This is an archive of the discontinued LLVM Phabricator instance.

Differential D146538

[analyzer] Fix crashing getSValFromInitListExpr for nested initlists
ClosedPublic

Authored by steakhal on Mar 21 2023, 9:13 AM.

Details

Reviewers
xazax.hun
NoQ
Szelethus
Commits
rG558b46fde2db: [analyzer] Fix crashing getSValFromInitListExpr for nested initlists
Summary

In the following example, we will end up hitting the llvm_unreachable():
https://godbolt.org/z/5sccc95Ec

enum class E {};
const E glob[] = {{}};
void initlistWithinInitlist() {
  clang_analyzer_dump(glob[0]); // crashes at loading from `glob[0]`
}

We should just return std::nullopt instead for these cases. It's better than crashing.

Diff Detail

Event Timeline

steakhal created this revision.Mar 21 2023, 9:13 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptMar 21 2023, 9:13 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: manas, ASDenysPetrov, martong and 8 others. · View Herald Transcript
steakhal requested review of this revision.Mar 21 2023, 9:13 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 21 2023, 9:13 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
steakhal added a comment.Mar 21 2023, 9:16 AM

I think this one also deserves backporting to clang-16.0.1 @xazax.hun

xazax.hun accepted this revision.Mar 21 2023, 9:18 AM

Ugh :/

I wonder if we should also open tickets on GitHub to reduce the chance of forgetting addressing the root cause for these. What do you think?

This revision is now accepted and ready to land.Mar 21 2023, 9:18 AM
Harbormaster completed remote builds in B220745: Diff 507011.Mar 21 2023, 10:02 AM
steakhal added a comment.Mar 21 2023, 10:16 AM
In D146538#4210037, @xazax.hun wrote:

Ugh :/

I wonder if we should also open tickets on GitHub to reduce the chance of forgetting addressing the root cause for these. What do you think?

Thanks for the quick review!

I think it would be valuable to track these FIXMEs as issues indeed. However, I don't have the time right now to file them.
Good tickets would require a bit more effort than I could invest now.

Closed by commit rG558b46fde2db: [analyzer] Fix crashing getSValFromInitListExpr for nested initlists (authored by steakhal). · Explain WhyMar 22 2023, 12:44 AM
This revision was automatically updated to reflect the committed changes.
steakhal added a commit: rG558b46fde2db: [analyzer] Fix crashing getSValFromInitListExpr for nested initlists.
steakhal added a comment.Mar 22 2023, 1:54 AM

Speaking of issue tracking, I think it would be much more valuable to our users if we had a proper release notes section for CSA. Right now it is so ad-hoc.
That is also true for crash fixes and backports. Maybe we should put more emphasis on that part for the next major release.
I'm not sure how to enforce it though.

steakhal added a comment.Mar 23 2023, 7:39 AM

This has been backported to clang-16.0.1 as 1172ed57d8234990b277281b3084969fcdb38602

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
8 lines
test/
Analysis/
7 lines

Diff 507257

clang/lib/StaticAnalyzer/Core/RegionStore.cpp

Show First 20 LinesShow All 1,843 Lines▼ Show 20 Lines for (uint64_t Offset : Offsets) {
if (!IL) if (!IL)
// Return a constant value, if it is presented. // Return a constant value, if it is presented.
// FIXME: Support other SVals. // FIXME: Support other SVals.
return svalBuilder.getConstantVal(E); return svalBuilder.getConstantVal(E);
// Go to the nested initializer list. // Go to the nested initializer list.
ILE = IL; ILE = IL;
} }
llvm_unreachable(
"Unhandled InitListExpr sub-expressions or invalid offsets."); assert(ILE);
// FIXME: Unhandeled InitListExpr sub-expression, possibly constructing an
// enum?
return std::nullopt;
} }
/// Returns an SVal, if possible, for the specified position in a string /// Returns an SVal, if possible, for the specified position in a string
/// literal. /// literal.
/// ///
/// \param SL The given string literal. /// \param SL The given string literal.
/// \param Offset The unsigned offset. E.g. for the expression /// \param Offset The unsigned offset. E.g. for the expression
/// `char x = str[42];` an offset should be 42. /// `char x = str[42];` an offset should be 42.
▲ Show 20 LinesShow All 1,076 LinesShow Last 20 Lines

clang/test/Analysis/initialization.cpp

Show First 20 LinesShow All 243 Lines▼ Show 20 Linesvoid glob_array_parentheses1() {
clang_analyzer_eval(glob_arr9[0][1] == 2); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[0][1] == 2); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr9[0][2] == 3); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[0][2] == 3); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr9[0][3] == 4); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[0][3] == 4); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr9[1][0] == 5); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[1][0] == 5); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr9[1][1] == 6); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[1][1] == 6); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr9[1][2] == 7); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[1][2] == 7); // expected-warning{{TRUE}}
clang_analyzer_eval(glob_arr9[1][3] == 0); // expected-warning{{TRUE}} clang_analyzer_eval(glob_arr9[1][3] == 0); // expected-warning{{TRUE}}
} }
enum class E {};
const E glob[] = {{}};
void initlistWithinInitlist() {
// no-crash
clang_analyzer_dump(glob[0]); // expected-warning-re {{reg_${{[0-9]+}}<enum E Element{glob,0 S64b,enum E}>}}
}