[cfe-commits] r156051 - in /cfe/trunk: lib/StaticAnalyzer/Core/SValBuilder.cpp lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp test/Analysis/taint-generic.c

Anna Zaks ganna at apple.com
Wed May 2 19:13:54 PDT 2012 

Author: zaks
Date: Wed May  2 21:13:53 2012
New Revision: 156051

URL: http://llvm.org/viewvc/llvm-project?rev=156051&view=rev
Log:
[analyzer] Do not assert on constructing SymSymExpr with diff types.

The resulting type info is stored in the SymSymExpr, so no reason not to
support construction of expression with different subexpression types.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp
    cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
    cfe/trunk/test/Analysis/taint-generic.c

Modified: cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp?rev=156051&r1=156050&r2=156051&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp Wed May  2 21:13:53 2012
@@ -61,7 +61,6 @@
 NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
                                const SymExpr *rhs, QualType type) {
   assert(lhs && rhs);
-  assert(haveSameType(lhs->getType(Context), rhs->getType(Context)) == true);
   assert(!Loc::isLocType(type));
   return nonloc::SymbolVal(SymMgr.getSymSymExpr(lhs, op, rhs, type));
 }

Modified: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp?rev=156051&r1=156050&r2=156051&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp Wed May  2 21:13:53 2012
@@ -280,6 +280,9 @@
                                   BinaryOperator::Opcode op,
                                   NonLoc lhs, NonLoc rhs,
                                   QualType resultTy)  {
+  NonLoc InputLHS = lhs;
+  NonLoc InputRHS = rhs;
+
   // Handle trivial case where left-side and right-side are the same.
   if (lhs == rhs)
     switch (op) {
@@ -327,7 +330,7 @@
               return makeTruthVal(true, resultTy);
             default:
               // This case also handles pointer arithmetic.
-              return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+              return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
           }
       }
     }
@@ -389,9 +392,9 @@
             if (lhsValue == 0)
               // At this point lhs and rhs have been swapped.
               return rhs;
-            return makeSymExprValNN(state, op, rhs, lhs, resultTy);
+            return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
           default:
-            return makeSymExprValNN(state, op, rhs, lhs, resultTy);
+            return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
         }
       }
     }
@@ -406,7 +409,7 @@
             dyn_cast<SymIntExpr>(selhs->getSymbol());
 
         if (!symIntExpr)
-          return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+          return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
 
         // Is this a logical not? (!x is represented as x == 0.)
         if (op == BO_EQ && rhs.isZeroConstant()) {
@@ -454,7 +457,7 @@
         // For now, only handle expressions whose RHS is a constant.
         const nonloc::ConcreteInt *rhsInt = dyn_cast<nonloc::ConcreteInt>(&rhs);
         if (!rhsInt)
-          return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+          return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
 
         // If both the LHS and the current expression are additive,
         // fold their constants.
@@ -539,7 +542,7 @@
               resultTy);
         }
 
-        return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+        return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
       }
     }
     }

Modified: cfe/trunk/test/Analysis/taint-generic.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/taint-generic.c?rev=156051&r1=156050&r2=156051&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/taint-generic.c (original)
+++ cfe/trunk/test/Analysis/taint-generic.c Wed May  2 21:13:53 2012
@@ -203,3 +203,12 @@
   }
   return 5/a; // expected-warning {{Division by a tainted value, possibly zero}}
 }
+
+// Check that we do not assert of the following code.
+int SymSymExprWithDiffTypes(void* p) {
+  int i;
+  scanf("%d", &i);
+  int j = (i % (int)(long)p);
+  return 5/j; // expected-warning {{Division by a tainted value, possibly zero}}
+}
+

More information about the cfe-commits mailing list