[analyzer] Do not assert on constructing SymSymExpr with diff types.

author Anna Zaks <ganna@apple.com>

Thu, 3 May 2012 02:13:53 +0000 (02:13 +0000)

committer Anna Zaks <ganna@apple.com>

Thu, 3 May 2012 02:13:53 +0000 (02:13 +0000)
author Anna Zaks <ganna@apple.com>
Thu, 3 May 2012 02:13:53 +0000 (02:13 +0000)
committer Anna Zaks <ganna@apple.com>
Thu, 3 May 2012 02:13:53 +0000 (02:13 +0000)
diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp

index d286f495cd7d6933c184400f35d38b66c76c9bad..d005c2af966b067fc0ce0d88a321c3e39c7e5eac 100644 (file)
--- a/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -61,7 +61,6 @@ NonLoc SValBuilder::makeNonLoc(const llvm::APSInt& lhs,
  NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
                                 const SymExpr *rhs, QualType type) {
    assert(lhs && rhs);
-  assert(haveSameType(lhs->getType(Context), rhs->getType(Context)) == true);
    assert(!Loc::isLocType(type));
    return nonloc::SymbolVal(SymMgr.getSymSymExpr(lhs, op, rhs, type));
  }
diff --git a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp

index 2522cbbd24da507818ab76cfffe9c7a36c865ba2..4a4fcf3c1fc6faee671a29f6c5faf7c0fa3d8352 100644 (file)
--- a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -280,6 +280,9 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
                                    BinaryOperator::Opcode op,
                                    NonLoc lhs, NonLoc rhs,
                                    QualType resultTy)  {
+  NonLoc InputLHS = lhs;
+  NonLoc InputRHS = rhs;
+
    // Handle trivial case where left-side and right-side are the same.
    if (lhs == rhs)
      switch (op) {
@@ -327,7 +330,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
                return makeTruthVal(true, resultTy);
              default:
                // This case also handles pointer arithmetic.
-              return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+              return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
            }
        }
      }
@@ -389,9 +392,9 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
              if (lhsValue == 0)
                // At this point lhs and rhs have been swapped.
                return rhs;
-            return makeSymExprValNN(state, op, rhs, lhs, resultTy);
+            return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
            default:
-            return makeSymExprValNN(state, op, rhs, lhs, resultTy);
+            return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
          }
        }
      }
@@ -406,7 +409,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
              dyn_cast<SymIntExpr>(selhs->getSymbol());
  
          if (!symIntExpr)
-          return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+          return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
  
          // Is this a logical not? (!x is represented as x == 0.)
          if (op == BO_EQ && rhs.isZeroConstant()) {
@@ -454,7 +457,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
          // For now, only handle expressions whose RHS is a constant.
          const nonloc::ConcreteInt *rhsInt = dyn_cast<nonloc::ConcreteInt>(&rhs);
          if (!rhsInt)
-          return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+          return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
  
          // If both the LHS and the current expression are additive,
          // fold their constants.
@@ -539,7 +542,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
                resultTy);
          }
  
-        return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+        return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
        }
      }
      }
diff --git a/test/Analysis/taint-generic.c b/test/Analysis/taint-generic.c

index 1cfdfead64fae0deaf19af04bdeabc276e4d9351..8ee1896e96e9cf6f42ad54fa4d0ec7a028ca9b7c 100644 (file)
--- a/test/Analysis/taint-generic.c
+++ b/test/Analysis/taint-generic.c
@@ -203,3 +203,12 @@ unsigned radar11369570_hanging(const unsigned char *arr, int l) {
    }
    return 5/a; // expected-warning {{Division by a tainted value, possibly zero}}
  }
+
+// Check that we do not assert of the following code.
+int SymSymExprWithDiffTypes(void* p) {
+  int i;
+  scanf("%d", &i);
+  int j = (i % (int)(long)p);
+  return 5/j; // expected-warning {{Division by a tainted value, possibly zero}}
+}
+
author	Anna Zaks <ganna@apple.com>
	Thu, 3 May 2012 02:13:53 +0000 (02:13 +0000)
committer	Anna Zaks <ganna@apple.com>
	Thu, 3 May 2012 02:13:53 +0000 (02:13 +0000)
lib/StaticAnalyzer/Core/SValBuilder.cpp		patch \| blob \| history
lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp		patch \| blob \| history
test/Analysis/taint-generic.c		patch \| blob \| history