diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-05-08 00:32:39 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-05-08 00:32:39 +0000 |
| commit | 25258f8bfb36e230cc4d42cabb74f4a77ecc64e8 (patch) | |
| tree | 473642b58061ad3f3252b10989c8df2cf50ab933 | |
| parent | 5dc0867af17b3bd6f567897433853b2b4767446c (diff) | |
Fix <rdar://problem/6845148>. Signed integers compared against pointers should
implicitly be changed to unsigned values in GRSimpleVals.cpp. This can happen
when the comparison involves logic in specialized transfer functions (e.g.,
OSAtomicCompareAndSwap).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71200 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Analysis/GRSimpleVals.cpp | 11 | ||||
| -rw-r--r-- | test/Analysis/misc-ps-64.m | 24 |
2 files changed, 32 insertions, 3 deletions
diff --git a/lib/Analysis/GRSimpleVals.cpp b/lib/Analysis/GRSimpleVals.cpp index 3d1c76412c..17e3c381dc 100644 --- a/lib/Analysis/GRSimpleVals.cpp +++ b/lib/Analysis/GRSimpleVals.cpp @@ -267,10 +267,15 @@ SVal GRSimpleVals::EvalBinOp(GRExprEngine& Eng, BinaryOperator::Opcode Op, // FIXME: Are all locations guaranteed to have pointer width? if (BinaryOperator::isEqualityOp(Op)) { if (nonloc::ConcreteInt *RInt = dyn_cast<nonloc::ConcreteInt>(&R)) { - const llvm::APSInt &X = RInt->getValue(); + const llvm::APSInt *X = &RInt->getValue(); ASTContext &C = Eng.getContext(); - if (C.getTypeSize(C.VoidPtrTy) == X.getBitWidth()) - return EvalBinOp(Eng, Op, L, loc::ConcreteInt(X)); + if (C.getTypeSize(C.VoidPtrTy) == X->getBitWidth()) { + // Convert the signedness of the integer (if necessary). + if (X->isSigned()) + X = &Eng.getBasicVals().getValue(*X, true); + + return EvalBinOp(Eng, Op, L, loc::ConcreteInt(*X)); + } } } diff --git a/test/Analysis/misc-ps-64.m b/test/Analysis/misc-ps-64.m index c95998fd36..163da4b4ab 100644 --- a/test/Analysis/misc-ps-64.m +++ b/test/Analysis/misc-ps-64.m @@ -6,6 +6,7 @@ // <rdar://problem/6440393> - A bunch of misc. failures involving evaluating // these expressions and building CFGs. These tests are here to prevent // regressions. +typedef long long int64_t; @class NSString, NSDictionary; typedef long NSInteger; typedef unsigned long NSUInteger; @@ -23,3 +24,26 @@ void rdar_6440393_1(NSDictionary *dict) { shazam(x, &bufptr); } +// <rdar://problem/6845148> - In this example we got a signedness +// mismatch between the literal '0' and the value of 'scrooge'. The +// trick is to have the evaluator convert the literal to an unsigned +// integer when doing a comparison with the pointer. This happens +// because of the transfer function logic of +// OSAtomicCompareAndSwap64Barrier, which doesn't have special casts +// in place to do this for us. +_Bool OSAtomicCompareAndSwap64Barrier( int64_t __oldValue, int64_t __newValue, volatile int64_t *__theValue ); +extern id objc_lookUpClass(const char *name); +void rdar_6845148(id debug_yourself) { + if (!debug_yourself) { + const char *wacky = ((void *)0); + Class scrooge = wacky ? (Class)objc_lookUpClass(wacky) : ((void *)0); + OSAtomicCompareAndSwap64Barrier(0, (int64_t)scrooge, (int64_t*)&debug_yourself); + } +} +void rdar_6845148_b(id debug_yourself) { + if (!debug_yourself) { + const char *wacky = ((void *)0); + Class scrooge = wacky ? (Class)objc_lookUpClass(wacky) : ((void *)0); + OSAtomicCompareAndSwap64Barrier((int64_t)scrooge, 0, (int64_t*)&debug_yourself); + } +} |