[PATCH] D37120: [analyzer] Fix modeling arithmetic

Alexander Shaposhnikov via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Aug 28 14:16:37 PDT 2017 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL311935: [analyzer] Fix crash in modeling arithmetic (authored by alexshap).

Changed prior to commit:
  https://reviews.llvm.org/D37120?vs=112784&id=112967#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D37120

Files:
  cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
  cfe/trunk/test/Analysis/ptr-arith.cpp


Index: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -360,10 +360,18 @@
       Loc lhsL = lhs.castAs<nonloc::LocAsInteger>().getLoc();
       switch (rhs.getSubKind()) {
         case nonloc::LocAsIntegerKind:
+          // FIXME: at the moment the implementation 
+          // of modeling "pointers as integers" is not complete.
+          if (!BinaryOperator::isComparisonOp(op))
+            return UnknownVal();     
           return evalBinOpLL(state, op, lhsL,
                              rhs.castAs<nonloc::LocAsInteger>().getLoc(),
                              resultTy);
         case nonloc::ConcreteIntKind: {
+          // FIXME: at the moment the implementation 
+          // of modeling "pointers as integers" is not complete.
+          if (!BinaryOperator::isComparisonOp(op))
+            return UnknownVal();
           // Transform the integer into a location and compare.
           // FIXME: This only makes sense for comparisons. If we want to, say,
           // add 1 to a LocAsInteger, we'd better unpack the Loc and add to it,
Index: cfe/trunk/test/Analysis/ptr-arith.cpp
===================================================================
--- cfe/trunk/test/Analysis/ptr-arith.cpp
+++ cfe/trunk/test/Analysis/ptr-arith.cpp
@@ -105,3 +105,9 @@
     return 0;
   return N;
 }
+
+// Bug 34309
+bool ptrAsIntegerSubtractionNoCrash(long x, char *p) {
+  long y = (long)p - 1;
+  return y == x;
+}


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D37120.112967.patch
Type: text/x-patch
Size: 1626 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170828/9f23fa96/attachment.bin>

More information about the cfe-commits mailing list