&
+        cast<CXXBaseObjectRegion>(R)->getDecl()->isEmpty())
+      return StoreRef(store, *this);
+
     RegionBindingsRef B = getRegionBindings(store);
     assert(!B.lookup(R, BindingKey::Direct));
 

Modified: cfe/branches/release_50/test/Analysis/ctor.mm
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/release_50/test/Analysis/ctor.mm?rev=311378&r1=311377&r2=311378&view=diff
==============================================================================
--- cfe/branches/release_50/test/Analysis/ctor.mm (original)
+++ cfe/branches/release_50/test/Analysis/ctor.mm Mon Aug 21 13:27:26 2017
@@ -704,3 +704,20 @@ namespace PR19579 {
     };
   }
 }
+
+namespace NoCrashOnEmptyBaseOptimization {
+  struct NonEmptyBase {
+    int X;
+    explicit NonEmptyBase(int X) : X(X) {}
+  };
+
+  struct EmptyBase {};
+
+  struct S : NonEmptyBase, EmptyBase {
+    S() : NonEmptyBase(0), EmptyBase() {}
+  };
+
+  void testSCtorNoCrash() {
+    S s;
+  }
+}

More information about the llvm-branch-commits mailing list