[llvm] [analyzer] Fix crash in BasicValueFactory.cpp with __int128_t integers (PR #67212)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 2 05:55:02 PDT 2023
https://github.com/vabridgers updated https://github.com/llvm/llvm-project/pull/67212
>From ccf65544918f48800799dea2993168a5a29e11ba Mon Sep 17 00:00:00 2001
From: Vince Bridgers <vince.a.bridgers at gmail.com>
Date: Sat, 23 Sep 2023 01:26:14 +0200
Subject: [PATCH] [analyzer] Fix crash in BasicValueFactory.cpp with __int128_t
integers
This change avoids a crash in BasicValueFactory by checking the bit
width of an APSInt to avoid calling getZExtValue if greater than
64-bits.
Clang invocation
clang -cc1 -analyzer-checker=optin.portability.UnixAPI case.c
<src-root>/llvm/include/llvm/ADT/APInt.h:1488:
uint64_t llvm::APInt::getZExtValue() const: Assertion `getActiveBits() <= 64
&& "Too many bits for uint64_t"' failed.
...
#9 <address> llvm::APInt::getZExtValue() const
<src-root>/llvm/include/llvm/ADT/APInt.h:1488:5
clang::BinaryOperatorKind, llvm::APSInt const&, llvm::APSInt const&)
<src-root>/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp:307:37
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::NonLoc, clang::ento::NonLoc,
clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:531:31
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:532:26
...
---
.../lib/StaticAnalyzer/Core/BasicValueFactory.cpp | 4 ++--
clang/test/Analysis/int128-nocrash.c | 15 +++++++++++++++
llvm/docs/ReleaseNotes.rst | 8 ++++++++
3 files changed, 25 insertions(+), 2 deletions(-)
create mode 100644 clang/test/Analysis/int128-nocrash.c
diff --git a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
index e8d74b40c6fd846..5c10e757244d7fb 100644
--- a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -272,7 +272,7 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
// FIXME: This logic should probably go higher up, where we can
// test these conditions symbolically.
- if (V2.isSigned() && V2.isNegative())
+ if (V2.isNegative() || V2.getBitWidth() > 64)
return nullptr;
uint64_t Amt = V2.getZExtValue();
@@ -287,7 +287,7 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
// FIXME: This logic should probably go higher up, where we can
// test these conditions symbolically.
- if (V2.isSigned() && V2.isNegative())
+ if (V2.isNegative() || V2.getBitWidth() > 64)
return nullptr;
uint64_t Amt = V2.getZExtValue();
diff --git a/clang/test/Analysis/int128-nocrash.c b/clang/test/Analysis/int128-nocrash.c
new file mode 100644
index 000000000000000..457254ce50caf03
--- /dev/null
+++ b/clang/test/Analysis/int128-nocrash.c
@@ -0,0 +1,15 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.portability.UnixAPI \
+// RUN: -triple x86_64-pc-linux-gnu -x c %s
+
+// Don't crash!
+// expected-no-diagnostics
+const __int128_t a = ( (__int128_t)1 << 64 );
+const _BitInt(72) b = ( 1 << 72 );
+
+void int128() {
+ 2 >> a;
+}
+
+void withbitint() {
+ 2 >> b;
+}
diff --git a/llvm/docs/ReleaseNotes.rst b/llvm/docs/ReleaseNotes.rst
index 660bb4e70a5a707..203eb62191c281d 100644
--- a/llvm/docs/ReleaseNotes.rst
+++ b/llvm/docs/ReleaseNotes.rst
@@ -208,6 +208,14 @@ Other Changes
fully stripped); :doc:`llvm-symbolizer <CommandGuide/llvm-symbolizer>` can
symbolize the markup afterwards using ``debuginfod``.
+* A few crashes have been found and fixed using randomized testing related
+ to the use of _BitInt() in tidy checks and in clang analysis. See
+ https://github.com/llvm/llvm-project/pull/67212,
+ https://github.com/llvm/llvm-project/pull/66782,
+ https://github.com/llvm/llvm-project/pull/65889,
+ https://github.com/llvm/llvm-project/pull/65888, and
+ https://github.com/llvm/llvm-project/pull/65887
+
External Open Source Projects Using LLVM 15
===========================================
More information about the llvm-commits
mailing list