[PATCH] D124658: [analyzer] Canonicalize SymIntExpr so the RHS is positive when possible
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri May 6 00:37:07 PDT 2022
steakhal reopened this revision.
steakhal added a comment.
This revision is now accepted and ready to land.
This patch triggers a crash with this minimized example.
assertion at L205: `"The result operation type must have at least the same number of bits as its operands."`
// build/bin/clang -cc1 -triple x86_64-unknown-linux-gnu -analyze -analyzer-checker=core,apiModeling repro.c
typedef long ssize_t;
ssize_t write(int, const void *, unsigned long);
int crash(int x, int fd) {
unsigned wres = write(fd, "a", 1);
if (wres) {}
int t1 = x - wres;
if (wres < 0) {}
return x + t1;
}
The debugger showed these values:
op: BO_Sub
resultTy: unsigned int
resultIntTy.isUnsigned(): true
Sym: reg<int x>
RHSValue: APInt(64b, 18446744073709551615u -1s)
resultIntTy.getBitWidth(): 32
RHS.getBitWidth(): 64
Please investigate this @tomasz-kaminski-sonarsource
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D124658/new/
https://reviews.llvm.org/D124658
More information about the cfe-commits
mailing list