This is an archive of the discontinued LLVM Phabricator instance.

Differential D157554

[NFC][Clang] Fix static analyzer concern about null pointer dereference
ClosedPublic

Authored by eandrews on Aug 9 2023, 3:38 PM.

Details

Reviewers
tahonermann
aaron.ballman
erichkeane
Commits
rGc4ada13e4b3e: [NFC][Clang] Fix static analyzer concern about null value dereference
Summary

Param->getTypeConstraint() can return nullptr, and was dereferenced without a check.

I followed the logic for invalid constraints and set Status as concepts::ExprRequirement::SS_ExprSubstitutionFailure if getTypeConstraint() returns null unexpectedly. I am not a 100% certain about this change since I am unfamiliar with concepts.

Diff Detail

Event Timeline

eandrews created this revision.Aug 9 2023, 3:38 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 9 2023, 3:38 PM
Herald added subscribers: manas, ASDenysPetrov, dkrupp and 4 others. · View Herald Transcript
eandrews requested review of this revision.Aug 9 2023, 3:38 PM
Herald added a subscriber: wangpc. · View Herald TranscriptAug 9 2023, 3:38 PM
Harbormaster completed remote builds in B251509: Diff 548791.Aug 9 2023, 11:21 PM
aaron.ballman added a reviewer: erichkeane.Aug 10 2023, 5:01 AM
aaron.ballman added a subscriber: erichkeane.

This feels a bit more like a functional change than a non-functional change because it seems like we should be able to test this case (whereas, if we think TC can never be null in reality, we could add an assert for it and not add test coverage). That said, I'm not certain how to induce a failure here. Adding @erichkeane in case he has ideas.

eandrews added a comment.Aug 10 2023, 6:39 AM
In D157554#4576478, @aaron.ballman wrote:

This feels a bit more like a functional change than a non-functional change because it seems like we should be able to test this case (whereas, if we think TC can never be null in reality, we could add an assert for it and not add test coverage). That said, I'm not certain how to induce a failure here. Adding @erichkeane in case he has ideas.

Yea I agree. I see that this is inside ReturnTypeRequirement.isTypeConstraint() so maybe Param should always have a type constraint? I'm just naively guessing here though

aaron.ballman added a comment.Aug 10 2023, 10:22 AM
In D157554#4576720, @eandrews wrote:
In D157554#4576478, @aaron.ballman wrote:

This feels a bit more like a functional change than a non-functional change because it seems like we should be able to test this case (whereas, if we think TC can never be null in reality, we could add an assert for it and not add test coverage). That said, I'm not certain how to induce a failure here. Adding @erichkeane in case he has ideas.

Yea I agree. I see that this is inside ReturnTypeRequirement.isTypeConstraint() so maybe Param should always have a type constraint? I'm just naively guessing here though

As I read the code, I think an assert is sufficient -- if the param is a type constraint, I believe we expect a non-null type constraint and a null one is a sign of a bug.

eandrews added a comment.Aug 10 2023, 10:35 AM
In D157554#4577504, @aaron.ballman wrote:
In D157554#4576720, @eandrews wrote:
In D157554#4576478, @aaron.ballman wrote:

This feels a bit more like a functional change than a non-functional change because it seems like we should be able to test this case (whereas, if we think TC can never be null in reality, we could add an assert for it and not add test coverage). That said, I'm not certain how to induce a failure here. Adding @erichkeane in case he has ideas.

Yea I agree. I see that this is inside ReturnTypeRequirement.isTypeConstraint() so maybe Param should always have a type constraint? I'm just naively guessing here though

As I read the code, I think an assert is sufficient -- if the param is a type constraint, I believe we expect a non-null type constraint and a null one is a sign of a bug.

Alright. I'll make the change then. Thanks!

eandrews updated this revision to Diff 549960.Aug 14 2023, 8:33 AM

Applied review comments

tahonermann accepted this revision.Aug 14 2023, 8:49 AM

Looks good to me!

This revision is now accepted and ready to land.Aug 14 2023, 8:49 AM
Harbormaster completed remote builds in B252375: Diff 549960.Aug 14 2023, 10:54 AM
Closed by commit rGc4ada13e4b3e: [NFC][Clang] Fix static analyzer concern about null value dereference (authored by eandrews). · Explain WhyAug 14 2023, 12:21 PM
This revision was automatically updated to reflect the committed changes.
eandrews added a commit: rGc4ada13e4b3e: [NFC][Clang] Fix static analyzer concern about null value dereference.
Herald added a project: Restricted Project. · View Herald TranscriptAug 14 2023, 12:21 PM
eandrews added a comment.Aug 14 2023, 12:22 PM

Thanks for the reviews!

zyounan mentioned this in D158061: [clang] Construct ExprRequirement with SubstitutionDiagnostic on SubstFailure.Aug 16 2023, 5:53 AM

Revision Contents

PathSize
clang/
lib/
Sema/
6 lines

Diff 550052

clang/lib/Sema/SemaExprCXX.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 9,066 Lines▼ Show 20 Lines else if (ReturnTypeRequirement.isTypeConstraint()) {
Args.push_back(TemplateArgument(MatchedType)); Args.push_back(TemplateArgument(MatchedType));
auto *Param = cast<TemplateTypeParmDecl>(TPL->getParam(0)); auto *Param = cast<TemplateTypeParmDecl>(TPL->getParam(0));
TemplateArgumentList TAL(TemplateArgumentList::OnStack, Args); TemplateArgumentList TAL(TemplateArgumentList::OnStack, Args);
MultiLevelTemplateArgumentList MLTAL(Param, TAL.asArray(), MultiLevelTemplateArgumentList MLTAL(Param, TAL.asArray(),
/*Final=*/false); /*Final=*/false);
MLTAL.addOuterRetainedLevels(TPL->getDepth()); MLTAL.addOuterRetainedLevels(TPL->getDepth());
Expr *IDC = Param->getTypeConstraint()->getImmediatelyDeclaredConstraint(); const TypeConstraint *TC = Param->getTypeConstraint();
ExprResult Constraint = SubstExpr(IDC, MLTAL); assert(TC && "Type Constraint cannot be null here");
ExprResult Constraint =
SubstExpr(TC->getImmediatelyDeclaredConstraint(), MLTAL);
if (Constraint.isInvalid()) { if (Constraint.isInvalid()) {
Status = concepts::ExprRequirement::SS_ExprSubstitutionFailure; Status = concepts::ExprRequirement::SS_ExprSubstitutionFailure;
} else { } else {
SubstitutedConstraintExpr = SubstitutedConstraintExpr =
cast<ConceptSpecializationExpr>(Constraint.get()); cast<ConceptSpecializationExpr>(Constraint.get());
if (!SubstitutedConstraintExpr->isSatisfied()) if (!SubstitutedConstraintExpr->isSatisfied())
Status = concepts::ExprRequirement::SS_ConstraintsNotSatisfied; Status = concepts::ExprRequirement::SS_ConstraintsNotSatisfied;
} }
▲ Show 20 LinesShow All 98 LinesShow Last 20 Lines