[clang] fba6c88 - [analyzer] Fix wrong `builtin_*_overflow` return type (#111253)

via cfe-commits cfe-commits at lists.llvm.org
Sat Oct 5 08:21:35 PDT 2024 

Author: Pavel Skripkin
Date: 2024-10-05T17:21:31+02:00
New Revision: fba6c887c110a501b311f6b01721eaf3a5dd994e

URL: https://github.com/llvm/llvm-project/commit/fba6c887c110a501b311f6b01721eaf3a5dd994e
DIFF: https://github.com/llvm/llvm-project/commit/fba6c887c110a501b311f6b01721eaf3a5dd994e.diff

LOG: [analyzer] Fix wrong `builtin_*_overflow` return type (#111253)

`builtin_*_overflow` functions return `_Bool` according to [1].
`BuiltinFunctionChecker` was using `makeTruthVal` w/o specifying
explicit type, which creates an `int` value, since it's the type of any
compassion according to C standard.

Fix it by directly passing `BoolTy` to `makeTruthVal`

Closes: #111147

[1]
https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
    clang/test/Analysis/builtin_overflow.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
index 69d8e968283b37..4ab0c4c9ae7b70 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
@@ -183,6 +183,7 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
   ProgramStateRef State = C.getState();
   SValBuilder &SVB = C.getSValBuilder();
   const Expr *CE = Call.getOriginExpr();
+  auto BoolTy = C.getASTContext().BoolTy;
 
   SVal Arg1 = Call.getArgSVal(0);
   SVal Arg2 = Call.getArgSVal(1);
@@ -193,8 +194,8 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
 
   auto [Overflow, NotOverflow] = checkOverflow(C, RetValMax, ResultType);
   if (NotOverflow) {
-    ProgramStateRef StateNoOverflow =
-        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(false));
+    ProgramStateRef StateNoOverflow = State->BindExpr(
+        CE, C.getLocationContext(), SVB.makeTruthVal(false, BoolTy));
 
     if (auto L = Call.getArgSVal(2).getAs<Loc>()) {
       StateNoOverflow =
@@ -212,9 +213,9 @@ void BuiltinFunctionChecker::handleOverflowBuiltin(const CallEvent &Call,
   }
 
   if (Overflow) {
-    C.addTransition(
-        State->BindExpr(CE, C.getLocationContext(), SVB.makeTruthVal(true)),
-        createBuiltinOverflowNoteTag(C));
+    C.addTransition(State->BindExpr(CE, C.getLocationContext(),
+                                    SVB.makeTruthVal(true, BoolTy)),
+                    createBuiltinOverflowNoteTag(C));
   }
 }
 

diff  --git a/clang/test/Analysis/builtin_overflow.c b/clang/test/Analysis/builtin_overflow.c
index 5c61795661d095..9d98ce7a1af45c 100644
--- a/clang/test/Analysis/builtin_overflow.c
+++ b/clang/test/Analysis/builtin_overflow.c
@@ -1,5 +1,5 @@
 // RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \
-// RUN:   -analyzer-checker=core,debug.ExprInspection
+// RUN:   -analyzer-checker=core,debug.ExprInspection,alpha.core.BoolAssignment
 
 #define __UINT_MAX__ (__INT_MAX__ * 2U + 1U)
 #define __INT_MIN__  (-__INT_MAX__ - 1)
@@ -155,3 +155,12 @@ void test_uadd_overflow_contraints(unsigned a, unsigned b)
      return;
    }
 }
+
+void test_bool_assign(void)
+{
+    int res;
+
+    // Reproduce issue from GH#111147. __builtin_*_overflow funcions
+    // should return _Bool, but not int.
+    _Bool ret = __builtin_mul_overflow(10, 20, &res); // no crash
+}

More information about the cfe-commits mailing list