Bug Summary

File:tools/lldb/source/Target/CPPLanguageRuntime.cpp
Warning:line 246, column 7
Forming reference to null pointer

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name CPPLanguageRuntime.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -mthread-model posix -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -momit-leaf-frame-pointer -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-8/lib/clang/8.0.0 -D HAVE_ROUND -D LLDB_CONFIGURATION_RELEASE -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/lldb/source/Target -I /build/llvm-toolchain-snapshot-8~svn345461/tools/lldb/source/Target -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/lldb/include -I /build/llvm-toolchain-snapshot-8~svn345461/tools/lldb/include -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/include -I /build/llvm-toolchain-snapshot-8~svn345461/include -I /usr/include/python2.7 -I /build/llvm-toolchain-snapshot-8~svn345461/tools/clang/include -I /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/lldb/../clang/include -I /build/llvm-toolchain-snapshot-8~svn345461/tools/lldb/source/. -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0/backward -internal-isystem /usr/include/clang/8.0.0/include/ -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-8/lib/clang/8.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-comment -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-strict-aliasing -Wno-deprecated-register -Wno-vla-extension -std=c++11 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-8~svn345461/build-llvm/tools/lldb/source/Target -ferror-limit 19 -fmessage-length 0 -fvisibility-inlines-hidden -fobjc-runtime=gcc -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -o /tmp/scan-build-2018-10-27-211344-32123-1 -x c++ /build/llvm-toolchain-snapshot-8~svn345461/tools/lldb/source/Target/CPPLanguageRuntime.cpp -faddrsig
1//===-- CPPLanguageRuntime.cpp
2//-------------------------------------------------*- C++ -*-===//
3//
4// The LLVM Compiler Infrastructure
5//
6// This file is distributed under the University of Illinois Open Source
7// License. See LICENSE.TXT for details.
8//
9//===----------------------------------------------------------------------===//
10
11#include "lldb/Target/CPPLanguageRuntime.h"
12
13#include <string.h>
14
15#include "llvm/ADT/StringRef.h"
16
17#include "lldb/Symbol/Block.h"
18#include "lldb/Symbol/VariableList.h"
19
20#include "lldb/Core/PluginManager.h"
21#include "lldb/Core/UniqueCStringMap.h"
22#include "lldb/Symbol/ClangASTContext.h"
23#include "lldb/Target/ABI.h"
24#include "lldb/Target/ExecutionContext.h"
25#include "lldb/Target/RegisterContext.h"
26#include "lldb/Target/SectionLoadList.h"
27#include "lldb/Target/StackFrame.h"
28#include "lldb/Target/ThreadPlanRunToAddress.h"
29#include "lldb/Target/ThreadPlanStepInRange.h"
30
31using namespace lldb;
32using namespace lldb_private;
33
34//----------------------------------------------------------------------
35// Destructor
36//----------------------------------------------------------------------
37CPPLanguageRuntime::~CPPLanguageRuntime() {}
38
39CPPLanguageRuntime::CPPLanguageRuntime(Process *process)
40 : LanguageRuntime(process) {}
41
42bool CPPLanguageRuntime::GetObjectDescription(Stream &str,
43 ValueObject &object) {
44 // C++ has no generic way to do this.
45 return false;
46}
47
48bool CPPLanguageRuntime::GetObjectDescription(
49 Stream &str, Value &value, ExecutionContextScope *exe_scope) {
50 // C++ has no generic way to do this.
51 return false;
52}
53
54CPPLanguageRuntime::LibCppStdFunctionCallableInfo
55CPPLanguageRuntime::FindLibCppStdFunctionCallableInfo(
56 lldb::ValueObjectSP &valobj_sp) {
57 LibCppStdFunctionCallableInfo optional_info;
58
59 if (!valobj_sp)
11
Assuming the condition is false
12
Taking false branch
60 return optional_info;
61
62 // Member __f_ has type __base*, the contents of which will hold:
63 // 1) a vtable entry which may hold type information needed to discover the
64 // lambda being called
65 // 2) possibly hold a pointer to the callable object
66 // e.g.
67 //
68 // (lldb) frame var -R f_display
69 // (std::__1::function<void (int)>) f_display = {
70 // __buf_ = {
71 // …
72 // }
73 // __f_ = 0x00007ffeefbffa00
74 // }
75 // (lldb) memory read -fA 0x00007ffeefbffa00
76 // 0x7ffeefbffa00: ... `vtable for std::__1::__function::__func<void (*) ...
77 // 0x7ffeefbffa08: ... `print_num(int) at std_function_cppreference_exam ...
78 //
79 // We will be handling five cases below, std::function is wrapping:
80 //
81 // 1) a lambda we know at compile time. We will obtain the name of the lambda
82 // from the first template pameter from __func's vtable. We will look up
83 // the lambda's operator()() and obtain the line table entry.
84 // 2) a lambda we know at runtime. A pointer to the lambdas __invoke method
85 // will be stored after the vtable. We will obtain the lambdas name from
86 // this entry and lookup operator()() and obtain the line table entry.
87 // 3) a callable object via operator()(). We will obtain the name of the
88 // object from the first template parameter from __func's vtable. We will
89 // look up the objectc operator()() and obtain the line table entry.
90 // 4) a member function. A pointer to the function will stored after the
91 // we will obtain the name from this pointer.
92 // 5) a free function. A pointer to the function will stored after the vtable
93 // we will obtain the name from this pointer.
94 ValueObjectSP member__f_(
95 valobj_sp->GetChildMemberWithName(ConstString("__f_"), true));
96 lldb::addr_t member__f_pointer_value = member__f_->GetValueAsUnsigned(0);
97
98 optional_info.member__f_pointer_value = member__f_pointer_value;
99
100 ExecutionContext exe_ctx(valobj_sp->GetExecutionContextRef());
101 Process *process = exe_ctx.GetProcessPtr();
102
103 if (process == nullptr)
13
Assuming the condition is false
14
Taking false branch
104 return optional_info;
105
106 uint32_t address_size = process->GetAddressByteSize();
107 Status status;
108
109 // First item pointed to by __f_ should be the pointer to the vtable for
110 // a __base object.
111 lldb::addr_t vtable_address =
112 process->ReadPointerFromMemory(member__f_pointer_value, status);
113
114 if (status.Fail())
15
Assuming the condition is false
16
Taking false branch
115 return optional_info;
116
117 lldb::addr_t address_after_vtable = member__f_pointer_value + address_size;
118 // As commened above we may not have a function pointer but if we do we will
119 // need it.
120 lldb::addr_t possible_function_address =
121 process->ReadPointerFromMemory(address_after_vtable, status);
122
123 if (status.Fail())
17
Assuming the condition is false
18
Taking false branch
124 return optional_info;
125
126 Target &target = process->GetTarget();
127
128 if (target.GetSectionLoadList().IsEmpty())
19
Assuming the condition is false
20
Taking false branch
129 return optional_info;
130
131 Address vtable_addr_resolved;
132 SymbolContext sc;
133 Symbol *symbol;
134
135 if (!target.GetSectionLoadList().ResolveLoadAddress(vtable_address,
21
Assuming the condition is false
22
Taking false branch
136 vtable_addr_resolved))
137 return optional_info;
138
139 target.GetImages().ResolveSymbolContextForAddress(
140 vtable_addr_resolved, eSymbolContextEverything, sc);
141 symbol = sc.symbol;
142
143 if (symbol == nullptr)
23
Assuming the condition is false
24
Taking false branch
144 return optional_info;
145
146 llvm::StringRef vtable_name(symbol->GetName().GetCString());
147 bool found_expected_start_string =
148 vtable_name.startswith("vtable for std::__1::__function::__func<");
149
150 if (!found_expected_start_string)
25
Assuming 'found_expected_start_string' is not equal to 0
26
Taking false branch
151 return optional_info;
152
153 // Given case 1 or 3 we have a vtable name, we are want to extract the first
154 // template parameter
155 //
156 // ... __func<main::$_0, std::__1::allocator<main::$_0> ...
