This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/lib/Lex/
-
lib/
-
Lex/
-
PPDirectives.cpp
-
PPLexerChange.cpp
-
Preprocessor.cpp

Differential D91540

[preprocessor] Assertions on the inferrable null pointers in Preprocessor befere dereference
Needs ReviewPublic

Authored by OikawaKirie on Nov 16 2020, 6:36 AM.

Download Raw Diff

Details

Reviewers

rsmith
lattner
ilya-biryukov
dnsampaio

Summary

This patch asserts on some smart pointers that can be statically inferred to be null pointers. For a smart pointer, when its nullability is checked, and the null branch can reach a dereference, we think it is a potential null pointer dereference. In this patch, I added an assertion before each reported dereference.

clang/lib/Lex/PPDirectives.cpp:441, inferred from the loop body: e.g. line 481, check and continue
clang/lib/Lex/PPDirectives.cpp:1385, inferred from line 911: check CurLexer
clang/lib/Lex/PPDirectives.cpp:1723, inferred from line 911: check CurLexer
clang/lib/Lex/PPDirectives.cpp:2540, inferred from line 911: check CurLexer
clang/lib/Lex/PPLexerChange.cpp:320, inferred from line 311: check CurLexer
clang/lib/Lex/Preprocessor.cpp:1226, inferred from recomputeCurLexerKind line 383: check CurLexer

Besides, the analyzer also reports the dereference in function SkipTokensWhileUsingPCH and Lex. I think these two reported dereference cannot actually happen, but I also add the asserts to make sure the value is correct.

Diff Detail

Unit TestsFailed

	Time	Test
	370 ms	linux > HWAddressSanitizer-x86_64.TestCases::sizes.cpp

Event Timeline

OikawaKirie created this revision.Nov 16 2020, 6:36 AM

Herald added a subscriber: cfe-commits. · View Herald TranscriptNov 16 2020, 6:36 AM

OikawaKirie requested review of this revision.Nov 16 2020, 6:36 AM

Harbormaster completed remote builds in B78957: Diff 305491.Nov 16 2020, 7:14 AM

dnsampaio resigned from this revision.Jan 13 2021, 11:31 AM

Revision Contents

Path

Size

clang/

lib/

Lex/

PPDirectives.cpp

5 lines

PPLexerChange.cpp

1 line

Preprocessor.cpp

7 lines

Diff 305491

clang/lib/Lex/PPDirectives.cpp

Show First 20 Lines • Show All 432 Lines • ▼ Show 20 Lines	void Preprocessor::SkipExcludedConditionalBlock(SourceLocation HashTokenLoc,
Token Tok;		Token Tok;
if (auto SkipLength =		if (auto SkipLength =
getSkippedRangeForExcludedConditionalBlock(HashTokenLoc)) {		getSkippedRangeForExcludedConditionalBlock(HashTokenLoc)) {
// Skip to the next '#endif' / '#else' / '#elif'.		// Skip to the next '#endif' / '#else' / '#elif'.
CurLexer->skipOver(*SkipLength);		CurLexer->skipOver(*SkipLength);
}		}
SourceLocation endLoc;		SourceLocation endLoc;
while (true) {		while (true) {
		assert(CurLexer);
CurLexer->Lex(Tok);		CurLexer->Lex(Tok);

if (Tok.is(tok::code_completion)) {		if (Tok.is(tok::code_completion)) {
if (CodeComplete)		if (CodeComplete)
CodeComplete->CodeCompleteInConditionalExclusion();		CodeComplete->CodeCompleteInConditionalExclusion();
setCodeCompletionReached();		setCodeCompletionReached();
continue;		continue;
}		}
▲ Show 20 Lines • Show All 927 Lines • ▼ Show 20 Lines	if (Callbacks) {
Callbacks->FileChanged(CurPPLexer->getSourceLocation(), Reason, FileKind);		Callbacks->FileChanged(CurPPLexer->getSourceLocation(), Reason, FileKind);
}		}
}		}

/// HandleUserDiagnosticDirective - Handle a #warning or #error directive.		/// HandleUserDiagnosticDirective - Handle a #warning or #error directive.
///		///
void Preprocessor::HandleUserDiagnosticDirective(Token &Tok,		void Preprocessor::HandleUserDiagnosticDirective(Token &Tok,
bool isWarning) {		bool isWarning) {
		assert(CurLexer);

// Read the rest of the line raw. We do this because we don't want macros		// Read the rest of the line raw. We do this because we don't want macros
// to be expanded and we don't require that the tokens be valid preprocessing		// to be expanded and we don't require that the tokens be valid preprocessing
// tokens. For example, this is allowed: "#warning ` 'foo". GCC does		// tokens. For example, this is allowed: "#warning ` 'foo". GCC does
// collapse multiple consecutive white space between tokens, but this isn't		// collapse multiple consecutive white space between tokens, but this isn't
// specified by the standard.		// specified by the standard.
SmallString<128> Message;		SmallString<128> Message;
CurLexer->ReadToEndOfLine(&Message);		CurLexer->ReadToEndOfLine(&Message);

