From ab2cec8b85cf84f0c734115205cc8b07b56bd3ae Mon Sep 17 00:00:00 2001 From: Artem Dergachev Date: Sat, 19 Oct 2019 01:50:43 +0000 Subject: [PATCH] [analyzer] Fix a crash on tracking Objective-C 'self' as a control dependency. 'self' was previously never tracked, but now it can be tracked because it may be part of a condition. llvm-svn: 375328 --- .../Core/BugReporterVisitors.cpp | 19 +++++++---- .../track-control-dependency-conditions.m | 32 +++++++++++++++++++ 2 files changed, 44 insertions(+), 7 deletions(-) create mode 100644 clang/test/Analysis/track-control-dependency-conditions.m diff --git a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp index f1592ebff669..28382cd64fd4 100644 --- a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -1418,14 +1418,19 @@ FindLastStoreBRVisitor::VisitNode(const ExplodedNode *Succ, if (Optional CE = Succ->getLocationAs()) { if (const auto *VR = dyn_cast(R)) { - const auto *Param = cast(VR->getDecl()); + if (const auto *Param = dyn_cast(VR->getDecl())) { + ProgramStateManager &StateMgr = BRC.getStateManager(); + CallEventManager &CallMgr = StateMgr.getCallEventManager(); - ProgramStateManager &StateMgr = BRC.getStateManager(); - CallEventManager &CallMgr = StateMgr.getCallEventManager(); - - CallEventRef<> Call = CallMgr.getCaller(CE->getCalleeContext(), - Succ->getState()); - InitE = Call->getArgExpr(Param->getFunctionScopeIndex()); + CallEventRef<> Call = CallMgr.getCaller(CE->getCalleeContext(), + Succ->getState()); + InitE = Call->getArgExpr(Param->getFunctionScopeIndex()); + } else { + // Handle Objective-C 'self'. + assert(isa(VR->getDecl())); + InitE = cast(CE->getCalleeContext()->getCallSite()) + ->getInstanceReceiver()->IgnoreParenCasts(); + } IsParam = true; } } diff --git a/clang/test/Analysis/track-control-dependency-conditions.m b/clang/test/Analysis/track-control-dependency-conditions.m new file mode 100644 index 000000000000..05b0638a5eb5 --- /dev/null +++ b/clang/test/Analysis/track-control-dependency-conditions.m @@ -0,0 +1,32 @@ +// RUN: %clang_analyze_cc1 -w -analyzer-checker=core,nullability -verify %s + +// expected-no-diagnostics + +@class C; + +#pragma clang assume_nonnull begin +@interface I +- foo:(C *)c; +@end +#pragma clang assume_nonnull end + +@interface J +@property C *c; +@end + +J *conjure_J(); + +@implementation I +- (void)bar { + if (self) { // no-crash + J *j = conjure_J(); + if (j.c) + [self bar]; + // FIXME: Should warn. + [self foo:j.c]; // no-warning + } +} +@end + +@implementation J +@end