Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107236 91177308-0d34-0410-b5e6-96231b3b80d8
author: Jordy Rose <jediknil@belkadan.com> 2010-06-30 01:35:20 +0000
committer: Jordy Rose <jediknil@belkadan.com> 2010-06-30 01:35:20 +0000
commit: a274148a5cf85f758e469d5785fb72736f93f58b (patch)
tree: 3d236faebdb6b21c0d159d9338fe4da8a8c1ff16 /lib/Checker/SimpleSValuator.cpp
parent: e9c9d15ef9429257136564c5bab76dbe286e37c7 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/Checker/SimpleSValuator.cpp b/lib/Checker/SimpleSValuator.cpp
index 0f4fe07bb7..5b24992118 100644
--- a/lib/Checker/SimpleSValuator.cpp
+++ b/lib/Checker/SimpleSValuator.cpp
@@ -502,7 +502,12 @@ SVal SimpleSValuator::EvalBinOpLL(const GRState *state,
                                   QualType resultTy) {
   // Only comparisons and subtractions are valid operations on two pointers.
   // See [C99 6.5.5 through 6.5.14] or [C++0x 5.6 through 5.15].
-  assert(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub);
+  // However, if a pointer is casted to an integer, EvalBinOpNN may end up
+  // calling this function with another operation (PR7527). We don't attempt to
+  // model this for now, but it could be useful, particularly when the
+  // "location" is actually an integer value that's been passed through a void*.
+  if (!(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub))
+    return UnknownVal();
 
   // Special cases for when both sides are identical.
   if (lhs == rhs) {
author	Jordy Rose <jediknil@belkadan.com>	2010-06-30 01:35:20 +0000
committer	Jordy Rose <jediknil@belkadan.com>	2010-06-30 01:35:20 +0000
commit	a274148a5cf85f758e469d5785fb72736f93f58b (patch)
tree	3d236faebdb6b21c0d159d9338fe4da8a8c1ff16 /lib/Checker/SimpleSValuator.cpp
parent	e9c9d15ef9429257136564c5bab76dbe286e37c7 (diff)