Hello,
This is my first post in this list. I am building an analysis tool in ClangTool.I am getting segmentation fault while building a dominator tree in clang. The sample code that I am using to build the dominator tree is the following:
const Decl* D=static_cast <Decl *>(f); // FunctionDecl f
AnalysisDeclContextManager *analDeclCtxMgr=new AnalysisDeclContextManager(context);
if (AnalysisDeclContext *analDeclCtx=analDeclCtxMgr->getContext(D)){
DominatorTree domTree;
domTree.buildDominatorTree(*analDeclCtx);
}
The input function for my tool is the following code from perlbench(CPU 2017)
static bool
S_adjust_index(pTHX_ AV *av, const MAGIC *mg, SSize_t *keyp)
{
bool adjust_index = 1;
if (mg) {
/* Handle negative array indices 20020222 MJD */
SV * const ref = SvTIED_obj(MUTABLE_SV(av), mg);
SvGETMAGIC(ref);
if (SvROK(ref) && SvOBJECT(SvRV(ref))) {
SV * const * const negative_indices_glob =
hv_fetchs(SvSTASH(SvRV(ref)), NEGATIVE_INDICES_VAR, 0);
if (negative_indices_glob && isGV(*negative_indices_glob)
&& SvTRUE(GvSV(*negative_indices_glob)))
adjust_index = 0;
}
}
if (adjust_index) {
*keyp += AvFILL(av) + 1;
if (*keyp < 0)
return FALSE ;
}
return TRUE ;
}
Would you please let me know where the problem is?
Thanks,
Masud
Hi!
I recently fiddled around this part of the code as well when trying to implement an improvement for my checker in the StaticAnalyzer. For the following invocation:
clang -cc1 -analyze -analyzer-checker=debug.DumpDominators (clang repository)test/Analysis/cxx-uninitialized-object-unguarded-access.cpp
I received a segfault. I eventually figured that Clang’s CFG contains nullpointers, and the following patch on LLVM fixed the issue:
diff --git a/include/llvm/Support/GenericDomTreeConstruction.h b/include/llvm/Support/GenericDomTreeConstruction.h
index ccceba88171…a4a238c310b 100644
— a/include/llvm/Support/GenericDomTreeConstruction.h
+++ b/include/llvm/Support/GenericDomTreeConstruction.h
@@ -235,6 +235,9 @@ struct SemiNCAInfo {
constexpr bool Direction = IsReverse != IsPostDom; // XOR.
for (const NodePtr Succ :
ChildrenGetter::Get(BB, BatchUpdates)) {
if (!Succ)
continue;
const auto SIT = NodeToInfo.find(Succ);
// Don’t visit nodes more than once but remember to collect
// ReverseChildren.
However, I’m not sure whether the CFG is supposed to have nullpointers – logically, maybe this isn’t where we should fix this issue. An assert wouldn’t hurt though.
Good luck!
Kristóf
kuhar
April 6, 2019, 7:57pm
#3
However, I’m not sure whether the CFG is supposed to have nullpointers – logically, maybe this isn’t where we should fix this issue
DomTree requires llvm::children and llvm::inverse_children to return valid node pointers.
A proper fix would be not to return nulls from llvm::children. I’m not familiar with the Clang CFG – why do nullptr appear there in the first place?
Best,
Kuba
However, I’m not sure whether the CFG is supposed to have nullpointers – logically, maybe this isn’t where we should fix this issue
DomTree requires llvm::children and llvm::inverse_children to return valid node pointers.
A proper fix would be not to return nulls from llvm::children. I’m not familiar with the Clang CFG – why do nullptr appear there in the first place?
Maybe I’m just wrong, I didn’t investigate that much