▲ Show 20 Lines • Show All 320 Lines • ▼ Show 20 Lines	case ImportAction::ModuleImport:
EnterAnnotationToken(SourceRange(HashLoc, EndLoc),		EnterAnnotationToken(SourceRange(HashLoc, EndLoc),
tok::annot_module_include, Action.ModuleForHeader);		tok::annot_module_include, Action.ModuleForHeader);
break;		break;
case ImportAction::Failure:		case ImportAction::Failure:
assert(TheModuleLoader.HadFatalFailure &&		assert(TheModuleLoader.HadFatalFailure &&
"This should be an early exit only to a fatal error");		"This should be an early exit only to a fatal error");
TheModuleLoader.HadFatalFailure = true;		TheModuleLoader.HadFatalFailure = true;
IncludeTok.setKind(tok::eof);		IncludeTok.setKind(tok::eof);
		assert(CurLexer);
CurLexer->cutOffLexing();		CurLexer->cutOffLexing();
return;		return;
}		}
}		}

Optional<FileEntryRef> Preprocessor::LookupHeaderIncludeOrImport(		Optional<FileEntryRef> Preprocessor::LookupHeaderIncludeOrImport(
const DirectoryLookup *&CurDir, StringRef& Filename,		const DirectoryLookup *&CurDir, StringRef& Filename,
SourceLocation FilenameLoc, CharSourceRange FilenameRange,		SourceLocation FilenameLoc, CharSourceRange FilenameRange,
▲ Show 20 Lines • Show All 800 Lines • ▼ Show 20 Lines	MacroInfo *Preprocessor::ReadOptionalMacroParameterListAndBody(
MacroInfo *const MI = AllocateMacroInfo(MacroNameTok.getLocation());		MacroInfo *const MI = AllocateMacroInfo(MacroNameTok.getLocation());

Token Tok;		Token Tok;
LexUnexpandedToken(Tok);		LexUnexpandedToken(Tok);

// Ensure we consume the rest of the macro body if errors occur.		// Ensure we consume the rest of the macro body if errors occur.
auto _ = llvm::make_scope_exit([&]() {		auto _ = llvm::make_scope_exit([&]() {
// The flag indicates if we are still waiting for 'eod'.		// The flag indicates if we are still waiting for 'eod'.
		assert(CurLexer);
if (CurLexer->ParsingPreprocessorDirective)		if (CurLexer->ParsingPreprocessorDirective)
DiscardUntilEndOfDirective();		DiscardUntilEndOfDirective();
});		});

// Used to un-poison and then re-poison identifiers of the __VA_ARGS__ ilk		// Used to un-poison and then re-poison identifiers of the __VA_ARGS__ ilk
// within their appropriate context.		// within their appropriate context.
VariadicMacroScopeGuard VariadicMacroScopeGuard(*this);		VariadicMacroScopeGuard VariadicMacroScopeGuard(*this);

▲ Show 20 Lines • Show All 613 Lines • Show Last 20 Lines

clang/lib/Lex/PPLexerChange.cpp

Show First 20 Lines • Show All 311 Lines • ▼ Show 20 Lines	bool Preprocessor::HandleEndOfFile(Token &Result, bool isEndOfMacro) {
if ((LeavingSubmodule \|\| IncludeMacroStack.empty()) &&		if ((LeavingSubmodule \|\| IncludeMacroStack.empty()) &&
!BuildingSubmoduleStack.empty() &&		!BuildingSubmoduleStack.empty() &&
BuildingSubmoduleStack.back().IsPragma) {		BuildingSubmoduleStack.back().IsPragma) {
Diag(BuildingSubmoduleStack.back().ImportLoc,		Diag(BuildingSubmoduleStack.back().ImportLoc,
diag::err_pp_module_begin_without_module_end);		diag::err_pp_module_begin_without_module_end);
Module M = LeaveSubmodule(/ForPragma*/true);		Module M = LeaveSubmodule(/ForPragma*/true);

Result.startToken();		Result.startToken();
		assert(CurLexer && "Got EOF but no current lexer set!");
const char *EndPos = getCurLexerEndPos();		const char *EndPos = getCurLexerEndPos();
CurLexer->BufferPtr = EndPos;		CurLexer->BufferPtr = EndPos;
CurLexer->FormTokenWithChars(Result, EndPos, tok::annot_module_end);		CurLexer->FormTokenWithChars(Result, EndPos, tok::annot_module_end);
Result.setAnnotationEndLoc(Result.getLocation());		Result.setAnnotationEndLoc(Result.getLocation());
Result.setAnnotationValue(M);		Result.setAnnotationValue(M);
return true;		return true;
}		}

