Fix static analyzer crash due to recently add symbolic-value constant folding. The issue was falsely
converting the constant value of the LHS of a '<<'/'>>' operation to the same APSInt value of the
RHS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84269 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/Analysis/SimpleSValuator.cpp b/lib/Analysis/SimpleSValuator.cpp
index 636ce15..5af4c06 100644
--- a/lib/Analysis/SimpleSValuator.cpp
+++ b/lib/Analysis/SimpleSValuator.cpp
@@ -349,7 +349,15 @@
// Does the symbol simplify to a constant?
if (Sym->getType(ValMgr.getContext())->isIntegerType())
if (const llvm::APSInt *Constant = state->getSymVal(Sym)) {
- // What should we convert it to?
+ // For shifts, there is no need to perform any conversions
+ // of the constant.
+ if (BinaryOperator::isShiftOp(op)) {
+ lhs = nonloc::ConcreteInt(*Constant);
+ continue;
+ }
+
+ // Other cases: do an implicit conversion. This shouldn't be
+ // necessary once we support truncation/extension of symbolic values.
if (nonloc::ConcreteInt *rhs_I = dyn_cast<nonloc::ConcreteInt>(&rhs)){
BasicValueFactory &BVF = ValMgr.getBasicValueFactory();
lhs = nonloc::ConcreteInt(BVF.Convert(rhs_I->getValue(),
diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m
index 10e5823..48d1111 100644
--- a/test/Analysis/misc-ps.m
+++ b/test/Analysis/misc-ps.m
@@ -691,4 +691,16 @@
}
}
+// Test constant-folding of symbolic values, where a folded symbolic value is used in a
+// bitshift operation. This previously caused a crash because it triggered an assertion
+// in APSInt.
+void test_symbol_fold_with_shift(unsigned int * p, unsigned int n,
+ const unsigned int * grumpkin, unsigned int dn) {
+ unsigned int i;
+ unsigned int tempsub[8];
+ unsigned int *solgrumpkin = tempsub + n;
+ for (i = 0; i < n; i++)
+ solgrumpkin[i] = (i < dn) ? ~grumpkin[i] : 0xFFFFFFFF;
+ for (i <<= 5; i < (n << 5); i++) {}
+}