Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107236 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 11 insertions, 1 deletions

diff --git a/lib/Checker/SimpleSValuator.cpp b/lib/Checker/SimpleSValuator.cpp
index 0f4fe07bb7..5b24992118 100644
--- a/lib/Checker/SimpleSValuator.cpp
+++ b/lib/Checker/SimpleSValuator.cpp
@@ -502,7 +502,12 @@ SVal SimpleSValuator::EvalBinOpLL(const GRState *state,
                                   QualType resultTy) {
   // Only comparisons and subtractions are valid operations on two pointers.
   // See [C99 6.5.5 through 6.5.14] or [C++0x 5.6 through 5.15].
-  assert(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub);
+  // However, if a pointer is casted to an integer, EvalBinOpNN may end up
+  // calling this function with another operation (PR7527). We don't attempt to
+  // model this for now, but it could be useful, particularly when the
+  // "location" is actually an integer value that's been passed through a void*.
+  if (!(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub))
+    return UnknownVal();
 
   // Special cases for when both sides are identical.
   if (lhs == rhs) {
diff --git a/test/Analysis/ptr-arith.c b/test/Analysis/ptr-arith.c
index 071c8699a3..0c2e221398 100644
--- a/test/Analysis/ptr-arith.c
+++ b/test/Analysis/ptr-arith.c
@@ -281,3 +281,8 @@ void symbolic_region(int *p) {
   if (&a <= p)
     WARN; // expected-warning{{}}
 }
+
+void PR7527 (int *p) {
+  if (((int) p) & 1) // not crash
+    return;
+}