This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/lib/Sema/
-
lib/
-
Sema/
1/5
SemaConcept.cpp

Differential D108481

Avoid nullptr dereferencing of 'Constraint'
ClosedPublic

Authored by schittir on Aug 20 2021, 12:49 PM.

Download Raw Diff

Details

Reviewers

erichkeane
saar.raz
aaron.ballman

Summary

Klocwork static code analysis exposed this bug:
Pointer 'Constraint' returned from call to function
'cast_or_null<clang::ConceptSpecializationExpr,clang::Expr>' may
be NULL and will be dereferenced in the statement following it

Replace 'cast_or_null' with 'cast' so that the latter can assert
when it encounters a NULL

Diff Detail

Event Timeline

schittir requested review of this revision.Aug 20 2021, 12:49 PM

schittir created this revision.

Herald added a subscriber: cfe-commits. · View Herald TranscriptAug 20 2021, 12:49 PM

Harbormaster completed remote builds in B120608: Diff 367871.Aug 20 2021, 1:41 PM

Thanks for the cleanup! Btw, it's helpful if you add more context to the patch when generating the diff. I typically use git diff -U9999 when generating a diff as that gives plenty of context for the patch review within Phabricator.

clang/lib/Sema/SemaConcept.cpp
1065–1068	If we're going to be touching this code, there's more suspect code here that needs to be cleaned up a bit. Directly above this is: const TypeConstraint *TC = cast<TemplateTypeParmDecl>(TPL->getParam(0))->getTypeConstraint(); assert(TC && "TPL must have a template type parameter with a type constraint"); That assertion can be removed entirely -- if the `cast<>` fails, it doesn't return null, it asserts.

Removed the useless assert on TC.
Retained the change from cast_or_null to cast

erichkeane accepted this revision.Aug 23 2021, 12:56 PM

This revision is now accepted and ready to land.Aug 23 2021, 12:56 PM

LGTM, thanks for the cleanup! Do you need someone to commit on your behalf? If so, what name and email address would you like me to use for patch attribution?

In D108481#2960875, @aaron.ballman wrote:

LGTM, thanks for the cleanup! Do you need someone to commit on your behalf? If so, what name and email address would you like me to use for patch attribution?

Thank you, Aaron.
Yes, please! Sindhu Chittireddy; sindhu.chittireddy@intel.com

Harbormaster completed remote builds in B120851: Diff 368183.Aug 23 2021, 1:37 PM

In D108481#2960883, @schittir wrote:

In D108481#2960875, @aaron.ballman wrote:

LGTM, thanks for the cleanup! Do you need someone to commit on your behalf? If so, what name and email address would you like me to use for patch attribution?

Thank you, Aaron.
Yes, please! Sindhu Chittireddy; sindhu.chittireddy@intel.com

Thanks! I've committed on your behalf in 98339f14a0420cdfbe4215d8d1bc0a01165e0495.

mlychkov added a subscriber: mlychkov.Aug 26 2021, 9:11 AM

mlychkov added inline comments.

clang/lib/Sema/SemaConcept.cpp
1065–1068	Actually, cast return nonnull value, but TC = "cast_result"->getTypeConstraint(); and TC may become nullptr, I suppose.

aaron.ballman added inline comments.Aug 26 2021, 9:25 AM

clang/lib/Sema/SemaConcept.cpp
1065–1068	Good catch! I think we should add the assertion on `TC` being nonnull back. I'll take care of that.

erichkeane added inline comments.Aug 26 2021, 9:27 AM

clang/lib/Sema/SemaConcept.cpp
1065–1068	Ooh, good catch! I definitely missed that when suggesting removing the assert. @aaron.ballman can you re-add the assert on 1065?

aaron.ballman added inline comments.Aug 26 2021, 9:53 AM

clang/lib/Sema/SemaConcept.cpp
1065–1068	I've put the assert back in 0cf4f81082e9fa052e60450b8cbb10007e59931c, thanks for letting us know @mlychkov!

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaConcept.cpp

5 lines

Diff 368183

clang/lib/Sema/SemaConcept.cpp

	Show First 20 Lines • Show All 1,056 Lines • ▼ Show 20 Lines
	}			}

	concepts::ExprRequirement::ReturnTypeRequirement::			concepts::ExprRequirement::ReturnTypeRequirement::
	ReturnTypeRequirement(TemplateParameterList *TPL) :			ReturnTypeRequirement(TemplateParameterList *TPL) :
	TypeConstraintInfo(TPL, 0) {			TypeConstraintInfo(TPL, 0) {
	assert(TPL->size() == 1);			assert(TPL->size() == 1);
	const TypeConstraint *TC =			const TypeConstraint *TC =
	cast<TemplateTypeParmDecl>(TPL->getParam(0))->getTypeConstraint();			cast<TemplateTypeParmDecl>(TPL->getParam(0))->getTypeConstraint();
	assert(TC &&
	"TPL must have a template type parameter with a type constraint");
	auto *Constraint =			auto *Constraint =
	cast_or_null<ConceptSpecializationExpr>(			cast<ConceptSpecializationExpr>(TC->getImmediatelyDeclaredConstraint());
	TC->getImmediatelyDeclaredConstraint());
	bool Dependent =			bool Dependent =
	Constraint->getTemplateArgsAsWritten() &&			Constraint->getTemplateArgsAsWritten() &&
				aaron.ballmanUnsubmitted Done Reply Inline Actions If we're going to be touching this code, there's more suspect code here that needs to be cleaned up a bit. Directly above this is: const TypeConstraint TC = cast<TemplateTypeParmDecl>(TPL->getParam(0))->getTypeConstraint(); assert(TC && "TPL must have a template type parameter with a type constraint"); That assertion can be removed entirely -- if the `cast<>` fails, it doesn't return null, it asserts. aaron.ballman:* If we're going to be touching this code, there's more suspect code here that needs to be…
				mlychkovUnsubmitted Not Done Reply Inline Actions Actually, cast return nonnull value, but TC = "cast_result"->getTypeConstraint(); and TC may become nullptr, I suppose. mlychkov: Actually, cast return nonnull value, but TC = "cast_result"->getTypeConstraint(); and TC may…
				aaron.ballmanUnsubmitted Not Done Reply Inline Actions Good catch! I think we should add the assertion on `TC` being nonnull back. I'll take care of that. aaron.ballman: Good catch! I think we should add the assertion on `TC` being nonnull back. I'll take care of…
				erichkeaneUnsubmitted Not Done Reply Inline Actions Ooh, good catch! I definitely missed that when suggesting removing the assert. @aaron.ballman can you re-add the assert on 1065? erichkeane: Ooh, good catch! I definitely missed that when suggesting removing the assert. @aaron.ballman…
				aaron.ballmanUnsubmitted Not Done Reply Inline Actions I've put the assert back in 0cf4f81082e9fa052e60450b8cbb10007e59931c, thanks for letting us know @mlychkov! aaron.ballman: I've put the assert back in 0cf4f81082e9fa052e60450b8cbb10007e59931c, thanks for letting us…
	TemplateSpecializationType::anyInstantiationDependentTemplateArguments(			TemplateSpecializationType::anyInstantiationDependentTemplateArguments(
	Constraint->getTemplateArgsAsWritten()->arguments().drop_front(1));			Constraint->getTemplateArgsAsWritten()->arguments().drop_front(1));
	TypeConstraintInfo.setInt(Dependent ? 1 : 0);			TypeConstraintInfo.setInt(Dependent ? 1 : 0);
	}			}

	concepts::TypeRequirement::TypeRequirement(TypeSourceInfo *T) :			concepts::TypeRequirement::TypeRequirement(TypeSourceInfo *T) :
	Requirement(RK_Type, T->getType()->isInstantiationDependentType(),			Requirement(RK_Type, T->getType()->isInstantiationDependentType(),
	T->getType()->containsUnexpandedParameterPack(),			T->getType()->containsUnexpandedParameterPack(),
	// We reach this ctor with either dependent types (in which			// We reach this ctor with either dependent types (in which
	// IsSatisfied doesn't matter) or with non-dependent type in			// IsSatisfied doesn't matter) or with non-dependent type in
	// which the existence of the type indicates satisfaction.			// which the existence of the type indicates satisfaction.
	/IsSatisfied=/true),			/IsSatisfied=/true),
	Value(T),			Value(T),
	Status(T->getType()->isInstantiationDependentType() ? SS_Dependent			Status(T->getType()->isInstantiationDependentType() ? SS_Dependent
	: SS_Satisfied) {}			: SS_Satisfied) {}