Author: Martin Braenne Date: 2023-05-22T12:19:55Z New Revision: a9e90f7994222dde987154ed009504afbf3c2166
URL: https://github.com/llvm/llvm-project/commit/a9e90f7994222dde987154ed009504afbf3c2166 DIFF: https://github.com/llvm/llvm-project/commit/a9e90f7994222dde987154ed009504afbf3c2166.diff LOG: [clang][dataflow] Fix a null pointer crash in `computeBlockInputState()`. The crash was due to unconditionally calling `Block.succ_begin()->getReachableBlock()->hasNoReturnElement()`, but `getReachableBlock()` can return null now that we have turned `PruneTriviallyFalseEdges` on. This patch adds two tests that crash without the fix. Reviewed By: ymandel Differential Revision: https://reviews.llvm.org/D151071 Added: Modified: clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp Removed: ################################################################################ diff --git a/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp b/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp index 4fc8f27ffc9b2..37dd7081ae986 100644 --- a/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp +++ b/clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp @@ -216,7 +216,8 @@ computeBlockInputState(const CFGBlock &Block, AnalysisContext &AC) { // operator includes a branch that contains a noreturn destructor call. // // See `NoreturnDestructorTest` for concrete examples. - if (Block.succ_begin()->getReachableBlock()->hasNoReturnElement()) { + if (Block.succ_begin()->getReachableBlock() != nullptr && + Block.succ_begin()->getReachableBlock()->hasNoReturnElement()) { auto &StmtToBlock = AC.CFCtx.getStmtToBlock(); auto StmtBlock = StmtToBlock.find(Block.getTerminatorStmt()); assert(StmtBlock != StmtToBlock.end()); diff --git a/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp b/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp index 30aef86e7a26e..5bfb9e53778b0 100644 --- a/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp +++ b/clang/unittests/Analysis/FlowSensitive/TypeErasedDataflowAnalysisTest.cpp @@ -296,6 +296,22 @@ TEST_F(NoreturnDestructorTest, ConditionalOperatorLeftBranchReturns) { UnorderedElementsAre("foo")))))); } +TEST_F(NoreturnDestructorTest, + ConditionalOperatorConstantCondition_LeftBranchReturns) { + std::string Code = R"( + #include "noreturn_destructor_test_defs.h" + + void target() { + int value = true ? foo() : Fatal().bar(); + (void)0; + // [[p]] + } + )"; + runDataflow(Code, UnorderedElementsAre(IsStringMapEntry( + "p", HoldsFunctionCallLattice(HasCalledFunctions( + UnorderedElementsAre("foo")))))); +} + TEST_F(NoreturnDestructorTest, ConditionalOperatorRightBranchReturns) { std::string Code = R"( #include "noreturn_destructor_test_defs.h" @@ -311,6 +327,22 @@ TEST_F(NoreturnDestructorTest, ConditionalOperatorRightBranchReturns) { UnorderedElementsAre("foo")))))); } +TEST_F(NoreturnDestructorTest, + ConditionalOperatorConstantCondition_RightBranchReturns) { + std::string Code = R"( + #include "noreturn_destructor_test_defs.h" + + void target() { + int value = false ? Fatal().bar() : foo(); + (void)0; + // [[p]] + } + )"; + runDataflow(Code, UnorderedElementsAre(IsStringMapEntry( + "p", HoldsFunctionCallLattice(HasCalledFunctions( + UnorderedElementsAre("foo")))))); +} + TEST_F(NoreturnDestructorTest, ConditionalOperatorNestedBranchesDoNotReturn) { std::string Code = R"( #include "noreturn_destructor_test_defs.h" _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
