diff options
| author | Alexander Shaposhnikov <shal1t712@gmail.com> | 2017-08-18 18:20:43 +0000 |
|---|---|---|
| committer | Alexander Shaposhnikov <shal1t712@gmail.com> | 2017-08-18 18:20:43 +0000 |
| commit | 291d658e1923e7a1f0fcecb07115a788d0bea4a7 (patch) | |
| tree | 5d11364da9e30522497825564efe8936af3f9cf0 /clang/lib | |
| parent | e101b07a1d7a17e2a6298f8e5fa09fd279a37d3b (diff) | |
| download | bcm5719-llvm-291d658e1923e7a1f0fcecb07115a788d0bea4a7.tar.gz bcm5719-llvm-291d658e1923e7a1f0fcecb07115a788d0bea4a7.zip | |
[analyzer] Fix modeling of constructors
This diff fixes analyzer's crash (triggered assert) on the newly added test case.
The assert being discussed is assert(!B.lookup(R, BindingKey::Direct))
in lib/StaticAnalyzer/Core/RegionStore.cpp, however the root cause is different.
For classes with empty bases the offsets might be tricky.
For example, let's assume we have
struct S: NonEmptyBase, EmptyBase {
...
};
In this case Clang applies empty base class optimization and
the offset of EmptyBase will be 0, it can be verified via
clang -cc1 -x c++ -v -fdump-record-layouts main.cpp -emit-llvm -o /dev/null.
When the analyzer tries to perform zero initialization of EmptyBase
it will hit the assert because that region
has already been "written" by the constructor of NonEmptyBase.
Test plan:
make check-all
Differential revision: https://reviews.llvm.org/D36851
llvm-svn: 311182
Diffstat (limited to 'clang/lib')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/RegionStore.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp index 28f78fa3ff5..11902f66df9 100644 --- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -409,6 +409,19 @@ public: // Part of public interface to class. // BindDefault is only used to initialize a region with a default value. StoreRef BindDefault(Store store, const MemRegion *R, SVal V) override { + // FIXME: The offsets of empty bases can be tricky because of + // of the so called "empty base class optimization". + // If a base class has been optimized out + // we should not try to create a binding, otherwise we should. + // Unfortunately, at the moment ASTRecordLayout doesn't expose + // the actual sizes of the empty bases + // and trying to infer them from offsets/alignments + // seems to be error-prone and non-trivial because of the trailing padding. + // As a temporary mitigation we don't create bindings for empty bases. + if (R->getKind() == MemRegion::CXXBaseObjectRegionKind && + cast<CXXBaseObjectRegion>(R)->getDecl()->isEmpty()) + return StoreRef(store, *this); + RegionBindingsRef B = getRegionBindings(store); assert(!B.lookup(R, BindingKey::Direct)); |
