[analyzer] Resolve the crash in ReturnUndefChecker

By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965
2018-08-29 20:29:59 +00:00 · 2018-08-29 20:29:59 +00:00 · 9ff67a9dda
parent eae57a2b13
commit 9ff67a9dda
3 changed files with 25 additions and 2 deletions
--- a/clang/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
@ -69,6 +69,7 @@ static bool isLeftShiftResultUnrepresentable(const BinaryOperator *B,
  ProgramStateRef State = C.getState();
  const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS()));
  const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS()));
+  assert(LHS && RHS && "Values unknown, inconsistent state");
  return (unsigned)RHS->getZExtValue() > LHS->countLeadingZeros();
 }

--- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@ -1201,6 +1201,7 @@ SVal SimpleSValBuilder::evalBinOpLN(ProgramStateRef state,

 const llvm::APSInt *SimpleSValBuilder::getKnownValue(ProgramStateRef state,
                                                   SVal V) {
+  V = simplifySVal(state, V);
  if (V.isUnknownOrUndef())
    return nullptr;

--- a/clang/test/Analysis/casts.c
+++ b/clang/test/Analysis/casts.c
@ -1,5 +1,6 @@
-// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-config eagerly-assume=false -verify %s
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-config eagerly-assume=false -verify %s
+// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -DEAGERLY_ASSUME=1 -w %s

 extern void clang_analyzer_eval(_Bool);

@ -16,6 +17,8 @@ struct sockaddr_storage {};

 void getsockname();

+#ifndef EAGERLY_ASSUME
+
 void f(int sock) {
  struct sockaddr_storage storage;
  struct sockaddr* sockaddr = (struct sockaddr*)&storage; // expected-warning{{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
@ -188,3 +191,21 @@ void testSwitchWithSizeofs() {
  case sizeof(char):; // no-crash
  }
 }
+
+#endif
+
+#ifdef EAGERLY_ASSUME
+
+// expected-no-diagnostics
+
+int globalA; // TODO: the example is not representative.
+extern int globalFunc();
+void no_crash_on_symsym_cast_to_long() {
+  char c = globalFunc() - 5;
+  c == 0;
+  globalA -= c;
+  globalA == 3;
+  (long)globalA << 48; // no-crash
+}
+
+#endif