[PATCH] D38214: [analyzer] Fix crash on modeling of pointer arithmetic

Alexander Shaposhnikov via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Sep 25 12:34:18 PDT 2017 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL314141: [analyzer] Fix crash on modeling of pointer arithmetic (authored by alexshap).

Changed prior to commit:
  https://reviews.llvm.org/D38214?vs=116455&id=116590#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D38214

Files:
  cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
  cfe/trunk/test/Analysis/ptr-arith.cpp


Index: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -726,9 +726,11 @@
     if (Optional<loc::ConcreteInt> rInt = rhs.getAs<loc::ConcreteInt>()) {
       // If one of the operands is a symbol and the other is a constant,
       // build an expression for use by the constraint manager.
-      if (SymbolRef lSym = lhs.getAsLocSymbol(true))
-        return MakeSymIntVal(lSym, op, rInt->getValue(), resultTy);
-
+      if (SymbolRef lSym = lhs.getAsLocSymbol(true)) {
+        if (BinaryOperator::isComparisonOp(op))
+          return MakeSymIntVal(lSym, op, rInt->getValue(), resultTy);
+        return UnknownVal();
+      }
       // Special case comparisons to NULL.
       // This must come after the test if the LHS is a symbol, which is used to
       // build constraints. The address of any non-symbolic region is guaranteed
Index: cfe/trunk/test/Analysis/ptr-arith.cpp
===================================================================
--- cfe/trunk/test/Analysis/ptr-arith.cpp
+++ cfe/trunk/test/Analysis/ptr-arith.cpp
@@ -111,3 +111,9 @@
   __UINTPTR_TYPE__ y = (__UINTPTR_TYPE__)p - 1;
   return y == x;
 }
+
+// Bug 34374
+bool integerAsPtrSubtractionNoCrash(char *p, __UINTPTR_TYPE__ m) {
+  auto n = p - reinterpret_cast<char*>((__UINTPTR_TYPE__)1);
+  return n == m;
+}


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D38214.116590.patch
Type: text/x-patch
Size: 1488 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170925/7c065c16/attachment.bin>

More information about the cfe-commits mailing list