diff options
| author | Ted Kremenek <kremenek@apple.com> | 2007-12-10 23:58:39 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2007-12-10 23:58:39 +0000 |
| commit | 9a8385d6653a50169284fa031be287645ae4b114 (patch) | |
| tree | a39971ad089bb6828930f9cb02102feea0d7dcd7 | |
| parent | 6aad91a43e26118c824d976661077819265d9bc0 (diff) | |
Fixed bug in CFG::PopulateBlkExprMap where the ordering
between fetching the size of the expression map (for use as
the next integer id for an Expr*) and the creation of the
entry in the map could be non-deterministic. This could
cause the size of the map to be incremented prior to the
index being determine.
On Linux the map entry would be created first, causing the
map to the "size" to be incremented prior to it being
queried. On Mac OS X we had the reverse behavior. Now the
size is always queried prior to the new id being inserted
into the map.
This was the real cause of the bit-overrun triggered in
PR 1847:
http://llvm.org/bugs/show_bug.cgi?id=1847
Also reverted the change in patch 44813, which was a bogus
fix to this problem:
http://llvm.org/viewvc/llvm-project?rev=44813&view=rev
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44822 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | AST/CFG.cpp | 6 | ||||
| -rw-r--r-- | include/clang/Analysis/ExprDeclBitVector.h | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/AST/CFG.cpp b/AST/CFG.cpp index 0c8589b058..b93d77e3fa 100644 --- a/AST/CFG.cpp +++ b/AST/CFG.cpp @@ -969,8 +969,10 @@ static BlkExprMapTy* PopulateBlkExprMap(CFG& cfg) { for (CFG::iterator I=cfg.begin(), E=cfg.end(); I != E; ++I) for (CFGBlock::iterator BI=I->begin(), EI=I->end(); BI != EI; ++BI) - if (const Expr* E = dyn_cast<Expr>(*BI)) - (*M)[E] = M->size(); + if (const Expr* E = dyn_cast<Expr>(*BI)) { + unsigned x = M->size(); + (*M)[E] = x; + } return M; } diff --git a/include/clang/Analysis/ExprDeclBitVector.h b/include/clang/Analysis/ExprDeclBitVector.h index 2ddd985f4c..4cd9faa260 100644 --- a/include/clang/Analysis/ExprDeclBitVector.h +++ b/include/clang/Analysis/ExprDeclBitVector.h @@ -73,7 +73,7 @@ struct DeclBitVector_Types { public: void resetValues(AnalysisDataTy& AD) { - DeclBV.resize(AD.getNumDecls()+1); + DeclBV.resize(AD.getNumDecls()); DeclBV.reset(); } @@ -172,7 +172,7 @@ struct ExprDeclBitVector_Types { void resetValues(AnalysisDataTy& AD) { ParentRef(*this).resetValues(AD); - ExprBV.resize(AD.getNumExprs()+1); + ExprBV.resize(AD.getNumExprs()); ExprBV.reset(); } |