[LLVMbugs] [Bug 12357] New: PVS-Studio

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Mar 26 05:10:30 PDT 2012 

http://llvm.org/bugs/show_bug.cgi?id=12357

             Bug #: 12357
           Summary: PVS-Studio
           Product: libraries
           Version: trunk
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Core LLVM classes
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: karpov at viva64.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


Hello.

Time passed and I decided to re-check the LLVM, using the PVS-Studio tool.
Old post: http://www.viva64.com/en/b/0108/

I found a few new issues in code, which may contain errors.
I'll give a few examples. There are other suspicious fragments.
I suggest download the PVS-Studio, to more fully explore the notice.

Download PVS-Studio: http://www.viva64.com/en/pvs-studio-download/

---
Andrey Karpov, MVP
Cand. Sc. (Physics and Mathematics), CTO
OOO "Program Verification Systems" (Co Ltd)
URL: www.viva64.com
E-Mail: karpov at viva64.com 

==============================================
V501 There are identical sub-expressions
'SM.getExpansionColumnNumber(ContainerREnd)' to the left and to the right of
the '>=' operator. clangStaticAnalyzerCore bugreporter.cpp 925


bool EdgeBuilder::containsLocation(const PathDiagnosticLocation &Container,
                                   const PathDiagnosticLocation &Containee) {
  ...
  return (ContainerBegLine <= ContaineeBegLine &&
          ContainerEndLine >= ContaineeEndLine &&
          (ContainerBegLine != ContaineeBegLine ||
           SM.getExpansionColumnNumber(ContainerRBeg) <=
           SM.getExpansionColumnNumber(ContaineeRBeg)) &&
          (ContainerEndLine != ContaineeEndLine ||
           SM.getExpansionColumnNumber(ContainerREnd) >=
           SM.getExpansionColumnNumber(ContainerREnd)));
}

Probably need this way:
  SM.getExpansionColumnNumber(ContainerREnd) >=
  SM.getExpansionColumnNumber(ContaineeREnd)));
==============================================
V522 Dereferencing of the null pointer 'DI' might take place. llvm-tblgen
dagiselmatchergen.cpp 220

void MatcherGen::EmitLeafMatchCode(const TreePatternNode *N) {
  ...
  if (DI == 0) {
    errs() << "Unknown leaf kind: " << *DI << "\n";
    abort();
  }
  ...
}
==============================================
V523 The 'then' statement is equivalent to the 'else' statement. clangRewrite
rewriteobjc.cpp 3361

std::string RewriteObjC::SynthesizeBlockFunc(....)
{
  ...
  if (convertBlockPointerToFunctionPointer(QT))
    QT.getAsStringInternal(ParamStr, Context->getPrintingPolicy());
  else
    QT.getAsStringInternal(ParamStr, Context->getPrintingPolicy());      
  ...
}

And here:
V523 The 'then' statement is equivalent to the 'else' statement. clangRewrite
rewritemodernobjc.cpp 3291
==============================================
V595 The 'BBLoop' pointer was utilized before it was verified against nullptr.
Check lines: 142, 160. LLVMAnalysis profileestimatorpass.cpp 142

void ProfileEstimatorPass::recurseBasicBlock(BasicBlock *BB) {
  ...
  Loop* BBLoop     = LI->getLoopFor(BB);
  ...
  if (BBisHeader && BBLoop->contains(*bbi)) {
    ...
  }
  ...
  if (BBLoop) {
    BBLoop->getExitEdges(ExitEdges);
  }
  ...
}
==============================================
V595 The 'StrippedPtr' pointer was utilized before it was verified against
nullptr. Check lines: 918, 920. LLVMInstCombine instructioncombining.cpp 918

Instruction *InstCombiner::visitGetElementPtrInst(GetElementPtrInst &GEP) {
  ...
  Value *StrippedPtr = PtrOp->stripPointerCasts();
  PointerType *StrippedPtrTy = dyn_cast<PointerType>(StrippedPtr->getType());

  if (!StrippedPtr)
    return 0;
  ...
}
==============================================
V595 The 'OtherUse' pointer was utilized before it was verified against
nullptr. Check lines: 2522, 2527. LLVMScalarOpts loopstrengthreduce.cpp 2522

void LSRInstance::ChainInstruction(....)
{
  ...
  Instruction *OtherUse = dyn_cast<Instruction>(*UseIter);
  if (SE.isSCEVable(OtherUse->getType())
      && !isa<SCEVUnknown>(SE.getSCEV(OtherUse))
      && IU.isIVUserOrOperand(OtherUse)) {
    continue;
  }
  if (OtherUse && OtherUse != UserInst)
    NearUsers.insert(OtherUse);
  ...
}
==============================================
V523 The 'then' statement is equivalent to the 'else' statement.
LLVMInstCombine instcombineandorxor.cpp 1368

static bool CollectBSwapParts(....)
{
  ...
  unsigned DestByteNo = InputByteNo + OverallLeftShift;
  if (InputByteNo < ByteValues.size()/2) {
    if (ByteValues.size()-1-DestByteNo != InputByteNo)
      return true;
  } else {
    if (ByteValues.size()-1-DestByteNo != InputByteNo)
      return true;
  }
  ...
}
==============================================
V501 There are identical sub-expressions to the left and to the right of the
'||' operator. LLVMSelectionDAG dagcombiner.cpp 7992

bool DAGCombiner::SimplifySelectOps(SDNode *TheSelect, SDValue LHS,
                                    SDValue RHS) {
  ...
  SDNode *CondLHS = TheSelect->getOperand(0).getNode();
  SDNode *CondRHS = TheSelect->getOperand(1).getNode();

  if ((LLD->hasAnyUseOfValue(1) && (LLD->isPredecessorOf(CondLHS) ||
LLD->isPredecessorOf(CondRHS))) ||
      (LLD->hasAnyUseOfValue(1) && (LLD->isPredecessorOf(CondLHS) ||
LLD->isPredecessorOf(CondRHS))))
    return false;
  ...
}
==============================================

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list