[clang] [analyzer] Fix zext assertion failure in loop unrolling (PR #121203)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Dec 27 06:55:07 PST 2024
shenjunjiekoda wrote:
> Contributor
The crash occurred due to a failed assertion in the `zext` method of APInt. The `zext` function requires the following condition to be met:
```cpp
// Zero extend to a new width.
APInt APInt::zext(unsigned width) const {
assert(width >= BitWidth && "Invalid APInt ZeroExtend request");
// ...
}
```
However, the original logic in `clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp` used an inequality check (!=) to determine if the widths were mismatched. This could lead to a scenario where one of the `zext `calls in the if block triggers the assertion failure internally:
```cpp
static bool shouldCompletelyUnroll(const Stmt *LoopStmt, ASTContext &ASTCtx,
ExplodedNode *Pred, unsigned &maxStep) {
// ...
if (InitNum.getBitWidth() != BoundNum.getBitWidth()) {
InitNum = InitNum.zext(BoundNum.getBitWidth());
BoundNum = BoundNum.zext(InitNum.getBitWidth());
}
```
For the test case, I used the `cvise` tool to simplify `the test/std-test.cc` file from the `libfmt` repo while ensuring it remained free of compilation errors. This test case appears to be the minimal version that `cvise` could produce.
https://github.com/llvm/llvm-project/pull/121203
More information about the cfe-commits
mailing list