<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
The code definitely does look like it's missing some useful
assertions, but i'm also wondering how come that we have to do
something during symbolic execution that doesn't ever happen during
"concrete" execution. That's usually a good indication that we're
doing something wrong - not even in SMT API but above it, in the
code that calls it.<br>
<br>
<div class="moz-cite-prefix">On 6/28/19 7:43 AM, Mikhail Ramalho via
cfe-dev wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAORA-9ZBdnOvBjW4-hWmem8toTg40zryXaFwudsiVmKWz7T8Tg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hello everyone,
<div><br>
</div>
<div>As part of the SMT encoding of constraints done in the CSA,
we are triggering a segfault when trying to get the integer
type order between an enumType and an integer.</div>
<div><br>
</div>
<div>The code from ASTContext.cpp, starting in line 5814:</div>
<div><br>
</div>
<div>static const Type *getIntegerTypeForEnum(const EnumType
*ET) {<br>
// Incomplete enum types are not treated as integer types.<br>
// FIXME: In C++, enum types are never integer types.<br>
if (ET->getDecl()->isComplete() &&
!ET->getDecl()->isScoped())<br>
return ET->getDecl()->getIntegerType().getTypePtr();<br>
<b> return nullptr; // [1]</b><br>
}<br>
<br>
/// getIntegerTypeOrder - Returns the highest ranked integer
type:<br>
/// C99 6.3.1.8p1. If LHS > RHS, return 1. If LHS == RHS,
return 0. If<br>
/// LHS < RHS, return -1.<br>
int ASTContext::getIntegerTypeOrder(QualType LHS, QualType
RHS) const {<br>
const Type *LHSC = getCanonicalType(LHS).getTypePtr();<br>
const Type *RHSC = getCanonicalType(RHS).getTypePtr();<br>
<br>
// Unwrap enums to their underlying type.<br>
<b> if (const auto *ET = dyn_cast<EnumType>(LHSC))<br>
LHSC = getIntegerTypeForEnum(ET); </b><b>// [0]</b><br>
if (const auto *ET = dyn_cast<EnumType>(RHSC))<br>
RHSC = getIntegerTypeForEnum(ET);<br>
<br>
if (LHSC == RHSC) return 0;<br>
<br>
<b> bool LHSUnsigned = LHSC->isUnsignedIntegerType(); </b><b>//
[2]</b><br>
bool RHSUnsigned = RHSC->isUnsignedIntegerType();<br
clear="all">
<div><br>
</div>
<div>The problem happens when LHS (or RHS) is a C++11 enum:
getIntegerTypeForEnum [0] is called but returns a nullptr
[1], and later we try to call a method from the nullptr [2].</div>
<div><br>
</div>
<div>~</div>
<div><br>
</div>
<div>Any suggestion of how we can fix/work around it? It
doesn't seem to affect Sema in any way, but the code seems
rather fragile...</div>
<div><br>
</div>
<div>I hacked around it by doing:</div>
<div>- return nullptr;<br>
+ return
ET->getDecl()->getPromotionType().getTypePtr();<br>
</div>
<div><br>
</div>
<div>But it does not seem right, there is even a comment there
that reads:</div>
<div>// FIXME: In C++, enum types are never integer types.<br>
</div>
<div><br>
</div>
<div>Thank you,</div>
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div><br>
</div>
<div>Mikhail Ramalho.</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>