Author: Abbas Sabra Date: 2020-06-09T12:55:54+03:00 New Revision: 29353e69d25c0f13cd2704ce2269af464d0751a8
URL: https://github.com/llvm/llvm-project/commit/29353e69d25c0f13cd2704ce2269af464d0751a8 DIFF: https://github.com/llvm/llvm-project/commit/29353e69d25c0f13cd2704ce2269af464d0751a8.diff LOG: [analyzer] LoopWidening: fix crash by avoiding aliased references invalidation Summary: LoopWidening is invalidating references coming from type aliases which lead to a crash. Patch by Abbas Sabra! Differential Revision: https://reviews.llvm.org/D80669 Added: Modified: clang/lib/StaticAnalyzer/Core/LoopWidening.cpp clang/test/Analysis/loop-widening-preserve-reference-type.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp b/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp index 9a7b1a24b819..47e34dd84b9a 100644 --- a/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp +++ b/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp @@ -67,8 +67,10 @@ ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState, } // References should not be invalidated. - auto Matches = match(findAll(stmt(hasDescendant(varDecl(hasType(referenceType())).bind(MatchRef)))), - *LCtx->getDecl()->getBody(), ASTCtx); + auto Matches = match( + findAll(stmt(hasDescendant( + varDecl(hasType(hasCanonicalType(referenceType()))).bind(MatchRef)))), + *LCtx->getDecl()->getBody(), ASTCtx); for (BoundNodes Match : Matches) { const VarDecl *VD = Match.getNodeAs<VarDecl>(MatchRef); assert(VD); diff --git a/clang/test/Analysis/loop-widening-preserve-reference-type.cpp b/clang/test/Analysis/loop-widening-preserve-reference-type.cpp index b5746d1fe767..38dcb4fbb6ac 100644 --- a/clang/test/Analysis/loop-widening-preserve-reference-type.cpp +++ b/clang/test/Analysis/loop-widening-preserve-reference-type.cpp @@ -12,3 +12,11 @@ void invalid_type_region_access() { for (int i = 0; i < 10; ++i) { } clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} } // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} + +using AR = const A &; +void invalid_type_alias_region_access() { + AR x = B(); + for (int i = 0; i < 10; ++i) { + } + clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} +} // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits