[clang][dataflow] Don't crash when constructing an array of records.

martinboehme · martinboehme · commit e6e83cbcc748 · 2023-07-27T12:46:13.000Z
When I wrote https://reviews.llvm.org/D155446, I assumed that a `CXXConstructExpr` would always have record type, but this isn't true: It can have array type when constructing an array of records. The code would crash in this situation because `createValue()` would return null. This patch includes a test that reproduces the crash without the other changes in the patch. Reviewed By: sammccall Differential Revision: https://reviews.llvm.org/D156402
diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -500,9 +500,14 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
       return;
     }
 
-    auto &InitialVal = *cast<StructValue>(Env.createValue(S->getType()));
-    copyRecord(InitialVal.getAggregateLoc(), Env.getResultObjectLocation(*S),
-               Env);
+    // `CXXConstructExpr` can have array type if default-initializing an array
+    // of records, and we currently can't create values for arrays. So check if
+    // we've got a record type.
+    if (S->getType()->isRecordType()) {
+      auto &InitialVal = *cast<StructValue>(Env.createValue(S->getType()));
+      copyRecord(InitialVal.getAggregateLoc(), Env.getResultObjectLocation(*S),
+                 Env);
+    }
 
     transferInlineCall(S, ConstructorDecl);
   }
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -310,6 +310,28 @@ TEST(TransferTest, StructVarDeclWithInit) {
       });
 }
 
+TEST(TransferTest, StructArrayVarDecl) {
+  std::string Code = R"(
+    struct A {};
+
+    void target() {
+      A Array[2];
+      // [[p]]
+    }
+  )";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
+
+        const ValueDecl *ArrayDecl = findValueDecl(ASTCtx, "Array");
+
+        // We currently don't create values for arrays.
+        ASSERT_THAT(Env.getValue(*ArrayDecl), IsNull());
+      });
+}
+
 TEST(TransferTest, ClassVarDecl) {
   std::string Code = R"(
     class A {
