[analyzer] When forced to fake a block type, do it correctly.

BlockDecl has a poor AST representation because it doesn't carry its type with it. Instead, the containing BlockExpr has the full type. This almost never matters for the analyzer, but if the block decl contains static local variables we need to synthesize a region to put them in, and this region will necessarily not have the right type. Even /that/ doesn't matter, unless (1) the block calls the function or method containing the block, and (2) the value of the block expr is used in some interesting way. In this case, we actually end up needing the type of the block region, and it will be set to our synthesized type. It turns out we've been doing a terrible job faking that type -- it wasn't a block pointer type at all. This commit fixes that to at least guarantee a block pointer type, using the signature written by the user if there is one. This is not really a correct answer because the block region's type will /still/ be wrong, but further efforts to make this right in the analyzer would probably be silly. We should just change the AST. rdar://problem/21698099 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@241944 91177308-0d34-0410-b5e6-96231b3b80d8
johanst · Jul 10, 2015 · 22ea838 · 22ea838
1 parent 79bfc7f
commit 22ea838
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 3 deletions.
diff --git a/lib/StaticAnalyzer/Core/MemRegion.cpp b/lib/StaticAnalyzer/Core/MemRegion.cpp
@@ -824,9 +824,12 @@ const VarRegion* MemRegionManager::getVarRegion(const VarDecl *D,
           QualType T;
           if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())
             T = TSI->getType();
-          else
-            T = getContext().getFunctionNoProtoType(getContext().VoidTy);
-
+          if (T.isNull())
+            T = getContext().VoidTy;
+          if (!T->getAs<FunctionType>())
+            T = getContext().getFunctionNoProtoType(T);
+          T = getContext().getBlockPointerType(T);
+
           const BlockTextRegion *BTR =
             getBlockTextRegion(BD, C.getCanonicalType(T),
                                STC->getAnalysisDeclContext());

diff --git a/test/Analysis/blocks.m b/test/Analysis/blocks.m
@@ -162,3 +162,51 @@ void blockCapturesItselfInTheLoop(int x, int m) {
   }
   assignData(x);
 }
+
+// Blocks that called the function they were contained in that also have
+// static locals caused crashes.
+// rdar://problem/21698099
+void takeNonnullBlock(void (^)(void)) __attribute__((nonnull));
+void takeNonnullIntBlock(int (^)(void)) __attribute__((nonnull));
+
+void testCallContainingWithSignature1()
+{
+  takeNonnullBlock(^{
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature1();
+  });
+}
+
+void testCallContainingWithSignature2()
+{
+  takeNonnullBlock(^void{
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature2();
+  });
+}
+
+void testCallContainingWithSignature3()
+{
+  takeNonnullBlock(^void(){
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature3();
+  });
+}
+
+void testCallContainingWithSignature4()
+{
+  takeNonnullBlock(^void(void){
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature4();
+  });
+}
+
+void testCallContainingWithSignature5()
+{
+  takeNonnullIntBlock(^{
+    static const char str[] = "Lost connection to sharingd";
+    testCallContainingWithSignature5();
+    return 0;
+  });
+}
+