[PATCH] D47044: [analyzer] Ensure that we only visit a destructor for a reference if type information is available.

Matthew Voss via Phabricator via cfe-commits Thu, 07 Jun 2018 11:55:17 -0700

ormris updated this revision to Diff 150377.
ormris added a comment.

Use AST matchers to select references for preservation



Repository:
  rC Clang

https://reviews.llvm.org/D47044

Files:
  include/clang/StaticAnalyzer/Core/PathSensitive/LoopWidening.h
  lib/StaticAnalyzer/Core/ExprEngine.cpp
  lib/StaticAnalyzer/Core/LoopWidening.cpp
  test/Analysis/loop-widening-invalid-type.cpp

Index: test/Analysis/loop-widening-invalid-type.cpp
===================================================================
--- /dev/null
+++ test/Analysis/loop-widening-invalid-type.cpp
@@ -0,0 +1,11 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-max-loop 4 -analyzer-config widen-loops=true -verify %s
+
+struct A {
+  ~A() {}
+};
+struct B : public A {};
+
+void invalid_type_region_access() { // expected-no-diagnostics
+  const A &x = B();
+  for(int i = 0; i < 10; ++i) {}
+}
Index: lib/StaticAnalyzer/Core/LoopWidening.cpp
===================================================================
--- lib/StaticAnalyzer/Core/LoopWidening.cpp
+++ lib/StaticAnalyzer/Core/LoopWidening.cpp
@@ -15,9 +15,15 @@
 //===----------------------------------------------------------------------===//
 
 #include "clang/StaticAnalyzer/Core/PathSensitive/LoopWidening.h"
+#include "clang/AST/AST.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"
+#include "llvm/ADT/SmallSet.h"
 
 using namespace clang;
 using namespace ento;
+using namespace clang::ast_matchers;
 
 /// Return the loops condition Stmt or NULL if LoopStmt is not a loop
 static const Expr *getLoopCondition(const Stmt *LoopStmt) {
@@ -33,10 +39,27 @@
   }
 }
 
+struct Callback : public MatchFinder::MatchCallback {
+  const LocationContext *LCtx;
+  MemRegionManager &MRMgr;
+  RegionAndSymbolInvalidationTraits &ITraits;
+  explicit Callback(const LocationContext *LCtx_,
+                    MemRegionManager &MRMgr_,
+                    RegionAndSymbolInvalidationTraits &ITraits_) : LCtx(LCtx_),
+                                                                   MRMgr(MRMgr_),
+                                                                   ITraits(ITraits_) {}
+  virtual void run(const MatchFinder::MatchResult &Result) override {
+    const VarDecl *VD = Result.Nodes.getNodeAs<VarDecl>("match");
+    const VarRegion *VarMem = MRMgr.getVarRegion(VD, LCtx);
+    ITraits.setTrait(VarMem,
+                     RegionAndSymbolInvalidationTraits::TK_PreserveContents);
+  }
+};
+
 namespace clang {
 namespace ento {
 
-ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState,
+ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState, ASTContext &ASTCtx,
                                     const LocationContext *LCtx,
                                     unsigned BlockCount, const Stmt *LoopStmt) {
 
@@ -60,6 +83,12 @@
                      RegionAndSymbolInvalidationTraits::TK_EntireMemSpace);
   }
 
+  //References should not be invalidated.
+  MatchFinder Finder;
+  Finder.addMatcher(varDecl(hasType(referenceType())).bind("match"), new Callback(LCtx, MRMgr, ITraits));
+  Finder.matchAST(ASTCtx);
+
+
   // 'this' pointer is not an lvalue, we should not invalidate it. If the loop
   // is located in a method, constructor or destructor, the value of 'this'
   // pointer shoule remain unchanged.
Index: lib/StaticAnalyzer/Core/ExprEngine.cpp
===================================================================
--- lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1855,7 +1855,7 @@
     // Widen.
     const LocationContext *LCtx = Pred->getLocationContext();
     ProgramStateRef WidenedState =
-        getWidenedLoopState(Pred->getState(), LCtx, BlockCount, Term);
+        getWidenedLoopState(Pred->getState(), AMgr.getASTContext(), LCtx, BlockCount, Term);
     nodeBuilder.generateNode(WidenedState, Pred);
     return;
   }
Index: include/clang/StaticAnalyzer/Core/PathSensitive/LoopWidening.h
===================================================================
--- include/clang/StaticAnalyzer/Core/PathSensitive/LoopWidening.h
+++ include/clang/StaticAnalyzer/Core/PathSensitive/LoopWidening.h
@@ -26,7 +26,7 @@
 ///
 /// Widen the loop by invalidating anything that might be modified
 /// by the loop body in any iteration.
-ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState,
+ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState, ASTContext &ASTCtx,
                                     const LocationContext *LCtx,
                                     unsigned BlockCount, const Stmt *LoopStmt);

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D47044: [analyzer] Ensure that we only visit a destructor for a reference if type information is available.

Reply via email to