diff options
| author | Matthew Voss <matthew.voss@sony.com> | 2018-06-12 22:22:35 +0000 |
|---|---|---|
| committer | Matthew Voss <matthew.voss@sony.com> | 2018-06-12 22:22:35 +0000 |
| commit | 6b9359509cb93ee94dfe33b9d243491b7f304968 (patch) | |
| tree | 963ddf592c9874271a1c6100e50db8d755e64e70 /clang/lib/StaticAnalyzer | |
| parent | 82d284c1d28b2694acc461efec09e12193ce1b7d (diff) | |
| download | bcm5719-llvm-6b9359509cb93ee94dfe33b9d243491b7f304968.tar.gz bcm5719-llvm-6b9359509cb93ee94dfe33b9d243491b7f304968.zip | |
[analyzer] Ensure that loop widening does not invalidate references
Loop widening can invalidate a reference. If the analyzer attempts to visit the
destructor to a non-existent reference, it will crash. This patch ensures that
the reference is preserved.
https://reviews.llvm.org/D47044
llvm-svn: 334554
Diffstat (limited to 'clang/lib/StaticAnalyzer')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/LoopWidening.cpp | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp b/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp index a609aa96d77..fa14f7a18fb 100644 --- a/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp +++ b/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp @@ -14,10 +14,16 @@ /// //===----------------------------------------------------------------------===// +#include "clang/AST/AST.h" +#include "clang/ASTMatchers/ASTMatchFinder.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h" #include "clang/StaticAnalyzer/Core/PathSensitive/LoopWidening.h" using namespace clang; using namespace ento; +using namespace clang::ast_matchers; + +const auto MatchRef = "matchref"; /// Return the loops condition Stmt or NULL if LoopStmt is not a loop static const Expr *getLoopCondition(const Stmt *LoopStmt) { @@ -49,6 +55,7 @@ ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState, // TODO Nested loops are currently widened as a result of the invalidation // being so inprecise. When the invalidation is improved, the handling // of nested loops will also need to be improved. + ASTContext &ASTCtx = LCtx->getAnalysisDeclContext()->getASTContext(); const StackFrameContext *STC = LCtx->getCurrentStackFrame(); MemRegionManager &MRMgr = PrevState->getStateManager().getRegionManager(); const MemRegion *Regions[] = {MRMgr.getStackLocalsRegion(STC), @@ -60,6 +67,18 @@ ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState, RegionAndSymbolInvalidationTraits::TK_EntireMemSpace); } + // References should not be invalidated. + auto Matches = match(findAll(stmt(hasDescendant(varDecl(hasType(referenceType())).bind(MatchRef)))), + *LCtx->getDecl()->getBody(), ASTCtx); + for (BoundNodes Match : Matches) { + const VarDecl *VD = Match.getNodeAs<VarDecl>(MatchRef); + assert(VD); + const VarRegion *VarMem = MRMgr.getVarRegion(VD, LCtx); + ITraits.setTrait(VarMem, + RegionAndSymbolInvalidationTraits::TK_PreserveContents); + } + + // 'this' pointer is not an lvalue, we should not invalidate it. If the loop // is located in a method, constructor or destructor, the value of 'this' // pointer shoule remain unchanged. |
