[LLVMbugs] [Bug 2654] New: Expr:: isIntegerConstantExpr has incorrect behavior for pointer -> pointer casts

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Fri Aug 8 16:26:43 PDT 2008 

http://llvm.org/bugs/show_bug.cgi?id=2654

           Summary: Expr::isIntegerConstantExpr has incorrect behavior for
                    pointer -> pointer casts
           Product: clang
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: AST
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: kremenek at apple.com
                CC: llvmbugs at cs.uiuc.edu


clang -warn-dead-stores (which calls Expr::isIntegerConstantExpr()) triggers an
assertion on the following code (reduced from sqlite3):

typedef struct Token {
  const unsigned char *z;
} Token;

typedef struct Expr {
  Token token;
} Expr;

void f(Expr *pExpr) {
  char *zVal = 0;
  zVal = (char*)pExpr->token.z + 2;  
}

Assertion failed: (IsUnsigned == RHS.IsUnsigned && "Signedness mismatch!"),
function operator+=, file
/Volumes/Data/Users/kremenek/llvm/include/llvm/ADT/APSInt.h, line 159.
0   clang                               0x002e385d
_ZN4llvm3sys20SetInterruptFunctionEPFvvE + 87
1   clang                               0x002e39c9
_ZN4llvm3sys20SetInterruptFunctionEPFvvE + 451
2   libSystem.B.dylib                   0x95e3709b _sigtramp + 43
3   ???                                 0xffffffff 0x0 + 4294967295
4   libSystem.B.dylib                   0x95eafec2 raise + 26
5   libSystem.B.dylib                   0x95ebf47f abort + 73
6   libSystem.B.dylib                   0x95eb1063 __assert_rtn + 101
7   clang                               0x001742b3 _ZN4llvm6APSIntpLERKS0_ + 87
8   clang                               0x0016f44a
_ZNK5clang4Expr21isIntegerConstantExprERN4llvm6APSIntERNS_10ASTContextEPNS_14SourceLocationEb
+ 3746
9   clang                               0x000b04dc
_ZN4llvm18FoldingSetIteratorINS_21FoldingSetNodeWrapperISt6vectorISt4pairIjN12_GLOBAL__N_19ArgEffectEESaIS6_EEEEEppEv
+ 1960
10  clang                               0x000d7f86
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 6290
11  clang                               0x000d80e8
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 6644
12  clang                               0x000d8101
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 6669
13  clang                               0x000d826c
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 7032
14  clang                               0x000d82a6
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 7090
15  clang                               0x000d8de0
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 9964
16  clang                               0x000d8ea8
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 10164
17  clang                               0x000d8ecc
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 10200
18  clang                               0x000d8efc
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 10248
19  clang                               0x000d8f40
_ZNK5clang13LiveVariables6isLiveEPKNS_4StmtES3_ + 10316
20  clang                               0x000d8fbd
_ZN5clang13LiveVariables14runOnAllBlocksERKNS_3CFGEPNS_24LiveVariables_ValueTypes10ObserverTyEb
+ 89
21  clang                               0x000b0873
_ZN5clang15CheckDeadStoresERNS_13LiveVariablesERNS_11BugReporterE + 93
22  clang                               0x00008b8b
_ZN5clang22CreateAnalysisConsumerEPNS_8AnalysesES1_RNS_10DiagnosticEPNS_12PreprocessorEPNS_19PreprocessorFactoryERKNS_11LangOptionsERKSsSC_bbb
+ 2599
23  clang                               0x00008f63
_ZN5clang22CreateAnalysisConsumerEPNS_8AnalysesES1_RNS_10DiagnosticEPNS_12PreprocessorEPNS_19PreprocessorFactoryERKNS_11LangOptionsERKSsSC_bbb
+ 3583
24  clang                               0x00009112
_ZN5clang22CreateAnalysisConsumerEPNS_8AnalysesES1_RNS_10DiagnosticEPNS_12PreprocessorEPNS_19PreprocessorFactoryERKNS_11LangOptionsERKSsSC_bbb
+ 4014
25  clang                               0x000fd718
_ZN5clang8ParseASTERNS_12PreprocessorEPNS_11ASTConsumerEb + 402
26  clang                               0x0002a66f
_Z16InitializeGCModeRN5clang11LangOptionsE + 5629
27  clang                               0x0002e420 main + 1746
28  clang                               0x00001c9a start + 54

The culprit appears to be the following code in isIntegerConstantExpr:

    // C99 6.6p6: shall only convert arithmetic types to integer types.
    if (!SubExpr->getType()->isArithmeticType() ||
        !getType()->isIntegerType()) {
      if (Loc) *Loc = SubExpr->getLocStart();
      // GCC accepts pointers as an extension.
      // FIXME: check getLangOptions().NoExtensions. At the moment, it doesn't
      // appear possible to get langOptions() from the Expr.
      if (SubExpr->getType()->isPointerType()) // && !NoExtensions
-->        return true;     
      return false;
    }

It appears that we return true and don't set the value of Result.  I'm not
certain how to fix this; I believe we need to recurse, but I'm not certain of
the specific details.


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list