From: Jordan Rose Date: Tue, 11 Sep 2012 18:47:13 +0000 (+0000) Subject: [analyzer] Use the static type for a virtual call if the dynamic type is worse. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=19d5886d1704e24282c86217b09d5c6d35ba604d;p=clang [analyzer] Use the static type for a virtual call if the dynamic type is worse. reinterpret_cast does not provide any of the usual type information that static_cast or dynamic_cast provide -- only the new type. This can get us in a situation where the dynamic type info for an object is actually a superclass of the static type, which does not match what CodeGen does at all. In these cases, just fall back to the static type as the best possible type for devirtualization. Should fix the crashes on our internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163644 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/CallEvent.cpp b/lib/StaticAnalyzer/Core/CallEvent.cpp index 09ba21173b..0f71a76842 100644 --- a/lib/StaticAnalyzer/Core/CallEvent.cpp +++ b/lib/StaticAnalyzer/Core/CallEvent.cpp @@ -433,14 +433,21 @@ RuntimeDefinition CXXInstanceCall::getRuntimeDefinition() const { if (!RD || !RD->hasDefinition()) return RuntimeDefinition(); - // Find the decl for this method in that class. - const CXXMethodDecl *Result = MD->getCorrespondingMethodInClass(RD, true); + const CXXMethodDecl *Result; + if (MD->getParent()->isDerivedFrom(RD)) { + // If our static type info is better than our dynamic type info, don't + // bother doing a search. Just use the static method. + Result = MD; + } else { + // Otherwise, find the decl for the method in the dynamic class. + Result = MD->getCorrespondingMethodInClass(RD, true); + } + if (!Result) { // We might not even get the original statically-resolved method due to // some particularly nasty casting (e.g. casts to sister classes). // However, we should at least be able to search up and down our own class // hierarchy, and some real bugs have been caught by checking this. - assert(!MD->getParent()->isDerivedFrom(RD) && "Bad DynamicTypeInfo"); assert(!RD->isDerivedFrom(MD->getParent()) && "Couldn't find known method"); return RuntimeDefinition(); } diff --git a/test/Analysis/inlining/dyn-dispatch-bifurcate.cpp b/test/Analysis/inlining/dyn-dispatch-bifurcate.cpp index fa473aebce..12dad79433 100644 --- a/test/Analysis/inlining/dyn-dispatch-bifurcate.cpp +++ b/test/Analysis/inlining/dyn-dispatch-bifurcate.cpp @@ -15,3 +15,19 @@ void testKnown() { A a; clang_analyzer_eval(a.get() == 0); // expected-warning{{TRUE}} } + + +namespace ReinterpretDisruptsDynamicTypeInfo { + class Parent {}; + + class Child : public Parent { + public: + virtual int foo() { return 42; } + }; + + void test(Parent *a) { + Child *b = reinterpret_cast(a); + if (!b) return; + clang_analyzer_eval(b->foo() == 42); // expected-warning{{TRUE}} expected-warning{{UNKNOWN}} + } +}