Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.

llvm-svn: 107236
2010-06-30 01:35:20 +00:00 · 2010-06-30 01:35:20 +00:00 · dc48471861
parent abb04f730e
commit dc48471861
2 changed files with 11 additions and 1 deletions
--- a/clang/lib/Checker/SimpleSValuator.cpp
+++ b/clang/lib/Checker/SimpleSValuator.cpp
@ -502,7 +502,12 @@ SVal SimpleSValuator::EvalBinOpLL(const GRState *state,
                                  QualType resultTy) {
  // Only comparisons and subtractions are valid operations on two pointers.
  // See [C99 6.5.5 through 6.5.14] or [C++0x 5.6 through 5.15].
-  assert(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub);
+  // However, if a pointer is casted to an integer, EvalBinOpNN may end up
+  // calling this function with another operation (PR7527). We don't attempt to
+  // model this for now, but it could be useful, particularly when the
+  // "location" is actually an integer value that's been passed through a void*.
+  if (!(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub))
+    return UnknownVal();

  // Special cases for when both sides are identical.
  if (lhs == rhs) {
--- a/clang/test/Analysis/ptr-arith.c
+++ b/clang/test/Analysis/ptr-arith.c
@ -281,3 +281,8 @@ void symbolic_region(int *p) {
  if (&a <= p)
    WARN; // expected-warning{{}}
 }
+
+void PR7527 (int *p) {
+  if (((int) p) & 1) // not crash
+    return;
+}