From 29353e69d25c0f13cd2704ce2269af464d0751a8 Mon Sep 17 00:00:00 2001 From: Abbas Sabra Date: Tue, 9 Jun 2020 12:49:47 +0300 Subject: [PATCH] [analyzer] LoopWidening: fix crash by avoiding aliased references invalidation Summary: LoopWidening is invalidating references coming from type aliases which lead to a crash. Patch by Abbas Sabra! Differential Revision: https://reviews.llvm.org/D80669 --- clang/lib/StaticAnalyzer/Core/LoopWidening.cpp | 6 ++++-- clang/test/Analysis/loop-widening-preserve-reference-type.cpp | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp b/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp index 9a7b1a2..47e34dd 100644 --- a/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp +++ b/clang/lib/StaticAnalyzer/Core/LoopWidening.cpp @@ -67,8 +67,10 @@ ProgramStateRef getWidenedLoopState(ProgramStateRef PrevState, } // References should not be invalidated. - auto Matches = match(findAll(stmt(hasDescendant(varDecl(hasType(referenceType())).bind(MatchRef)))), - *LCtx->getDecl()->getBody(), ASTCtx); + auto Matches = match( + findAll(stmt(hasDescendant( + varDecl(hasType(hasCanonicalType(referenceType()))).bind(MatchRef)))), + *LCtx->getDecl()->getBody(), ASTCtx); for (BoundNodes Match : Matches) { const VarDecl *VD = Match.getNodeAs(MatchRef); assert(VD); diff --git a/clang/test/Analysis/loop-widening-preserve-reference-type.cpp b/clang/test/Analysis/loop-widening-preserve-reference-type.cpp index b5746d1..38dcb4f 100644 --- a/clang/test/Analysis/loop-widening-preserve-reference-type.cpp +++ b/clang/test/Analysis/loop-widening-preserve-reference-type.cpp @@ -12,3 +12,11 @@ void invalid_type_region_access() { for (int i = 0; i < 10; ++i) { } clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} } // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} + +using AR = const A &; +void invalid_type_alias_region_access() { + AR x = B(); + for (int i = 0; i < 10; ++i) { + } + clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} +} // expected-warning@-1{{reference cannot be bound to dereferenced null pointer in well-defined C++ code; comparison may be assumed to always evaluate to true}} -- 2.7.4