AbbasSabra created this revision. Herald added subscribers: cfe-commits, ASDenysPetrov, martong, Charusso, dkrupp, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun. Herald added a project: clang. AbbasSabra edited the summary of this revision. AbbasSabra added reviewers: xazax.hun, vsavchenko, NoQ. Herald added a subscriber: rnkovacs. AbbasSabra retitled this revision from "[analyzer] LoopWidening: fix crash by avoiding aliased references invalidationSummary: LoopWidening is invalidating references comming from type aliases which lead to a crashReviewers: xazax.hun vsavchenko NoQSubscribers:" to "[analyzer] LoopWidening: fix crash by avoiding aliased references invalidation".
LoopWidening is invalidating references coming from type aliases which lead to a crash. Repository: rG LLVM Github Monorepo https://reviews.llvm.org/D80669 Files: clang/lib/StaticAnalyzer/Core/LoopWidening.cpp clang/test/Analysis/loop-widening-preserve-reference-type.cpp Index: clang/test/Analysis/loop-widening-preserve-reference-type.cpp =================================================================== --- clang/test/Analysis/loop-widening-preserve-reference-type.cpp +++ clang/test/Analysis/loop-widening-preserve-reference-type.cpp @@ -12,3 +12,10 @@ for (int i = 0; i < 10; ++i) { } clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} } // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} + +using AR = const A&; +void invalid_type_alias_region_access() { + AR x = B(); + for (int i = 0; i < 10; ++i) { } + clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} +} // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} Index: clang/lib/StaticAnalyzer/Core/LoopWidening.cpp =================================================================== --- clang/lib/StaticAnalyzer/Core/LoopWidening.cpp +++ clang/lib/StaticAnalyzer/Core/LoopWidening.cpp @@ -67,8 +67,10 @@ } // References should not be invalidated. - auto Matches = match(findAll(stmt(hasDescendant(varDecl(hasType(referenceType())).bind(MatchRef)))), - *LCtx->getDecl()->getBody(), ASTCtx); + auto Matches = match( + findAll(stmt(hasDescendant( + varDecl(hasType(hasCanonicalType(referenceType()))).bind(MatchRef)))), + *LCtx->getDecl()->getBody(), ASTCtx); for (BoundNodes Match : Matches) { const VarDecl *VD = Match.getNodeAs<VarDecl>(MatchRef); assert(VD);
Index: clang/test/Analysis/loop-widening-preserve-reference-type.cpp =================================================================== --- clang/test/Analysis/loop-widening-preserve-reference-type.cpp +++ clang/test/Analysis/loop-widening-preserve-reference-type.cpp @@ -12,3 +12,10 @@ for (int i = 0; i < 10; ++i) { } clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} } // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} + +using AR = const A&; +void invalid_type_alias_region_access() { + AR x = B(); + for (int i = 0; i < 10; ++i) { } + clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} +} // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} Index: clang/lib/StaticAnalyzer/Core/LoopWidening.cpp =================================================================== --- clang/lib/StaticAnalyzer/Core/LoopWidening.cpp +++ clang/lib/StaticAnalyzer/Core/LoopWidening.cpp @@ -67,8 +67,10 @@ } // References should not be invalidated. - auto Matches = match(findAll(stmt(hasDescendant(varDecl(hasType(referenceType())).bind(MatchRef)))), - *LCtx->getDecl()->getBody(), ASTCtx); + auto Matches = match( + findAll(stmt(hasDescendant( + varDecl(hasType(hasCanonicalType(referenceType()))).bind(MatchRef)))), + *LCtx->getDecl()->getBody(), ASTCtx); for (BoundNodes Match : Matches) { const VarDecl *VD = Match.getNodeAs<VarDecl>(MatchRef); assert(VD);
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits