summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp5
-rw-r--r--clang/test/PR37855.c24
2 files changed, 26 insertions, 3 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
index a47b7a2e705..9e975676ccd 100644
--- a/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
@@ -1414,9 +1414,8 @@ Z3Expr Z3ConstraintManager::getZ3BinExpr(const Z3Expr &LHS, QualType LTy,
// If the two operands are pointers and the operation is a subtraction, the
// result is of type ptrdiff_t, which is signed
- if (LTy->isAnyPointerType() && LTy == RTy && Op == BO_Sub) {
- ASTContext &Ctx = getBasicVals().getContext();
- *RetTy = Ctx.getIntTypeForBitwidth(Ctx.getTypeSize(LTy), true);
+ if (LTy->isAnyPointerType() && RTy->isAnyPointerType() && Op == BO_Sub) {
+ *RetTy = getBasicVals().getContext().getPointerDiffType();
}
}
diff --git a/clang/test/PR37855.c b/clang/test/PR37855.c
new file mode 100644
index 00000000000..24e34c08364
--- /dev/null
+++ b/clang/test/PR37855.c
@@ -0,0 +1,24 @@
+// RUN: %clang_cc1 -analyze -analyzer-eagerly-assume -analyzer-checker=core -w -DNO_CROSSCHECK -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-eagerly-assume -analyzer-checker=core -w -analyzer-config crosscheck-with-z3=true -verify %s
+// REQUIRES: z3
+
+typedef struct o p;
+struct o {
+ struct {
+ } s;
+};
+
+void q(*r, p2) { r < p2; }
+
+void k(l, node) {
+ struct {
+ p *node;
+ } * n, *nodep, path[sizeof(void)];
+ path->node = l;
+ for (n = path; node != l;) {
+ q(node, n->node);
+ nodep = n;
+ }
+ if (nodep) // expected-warning {{Branch condition evaluates to a garbage value}}
+ n[1].node->s; // expected-warning {{Dereference of undefined pointer value}}
+}
OpenPOWER on IntegriCloud