[clang] [analyzer] Fix wrong `builtin_*_overflow` return type (PR #111253)

Pavel Skripkin via cfe-commits cfe-commits at lists.llvm.org
Sat Oct 5 06:06:11 PDT 2024 

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111253

>From 4f5fc3e12747064b35c490e510c63702afc8a800 Mon Sep 17 00:00:00 2001
From: Pavel Skripkin <paskripkin at gmail.com>
Date: Sat, 5 Oct 2024 15:58:15 +0300
Subject: [PATCH 1/2] clang/csa: fix wrong __builtin_*_overflow return type

---
 .../Checkers/BuiltinFunctionChecker.cpp               |  5 +++--
 clang/test/Analysis/builtin_overflow.c                | 11 ++++++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
index 69d8e968283b37..d49f01898e2241 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
@@ -183,6 +183,7 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
   ProgramStateRef State = C.getState();
   SValBuilder &SVB = C.getSValBuilder();
   const Expr *CE = Call.getOriginExpr();
+  auto BoolTy = C.getASTContext().BoolTy;
 
   SVal Arg1 = Call.getArgSVal(0);
   SVal Arg2 = Call.getArgSVal(1);
@@ -194,7 +195,7 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
   auto [Overflow, NotOverflow] = checkOverflow(C, RetValMax, ResultType);
   if (NotOverflow) {
     ProgramStateRef StateNoOverflow =
-        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(false));
+        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(false, BoolTy));
 
     if (auto L = Call.getArgSVal(2).getAs<Loc>()) {
       StateNoOverflow =
@@ -213,7 +214,7 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
 
   if (Overflow) {
     C.addTransition(
-        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(true)),
+        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(true, BoolTy)),
         createBuiltinOverflowNoteTag(C));
   }
 }
diff --git a/clang/test/Analysis/builtin_overflow.c b/clang/test/Analysis/builtin_overflow.c
index 5c61795661d095..9d98ce7a1af45c 100644
--- a/clang/test/Analysis/builtin_overflow.c
+++ b/clang/test/Analysis/builtin_overflow.c
@@ -1,5 +1,5 @@
 // RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \
-// RUN:   -analyzer-checker=core,debug.ExprInspection
+// RUN:   -analyzer-checker=core,debug.ExprInspection,alpha.core.BoolAssignment
 
 #define __UINT_MAX__ (__INT_MAX__ * 2U + 1U)
 #define __INT_MIN__  (-__INT_MAX__ - 1)
@@ -155,3 +155,12 @@ void test_uadd_overflow_contraints(unsigned a, unsigned b)
      return;
    }
 }
+
+void test_bool_assign(void)
+{
+    int res;
+
+    // Reproduce issue from GH#111147. __builtin_*_overflow funcions
+    // should return _Bool, but not int.
+    _Bool ret = __builtin_mul_overflow(10, 20, &res); // no crash
+}

>From dcfd42f8c30c1000e13c636df58ae9b2d2b2a9b4 Mon Sep 17 00:00:00 2001
From: Pavel Skripkin <paskripkin at gmail.com>
Date: Sat, 5 Oct 2024 16:05:58 +0300
Subject: [PATCH 2/2] fix formatting

---
 .../StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
index d49f01898e2241..4ab0c4c9ae7b70 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
@@ -194,8 +194,8 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
 
   auto [Overflow, NotOverflow] = checkOverflow(C, RetValMax, ResultType);
   if (NotOverflow) {
-    ProgramStateRef StateNoOverflow =
-        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(false, BoolTy));
+    ProgramStateRef StateNoOverflow = State->BindExpr(
+        CE, C.getLocationContext(), SVB.makeTruthVal(false, BoolTy));
 
     if (auto L = Call.getArgSVal(2).getAs<Loc>()) {
       StateNoOverflow =
@@ -213,9 +213,9 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
   }
 
   if (Overflow) {
-    C.addTransition(
-        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(true, BoolTy)),
-        createBuiltinOverflowNoteTag(C));
+    C.addTransition(State->BindExpr(CE, C.getLocationContext(),
+                                    SVB.makeTruthVal(true, BoolTy)),
+                    createBuiltinOverflowNoteTag(C));
   }
 }

More information about the cfe-commits mailing list