[clang] dd01633 - [analyzer] Fix crash in BasicValueFactory.cpp with __int128_t integers (#67212)

via cfe-commits cfe-commits at lists.llvm.org
Mon Oct 2 07:54:27 PDT 2023 

Author: vabridgers
Date: 2023-10-02T09:54:22-05:00
New Revision: dd01633c8160e54cc1bc379498cbade646375813

URL: https://github.com/llvm/llvm-project/commit/dd01633c8160e54cc1bc379498cbade646375813
DIFF: https://github.com/llvm/llvm-project/commit/dd01633c8160e54cc1bc379498cbade646375813.diff

LOG: [analyzer] Fix crash in BasicValueFactory.cpp with __int128_t integers (#67212)

This change avoids a crash in BasicValueFactory by checking the bit
width of an APSInt to avoid calling getZExtValue if greater than
64-bits. This was caught by our internal, randomized test generator.

Clang invocation
clang -cc1 -analyzer-checker=optin.portability.UnixAPI case.c

<src-root>/llvm/include/llvm/ADT/APInt.h:1488:
uint64_t llvm::APInt::getZExtValue() const: Assertion `getActiveBits()
<= 64
  && "Too many bits for uint64_t"' failed.
...

 #9 <address> llvm::APInt::getZExtValue() const
     <src-root>/llvm/include/llvm/ADT/APInt.h:1488:5
clang::BinaryOperatorKind, llvm::APSInt const&, llvm::APSInt const&)
<src-root>/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp:307:37
     llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::NonLoc, clang::ento::NonLoc,
     clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:531:31
     llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
     clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
     clang::QualType)
     <src-root>/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:532:26
...

Added: 
    clang/test/Analysis/int128-nocrash.c

Modified: 
    clang/docs/ReleaseNotes.rst
    clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp

Removed: 
    


################################################################################
diff  --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 53be34961fd15a5..5c70d5690a5d3f1 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -538,6 +538,14 @@ Static Analyzer
   Read the PR for the details.
   (`#66086 <https://github.com/llvm/llvm-project/pull/66086>`_)
 
+- A few crashes have been found and fixed using randomized testing related
+  to the use of ``_BitInt()`` in tidy checks and in clang analysis. See
+ `#67212 <https://github.com/llvm/llvm-project/pull/67212>`_,
+ `#66782 <https://github.com/llvm/llvm-project/pull/66782>`_,
+ `#65889 <https://github.com/llvm/llvm-project/pull/65889>`_,
+ `#65888 <https://github.com/llvm/llvm-project/pull/65888>`_, and
+ `#65887 <https://github.com/llvm/llvm-project/pull/65887>`_
+
 .. _release-notes-sanitizers:
 
 Sanitizers

diff  --git a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
index e8d74b40c6fd846..5c10e757244d7fb 100644
--- a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -272,7 +272,7 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
       // FIXME: This logic should probably go higher up, where we can
       // test these conditions symbolically.
 
-      if (V2.isSigned() && V2.isNegative())
+      if (V2.isNegative() || V2.getBitWidth() > 64)
         return nullptr;
 
       uint64_t Amt = V2.getZExtValue();
@@ -287,7 +287,7 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
       // FIXME: This logic should probably go higher up, where we can
       // test these conditions symbolically.
 
-      if (V2.isSigned() && V2.isNegative())
+      if (V2.isNegative() || V2.getBitWidth() > 64)
         return nullptr;
 
       uint64_t Amt = V2.getZExtValue();

diff  --git a/clang/test/Analysis/int128-nocrash.c b/clang/test/Analysis/int128-nocrash.c
new file mode 100644
index 000000000000000..457254ce50caf03
--- /dev/null
+++ b/clang/test/Analysis/int128-nocrash.c
@@ -0,0 +1,15 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.portability.UnixAPI \
+// RUN:    -triple x86_64-pc-linux-gnu -x c %s
+
+// Don't crash!
+// expected-no-diagnostics
+const __int128_t a = ( (__int128_t)1 << 64 );
+const _BitInt(72) b = ( 1 << 72 );
+
+void int128() {
+  2 >> a;
+}
+
+void withbitint() {
+  2 >> b;
+}

More information about the cfe-commits mailing list