157 // ^^^^^^^^^
158 //
159 // We do this by find the first < and , and extracting in between.
160 //
161 // This covers the case of the lambda known at compile time.
162 size_t first_open_angle_bracket = vtable_name.find('<') + 1;
163 size_t first_comma = vtable_name.find_first_of(',');
164
165 llvm::StringRef first_template_parameter =
166 vtable_name.slice(first_open_angle_bracket, first_comma);
167
168 Address function_address_resolved;
169
170 // Setup for cases 2, 4 and 5 we have a pointer to a function after the
171 // vtable. We will use a process of elimination to drop through each case
172 // and obtain the data we need.
173 if (target.GetSectionLoadList().ResolveLoadAddress(
27
Assuming the condition is true
28
Taking true branch
174 possible_function_address, function_address_resolved)) {
175 target.GetImages().ResolveSymbolContextForAddress(
176 function_address_resolved, eSymbolContextEverything, sc);
177 symbol = sc.symbol;
29
Value assigned to 'symbol'
178 }
179
180 auto get_name = [&first_template_parameter, &symbol]() {
181 // Given case 1:
182 //
183 // main::$_0
184 //
185 // we want to append ::operator()()
186 if (first_template_parameter.contains("$_"))
187 return llvm::Regex::escape(first_template_parameter.str()) +
188 R"(::operator\(\)\(.*\))";
189
190 if (symbol != NULL__null &&
191 symbol->GetName().GetStringRef().contains("__invoke")) {
192
193 llvm::StringRef symbol_name = symbol->GetName().GetStringRef();
194 size_t pos2 = symbol_name.find_last_of(':');
195
196 // Given case 2:
197 //
198 // main::$_1::__invoke(...)
199 //
200 // We want to slice off __invoke(...) and append operator()()
201 std::string lambda_operator =
202 llvm::Regex::escape(symbol_name.slice(0, pos2 + 1).str()) +
203 R"(operator\(\)\(.*\))";
204
205 return lambda_operator;
206 }
207
208 // Case 3
209 return first_template_parameter.str() + R"(::operator\(\)\(.*\))";
210 ;
211 };
212
213 std::string func_to_match = get_name();
214
215 SymbolContextList scl;
216
217 target.GetImages().FindFunctions(RegularExpression{func_to_match}, true, true,
218 true, scl);
219
220 // Case 1,2 or 3
221 if (scl.GetSize() >= 1) {
30
Assuming the condition is true
31
Taking true branch
222 SymbolContext sc2 = scl[0];
223
224 AddressRange range;
225 sc2.GetAddressRange(eSymbolContextEverything, 0, false, range);
226
227 Address address = range.GetBaseAddress();
228
229 Address addr;
230 if (target.ResolveLoadAddress(address.GetCallableLoadAddress(&target),
32
Assuming the condition is true
33
Taking true branch
231 addr)) {
232 LineEntry line_entry;
233 addr.CalculateSymbolContextLineEntry(line_entry);
234
235 if (first_template_parameter.contains("$_") ||
34
Assuming the condition is false
36
Taking false branch
236 (symbol != nullptr &&
35
Assuming pointer value is null
237 symbol->GetName().GetStringRef().contains("__invoke"))) {
238 // Case 1 and 2
239 optional_info.callable_case = LibCppStdFunctionCallableCase::Lambda;
240 } else {
241 // Case 3
242 optional_info.callable_case =
243 LibCppStdFunctionCallableCase::CallableObject;
244 }
245
246 optional_info.callable_symbol = *symbol;
37
Forming reference to null pointer
247 optional_info.callable_line_entry = line_entry;
248 optional_info.callable_address = addr;
