Nigel
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix another static analyzer crash due to a corner case in "folding" symbolic values that are constrained to be a constant. 

llvm-svn: 84320
This commit is contained in:
Ted Kremenek 2009-10-17 07:39:35 +00:00
parent 8b2f5d3929
commit 1baf407fbc
2 changed files with 40 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
clang/lib/Analysis/SimpleSValuator.cpp
View File

@ -346,24 +346,29 @@ SVal SimpleSValuator::EvalBinOpNN(const GRState *state,
nonloc::SymbolVal *slhs = cast<nonloc::SymbolVal>(&lhs);
SymbolRef Sym = slhs->getSymbol();
// Does the symbol simplify to a constant?
// Does the symbol simplify to a constant? If so, "fold" the constant
// by setting 'lhs' to a ConcreteInt and try again.
if (Sym->getType(ValMgr.getContext())->isIntegerType())
if (const llvm::APSInt *Constant = state->getSymVal(Sym)) {
// For shifts, there is no need to perform any conversions
// of the constant.
if (BinaryOperator::isShiftOp(op)) {
lhs = nonloc::ConcreteInt(*Constant);
continue;
}
// The symbol evaluates to a constant. If necessary, promote the
// folded constant (LHS) to the result type.
BasicValueFactory &BVF = ValMgr.getBasicValueFactory();
const llvm::APSInt &lhs_I = BVF.Convert(resultTy, *Constant);
lhs = nonloc::ConcreteInt(lhs_I);
// Other cases: do an implicit conversion. This shouldn't be
// Also promote the RHS (if necessary).
// For shifts, it necessary promote the RHS to the result type.
if (BinaryOperator::isShiftOp(op))
continue;
// Other operators: do an implicit conversion. This shouldn't be
// necessary once we support truncation/extension of symbolic values.
if (nonloc::ConcreteInt *rhs_I = dyn_cast<nonloc::ConcreteInt>(&rhs)){
BasicValueFactory &BVF = ValMgr.getBasicValueFactory();
lhs = nonloc::ConcreteInt(BVF.Convert(rhs_I->getValue(),
*Constant));
continue;
rhs = nonloc::ConcreteInt(BVF.Convert(resultTy, rhs_I->getValue()));
}
continue;
}
if (isa<nonloc::ConcreteInt>(rhs)) {

32
clang/test/Analysis/misc-ps.m
View File

@ -681,21 +681,23 @@ void *rdar7152418_bar();
return 1;
}
//===----------------------------------------------------------------------===//
// Test constant-folding of symbolic values, automatically handling type
// conversions of the symbol as necessary. Previously this would crash
// once we started eagerly evaluating symbols whose values were constrained
// to a single value.
void test_constant_symbol(signed char x) {
// conversions of the symbol as necessary.
//===----------------------------------------------------------------------===//
// Previously this would crash once we started eagerly evaluating symbols whose
// values were constrained to a single value.
void test_symbol_fold_1(signed char x) {
while (1) {
if (x == ((signed char) 0)) {}
}
}
// Test constant-folding of symbolic values, where a folded symbolic value is used in a
// bitshift operation. This previously caused a crash because it triggered an assertion
// in APSInt.
void test_symbol_fold_with_shift(unsigned int * p, unsigned int n,
const unsigned int * grumpkin, unsigned int dn) {
// This previously caused a crash because it triggered an assertion in APSInt.
void test_symbol_fold_2(unsigned int * p, unsigned int n,
const unsigned int * grumpkin, unsigned int dn) {
unsigned int i;
unsigned int tempsub[8];
unsigned int *solgrumpkin = tempsub + n;
@ -704,3 +706,15 @@ void test_symbol_fold_with_shift(unsigned int * p, unsigned int n,
for (i <<= 5; i < (n << 5); i++) {}
}
// This previously caused a crash because it triggered an assertion in APSInt.
// 'x' would evaluate to a 8-bit constant (because of the return value of
// test_symbol_fold_3_aux()) which would not get properly promoted to an
// integer.
char test_symbol_fold_3_aux(void);
unsigned test_symbol_fold_3(void) {
unsigned x = test_symbol_fold_3_aux();
if (x == 54)
return (x << 8) | 0x5;
return 0;
}