From 6f8f15fa72623257d03eb8e742552d16f5e4a304 Mon Sep 17 00:00:00 2001
From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Date: Wed, 6 Jun 2018 06:09:02 +0000
Subject: [PATCH] [Analyzer] Fix Z3ConstraintManager crash (PR37646)

Summary:
Fix another Z3ConstraintManager crash, use fixAPSInt() to extend a
boolean APSInt.

Reviewers: george.karpenkov, NoQ, ddcc

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D47617

llvm-svn: 334065
---
 .../StaticAnalyzer/Core/Z3ConstraintManager.cpp  |  6 ++++--
 clang/test/Analysis/apsint.c                     |  7 -------
 clang/test/Analysis/z3/apsint.c                  | 16 ++++++++++++++++
 3 files changed, 20 insertions(+), 9 deletions(-)
 delete mode 100644 clang/test/Analysis/apsint.c
 create mode 100644 clang/test/Analysis/z3/apsint.c

diff --git a/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
index a9f67fc124b8..dccd158489b0 100644
--- a/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp
@@ -1231,8 +1231,10 @@ const llvm::APSInt *Z3ConstraintManager::getSymVal(ProgramStateRef State,
     if (!LHS || !RHS)
       return nullptr;
 
-    llvm::APSInt ConvertedLHS = *LHS, ConvertedRHS = *RHS;
-    QualType LTy = getAPSIntType(*LHS), RTy = getAPSIntType(*RHS);
+    llvm::APSInt ConvertedLHS, ConvertedRHS;
+    QualType LTy, RTy;
+    std::tie(ConvertedLHS, LTy) = fixAPSInt(*LHS);
+    std::tie(ConvertedRHS, RTy) = fixAPSInt(*RHS);
     doIntTypeConversion<llvm::APSInt, Z3ConstraintManager::castAPSInt>(
         ConvertedLHS, LTy, ConvertedRHS, RTy);
     return BVF.evalAPSInt(BSE->getOpcode(), ConvertedLHS, ConvertedRHS);
diff --git a/clang/test/Analysis/apsint.c b/clang/test/Analysis/apsint.c
deleted file mode 100644
index d37fce11ddbf..000000000000
--- a/clang/test/Analysis/apsint.c
+++ /dev/null
@@ -1,7 +0,0 @@
-// REQUIRES: z3
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux-gnu -analyzer-checker=core -verify %s
-// expected-no-diagnostics
-
-_Bool a() {
-  return !({ a(); });
-}
diff --git a/clang/test/Analysis/z3/apsint.c b/clang/test/Analysis/z3/apsint.c
new file mode 100644
index 000000000000..670ef2be1c59
--- /dev/null
+++ b/clang/test/Analysis/z3/apsint.c
@@ -0,0 +1,16 @@
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux-gnu -analyzer-checker=core -verify %s
+// expected-no-diagnostics
+
+// https://bugs.llvm.org/show_bug.cgi?id=37622
+_Bool a() {
+  return !({ a(); });
+}
+
+// https://bugs.llvm.org/show_bug.cgi?id=37646
+_Bool b;
+void c() {
+  _Bool a = b | 0;
+  for (;;)
+    if (a)
+      ;
+}
-- 
GitLab