Merge pull request #2961 from SavchenkoValeriy/vsavchenko/rdar77686137_analyzer_solver_crash

SavchenkoValeriy · web-flow · commit d946ed9cb32b · 2021-05-14T10:23:41.000+03:00
(rdar://77686137) Fix crash in the static analyzer constraint solver component
diff --git a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
@@ -1487,15 +1487,18 @@ class RangeConstraintManager : public RangedConstraintManager {
       // This is an infeasible assumption.
       return nullptr;
 
-    ProgramStateRef NewState = setConstraint(State, Sym, NewConstraint);
-    if (auto Equality = EqualityInfo::extract(Sym, Int, Adjustment)) {
-      // If the original assumption is not Sym + Adjustment !=/</> Int,
-      // we should invert IsEquality flag.
-      Equality->IsEquality = Equality->IsEquality != EQ;
-      return track(NewState, *Equality);
+    if (ProgramStateRef NewState = setConstraint(State, Sym, NewConstraint)) {
+      if (auto Equality = EqualityInfo::extract(Sym, Int, Adjustment)) {
+        // If the original assumption is not Sym + Adjustment !=/</> Int,
+        // we should invert IsEquality flag.
+        Equality->IsEquality = Equality->IsEquality != EQ;
+        return track(NewState, *Equality);
+      }
+
+      return NewState;
     }
 
-    return NewState;
+    return nullptr;
   }
 
   ProgramStateRef track(ProgramStateRef State, EqualityInfo ToTrack) {
diff --git a/clang/test/Analysis/PR50268.c b/clang/test/Analysis/PR50268.c
@@ -0,0 +1,12 @@
+// RUN: %clang_analyze_cc1 -w -analyzer-checker=core -verify %s \
+// RUN:    -analyzer-config eagerly-assume=true
+
+// expected-no-diagnostics
+
+
+int test(unsigned long a, unsigned long c, int b) {
+  c -= a;
+  if (0 >= b) {}
+  c == b;
+  return c ? 0 : 2; // no-crash
+}
