From da3960347a5d563d6746cb363b25466282a09ce3 Mon Sep 17 00:00:00 2001
From: Anna Zaks <ganna@apple.com>
Date: Thu, 3 May 2012 02:13:53 +0000
Subject: [PATCH] [analyzer] Do not assert on constructing SymSymExpr with diff
 types.

The resulting type info is stored in the SymSymExpr, so no reason not to
support construction of expression with different subexpression types.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156051 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Core/SValBuilder.cpp       |  1 -
 lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp | 15 +++++++++------
 test/Analysis/taint-generic.c                 |  9 +++++++++
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp
index d286f495cd7..d005c2af966 100644
--- a/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -61,7 +61,6 @@ NonLoc SValBuilder::makeNonLoc(const llvm::APSInt& lhs,
 NonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
                                const SymExpr *rhs, QualType type) {
   assert(lhs && rhs);
-  assert(haveSameType(lhs->getType(Context), rhs->getType(Context)) == true);
   assert(!Loc::isLocType(type));
   return nonloc::SymbolVal(SymMgr.getSymSymExpr(lhs, op, rhs, type));
 }
diff --git a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index 2522cbbd24d..4a4fcf3c1fc 100644
--- a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -280,6 +280,9 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
                                   BinaryOperator::Opcode op,
                                   NonLoc lhs, NonLoc rhs,
                                   QualType resultTy)  {
+  NonLoc InputLHS = lhs;
+  NonLoc InputRHS = rhs;
+
   // Handle trivial case where left-side and right-side are the same.
   if (lhs == rhs)
     switch (op) {
@@ -327,7 +330,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
               return makeTruthVal(true, resultTy);
             default:
               // This case also handles pointer arithmetic.
-              return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+              return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
           }
       }
     }
@@ -389,9 +392,9 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
             if (lhsValue == 0)
               // At this point lhs and rhs have been swapped.
               return rhs;
-            return makeSymExprValNN(state, op, rhs, lhs, resultTy);
+            return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
           default:
-            return makeSymExprValNN(state, op, rhs, lhs, resultTy);
+            return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
         }
       }
     }
@@ -406,7 +409,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
             dyn_cast<SymIntExpr>(selhs->getSymbol());
 
         if (!symIntExpr)
-          return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+          return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
 
         // Is this a logical not? (!x is represented as x == 0.)
         if (op == BO_EQ && rhs.isZeroConstant()) {
@@ -454,7 +457,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
         // For now, only handle expressions whose RHS is a constant.
         const nonloc::ConcreteInt *rhsInt = dyn_cast<nonloc::ConcreteInt>(&rhs);
         if (!rhsInt)
-          return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+          return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
 
         // If both the LHS and the current expression are additive,
         // fold their constants.
@@ -539,7 +542,7 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
               resultTy);
         }
 
-        return makeSymExprValNN(state, op, lhs, rhs, resultTy);
+        return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
       }
     }
     }
diff --git a/test/Analysis/taint-generic.c b/test/Analysis/taint-generic.c
index 1cfdfead64f..8ee1896e96e 100644
--- a/test/Analysis/taint-generic.c
+++ b/test/Analysis/taint-generic.c
@@ -203,3 +203,12 @@ unsigned radar11369570_hanging(const unsigned char *arr, int l) {
   }
   return 5/a; // expected-warning {{Division by a tainted value, possibly zero}}
 }
+
+// Check that we do not assert of the following code.
+int SymSymExprWithDiffTypes(void* p) {
+  int i;
+  scanf("%d", &i);
+  int j = (i % (int)(long)p);
+  return 5/j; // expected-warning {{Division by a tainted value, possibly zero}}
+}
+
-- 
GitLab