[cfe-commits] r84269 - in /cfe/trunk: lib/Analysis/SimpleSValuator.cpp test/Analysis/misc-ps.m
Ted Kremenek
kremenek at apple.com
Fri Oct 16 13:46:24 PDT 2009
Author: kremenek
Date: Fri Oct 16 15:46:24 2009
New Revision: 84269
URL: http://llvm.org/viewvc/llvm-project?rev=84269&view=rev
Log:
Fix static analyzer crash due to recently add symbolic-value constant folding. The issue was falsely
converting the constant value of the LHS of a '<<'/'>>' operation to the same APSInt value of the
RHS.
Modified:
cfe/trunk/lib/Analysis/SimpleSValuator.cpp
cfe/trunk/test/Analysis/misc-ps.m
Modified: cfe/trunk/lib/Analysis/SimpleSValuator.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SimpleSValuator.cpp?rev=84269&r1=84268&r2=84269&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/SimpleSValuator.cpp (original)
+++ cfe/trunk/lib/Analysis/SimpleSValuator.cpp Fri Oct 16 15:46:24 2009
@@ -349,7 +349,15 @@
// Does the symbol simplify to a constant?
if (Sym->getType(ValMgr.getContext())->isIntegerType())
if (const llvm::APSInt *Constant = state->getSymVal(Sym)) {
- // What should we convert it to?
+ // For shifts, there is no need to perform any conversions
+ // of the constant.
+ if (BinaryOperator::isShiftOp(op)) {
+ lhs = nonloc::ConcreteInt(*Constant);
+ continue;
+ }
+
+ // Other cases: do an implicit conversion. This shouldn't be
+ // necessary once we support truncation/extension of symbolic values.
if (nonloc::ConcreteInt *rhs_I = dyn_cast<nonloc::ConcreteInt>(&rhs)){
BasicValueFactory &BVF = ValMgr.getBasicValueFactory();
lhs = nonloc::ConcreteInt(BVF.Convert(rhs_I->getValue(),
Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=84269&r1=84268&r2=84269&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Fri Oct 16 15:46:24 2009
@@ -691,4 +691,16 @@
}
}
+// Test constant-folding of symbolic values, where a folded symbolic value is used in a
+// bitshift operation. This previously caused a crash because it triggered an assertion
+// in APSInt.
+void test_symbol_fold_with_shift(unsigned int * p, unsigned int n,
+ const unsigned int * grumpkin, unsigned int dn) {
+ unsigned int i;
+ unsigned int tempsub[8];
+ unsigned int *solgrumpkin = tempsub + n;
+ for (i = 0; i < n; i++)
+ solgrumpkin[i] = (i < dn) ? ~grumpkin[i] : 0xFFFFFFFF;
+ for (i <<= 5; i < (n << 5); i++) {}
+}
More information about the cfe-commits
mailing list