[all-commits] [llvm/llvm-project] 98d550: Fix assertion failure "PathDiagnosticSpotPiece's m...

Balazs Benics via All-commits all-commits at lists.llvm.org
Thu Jan 26 08:36:37 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 98d55095d85129c2776a9d7a227c5f88e3ce2e01
      https://github.com/llvm/llvm-project/commit/98d55095d85129c2776a9d7a227c5f88e3ce2e01
  Author: Arseniy Zaostrovnykh <arseniy.zaostrovnykh at sonarsource.com>
  Date:   2023-01-26 (Thu, 26 Jan 2023)

  Changed paths:
    M clang/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
    M clang/test/Analysis/return-ptr-range.cpp

  Log Message:
  -----------
  Fix assertion failure "PathDiagnosticSpotPiece's must have a valid location." in ReturnPtrRange checker on builtin functions

Builtin functions (such as `std::move`, `std::forward`, `std::as_const`)
have a body generated during the analysis not related to any source file
so their statements have no valid source locations.
`ReturnPtrRange` checker should not report issues for these builtin
functions because they only forward its parameter and do not create any
new pointers.

Fixes #55347

Patch by Arseniy Zaostrovnykh.

Reviewed By: NoQ

Differential Revision: https://reviews.llvm.org/D138713


  Commit: 3674421c4bc0cd3b65b8f1feaaf7038ac2d47ca8
      https://github.com/llvm/llvm-project/commit/3674421c4bc0cd3b65b8f1feaaf7038ac2d47ca8
  Author: Tomasz Kamiński <tomasz.kamiński at sonarsource.com>
  Date:   2023-01-26 (Thu, 26 Jan 2023)

  Changed paths:
    M clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConv.h
    M clang/test/Analysis/z3-crosscheck.c

  Log Message:
  -----------
  [analyzer] Fix assertion failure in SMT conversion for unary operator on floats

In the handling of the Symbols from the RangExpr, the code assumed that
the operands of the unary operators need to have integral type.
However, the CSA can create SymExpr with a floating point operand, when
the integer value is cast into it, like `(float)h == (float)l` where
both of `h` and `l` are integers.

This patch handles such situations, by using `fromFloatUnOp()` instead
of `fromUnOp()`, when the operand have a floating point type.

I have investigated all other calls of `fromUnOp()`, and for one in:

 - `getZeroExpr()` is applied only on boolean types, so it correct
 - `fromBinOp()` is not invoked for floating points
 - `fromFloatUnOp()` I am uncertain about this case and I was not able
   to produce a test that would reach this point, as a negation of
   floating points numbers seem to produce `Unknown` symbols.

This issue exists since the introduction of `UnarySymExpr` in D125318
and their handling for Z3 in D125547.

Patch by Tomasz Kamiński.

Reviewed By: mikhail.ramalho

Differential Revision: https://reviews.llvm.org/D140891


Compare: https://github.com/llvm/llvm-project/compare/d4f4b2fe21dd...3674421c4bc0

More information about the All-commits mailing list