shenjunjiekoda wrote:
> Contributor
The crash occurred due to a failed assertion in the `zext` method of APInt. The
`zext` function requires the following condition to be met:
```cpp
// Zero extend to a new width.
APInt APInt::zext(unsigned width) const {
assert(width >= BitWidth && "Invalid APInt ZeroExtend request");
// ...
}
```
However, the original logic in
`clang/lib/StaticAnalyzer/Core/LoopUnrolling.cpp` used an inequality check (!=)
to determine if the widths were mismatched. This could lead to a scenario where
one of the `zext `calls in the if block triggers the assertion failure
internally:
```cpp
static bool shouldCompletelyUnroll(const Stmt *LoopStmt, ASTContext &ASTCtx,
ExplodedNode *Pred, unsigned &maxStep) {
// ...
if (InitNum.getBitWidth() != BoundNum.getBitWidth()) {
InitNum = InitNum.zext(BoundNum.getBitWidth());
BoundNum = BoundNum.zext(InitNum.getBitWidth());
}
```
For the test case, I used the `cvise` tool to simplify `the test/std-test.cc`
file from the `libfmt` repo while ensuring it remained free of compilation
errors. This test case appears to be the minimal version that `cvise` could
produce.
https://github.com/llvm/llvm-project/pull/121203
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
