From 2850376184b7e7aa81b5034ba44b001f8c55e07a Mon Sep 17 00:00:00 2001
From: Eli Friedman <eli.friedman@gmail.com>
Date: Mon, 16 Apr 2012 19:23:57 +0000
Subject: [PATCH] Per Richard's comments on r154794, add the checks necessary
 to handle constant-folding relational comparisons safely in case the user is
 using -fwrapv or equivalent.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154849 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/AST/ExprConstant.cpp | 15 +++++++++++++--
 test/Sema/const-eval.c   |  6 ++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/lib/AST/ExprConstant.cpp b/lib/AST/ExprConstant.cpp
index 4839c29976..66a88b065c 100644
--- a/lib/AST/ExprConstant.cpp
+++ b/lib/AST/ExprConstant.cpp
@@ -5090,8 +5090,6 @@ bool IntExprEvaluator::VisitBinaryOperator(const BinaryOperator *E) {
 
       // The comparison here must be unsigned, and performed with the same
       // width as the pointer.
-      // FIXME: Knowing the base is the same for the LHS and RHS isn't enough
-      // for relational operators.
       unsigned PtrSize = Info.Ctx.getTypeSize(LHSTy);
       uint64_t CompareLHS = LHSOffset.getQuantity();
       uint64_t CompareRHS = RHSOffset.getQuantity();
@@ -5100,6 +5098,19 @@ bool IntExprEvaluator::VisitBinaryOperator(const BinaryOperator *E) {
       CompareLHS &= Mask;
       CompareRHS &= Mask;
 
+      // If there is a base and this is a relational operator, we can only
+      // compare pointers within the object in question; otherwise, the result
+      // depends on where the object is located in memory.
+      if (!LHSValue.Base.isNull() && E->isRelationalOp()) {
+        QualType BaseTy = getType(LHSValue.Base);
+        if (BaseTy->isIncompleteType())
+          return Error(E);
+        CharUnits Size = Info.Ctx.getTypeSizeInChars(BaseTy);
+        uint64_t OffsetLimit = Size.getQuantity();
+        if (CompareLHS > OffsetLimit || CompareRHS > OffsetLimit)
+          return Error(E);
+      }
+
       switch (E->getOpcode()) {
       default: llvm_unreachable("missing comparison operator");
       case BO_LT: return Success(CompareLHS < CompareRHS, E);
diff --git a/test/Sema/const-eval.c b/test/Sema/const-eval.c
index 3894d73d60..bc8b227ac8 100644
--- a/test/Sema/const-eval.c
+++ b/test/Sema/const-eval.c
@@ -125,3 +125,9 @@ EVAL_EXPR(44, "x"[0]); // expected-error {{variable length array}}
 // <rdar://problem/10962435>
 EVAL_EXPR(45, ((char*)-1) + 1 == 0 ? 1 : -1)
 EVAL_EXPR(46, ((char*)-1) + 1 < (char*) -1 ? 1 : -1)
+EVAL_EXPR(47, &x < &x + 1 ? 1 : -1)
+EVAL_EXPR(48, &x != &x - 1 ? 1 : -1)
+EVAL_EXPR(49, &x < &x - 100 ? 1 : -1) // expected-error {{must have a constant size}}
+
+extern struct Test50S Test50;
+EVAL_EXPR(50, &Test50 < (struct Test50S*)((unsigned)&Test50 + 10)) // expected-error {{must have a constant size}}
-- 
2.40.0