Open Quuxplusone opened 4 years ago
Attached arrav2-exploded-graphs.zip
(4053 bytes, application/zip): Rewritten exploded graphs of all three functions of the example.
Attached statemachine.svg
(8797 bytes, image/svg+xml): state machine representation of ArrayBoundCheckerV2::checkLocation
At a glance the state was computed incorrectly as well in case of overflow. Like, "x + 2 >= 0" is not the same as "x >= -2" in unsigned modular arithmetic (in fact the former is always true).
The fix is on review: https://reviews.llvm.org/D86874
arrav2-exploded-graphs.zip
(4053 bytes, application/zip)statemachine.svg
(8797 bytes, image/svg+xml)Created attachment 23216 Rewritten exploded graphs of all three functions of the example.
This bug was reported by Loïc Joly. You can read the original discussion at the cfe-dev archives: http://lists.llvm.org/pipermail/cfe-dev/2020-March/064783.html
The gist of this bug is demonstrated by this example: