[PATCH] D105974: [analyzer] Do not assume that all pointers have the same bitwidth as void*
Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Jul 16 01:23:20 PDT 2021
This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.
Closed by commit rG918bda124120: [analyzer] Do not assume that all pointers have the same bitwidth as void* (authored by vabridgers, committed by einvbri <vince.a.bridgers at ericsson.com>).
Changed prior to commit:
https://reviews.llvm.org/D105974?vs=359163&id=359246#toc
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D105974/new/
https://reviews.llvm.org/D105974
Files:
clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
clang/test/Analysis/solver-sym-simplification-ptr-bool.cl
Index: clang/test/Analysis/solver-sym-simplification-ptr-bool.cl
===================================================================
--- /dev/null
+++ clang/test/Analysis/solver-sym-simplification-ptr-bool.cl
@@ -0,0 +1,30 @@
+// RUN: %clang_analyze_cc1 -triple amdgcn-unknown-unknown -analyze -analyzer-checker=core %s
+
+// expected-no-diagnostics
+
+// This test case covers an issue found in the static analyzer
+// solver where pointer sizes were assumed. Pointer sizes may vary on other
+// architectures. This issue was originally discovered on a downstream,
+// custom target, this assert occurs on the custom target and this one
+// without the fix, and is fixed with this change.
+//
+// The assertion appears to be happening as a result of evaluating the
+// SymIntExpr (reg_$0<int * p>) != 0U in VisitSymIntExpr located in
+// SimpleSValBuilder.cpp. The LHS is evaluated to 32b and the RHS is
+// evaluated to 16b. This eventually leads to the assertion in APInt.h.
+//
+// APInt.h:1151: bool llvm::APInt::operator==(const llvm::APInt &) const: Assertion `BitWidth == RHS.BitWidth && "Comparison requires equal bit widths"'
+//
+void test1(__attribute__((address_space(256))) int * p) {
+ __attribute__((address_space(256))) int * q = p-1;
+ if (q) {}
+ if (q) {}
+ (void)q;
+}
+
+void test2(__attribute__((address_space(256))) int * p) {
+ __attribute__((address_space(256))) int * q = p-1;
+ q && q;
+ q && q;
+ (void)q;
+}
Index: clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -712,9 +712,23 @@
// symbols to use, only content metadata.
return nonloc::SymbolVal(SymMgr.getExtentSymbol(FTR));
- if (const SymbolicRegion *SymR = R->getSymbolicBase())
- return makeNonLoc(SymR->getSymbol(), BO_NE,
- BasicVals.getZeroWithPtrWidth(), CastTy);
+ if (const SymbolicRegion *SymR = R->getSymbolicBase()) {
+ SymbolRef Sym = SymR->getSymbol();
+ QualType Ty = Sym->getType();
+ // This change is needed for architectures with varying
+ // pointer widths. See the amdgcn opencl reproducer with
+ // this change as an example: solver-sym-simplification-ptr-bool.cl
+ // FIXME: We could encounter a reference here,
+ // try returning a concrete 'true' since it might
+ // be easier on the solver.
+ // FIXME: Cleanup remainder of `getZeroWithPtrWidth ()`
+ // and `getIntWithPtrWidth()` functions to prevent future
+ // confusion
+ const llvm::APSInt &Zero = Ty->isReferenceType()
+ ? BasicVals.getZeroWithPtrWidth()
+ : BasicVals.getZeroWithTypeSize(Ty);
+ return makeNonLoc(Sym, BO_NE, Zero, CastTy);
+ }
// Non-symbolic memory regions are always true.
return makeTruthVal(true, CastTy);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D105974.359246.patch
Type: text/x-patch
Size: 3017 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210716/d42446c5/attachment.bin>
More information about the cfe-commits
mailing list