Author: george.karpenkov Date: Wed Oct 3 15:31:09 2018 New Revision: 343735
URL: http://llvm.org/viewvc/llvm-project?rev=343735&view=rev Log: [analyzer] Do not crash if the assumption added in TrustNonNullChecker is enough to make the state unfeasible rdar://43541814 Differential Revision: https://reviews.llvm.org/D52848 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp cfe/trunk/test/Analysis/trustnonnullchecker_test.m Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp?rev=343735&r1=343734&r2=343735&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/TrustNonnullChecker.cpp Wed Oct 3 15:31:09 2018 @@ -212,20 +212,26 @@ private: /// the negation of \p Antecedent. /// Checks NonNullImplicationMap and assumes \p Antecedent otherwise. ProgramStateRef addImplication(SymbolRef Antecedent, - ProgramStateRef State, + ProgramStateRef InputState, bool Negated) const { - SValBuilder &SVB = State->getStateManager().getSValBuilder(); + if (!InputState) + return nullptr; + SValBuilder &SVB = InputState->getStateManager().getSValBuilder(); const SymbolRef *Consequent = - Negated ? State->get<NonNullImplicationMap>(Antecedent) - : State->get<NullImplicationMap>(Antecedent); + Negated ? InputState->get<NonNullImplicationMap>(Antecedent) + : InputState->get<NullImplicationMap>(Antecedent); if (!Consequent) - return State; + return InputState; SVal AntecedentV = SVB.makeSymbolVal(Antecedent); - if ((Negated && State->isNonNull(AntecedentV).isConstrainedTrue()) - || (!Negated && State->isNull(AntecedentV).isConstrainedTrue())) { + ProgramStateRef State = InputState; + + if ((Negated && InputState->isNonNull(AntecedentV).isConstrainedTrue()) + || (!Negated && InputState->isNull(AntecedentV).isConstrainedTrue())) { SVal ConsequentS = SVB.makeSymbolVal(*Consequent); - State = State->assume(ConsequentS.castAs<DefinedSVal>(), Negated); + State = InputState->assume(ConsequentS.castAs<DefinedSVal>(), Negated); + if (!State) + return nullptr; // Drop implications from the map. if (Negated) { Modified: cfe/trunk/test/Analysis/trustnonnullchecker_test.m URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/trustnonnullchecker_test.m?rev=343735&r1=343734&r2=343735&view=diff ============================================================================== --- cfe/trunk/test/Analysis/trustnonnullchecker_test.m (original) +++ cfe/trunk/test/Analysis/trustnonnullchecker_test.m Wed Oct 3 15:31:09 2018 @@ -170,3 +170,25 @@ NSString *_Nonnull checkAssumeOnMutableD if (k) {} return k; // no-warning } + +// Check that we don't crash when the added assumption is enough +// to make the state unfeasible. +@class DummyClass; +@interface DictionarySubclass : NSDictionary { + DummyClass *g; + DictionarySubclass *d; +} +@end +@implementation DictionarySubclass +- (id) objectForKey:(id)e { + if (e) {} + return d; +} +- (void) coder { + for (id e in g) { + id f = [self objectForKey:e]; + if (f) + (void)e; + } +} +@end _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
