Commit d363502d authored by Adam Balogh's avatar Adam Balogh
Browse files

[Analyzer] [HOTFIX!] SValBuilder crash when `aggressive-binary-operation-simplification` enabled 

During the review of D41938 a condition check with an early exit accidentally
slipped into a branch, leaving the other branch unprotected. This may result in
an assertion later on. This hotfix moves this contition check outside of the
branch.

Differential Revision: https://reviews.llvm.org/D55051

llvm-svn: 348362
parent 1d3cb945

clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp

+4 −3
Original line number Diff line number Diff line
@@ -475,9 +475,6 @@ static Optional<NonLoc> tryRearrange(ProgramStateRef State, 
    SingleTy = ResultTy;

    if (LSym->getType() != SingleTy)

      return None;

    // Substracting unsigned integers is a nightmare.

    if (!SingleTy->isSignedIntegerOrEnumerationType())

      return None;

  } else {

    // Don't rearrange other operations.

    return None;
@@ -485,6 +482,10 @@ static Optional<NonLoc> tryRearrange(ProgramStateRef State, 


  assert(!SingleTy.isNull() && "We should have figured out the type by now!");



  // Rearrange signed symbolic expressions only

  if (!SingleTy->isSignedIntegerOrEnumerationType())

    return None;



  SymbolRef RSym = Rhs.getAsSymbol();

  if (!RSym || RSym->getType() != SingleTy)

    return None;

clang/test/Analysis/svalbuilder-rearrange-comparisons.c

+14 −0
Original line number Diff line number Diff line
@@ -934,3 +934,17 @@ int mixed_integer_types(int x, int y) { 
  short a = x - 1U;

  return a - y;

}



unsigned gu();

unsigned fu() {

  unsigned x = gu();

  // Assert that no overflows occur in this test file.

  // Assuming that concrete integers are also within that range.

  assert(x <= ((unsigned)UINT_MAX / 4));

  return x;

}



void unsigned_concrete_int_no_crash() {

  unsigned x = fu() + 1U, y = fu() + 1U;

  clang_analyzer_dump(x == y); // expected-warning {{((conj_$2{unsigned int}) + 1U) == ((conj_$7{unsigned int}) + 1U)}}

}