diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2017-11-08 17:27:58 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2017-11-08 17:27:58 +0000 |
| commit | 5904fba8c9a00eb90cd9a06a3afe84c72db98ffc (patch) | |
| tree | 4541a2743bac95804d346a416ce316d5cdcba92e | |
| parent | 6edadae34abe6f7c32a8e1953904a7b3b9921626 (diff) | |
| download | bcm5719-llvm-5904fba8c9a00eb90cd9a06a3afe84c72db98ffc.tar.gz bcm5719-llvm-5904fba8c9a00eb90cd9a06a3afe84c72db98ffc.zip | |
[analyzer] Fix a crash on logical operators with vectors.
Do not crash when trying to compute x && y or x || y where x and y are
of a vector type.
For now we do not seem to properly model operations with vectors. In particular,
operations && and || on a pair of vectors are not short-circuit, unlike regular
logical operators, so even our CFG is incorrect.
Avoid the crash, add respective FIXME tests for later.
Differential Revision: https://reviews.llvm.org/D39682
rdar://problem/34317663
llvm-svn: 317700
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp | 10 | ||||
| -rw-r--r-- | clang/test/Analysis/vector.c | 28 |
2 files changed, 38 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp index 6c69542bf09..01c6af7ffa4 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp @@ -626,6 +626,16 @@ void ExprEngine::VisitLogicalExpr(const BinaryOperator* B, ExplodedNode *Pred, StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx); ProgramStateRef state = Pred->getState(); + if (B->getType()->isVectorType()) { + // FIXME: We do not model vector arithmetic yet. When adding support for + // that, note that the CFG-based reasoning below does not apply, because + // logical operators on vectors are not short-circuit. Currently they are + // modeled as short-circuit in Clang CFG but this is incorrect. + // Do not set the value for the expression. It'd be UnknownVal by default. + Bldr.generateNode(B, Pred, state); + return; + } + ExplodedNode *N = Pred; while (!N->getLocation().getAs<BlockEntrance>()) { ProgramPoint P = N->getLocation(); diff --git a/clang/test/Analysis/vector.c b/clang/test/Analysis/vector.c new file mode 100644 index 00000000000..32b568f6b00 --- /dev/null +++ b/clang/test/Analysis/vector.c @@ -0,0 +1,28 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s + +typedef int __attribute__((ext_vector_type(2))) V; + +void clang_analyzer_numTimesReached(); +void clang_analyzer_eval(int); + +int flag; + +V pass_through_and_set_flag(V v) { + flag = 1; + return v; +} + +V dont_crash_and_dont_split_state(V x, V y) { + flag = 0; + V z = x && pass_through_and_set_flag(y); + clang_analyzer_eval(flag); // expected-warning{{TRUE}} + // FIXME: For now we treat vector operator && as short-circuit, + // but in fact it is not. It should always evaluate + // pass_through_and_set_flag(). It should not split state. + // Now we also get FALSE on the other path. + // expected-warning@-5{{FALSE}} + + // FIXME: Should be 1 since we should not split state. + clang_analyzer_numTimesReached(); // expected-warning{{2}} + return z; +} |