▲ Show 20 Lines • Show All 509 Lines • Show Last 20 Lines

clang/lib/Lex/Preprocessor.cpp

Show First 20 Lines • Show All 631 Lines • ▼ Show 20 Lines	void Preprocessor::SkipTokensWhileUsingPCH() {
bool UsingPCHThroughHeader = SkippingUntilPCHThroughHeader;		bool UsingPCHThroughHeader = SkippingUntilPCHThroughHeader;
bool UsingPragmaHdrStop = SkippingUntilPragmaHdrStop;		bool UsingPragmaHdrStop = SkippingUntilPragmaHdrStop;
Token Tok;		Token Tok;
while (true) {		while (true) {
bool InPredefines =		bool InPredefines =
(CurLexer && CurLexer->getFileID() == getPredefinesFileID());		(CurLexer && CurLexer->getFileID() == getPredefinesFileID());
switch (CurLexerKind) {		switch (CurLexerKind) {
case CLK_Lexer:		case CLK_Lexer:
		assert(CurLexer && "CurLexer is empty while CurLexerKind is CLK_Lexer.");
CurLexer->Lex(Tok);		CurLexer->Lex(Tok);
break;		break;
case CLK_TokenLexer:		case CLK_TokenLexer:
		assert(CurTokenLexer &&
		"CurTokenLexer is empty while CurLexerKind is CLK_TokenLexer.");
		Lint: Pre-merge checks Inline Actions clang-format: please reformat the code - "CurTokenLexer is empty while CurLexerKind is CLK_TokenLexer."); + "CurTokenLexer is empty while CurLexerKind is CLK_TokenLexer."); Lint: Pre-merge checks: clang-format: please reformat the code ``` - "CurTokenLexer is empty while…
CurTokenLexer->Lex(Tok);		CurTokenLexer->Lex(Tok);
break;		break;
case CLK_CachingLexer:		case CLK_CachingLexer:
CachingLex(Tok);		CachingLex(Tok);
break;		break;
case CLK_LexAfterModuleImport:		case CLK_LexAfterModuleImport:
LexAfterModuleImport(Tok);		LexAfterModuleImport(Tok);
break;		break;
▲ Show 20 Lines • Show All 239 Lines • ▼ Show 20 Lines
void Preprocessor::Lex(Token &Result) {		void Preprocessor::Lex(Token &Result) {
++LexLevel;		++LexLevel;

// We loop here until a lex function returns a token; this avoids recursion.		// We loop here until a lex function returns a token; this avoids recursion.
bool ReturnedToken;		bool ReturnedToken;
do {		do {
switch (CurLexerKind) {		switch (CurLexerKind) {
case CLK_Lexer:		case CLK_Lexer:
		assert(CurLexer && "CurLexer is empty while CurLexerKind is CLK_Lexer.");
ReturnedToken = CurLexer->Lex(Result);		ReturnedToken = CurLexer->Lex(Result);
break;		break;
case CLK_TokenLexer:		case CLK_TokenLexer:
		assert(CurTokenLexer &&
		"CurTokenLexer is empty while CurLexerKind is CLK_TokenLexer.");
		Lint: Pre-merge checks Inline Actions clang-format: please reformat the code - "CurTokenLexer is empty while CurLexerKind is CLK_TokenLexer."); + "CurTokenLexer is empty while CurLexerKind is CLK_TokenLexer."); Lint: Pre-merge checks: clang-format: please reformat the code ``` - "CurTokenLexer is empty while…
ReturnedToken = CurTokenLexer->Lex(Result);		ReturnedToken = CurTokenLexer->Lex(Result);
break;		break;
case CLK_CachingLexer:		case CLK_CachingLexer:
CachingLex(Result);		CachingLex(Result);
ReturnedToken = true;		ReturnedToken = true;
break;		break;
case CLK_LexAfterModuleImport:		case CLK_LexAfterModuleImport:
ReturnedToken = LexAfterModuleImport(Result);		ReturnedToken = LexAfterModuleImport(Result);
▲ Show 20 Lines • Show All 303 Lines • ▼ Show 20 Lines	case ImportAction::SkippedModuleImport:
Suffix[0].setAnnotationEndLoc(Suffix[0].getLocation());		Suffix[0].setAnnotationEndLoc(Suffix[0].getLocation());
Suffix[0].setAnnotationValue(Action.ModuleForHeader);		Suffix[0].setAnnotationValue(Action.ModuleForHeader);
// FIXME: Call the moduleImport callback?		// FIXME: Call the moduleImport callback?
break;		break;
case ImportAction::Failure:		case ImportAction::Failure:
assert(TheModuleLoader.HadFatalFailure &&		assert(TheModuleLoader.HadFatalFailure &&
"This should be an early exit only to a fatal error");		"This should be an early exit only to a fatal error");
Result.setKind(tok::eof);		Result.setKind(tok::eof);
		assert(CurLexer);
CurLexer->cutOffLexing();		CurLexer->cutOffLexing();
EnterTokens(Suffix);		EnterTokens(Suffix);
return true;		return true;
}		}

EnterTokens(Suffix);		EnterTokens(Suffix);
return false;		return false;
}		}
▲ Show 20 Lines • Show All 201 Lines • Show Last 20 Lines