[Analyzer] Fix Z3ConstraintManager crash (PR37646)

Summary: Fix another Z3ConstraintManager crash, use fixAPSInt() to extend a boolean APSInt. Reviewers: george.karpenkov, NoQ, ddcc Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D47617 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@334065 91177308-0d34-0410-b5e6-96231b3b80d8
anukulrm · Jun 6, 2018 · 30d2ec3 · 30d2ec3
1 parent 444222b
commit 30d2ec3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 9 deletions.
diff --git a/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp b/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
@@ -1231,8 +1231,10 @@ const llvm::APSInt *Z3ConstraintManager::getSymVal(ProgramStateRef State,
     if (!LHS || !RHS)
       return nullptr;
 
-    llvm::APSInt ConvertedLHS = *LHS, ConvertedRHS = *RHS;
-    QualType LTy = getAPSIntType(*LHS), RTy = getAPSIntType(*RHS);
+    llvm::APSInt ConvertedLHS, ConvertedRHS;
+    QualType LTy, RTy;
+    std::tie(ConvertedLHS, LTy) = fixAPSInt(*LHS);
+    std::tie(ConvertedRHS, RTy) = fixAPSInt(*RHS);
     doIntTypeConversion<llvm::APSInt, Z3ConstraintManager::castAPSInt>(
         ConvertedLHS, LTy, ConvertedRHS, RTy);
     return BVF.evalAPSInt(BSE->getOpcode(), ConvertedLHS, ConvertedRHS);

diff --git a/test/Analysis/apsint.c b/test/Analysis/apsint.c
diff --git a/test/Analysis/z3/apsint.c b/test/Analysis/z3/apsint.c
@@ -0,0 +1,16 @@
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux-gnu -analyzer-checker=core -verify %s
+// expected-no-diagnostics
+
+// https://bugs.llvm.org/show_bug.cgi?id=37622
+_Bool a() {
+  return !({ a(); });
+}
+
+// https://bugs.llvm.org/show_bug.cgi?id=37646
+_Bool b;
+void c() {
+  _Bool a = b | 0;
+  for (;;)
+    if (a)
+      ;
+}