Bug Summary

File:llvm/lib/IR/Operator.cpp
Warning:line 46, column 37
Called C++ object pointer is null

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name Operator.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debugger-tuning=gdb -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-12/lib/clang/12.0.0 -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/build-llvm/lib/IR -I /build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/lib/IR -I /build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/build-llvm/include -I /build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/include -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/x86_64-linux-gnu/c++/6.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/6.3.0/../../../../include/c++/6.3.0/backward -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-12/lib/clang/12.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-comment -std=c++14 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/build-llvm/lib/IR -fdebug-prefix-map=/build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb=. -ferror-limit 19 -fvisibility-inlines-hidden -stack-protector 2 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -o /tmp/scan-build-2020-09-26-161721-17566-1 -x c++ /build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/lib/IR/Operator.cpp
1//===-- Operator.cpp - Implement the LLVM operators -----------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file implements the non-inline methods for the LLVM Operator classes.
10//
11//===----------------------------------------------------------------------===//
12
13#include "llvm/IR/Operator.h"
14#include "llvm/IR/DataLayout.h"
15#include "llvm/IR/GetElementPtrTypeIterator.h"
16#include "llvm/IR/Instructions.h"
17#include "llvm/IR/Type.h"
18
19#include "ConstantsContext.h"
20
21namespace llvm {
22Type *GEPOperator::getSourceElementType() const {
23 if (auto *I = dyn_cast<GetElementPtrInst>(this))
24 return I->getSourceElementType();
25 return cast<GetElementPtrConstantExpr>(this)->getSourceElementType();
26}
27
28Type *GEPOperator::getResultElementType() const {
29 if (auto *I = dyn_cast<GetElementPtrInst>(this))
30 return I->getResultElementType();
31 return cast<GetElementPtrConstantExpr>(this)->getResultElementType();
32}
33
34Align GEPOperator::getMaxPreservedAlignment(const DataLayout &DL) const {
35 /// compute the worse possible offset for every level of the GEP et accumulate
36 /// the minimum alignment into Result.
37
38 Align Result = Align(llvm::Value::MaximumAlignment);
39 for (gep_type_iterator GTI = gep_type_begin(this), GTE = gep_type_end(this);
1
Loop condition is true. Entering loop body
40 GTI != GTE; ++GTI) {
41 int64_t Offset = 1;
42 ConstantInt *OpC = dyn_cast<ConstantInt>(GTI.getOperand());
2
Assuming the object is not a 'ConstantInt'
3
'OpC' initialized to a null pointer value
43
44 if (StructType *STy = GTI.getStructTypeOrNull()) {
4
Assuming 'STy' is non-null
5
Taking true branch
45 const StructLayout *SL = DL.getStructLayout(STy);
46 Offset = SL->getElementOffset(OpC->getZExtValue());
6
Called C++ object pointer is null
47 } else {
48 assert(GTI.isSequential() && "should be sequencial")((GTI.isSequential() && "should be sequencial") ? static_cast
<void> (0) : __assert_fail ("GTI.isSequential() && \"should be sequencial\""
, "/build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/lib/IR/Operator.cpp"
, 48, __PRETTY_FUNCTION__))
;
49 /// If the index isn't know we take 1 because it is the index that will
50 /// give the worse alignment of the offset.
51 int64_t ElemCount = 1;
52 if (OpC)
53 ElemCount = OpC->getZExtValue();
54 Offset = DL.getTypeAllocSize(GTI.getIndexedType()) * ElemCount;
55 }
56 Result = Align(MinAlign(Offset, Result.value()));
57 }
58 return Result;
59}
60
61bool GEPOperator::accumulateConstantOffset(
62 const DataLayout &DL, APInt &Offset,
63 function_ref<bool(Value &, APInt &)> ExternalAnalysis) const {
64 assert(Offset.getBitWidth() ==((Offset.getBitWidth() == DL.getIndexSizeInBits(getPointerAddressSpace
()) && "The offset bit width does not match DL specification."
) ? static_cast<void> (0) : __assert_fail ("Offset.getBitWidth() == DL.getIndexSizeInBits(getPointerAddressSpace()) && \"The offset bit width does not match DL specification.\""
, "/build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/lib/IR/Operator.cpp"
, 66, __PRETTY_FUNCTION__))
65 DL.getIndexSizeInBits(getPointerAddressSpace()) &&((Offset.getBitWidth() == DL.getIndexSizeInBits(getPointerAddressSpace
()) && "The offset bit width does not match DL specification."
) ? static_cast<void> (0) : __assert_fail ("Offset.getBitWidth() == DL.getIndexSizeInBits(getPointerAddressSpace()) && \"The offset bit width does not match DL specification.\""
, "/build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/lib/IR/Operator.cpp"
, 66, __PRETTY_FUNCTION__))
66 "The offset bit width does not match DL specification.")((Offset.getBitWidth() == DL.getIndexSizeInBits(getPointerAddressSpace
()) && "The offset bit width does not match DL specification."
) ? static_cast<void> (0) : __assert_fail ("Offset.getBitWidth() == DL.getIndexSizeInBits(getPointerAddressSpace()) && \"The offset bit width does not match DL specification.\""
, "/build/llvm-toolchain-snapshot-12~++20200926111128+c6c5629f2fb/llvm/lib/IR/Operator.cpp"
, 66, __PRETTY_FUNCTION__))
;
67
68 bool UsedExternalAnalysis = false;
69 auto AccumulateOffset = [&](APInt Index, uint64_t Size) -> bool {
70 Index = Index.sextOrTrunc(Offset.getBitWidth());
71 APInt IndexedSize = APInt(Offset.getBitWidth(), Size);
72 // For array or vector indices, scale the index by the size of the type.
73 if (!UsedExternalAnalysis) {
74 Offset += Index * IndexedSize;
75 } else {
76 // External Analysis can return a result higher/lower than the value
77 // represents. We need to detect overflow/underflow.
78 bool Overflow = false;
79 APInt OffsetPlus = Index.smul_ov(IndexedSize, Overflow);
80 if (Overflow)
81 return false;
82 Offset = Offset.sadd_ov(OffsetPlus, Overflow);
83 if (Overflow)
84 return false;
85 }
86 return true;
87 };
88
89 for (gep_type_iterator GTI = gep_type_begin(this), GTE = gep_type_end(this);
90 GTI != GTE; ++GTI) {
91 // Scalable vectors are multiplied by a runtime constant.
92 bool ScalableType = false;
93 if (isa<ScalableVectorType>(GTI.getIndexedType()))
94 ScalableType = true;
95
96 Value *V = GTI.getOperand();
97 StructType *STy = GTI.getStructTypeOrNull();
98 // Handle ConstantInt if possible.
99 if (auto ConstOffset = dyn_cast<ConstantInt>(V)) {
100 if (ConstOffset->isZero())
101 continue;
102 // if the type is scalable and the constant is not zero (vscale * n * 0 =
103 // 0) bailout.
104 if (ScalableType)
105 return false;
106 // Handle a struct index, which adds its field offset to the pointer.
107 if (STy) {
108 unsigned ElementIdx = ConstOffset->getZExtValue();
109 const StructLayout *SL = DL.getStructLayout(STy);
110 // Element offset is in bytes.
111 if (!AccumulateOffset(
112 APInt(Offset.getBitWidth(), SL->getElementOffset(ElementIdx)),
113 1))
114 return false;
115 continue;
116 }
117 if (!AccumulateOffset(ConstOffset->getValue(),
118 DL.getTypeAllocSize(GTI.getIndexedType())))
119 return false;
120 continue;
121 }
122
123 // The operand is not constant, check if an external analysis was provided.
124 // External analsis is not applicable to a struct type.
125 if (!ExternalAnalysis || STy || ScalableType)
126 return false;
127 APInt AnalysisIndex;
128 if (!ExternalAnalysis(*V, AnalysisIndex))
129 return false;
130 UsedExternalAnalysis = true;
131 if (!AccumulateOffset(AnalysisIndex,
132 DL.getTypeAllocSize(GTI.getIndexedType())))
133 return false;
134 }
135 return true;
136}
137} // namespace llvm