[clang][dataflow] Fix buggy assertion: Compare an unqualified type to an unqualified type. #71573
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Includes crash-reproducing test case.
llvmbot
added
clang
|
@llvm/pr-subscribers-clang Author: Samira Bazuzi (bazuzi) ChangesIncludes crash-reproducing test case. Full diff: https://github.com/llvm/llvm-project/pull/71573.diff 2 Files Affected:
diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index 8b2f8ecc5027e8a..839c04c65e39e7c 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -683,11 +683,11 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
assert(
// The types are same, or
Field->getType().getCanonicalType().getUnqualifiedType() ==
- Init->getType().getCanonicalType() ||
+ Init->getType().getCanonicalType().getUnqualifiedType() ||
// The field's type is T&, and initializer is T
(Field->getType()->isReferenceType() &&
- Field->getType().getCanonicalType()->getPointeeType() ==
- Init->getType().getCanonicalType()));
+ Field->getType().getCanonicalType()->getPointeeType() ==
+ Init->getType().getCanonicalType()));
auto& Loc = Env.createObject(Field->getType(), Init);
FieldLocs.insert({Field, &Loc});
}
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index bd9b98178b5d4e3..19136f24d666b66 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -3197,6 +3197,26 @@ TEST(TransferTest, AggregateInitialization_NotExplicitlyInitializedField) {
});
}
+TEST(TransferTest, AggregateInitializationFunctionPointer) {
+ // This is a crash repro.
+ // nullptr takes on the type of a const function pointer, but its type was
+ // asserted to be equal to the *unqualified* type of Field, which no longer
+ // included the const.
+ std::string Code = R"(
+ struct S {
+ void (*const Field)();
+ };
+
+ void target() {
+ S s{nullptr};
+ }
+ )";
+ runDataflow(
+ Code,
+ [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+ ASTContext &ASTCtx) {});
+}
+
TEST(TransferTest, AssignToUnionMember) {
std::string Code = R"(
union A {
|
|
@llvm/pr-subscribers-clang-analysis Author: Samira Bazuzi (bazuzi) ChangesIncludes crash-reproducing test case. Full diff: https://github.com/llvm/llvm-project/pull/71573.diff 2 Files Affected:
diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index 8b2f8ecc5027e8a..839c04c65e39e7c 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -683,11 +683,11 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
assert(
// The types are same, or
Field->getType().getCanonicalType().getUnqualifiedType() ==
- Init->getType().getCanonicalType() ||
+ Init->getType().getCanonicalType().getUnqualifiedType() ||
// The field's type is T&, and initializer is T
(Field->getType()->isReferenceType() &&
- Field->getType().getCanonicalType()->getPointeeType() ==
- Init->getType().getCanonicalType()));
+ Field->getType().getCanonicalType()->getPointeeType() ==
+ Init->getType().getCanonicalType()));
auto& Loc = Env.createObject(Field->getType(), Init);
FieldLocs.insert({Field, &Loc});
}
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index bd9b98178b5d4e3..19136f24d666b66 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -3197,6 +3197,26 @@ TEST(TransferTest, AggregateInitialization_NotExplicitlyInitializedField) {
});
}
+TEST(TransferTest, AggregateInitializationFunctionPointer) {
+ // This is a crash repro.
+ // nullptr takes on the type of a const function pointer, but its type was
+ // asserted to be equal to the *unqualified* type of Field, which no longer
+ // included the const.
+ std::string Code = R"(
+ struct S {
+ void (*const Field)();
+ };
+
+ void target() {
+ S s{nullptr};
+ }
+ )";
+ runDataflow(
+ Code,
+ [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+ ASTContext &ASTCtx) {});
+}
+
TEST(TransferTest, AssignToUnionMember) {
std::string Code = R"(
union A {
|
|
@martinboehme Could you review? |
martinboehme
changed the title
martinboehme
approved these changes
Nov 8, 2023
Co-authored-by: martinboehme <[email protected]>
|
Could you merge for me? I don't have write access. |
Done! |
zahiraam
pushed a commit
to zahiraam/llvm-project
that referenced
this pull request
Nov 20, 2023
… an unqualified type. (llvm#71573) Includes crash-reproducing test case. --------- Co-authored-by: martinboehme <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Includes crash-reproducing test case.