segfault in CFG creation

Hi,

I've found a bug in CFGBuilder::WalkAST_VisitDeclSubExprs().
Test + patch: http://web.ist.utl.pt/nuno.lopes/clang_CFG_segfault.txt

Regards,
Nuno

Hi Nuno,

I think there is a bug here, but it might be a little more insidious than your patch implies (there could actually be a problem in StmtIterator as well). I don't have time right now, but I will investigate this some more later today (or at the latest, tomorrow).

BTW, the test case you provided does not illustrate the bug at all. At least for me, running it with or without your changes to CFG.cpp produces valid input. The following code, however, does produce a crash:

// RUN: clang -warn-dead-stores -verify %s
void x() {
         int k, y;
         int abc=1;
         long idx=abc+3*5; // expected-warning {{value stored to variable is neve
r used}}
}

The problem has to do with neither decl for k or y having an initializer.

Thanks for pointing out the problem. I'll try and get an updated patch soon (which will likely be a variation of yours).

Ted

Hi,

I've found a bug in CFGBuilder::WalkAST_VisitDeclSubExprs().
Test + patch: http://web.ist.utl.pt/nuno.lopes/clang_CFG_segfault.txt

Regards,
Nuno
_______________________________________________

Hi Nuno,

I think there is a bug here, but it might be a little more insidious than your patch implies (there could actually be a problem in StmtIterator as well). I don't have time right now, but I will investigate this some more later today (or at the latest, tomorrow).

Yes, I was afraid of that. The patch looked too easy for me (and a bit of a hack)..

BTW, the test case you provided does not illustrate the bug at all. At least for me, running it with or without your changes to CFG.cpp produces valid input. The following code, however, does produce a crash:

The problem has to do with neither decl for k or y having an initializer.

Ah, sorry. It seems I stripped the test file too much :stuck_out_tongue: I got that from a big file and it seems I messed up.

Thanks,
Nuno

Hi Nuno,

I think there is a bug here, but it might be a little more insidious than your patch implies (there could actually be a problem in StmtIterator as well). I don't have time right now, but I will investigate this some more later today (or at the latest, tomorrow).

Yes, I was afraid of that. The patch looked too easy for me (and a bit of a hack)..

Hi Nuno,

I just committed a fix. Your patch was dead on aside from the "return 0" should be "return Block"; I only removed an extra check that became redundant after adding the guard from your patch. Thanks so much for reporting this! I thought it might have been a more serious error in StmtIterator, but thankfully that wasn't the case.

BTW, the test case you provided does not illustrate the bug at all. At least for me, running it with or without your changes to CFG.cpp produces valid input. The following code, however, does produce a crash:

The problem has to do with neither decl for k or y having an initializer.

Ah, sorry. It seems I stripped the test file too much :stuck_out_tongue: I got that from a big file and it seems I messed up.

No worries. The test case is still valid and now in the code base. Thank you!

Ted