diff options
| -rw-r--r-- | lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp | 9 | ||||
| -rw-r--r-- | test/Analysis/taint-generic.c | 11 |
2 files changed, 18 insertions, 2 deletions
diff --git a/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp b/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp index f6404f0f77..9b759df48f 100644 --- a/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp +++ b/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp @@ -50,8 +50,13 @@ bool SimpleConstraintManager::canReasonAbout(SVal X) const { } if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(SE)) { - if (BinaryOperator::isComparisonOp(SSE->getOpcode())) - return true; + if (BinaryOperator::isComparisonOp(SSE->getOpcode())) { + // We handle Loc <> Loc comparisons, but not (yet) NonLoc <> NonLoc. + if (Loc::isLocType(SSE->getLHS()->getType())) { + assert(Loc::isLocType(SSE->getRHS()->getType())); + return true; + } + } } return false; diff --git a/test/Analysis/taint-generic.c b/test/Analysis/taint-generic.c index 696db67713..fe27070026 100644 --- a/test/Analysis/taint-generic.c +++ b/test/Analysis/taint-generic.c @@ -212,3 +212,14 @@ int SymSymExprWithDiffTypes(void* p) { return 5/j; // expected-warning {{Division by a tainted value, possibly zero}} } + +void constraintManagerShouldTreatAsOpaque(int rhs) { + int i; + scanf("%d", &i); + // This comparison used to hit an assertion in the constraint manager, + // which didn't handle NonLoc sym-sym comparisons. + if (i < rhs) + return; + if (i < rhs) + *(volatile int *) 0; // no-warning +} |