diff options
| author | Mikhail R. Gadelha <mikhail.ramalho@gmail.com> | 2018-07-16 13:14:46 +0000 |
|---|---|---|
| committer | Mikhail R. Gadelha <mikhail.ramalho@gmail.com> | 2018-07-16 13:14:46 +0000 |
| commit | e254b0f8c7564e40841fa1b50957e18739af82ce (patch) | |
| tree | e774bdddbd45903f287ea6046e3380855099e21f /clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp | |
| parent | de506632aaf9722b270d4ff29b323da893a92800 (diff) | |
| download | bcm5719-llvm-e254b0f8c7564e40841fa1b50957e18739af82ce.tar.gz bcm5719-llvm-e254b0f8c7564e40841fa1b50957e18739af82ce.zip | |
[analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled
Summary:
This patch removes the constraint dropping when taint tracking is disabled.
It also voids the crash reported in D28953 by treating a SymSymExpr with non pointer symbols as an opaque expression.
Updated the regressions and verifying the big projects now; I'll update here when they're done.
Based on the discussion on the mailing list and the patches by @ddcc.
Reviewers: george.karpenkov, NoQ, ddcc, baloghadamsoftware
Reviewed By: george.karpenkov
Subscribers: delcypher, llvm-commits, rnkovacs, xazax.hun, szepet, a.sidorin, ddcc
Differential Revision: https://reviews.llvm.org/D48650
llvm-svn: 337167
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp index 1499d498996..f99853f0707 100644 --- a/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp +++ b/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp @@ -52,17 +52,18 @@ ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State, assert(BinaryOperator::isComparisonOp(Op)); // For now, we only support comparing pointers. - assert(Loc::isLocType(SSE->getLHS()->getType())); - assert(Loc::isLocType(SSE->getRHS()->getType())); - QualType DiffTy = SymMgr.getContext().getPointerDiffType(); - SymbolRef Subtraction = - SymMgr.getSymSymExpr(SSE->getRHS(), BO_Sub, SSE->getLHS(), DiffTy); - - const llvm::APSInt &Zero = getBasicVals().getValue(0, DiffTy); - Op = BinaryOperator::reverseComparisonOp(Op); - if (!Assumption) - Op = BinaryOperator::negateComparisonOp(Op); - return assumeSymRel(State, Subtraction, Op, Zero); + if (Loc::isLocType(SSE->getLHS()->getType()) && + Loc::isLocType(SSE->getRHS()->getType())) { + QualType DiffTy = SymMgr.getContext().getPointerDiffType(); + SymbolRef Subtraction = + SymMgr.getSymSymExpr(SSE->getRHS(), BO_Sub, SSE->getLHS(), DiffTy); + + const llvm::APSInt &Zero = getBasicVals().getValue(0, DiffTy); + Op = BinaryOperator::reverseComparisonOp(Op); + if (!Assumption) + Op = BinaryOperator::negateComparisonOp(Op); + return assumeSymRel(State, Subtraction, Op, Zero); + } } // If we get here, there's nothing else we can do but treat the symbol as |
