[cfe-commits] r101499 - in /cfe/trunk: lib/Checker/SimpleSValuator.cpp test/Analysis/misc-ps-region-store.m

Ted Kremenek kremenek at apple.com
Fri Apr 16 10:54:33 PDT 2010 

Author: kremenek
Date: Fri Apr 16 12:54:33 2010
New Revision: 101499

URL: http://llvm.org/viewvc/llvm-project?rev=101499&view=rev
Log:
Static analyzer: Don't crash when casting a symbolic region address to a float.  Fixes PR 6854.

Modified:
    cfe/trunk/lib/Checker/SimpleSValuator.cpp
    cfe/trunk/test/Analysis/misc-ps-region-store.m

Modified: cfe/trunk/lib/Checker/SimpleSValuator.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/SimpleSValuator.cpp?rev=101499&r1=101498&r2=101499&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/SimpleSValuator.cpp (original)
+++ cfe/trunk/lib/Checker/SimpleSValuator.cpp Fri Apr 16 12:54:33 2010
@@ -113,16 +113,22 @@
   if (castTy->isUnionType())
     return UnknownVal();
 
-  assert(castTy->isIntegerType());
-  unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy);
+  if (castTy->isIntegerType()) {
+    unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy);
 
-  if (!isa<loc::ConcreteInt>(val))
-    return ValMgr.makeLocAsInteger(val, BitWidth);
+    if (!isa<loc::ConcreteInt>(val))
+      return ValMgr.makeLocAsInteger(val, BitWidth);
 
-  llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue();
-  i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy));
-  i.extOrTrunc(BitWidth);
-  return ValMgr.makeIntVal(i);
+    llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue();
+    i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy));
+    i.extOrTrunc(BitWidth);
+    return ValMgr.makeIntVal(i);
+  }
+
+  // All other cases: return 'UnknownVal'.  This includes casting pointers
+  // to floats, which is probably badness it itself, but this is a good
+  // intermediate solution until we do something better.
+  return UnknownVal();
 }
 
 //===----------------------------------------------------------------------===//

Modified: cfe/trunk/test/Analysis/misc-ps-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.m?rev=101499&r1=101498&r2=101499&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.m (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.m Fri Apr 16 12:54:33 2010
@@ -1004,3 +1004,13 @@
   }
 }
 
+// PR 6854 - crash when casting symbolic memory address to a float
+// Handle casting from a symbolic region to a 'float'.  This isn't
+// really all that intelligent, but previously this caused a crash
+// in SimpleSValuator.
+void pr6854(void * arg) {
+  void * a = arg;
+  *(void**)a = arg;
+  float f = *(float*) a;
+}
+

More information about the cfe-commits mailing list