249 return optional_info;
250 }
251 }
252
253 // Case 4 or 5
254 if (!symbol->GetName().GetStringRef().startswith("vtable for")) {
255 optional_info.callable_case =
256 LibCppStdFunctionCallableCase::FreeOrMemberFunction;
257 optional_info.callable_address = function_address_resolved;
258 optional_info.callable_symbol = *symbol;
259
260 return optional_info;
261 }
262
263 return optional_info;
264}
265
266lldb::ThreadPlanSP
267CPPLanguageRuntime::GetStepThroughTrampolinePlan(Thread &thread,
268 bool stop_others) {
269 ThreadPlanSP ret_plan_sp;
270
271 lldb::addr_t curr_pc = thread.GetRegisterContext()->GetPC();
272
273 TargetSP target_sp(thread.CalculateTarget());
274
275 if (target_sp->GetSectionLoadList().IsEmpty())
1
Assuming the condition is false
2
Taking false branch
276 return ret_plan_sp;
277
278 Address pc_addr_resolved;
279 SymbolContext sc;
280 Symbol *symbol;
281
282 if (!target_sp->GetSectionLoadList().ResolveLoadAddress(curr_pc,
3
Assuming the condition is false
4
Taking false branch
283 pc_addr_resolved))
284 return ret_plan_sp;
285
286 target_sp->GetImages().ResolveSymbolContextForAddress(
287 pc_addr_resolved, eSymbolContextEverything, sc);
288 symbol = sc.symbol;
289
290 if (symbol == nullptr)
5
Assuming the condition is false
6
Taking false branch
291 return ret_plan_sp;
292
293 llvm::StringRef function_name(symbol->GetName().GetCString());
294
295 // Handling the case where we are attempting to step into std::function.
296 // The behavior will be that we will attempt to obtain the wrapped
297 // callable via FindLibCppStdFunctionCallableInfo() and if we find it we
298 // will return a ThreadPlanRunToAddress to the callable. Therefore we will
299 // step into the wrapped callable.
300 //
301 bool found_expected_start_string =
302 function_name.startswith("std::__1::function<");
303
304 if (!found_expected_start_string)
7
Assuming 'found_expected_start_string' is not equal to 0
8
Taking false branch
305 return ret_plan_sp;
306
307 AddressRange range_of_curr_func;
308 sc.GetAddressRange(eSymbolContextEverything, 0, false, range_of_curr_func);
309
310 StackFrameSP frame = thread.GetStackFrameAtIndex(0);
311
312 if (frame) {
9
Taking true branch
313 ValueObjectSP value_sp = frame->FindVariable(ConstString("this"));
314
315 CPPLanguageRuntime::LibCppStdFunctionCallableInfo callable_info =
316 FindLibCppStdFunctionCallableInfo(value_sp);
10
Calling 'CPPLanguageRuntime::FindLibCppStdFunctionCallableInfo'
317
318 if (callable_info.callable_case != LibCppStdFunctionCallableCase::Invalid &&
319 value_sp->GetValueIsValid()) {
320 // We found the std::function wrapped callable and we have its address.
321 // We now create a ThreadPlan to run to the callable.
322 ret_plan_sp.reset(new ThreadPlanRunToAddress(
323 thread, callable_info.callable_address, stop_others));
324 return ret_plan_sp;
325 } else {
326 // We are in std::function but we could not obtain the callable.
327 // We create a ThreadPlan to keep stepping through using the address range
328 // of the current function.
329 ret_plan_sp.reset(new ThreadPlanStepInRange(thread, range_of_curr_func,
330 sc, eOnlyThisThread,
331 eLazyBoolYes, eLazyBoolYes));
332 return ret_plan_sp;
333 }
334 }
335
336 return ret_plan_sp;
337}