[PATCH] D51252: [analyzer] Resolve the crash in ReturnUndefChecker
George Karpenkov via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 29 13:31:55 PDT 2018
This revision was automatically updated to reflect the committed changes.
Closed by commit rL340965: [analyzer] Resolve the crash in ReturnUndefChecker (authored by george.karpenkov, committed by ).
Herald added a subscriber: llvm-commits.
Changed prior to commit:
https://reviews.llvm.org/D51252?vs=162536&id=163181#toc
Repository:
rL LLVM
https://reviews.llvm.org/D51252
Files:
cfe/trunk/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
cfe/trunk/test/Analysis/casts.c
Index: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -1201,6 +1201,7 @@
const llvm::APSInt *SimpleSValBuilder::getKnownValue(ProgramStateRef state,
SVal V) {
+ V = simplifySVal(state, V);
if (V.isUnknownOrUndef())
return nullptr;
Index: cfe/trunk/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
@@ -69,6 +69,7 @@
ProgramStateRef State = C.getState();
const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS()));
const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS()));
+ assert(LHS && RHS && "Values unknown, inconsistent state");
return (unsigned)RHS->getZExtValue() > LHS->countLeadingZeros();
}
Index: cfe/trunk/test/Analysis/casts.c
===================================================================
--- cfe/trunk/test/Analysis/casts.c
+++ cfe/trunk/test/Analysis/casts.c
@@ -1,5 +1,6 @@
-// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-config eagerly-assume=false -verify %s
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-config eagerly-assume=false -verify %s
+// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -DEAGERLY_ASSUME=1 -w %s
extern void clang_analyzer_eval(_Bool);
@@ -16,6 +17,8 @@
void getsockname();
+#ifndef EAGERLY_ASSUME
+
void f(int sock) {
struct sockaddr_storage storage;
struct sockaddr* sockaddr = (struct sockaddr*)&storage; // expected-warning{{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
@@ -188,3 +191,21 @@
case sizeof(char):; // no-crash
}
}
+
+#endif
+
+#ifdef EAGERLY_ASSUME
+
+// expected-no-diagnostics
+
+int globalA; // TODO: the example is not representative.
+extern int globalFunc();
+void no_crash_on_symsym_cast_to_long() {
+ char c = globalFunc() - 5;
+ c == 0;
+ globalA -= c;
+ globalA == 3;
+ (long)globalA << 48; // no-crash
+}
+
+#endif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D51252.163181.patch
Type: text/x-patch
Size: 2904 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180829/921926df/attachment.bin>
More information about the cfe-commits
mailing list