From 5e9e96a342f1573f622d45f180dee7ed6b4d5b68 Mon Sep 17 00:00:00 2001 From: Sam Blackshear Date: Wed, 25 Oct 2017 11:17:47 -0700 Subject: [PATCH] [hil] don't crash on deref of magic address Summary: In HIL, allow deref'ing a magic address like `0xdeadbeef` for debugging purposes. Previously, we would crash on code like this. Reviewed By: mbouaziz Differential Revision: D6143802 fbshipit-source-id: 4151924 --- infer/src/IR/HilInstr.ml | 7 +++++++ infer/tests/codetoanalyze/cpp/uninit/uninit.cpp | 3 +++ 2 files changed, 10 insertions(+) diff --git a/infer/src/IR/HilInstr.ml b/infer/src/IR/HilInstr.ml index f23617617..91e9e52ee 100644 --- a/infer/src/IR/HilInstr.ml +++ b/infer/src/IR/HilInstr.ml @@ -89,6 +89,13 @@ let of_sil ~include_array_indexes ~f_resolve_id (instr: Sil.instr) = L.(die InternalError) "Invalid pointer arithmetic expression %a used as LHS at %a" Exp.pp lhs_exp Location.pp_file_pos loc ) + | Constant Const.Cint i -> + (* this can happen in intentionally crashing code like *0xdeadbeef = 0 used for + debugging. doesn't really matter what we do here, so just create a dummy var *) + let dummy_base_var = + Var.of_id (Ident.create_normal (Ident.string_to_name (IntLit.to_string i)) 0) + in + ((dummy_base_var, Typ.void_star), []) | _ -> L.(die InternalError) "Non-assignable LHS expression %a at %a" Exp.pp lhs_exp Location.pp_file_pos loc diff --git a/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp b/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp index 753d8f0e3..a3153ccb5 100644 --- a/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp +++ b/infer/tests/codetoanalyze/cpp/uninit/uninit.cpp @@ -137,3 +137,6 @@ int ok6() { x = 7; return x; } + +// this crashes HIL if we're not careful +void deref_magic_addr_ok() { *(int*)0xdeadbeef = 0; }