diff options
| author | martinboehme <mboehme@google.com> | 2024-05-02 08:35:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-02 08:35:13 +0200 |
| commit | 597a3150e932a9423c65b5ea4b53dd431aff5865 (patch) | |
| tree | e44b25c6976812eee9401ad48e9b10d702b6f409 /clang/unittests/Analysis/FlowSensitive/TransferTest.cpp | |
| parent | e3f42b02a4129947ca2dd820bfb63ffed83027b7 (diff) | |
| download | llvm-597a3150e932a9423c65b5ea4b53dd431aff5865.zip llvm-597a3150e932a9423c65b5ea4b53dd431aff5865.tar.gz llvm-597a3150e932a9423c65b5ea4b53dd431aff5865.tar.bz2 | |
[clang][dataflow] Don't propagate result objects in unevaluated contexts (#90438)
Trying to do so can cause crashes -- see newly added test and the
comments in
the fix.
We're starting to see a repeating pattern here: We're getting crashes
because
`ResultObjectVisitor` and `getReferencedDecls()` don't agree on which
parts of
the AST to visit and, hence, which fields should be modeled.
I think we should ensure consistency between these two parts of the code
by
using a `RecursiveASTVisitor` in `getReferencedDecls()`[^1]; the
`Traverse...()` functions that control which parts of the AST we visit
would go
in a common base class that would be used for both `ResultObjectVisitor`
and
`getReferencedDecls()`.
I'd like to focus this PR, however, on a targeted fix for the current
crash and
postpone the refactoring to a later PR (which will be easier to revert
if there
are unintended side-effects).
[^1]: As an added bonus, this would make the code better structured and
more
efficient than the current sequence of `if (dyn_cast<T>(...))`
statements).
Diffstat (limited to 'clang/unittests/Analysis/FlowSensitive/TransferTest.cpp')
| -rw-r--r-- | clang/unittests/Analysis/FlowSensitive/TransferTest.cpp | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp index 301bec3..95d5f56 100644 --- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp +++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp @@ -3331,6 +3331,58 @@ TEST(TransferTest, ResultObjectLocationDontVisitNestedRecordDecl) { ASTContext &ASTCtx) {}); } +TEST(TransferTest, ResultObjectLocationDontVisitUnevaluatedContexts) { + // This is a crash repro. + // We used to crash because when propagating result objects, we would visit + // unevaluated contexts, but we don't model fields used only in these. + + auto testFunction = [](llvm::StringRef Code, llvm::StringRef TargetFun) { + runDataflow( + Code, + [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results, + ASTContext &ASTCtx) {}, + LangStandard::lang_gnucxx17, + /* ApplyBuiltinTransfer= */ true, TargetFun); + }; + + std::string Code = R"cc( + // Definitions needed for `typeid`. + namespace std { + class type_info {}; + class bad_typeid {}; + } // namespace std + + struct S1 {}; + struct S2 { S1 s1; }; + + // We test each type of unevaluated context from a different target + // function. Some types of unevaluated contexts may actually cause the + // field `s1` to be modeled, and we don't want this to "pollute" the tests + // for the other unevaluated contexts. + void decltypeTarget() { + decltype(S2{}) Dummy; + } + void typeofTarget() { + typeof(S2{}) Dummy; + } + void typeidTarget() { + typeid(S2{}); + } + void sizeofTarget() { + sizeof(S2{}); + } + void noexceptTarget() { + noexcept(S2{}); + } + )cc"; + + testFunction(Code, "decltypeTarget"); + testFunction(Code, "typeofTarget"); + testFunction(Code, "typeidTarget"); + testFunction(Code, "sizeofTarget"); + testFunction(Code, "noexceptTarget"); +} + TEST(TransferTest, StaticCast) { std::string Code = R"( void target(int Foo) { |