[analyzer] When forced to fake a block type, do it correctly.

BlockDecl has a poor AST representation because it doesn't carry its type
with it. Instead, the containing BlockExpr has the full type. This almost
never matters for the analyzer, but if the block decl contains static
local variables we need to synthesize a region to put them in, and this
region will necessarily not have the right type.

Even /that/ doesn't matter, unless

(1) the block calls the function or method containing the block, and
(2) the value of the block expr is used in some interesting way.

In this case, we actually end up needing the type of the block region,
and it will be set to our synthesized type. It turns out we've been doing
a terrible job faking that type -- it wasn't a block pointer type at all.
This commit fixes that to at least guarantee a block pointer type, using
the signature written by the user if there is one.

This is not really a correct answer because the block region's type will
/still/ be wrong, but further efforts to make this right in the analyzer
would probably be silly. We should just change the AST.

rdar://problem/21698099

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@241944 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/MemRegion.cpp b/lib/StaticAnalyzer/Core/MemRegion.cpp
index 1fa675433b5664f7419031e9f979a1e71034395d..5ac845825c8dd278dcbc1c7365385d0d6ae489f5 100644 (file)
--- a/lib/StaticAnalyzer/Core/MemRegion.cpp
+++ b/lib/StaticAnalyzer/Core/MemRegion.cpp
@@ -824,9 +824,12 @@ const VarRegion* MemRegionManager::getVarRegion(const VarDecl *D,
           QualType T;
           if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())
             T = TSI->getType();
-          else
-            T = getContext().getFunctionNoProtoType(getContext().VoidTy);
-          
+          if (T.isNull())
+            T = getContext().VoidTy;
+          if (!T->getAs<FunctionType>())
+            T = getContext().getFunctionNoProtoType(T);
+          T = getContext().getBlockPointerType(T);
+
           const BlockTextRegion *BTR =
             getBlockTextRegion(BD, C.getCanonicalType(T),
                                STC->getAnalysisDeclContext());

diff --git a/test/Analysis/blocks.m b/test/Analysis/blocks.m
index 62d53607b5339cd703d05d997e8fe54ef36ac38c..4dbe951720738c8bf4fff688ecad1b17e30ab1bf 100644 (file)
--- a/test/Analysis/blocks.m
+++ b/test/Analysis/blocks.m
@@ -162,3 +162,51 @@ void blockCapturesItselfInTheLoop(int x, int m) {
   }
   assignData(x);
 }
+
+// Blocks that called the function they were contained in that also have
+// static locals caused crashes.
+// rdar://problem/21698099
+void takeNonnullBlock(void (^)(void)) __attribute__((nonnull));
+void takeNonnullIntBlock(int (^)(void)) __attribute__((nonnull));
+
+void testCallContainingWithSignature1()
+{
+  takeNonnullBlock(^{
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature1();
+  });
+}
+
+void testCallContainingWithSignature2()
+{
+  takeNonnullBlock(^void{
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature2();
+  });
+}
+
+void testCallContainingWithSignature3()
+{
+  takeNonnullBlock(^void(){
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature3();
+  });
+}
+
+void testCallContainingWithSignature4()
+{
+  takeNonnullBlock(^void(void){
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature4();
+  });
+}
+
+void testCallContainingWithSignature5()
+{
+  takeNonnullIntBlock(^{
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature5();
+    return 0;
+  });
+}
+