signess error when building cfg


I just encounter an assert when performing file analysis (cfg-building) in clang::Expr::isIntegerConstantExpr()

When I perform an operation between to variable with different sign, APSInt raise an error (assert).

And so, something like 'clang -cfg-dump' on this code will crash:

#include <stdint.h>

void testBinaryOp() {
   void *bytes = 0;
   /* Alignement */
   bytes = (intptr_t)bytes + 2;
   bytes = (intptr_t)bytes % 2;
   bytes = (intptr_t)bytes / 2;

Is it a known issue, or is it worth filling a bug report ?

Stack trace:

#4 0x91ca9063 in __assert_rtn ()
#5 0x00028789 in llvm::APSInt::operator+= (this=0xbfffe5b0, RHS=@0xbfffe454) at APSInt.h:159
#6 0x00025fd9 in clang::Expr::isIntegerConstantExpr (this=0xc0ae30, Result=@0xbfffe5b0, Ctx=@0xbfffef80, Loc=0x0, isEvaluated=true) at /Users/Projects/Tools/llvm/tools/clang/lib/AST/Expr.cpp:876
#7 0x00027036 in clang::Expr::isNullPointerConstant (this=0xc0ae30, Ctx=@0xbfffef80) at /Users/Projects/Tools/llvm/tools/clang/lib/AST/Expr.cpp:1058
#8 0x00092871 in clang::Sema::CheckSingleAssignmentConstraints (this=0xbffff140, lhsType={ThePtr = 12595040}, rExpr=@0xbfffe708) at /Users/Projects/Tools/llvm/tools/clang/lib/Sema/SemaExpr.cpp:1431
#9 0x0009a0e9 in clang::Sema::CheckAssignmentOperands (this=0xbffff140, lex=0xc0ad90, rex=@0xbfffe708, loc={ID = 131294}, compoundType={ThePtr = 0}) at /Users/Projects/Tools/llvm/tools/clang/lib/Sema/SemaExpr.cpp:1805
#10 0x00092af4 in clang::Sema::ActOnBinOp (this=0xbffff140, TokLoc={ID = 131294}, Kind=clang::tok::equal, LHS=0xc0ad90, RHS=0xc0ae30) at /Users/Projects/Tools/llvm/tools/clang/lib/Sema/SemaExpr.cpp:2052
#11 0x0005cfe0 in clang::Parser::ParseRHSOfBinaryExpression (this=0xbffff2b0, LHS={Val = 0xc0ad90, isInvalid = false}, MinPrec=1) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/ParseExpr.cpp:384
#12 0x0005e482 in clang::Parser::ParseExpressionWithLeadingIdentifier (this=0xbffff2b0, IdTok=@0xbfffea04) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/ParseExpr.cpp:259
#13 0x000548ed in clang::Parser::ParseIdentifierStatement (this=0xbffff2b0, OnlyStatement=false) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/ParseStmt.cpp:267
#14 0x000521da in clang::Parser::ParseStatementOrDeclaration (this=0xbffff2b0, OnlyStatement=false) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/ParseStmt.cpp:86
#15 0x00051a7e in clang::Parser::ParseCompoundStatementBody (this=0xbffff2b0, isStmtExpr=false) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/ParseStmt.cpp:425
#16 0x00051e68 in clang::Parser::ParseFunctionStatementBody (this=0xbffff2b0, Decl=0xc07160, L={ID = 131246}, R={ID = 131246}) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/ParseStmt.cpp:1149
#17 0x0001e09c in clang::Parser::ParseFunctionDefinition (this=0xbffff2b0, D=@0xbfffed70) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/Parser.cpp:507
#18 0x0001e5f5 in clang::Parser::ParseDeclarationOrFunctionDefinition (this=0xbffff2b0) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/Parser.cpp:442
#19 0x0001e74f in clang::Parser::ParseExternalDeclaration (this=0xbffff2b0) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/Parser.cpp:353
#20 0x0001e979 in clang::Parser::ParseTopLevelDecl (this=0xbffff2b0, Result=@0xbffff384) at /Users/Projects/Tools/llvm/tools/clang/lib/Parse/Parser.cpp:269
#21 0x000ab191 in clang::ParseAST (PP=@0xc011d0, Consumer=0xc02120, PrintStats=false) at /Users/Projects/Tools/llvm/tools/clang/lib/Sema/ParseAST.cpp:56

Hi Jean-Daniel,

This is a good test case. Please file a bug report. Even clang -ast-dump fails on this test case.


Mmm, if I'm not mistaken, this looks like a known issue with the hack
allowing pointers in integer constant expressions; I was planning to
fix it sooner, but the right fix grew a bit bigger than I expected it
to, and I never got around to coming up with a quick hack.
(Specifically, the complete fix involves the new constant expression
evaluator work.)


Yes, it is. We really need to fix this. I poked at this briefly, and the basic problem is that isIntegerConstantExpr returns true for casts from pointer but doesn't fill in Result. We really should only return true (in the GCC hack mode) if we are able to fold the pointer expression.