[PATCH] D104844: [Analyzer][solver] Fix crashes during symbol simplification
Gabor Marton via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Jun 24 03:06:52 PDT 2021
martong created this revision.
martong added reviewers: vsavchenko, steakhal.
Herald added subscribers: manas, ASDenysPetrov, gamesh411, dkrupp, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, xazax.hun, whisperity.
Herald added a reviewer: Szelethus.
martong requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
Consider the code
void f(int a0, int b0, int c)
{
int a1 = a0 - b0;
int b1 = (unsigned)a1 + c;
if (c == 0) {
int d = 7L / b1;
}
}
At the point of divisiion by `b1` that is considered to be non-zero,
which results in a new constraint for `$a0 - $b0 + $c`. The type
of this sym is unsigned, however, the simplified sym is `$a0 -
$b0` and its type is signed. This is probably the result of the
inherent improper handling of casts. Anyway, Range assignment
for constraints use this type information. Therefore, we must
make sure that first we simplify the symbol and only then we
assign the range.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D104844
Files:
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
clang/test/Analysis/solver-sym-simplification-no-crash.c
clang/test/Analysis/solver-sym-simplification-with-proper-range-type.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D104844.354186.patch
Type: text/x-patch
Size: 4079 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210624/53d32918/attachment.bin>
More information about the cfe-commits
mailing list