[clang] [clang][StaticAnalyzer] Fix crash in SimpleSValBuilder with unsigned __int128 and negative literals (PR #150225)
via cfe-commits
cfe-commits at lists.llvm.org
Mon Jul 28 04:39:10 PDT 2025
github-actions[bot] wrote:
<!--LLVM CODE FORMAT COMMENT: {clang-format}-->
:warning: C/C++ code formatter, clang-format found issues in your code. :warning:
<details>
<summary>
You can test this locally with the following command:
</summary>
``````````bash
git-clang-format --diff HEAD~1 HEAD --extensions cpp,c -- clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp clang/test/Analysis/builtin_overflow.c
``````````
</details>
<details>
<summary>
View the diff from clang-format here.
</summary>
``````````diff
diff --git a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
index e0001acdf..8afb3f340 100644
--- a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -254,13 +254,14 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op, const llvm::APSInt &V1,
if (V1.getBitWidth() >= 128 || V2.getBitWidth() >= 128) {
// If either operand is zero, result is zero
if (V1 == 0 || V2 == 0) {
- return getValue(llvm::APSInt(llvm::APInt::getZero(std::max(V1.getBitWidth(), V2.getBitWidth())),
+ return getValue(llvm::APSInt(llvm::APInt::getZero(std::max(
+ V1.getBitWidth(), V2.getBitWidth())),
V1.isUnsigned() && V2.isUnsigned()));
}
- // For __int128 types, be conservative to avoid crashes in APInt multiplication
- // This happens when multiplying unsigned __int128 with large values (like negative
- // numbers converted to unsigned)
+ // For __int128 types, be conservative to avoid crashes in APInt
+ // multiplication This happens when multiplying unsigned __int128 with
+ // large values (like negative numbers converted to unsigned)
return std::nullopt;
}
return getValue(V1 * V2);
diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index 29a711c81..60a8eed51 100644
--- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -223,17 +223,17 @@ SVal SimpleSValBuilder::MakeSymIntVal(const SymExpr *LHS,
} else {
APSIntType resultIntTy = BasicVals.getAPSIntType(resultTy);
if (isNegationValuePreserving(RHS, resultIntTy)) {
- // For large unsigned types, we need to be careful about the conversion
- // to avoid issues with very large intermediate values
- if (resultIntTy.isUnsigned() && resultIntTy.getBitWidth() > 64) {
- // For large unsigned types, convert the absolute value directly
- // instead of converting the negative value and then negating
- llvm::APSInt AbsRHS = RHS;
- AbsRHS.negate();
- ConvertedRHS = BasicVals.Convert(resultTy, AbsRHS);
- } else {
- ConvertedRHS = BasicVals.getValue(-resultIntTy.convert(RHS));
- }
+ // For large unsigned types, we need to be careful about the conversion
+ // to avoid issues with very large intermediate values
+ if (resultIntTy.isUnsigned() && resultIntTy.getBitWidth() > 64) {
+ // For large unsigned types, convert the absolute value directly
+ // instead of converting the negative value and then negating
+ llvm::APSInt AbsRHS = RHS;
+ AbsRHS.negate();
+ ConvertedRHS = BasicVals.Convert(resultTy, AbsRHS);
+ } else {
+ ConvertedRHS = BasicVals.getValue(-resultIntTy.convert(RHS));
+ }
op = (op == BO_Add) ? BO_Sub : BO_Add;
} else {
ConvertedRHS = BasicVals.Convert(resultTy, RHS);
``````````
</details>
https://github.com/llvm/llvm-project/pull/150225
More information about the cfe-commits
mailing list