diff options
| author | einvbri <vince.a.bridgers@ericsson.com> | 2023-01-26 08:23:22 -0600 |
|---|---|---|
| committer | Tom Stellard <tstellar@redhat.com> | 2023-03-08 05:56:02 -0800 |
| commit | 35232f3c40d2576ec94cad9e6b836f6f880d760b (patch) | |
| tree | 261f056f2435842fd2dae50523a5c4de634259db | |
| parent | 59d896fd7f9340ed29d8e46964a792df6f836340 (diff) | |
| download | llvm-35232f3c40d2576ec94cad9e6b836f6f880d760b.tar.gz | |
[analyzer] Fix crash exposed by D140059
Change https://reviews.llvm.org/D140059 exposed the following crash in
Z3Solver, where bit widths were not checked consistently with that
change. This change makes the check consistent, and fixes the crash.
```
clang: <root>/llvm/include/llvm/ADT/APSInt.h:99:
int64_t llvm::APSInt::getExtValue() const: Assertion
`isRepresentableByInt64() && "Too many bits for int64_t"' failed.
...
Stack dump:
0. Program arguments: clang -cc1 -internal-isystem <root>/lib/clang/16/include
-nostdsysteminc -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection
-analyzer-config crosscheck-with-z3=true -verify reproducer.c
#0 0x00000000045b3476 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
<root>/llvm/lib/Support/Unix/Signals.inc:567:22
#1 0x00000000045b3862 PrintStackTraceSignalHandler(void*)
<root>/llvm/lib/Support/Unix/Signals.inc:641:1
#2 0x00000000045b14a5 llvm::sys::RunSignalHandlers()
<root>/llvm/lib/Support/Signals.cpp:104:20
#3 0x00000000045b2eb4 SignalHandler(int)
<root>/llvm/lib/Support/Unix/Signals.inc:412:1
...
#9 0x0000000004be2eb3 llvm::APSInt::getExtValue() const
<root>/llvm/include/llvm/ADT/APSInt.h:99:5
<root>/llvm/lib/Support/Z3Solver.cpp:740:53
clang::ASTContext&, clang::ento::SymExpr const*, llvm::APSInt const&, llvm::APSInt const&, bool)
<root>/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConv.h:552:61
```
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D142627
(cherry picked from commit f027dd55f32a3c1803fc3cbd53029acee849465c)
| -rw-r--r-- | clang/test/Analysis/z3-crosscheck.c | 12 | ||||
| -rw-r--r-- | llvm/lib/Support/Z3Solver.cpp | 2 |
2 files changed, 13 insertions, 1 deletions
diff --git a/clang/test/Analysis/z3-crosscheck.c b/clang/test/Analysis/z3-crosscheck.c index e0ec028c518d..13f38f43e697 100644 --- a/clang/test/Analysis/z3-crosscheck.c +++ b/clang/test/Analysis/z3-crosscheck.c @@ -77,3 +77,15 @@ void floatUnaryLNotInEq(int h, int l) { // expected-warning@-1{{garbage}} } } + +// don't crash, and also produce a core.CallAndMessage finding +void a(int); +typedef struct { + int b; +} c; +c *d; +void e() { + (void)d->b; + int f; + a(f); // expected-warning {{1st function call argument is an uninitialized value [core.CallAndMessage]}} +} diff --git a/llvm/lib/Support/Z3Solver.cpp b/llvm/lib/Support/Z3Solver.cpp index a49bedcfd2b0..eb671fe2596d 100644 --- a/llvm/lib/Support/Z3Solver.cpp +++ b/llvm/lib/Support/Z3Solver.cpp @@ -729,7 +729,7 @@ public: const Z3_sort Z3Sort = toZ3Sort(*getBitvectorSort(BitWidth)).Sort; // Slow path, when 64 bits are not enough. - if (LLVM_UNLIKELY(Int.getBitWidth() > 64u)) { + if (LLVM_UNLIKELY(!Int.isRepresentableByInt64())) { SmallString<40> Buffer; Int.toString(Buffer, 10); return newExprRef(Z3Expr( |