[PATCH] D156402: [clang][dataflow] Don't crash when constructing an array of records.

Thu, 27 Jul 2023 01:36:20 -0700 

mboehme created this revision.
Herald added subscribers: martong, xazax.hun.
Herald added a reviewer: NoQ.
Herald added a project: All.
mboehme requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

When I wrote https://reviews.llvm.org/D155446, I assumed that a
`CXXConstructExpr` would always have record type, but this isn't true: It can
have array type when constructing an array of records. The code would crash in
this situation because `createValue()` would return null.

This patch includes a test that reproduces the crash without the other changes
in the patch.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D156402

Files:
  clang/lib/Analysis/FlowSensitive/Transfer.cpp
  clang/unittests/Analysis/FlowSensitive/TransferTest.cpp


Index: clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
===================================================================
--- clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -310,6 +310,28 @@
       });
 }
 
+TEST(TransferTest, StructArrayVarDecl) {
+  std::string Code = R"(
+    struct A {};
+
+    void target() {
+      A Array[2];
+      // [[p]]
+    }
+  )";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
+
+        const ValueDecl *ArrayDecl = findValueDecl(ASTCtx, "Array");
+
+        // We currently don't create values for arrays.
+        ASSERT_THAT(Env.getValue(*ArrayDecl), IsNull());
+      });
+}
+
 TEST(TransferTest, ClassVarDecl) {
   std::string Code = R"(
     class A {
Index: clang/lib/Analysis/FlowSensitive/Transfer.cpp
===================================================================
--- clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -500,9 +500,14 @@
       return;
     }
 
-    auto &InitialVal = *cast<StructValue>(Env.createValue(S->getType()));
-    copyRecord(InitialVal.getAggregateLoc(), Env.getResultObjectLocation(*S),
-               Env);
+    // `CXXConstructExpr` can have array type if default-initializing an array
+    // of records, and we currently can't create values for arrays. So check if
+    // we've got a record type.
+    if (S->getType()->isRecordType()) {
+      auto &InitialVal = *cast<StructValue>(Env.createValue(S->getType()));
+      copyRecord(InitialVal.getAggregateLoc(), Env.getResultObjectLocation(*S),
+                 Env);
+    }
 
     transferInlineCall(S, ConstructorDecl);
   }



Index: clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
===================================================================
--- clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -310,6 +310,28 @@
       });
 }
 
+TEST(TransferTest, StructArrayVarDecl) {
+  std::string Code = R"(
+    struct A {};
+
+    void target() {
+      A Array[2];
+      // [[p]]
+    }
+  )";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
+
+        const ValueDecl *ArrayDecl = findValueDecl(ASTCtx, "Array");
+
+        // We currently don't create values for arrays.
+        ASSERT_THAT(Env.getValue(*ArrayDecl), IsNull());
+      });
+}
+
 TEST(TransferTest, ClassVarDecl) {
   std::string Code = R"(
     class A {
Index: clang/lib/Analysis/FlowSensitive/Transfer.cpp
===================================================================
--- clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -500,9 +500,14 @@
       return;
     }
 
-    auto &InitialVal = *cast<StructValue>(Env.createValue(S->getType()));
-    copyRecord(InitialVal.getAggregateLoc(), Env.getResultObjectLocation(*S),
-               Env);
+    // `CXXConstructExpr` can have array type if default-initializing an array
+    // of records, and we currently can't create values for arrays. So check if
+    // we've got a record type.
+    if (S->getType()->isRecordType()) {
+      auto &InitialVal = *cast<StructValue>(Env.createValue(S->getType()));
+      copyRecord(InitialVal.getAggregateLoc(), Env.getResultObjectLocation(*S),
+                 Env);
+    }
 
     transferInlineCall(S, ConstructorDecl);
   }

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to