[PATCH] D119601: [analyzer] Refactor makeNull to makeNullWithWidth (NFC)

[Vince Bridgers via Phabricator via cfe-commits]

vabridgers added inline comments.


================
Comment at: 
clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h:378
+    type = type->isReferenceType()
+               ? Context.getPointerType(type->getPointeeType())
+               : type;
----------------
NoQ wrote:
> How do you discover the pointer width by looking only at the pointee type? 
> Are objects of specific type always restricted to a specific address space? 
> I.e., does every `int *` have the same width everywhere in the program? If 
> not, how is this code supposed to work?
The case this code addresses is represented in the test case 
clang/test/Analysis/cast-value-notes.cpp, this function ...

```
 24 void evalReferences(const Shape &S) {
 25   const auto &C = dyn_cast<Circle>(S);
 26   // expected-note@-1 {{Assuming 'S' is not a 'Circle'}}
 27   // expected-note@-2 {{Dereference of null pointer}}
 28   // expected-warning@-3 {{Dereference of null pointer}}
 29 }

```
The crash occurs from line 25 above. 

Debug printing what I see at this point in the code for this case ...

```
QualType type : LValueReferenceType 0xffea820 'const class clang::Circle &'
`-QualType 0xffea7c1 'const class clang::Circle' const
  `-SubstTemplateTypeParmType 0xffea7c0 'class clang::Circle' sugar
    |-TemplateTypeParmType 0xffe4f90 'X' dependent depth 0 index 0
    | `-TemplateTypeParm 0xffe4f40 'X'
    `-RecordType 0xffea090 'class clang::Circle'
      `-CXXRecord 0xffea000 'Circle'

Context.getPointerType(type) : PointerType 0x10006ab0 'const class 
clang::Circle &*'
`-LValueReferenceType 0xffea820 'const class clang::Circle &'
  `-QualType 0xffea7c1 'const class clang::Circle' const
    `-SubstTemplateTypeParmType 0xffea7c0 'class clang::Circle' sugar
      |-TemplateTypeParmType 0xffe4f90 'X' dependent depth 0 index 0
      | `-TemplateTypeParm 0xffe4f40 'X'
      `-RecordType 0xffea090 'class clang::Circle'
        `-CXXRecord 0xffea000 'Circle'

Context.getPointerType(type->getPointeeType()) : PointerType 0x10006ae0 'const 
class clang::Circle *'
`-QualType 0xffea7c1 'const class clang::Circle' const
  `-SubstTemplateTypeParmType 0xffea7c0 'class clang::Circle' sugar
    |-TemplateTypeParmType 0xffe4f90 'X' dependent depth 0 index 0
    | `-TemplateTypeParm 0xffe4f40 'X'
    `-RecordType 0xffea090 'class clang::Circle'
      `-CXXRecord 0xffea000 'Circle'

```
The LValueReferenceType causes a crash if I do not get a pointer type, looks 
like ... 

```
clang:  
<root>/clang/include/clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h:219:
 const llvm::APSInt& 
clang::ento::BasicValueFactory::getZeroWithTypeSize(clang::QualType): Assertion 
`T->isScalarType()' failed.

```
I'm assuming the pointer type retains the address space attribute of the 
LValueReferenceType. 

Context.getPointerType(type->getPointeeType()) produces a QualType :  
PointerType 'const class clang::Circle *' from an original QualType : 
LValueReferenceType 'const class clang::Circle &'

Is this not what's wanted - a pointer type instead of a reference, with the 
same address space qualifiers, or am I missing something in the query? 

Thanks


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D119601/new/

https://reviews.llvm.org/D119601

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits