Fix some nullptr dereferences

hamishknight · hamishknight · commit 6804623a8211 · 2022-09-13T10:35:28.000+01:00
Turns out we were getting away with dereferencing
`nullptr` in a few cases as `walk` would use
`nullptr` to indicate that the walk should be
stopped, and luckily Clang didn't optimize it to
something broken.

This commit is fairly defensive and sprinkles
some null checks for calls to `walk` directly
on a body of a function or top-level code decl.
diff --git a/lib/IDE/SourceEntityWalker.cpp b/lib/IDE/SourceEntityWalker.cpp
@@ -274,10 +274,14 @@ std::pair<bool, Stmt *> SemaAnnotator::walkToStmtPre(Stmt *S) {
       // Since 'DeferStmt::getTempDecl()' is marked as implicit, we manually
       // walk into the body.
       if (auto *FD = DeferS->getTempDecl()) {
-        auto *RetS = FD->getBody()->walk(*this);
+        auto *Body = FD->getBody();
+        if (!Body)
+          return Action::Stop();
+
+        auto *RetS = Body->walk(*this);
         if (!RetS)
           return { false, nullptr };
-        assert(RetS == FD->getBody());
+        assert(RetS == Body);
       }
       bool Continue = SEWalker.walkToStmtPost(DeferS);
       if (!Continue)
diff --git a/lib/IDE/SyntaxModel.cpp b/lib/IDE/SyntaxModel.cpp
@@ -854,9 +854,11 @@ std::pair<bool, Stmt *> ModelASTWalker::walkToStmtPre(Stmt *S) {
     // Since 'DeferStmt::getTempDecl()' is marked as implicit, we manually walk
     // into the body.
     if (auto *FD = DeferS->getTempDecl()) {
-      auto *RetS = FD->getBody()->walk(*this);
-      assert(RetS == FD->getBody());
-      (void)RetS;
+      if (auto *Body = FD->getBody()) {
+        auto *RetS = Body->walk(*this);
+        assert(RetS == Body);
+        (void)RetS;
+      }
       walkToStmtPost(DeferS);
     }
     // Already walked children.
diff --git a/lib/Sema/CSDiagnostics.cpp b/lib/Sema/CSDiagnostics.cpp
@@ -1595,7 +1595,8 @@ bool MissingOptionalUnwrapFailure::diagnoseAsError() {
       AbstractFunctionDecl *AFD = nullptr;
       if ((AFD = dyn_cast<AbstractFunctionDecl>(varDecl->getDeclContext()))) {
         auto checker = VarDeclMultipleReferencesChecker(getDC(), varDecl);
-        AFD->getBody()->walk(checker);
+        if (auto *body = AFD->getBody())
+          body->walk(checker);
         singleUse = checker.referencesCount() == 1;
       }
 
diff --git a/lib/Sema/TypeCheckConcurrency.cpp b/lib/Sema/TypeCheckConcurrency.cpp
@@ -3073,7 +3073,8 @@ bool ActorIsolationChecker::mayExecuteConcurrentlyWith(
 
 void swift::checkTopLevelActorIsolation(TopLevelCodeDecl *decl) {
   ActorIsolationChecker checker(decl);
-  decl->getBody()->walk(checker);
+  if (auto *body = decl->getBody())
+    body->walk(checker);
 }
 
 void swift::checkFunctionActorIsolation(AbstractFunctionDecl *decl) {
diff --git a/lib/Sema/TypeCheckDecl.cpp b/lib/Sema/TypeCheckDecl.cpp
@@ -582,7 +582,8 @@ BodyInitKindRequest::evaluate(Evaluator &evaluator,
 
   auto &ctx = decl->getASTContext();
   FindReferenceToInitializer finder(decl, ctx);
-  decl->getBody()->walk(finder);
+  if (auto *body = decl->getBody())
+    body->walk(finder);
 
   // get the kind out of the finder.
   auto Kind = finder.Kind;
diff --git a/lib/Sema/TypeCheckEffects.cpp b/lib/Sema/TypeCheckEffects.cpp
@@ -2906,8 +2906,10 @@ void TypeChecker::checkTopLevelEffects(TopLevelCodeDecl *code) {
   if (ctx.LangOpts.EnableThrowWithoutTry)
     checker.setTopLevelThrowWithoutTry();
 
-  code->getBody()->walk(checker);
-  code->getBody()->walk(LocalFunctionEffectsChecker());
+  if (auto *body = code->getBody()) {
+    body->walk(checker);
+    body->walk(LocalFunctionEffectsChecker());
+  }
 }
 
 void TypeChecker::checkFunctionEffects(AbstractFunctionDecl *fn) {
diff --git a/lib/Sema/TypeCheckStmt.cpp b/lib/Sema/TypeCheckStmt.cpp
@@ -205,7 +205,8 @@ void TypeChecker::contextualizeTopLevelCode(TopLevelCodeDecl *TLCD) {
   auto &Context = TLCD->DeclContext::getASTContext();
   unsigned nextDiscriminator = Context.NextAutoClosureDiscriminator;
   ContextualizeClosures CC(TLCD, nextDiscriminator);
-  TLCD->getBody()->walk(CC);
+  if (auto *body = TLCD->getBody())
+    body->walk(CC);
   assert(nextDiscriminator == Context.NextAutoClosureDiscriminator &&
          "reentrant/concurrent invocation of contextualizeTopLevelCode?");
   Context.NextAutoClosureDiscriminator = CC.NextDiscriminator;
diff --git a/lib/Sema/TypeCheckStorage.cpp b/lib/Sema/TypeCheckStorage.cpp
@@ -3584,7 +3584,8 @@ bool SimpleDidSetRequest::evaluate(Evaluator &evaluator,
   // If we find a reference to the implicit 'oldValue' parameter, then it is
   // not a "simple" didSet because we need to fetch it.
   auto walker = OldValueFinder(param);
-  decl->getTypecheckedBody()->walk(walker);
+  if (auto *body = decl->getTypecheckedBody())
+    body->walk(walker);
   auto hasOldValueRef = walker.didFindOldValueRef();
   if (!hasOldValueRef) {
     // If the body does not refer to implicit 'oldValue', it means we can

Original file line number	Diff line number	Diff line change
`@@ -1595,7 +1595,8 @@ bool MissingOptionalUnwrapFailure::diagnoseAsError() {`
`1595`	`1595`	`AbstractFunctionDecl *AFD = nullptr;`
`1596`	`1596`	`if ((AFD = dyn_cast<AbstractFunctionDecl>(varDecl->getDeclContext()))) {`
`1597`	`1597`	`auto checker = VarDeclMultipleReferencesChecker(getDC(), varDecl);`
`1598`		`- AFD->getBody()->walk(checker);`
	`1598`	`+ if (auto *body = AFD->getBody())`
	`1599`	`+ body->walk(checker);`
`1599`	`1600`	`singleUse = checker.referencesCount() == 1;`
`1600`	`1601`	`}`
`1601`	`1602`
Original file line number	Diff line number	Diff line change
`@@ -3073,7 +3073,8 @@ bool ActorIsolationChecker::mayExecuteConcurrentlyWith(`
`3073`	`3073`
`3074`	`3074`	`void swift::checkTopLevelActorIsolation(TopLevelCodeDecl *decl) {`
`3075`	`3075`	`ActorIsolationChecker checker(decl);`
`3076`		`- decl->getBody()->walk(checker);`
	`3076`	`+ if (auto *body = decl->getBody())`
	`3077`	`+ body->walk(checker);`
`3077`	`3078`	`}`
`3078`	`3079`
`3079`	`3080`	`void swift::checkFunctionActorIsolation(AbstractFunctionDecl *decl) {`