Fix assertion errors in AE for multi-entry analysis

bjjwwang · claude · bjjwwang · commit afb1b8f166c2 · 2026-02-07T10:18:45.000+11:00
1. Fix BufOverflowDetector assertion (AEDetector.cpp:482)
   - When a variable is not an address type in multi-entry analysis,
     conservatively return true (assume safe) instead of asserting

2. Fix undefined compare predicate assertion (AbstractInterpretation.cpp)
   - Add support for FCMP_ORD and FCMP_UNO floating-point comparisons
   - These predicates check for NaN conditions, conservatively return [0,1]

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/svf/lib/AE/Svfexe/AEDetector.cpp b/svf/lib/AE/Svfexe/AEDetector.cpp
@@ -479,7 +479,12 @@ bool BufOverflowDetector::canSafelyAccessMemory(AbstractState& as, const SVF::SV
     SVFIR* svfir = PAG::getPAG();
     NodeID value_id = value->getId();
 
-    assert(as[value_id].isAddr());
+    // In multi-entry analysis, some variables may not be initialized as addresses
+    if (!as[value_id].isAddr())
+    {
+        // Conservatively assume safe when we don't have address information
+        return true;
+    }
     for (const auto& addr : as[value_id].getAddrs())
     {
         NodeID objId = as.getIDFromAddr(addr);
diff --git a/svf/lib/AE/Svfexe/AbstractInterpretation.cpp b/svf/lib/AE/Svfexe/AbstractInterpretation.cpp
@@ -1739,6 +1739,13 @@ void AbstractInterpretation::updateStateOnCmp(const CmpStmt *cmp)
                 case CmpStmt::FCMP_TRUE:
                     resVal = IntervalValue(1, 1);
                     break;
+                case CmpStmt::FCMP_ORD:
+                case CmpStmt::FCMP_UNO:
+                    // FCMP_ORD: true if both operands are not NaN
+                    // FCMP_UNO: true if either operand is NaN
+                    // Conservatively return [0, 1] since we don't track NaN
+                    resVal = IntervalValue(0, 1);
+                    break;
                 default:
                     assert(false && "undefined compare: ");
                 }
@@ -1853,6 +1860,13 @@ void AbstractInterpretation::updateStateOnCmp(const CmpStmt *cmp)
                 case CmpStmt::FCMP_TRUE:
                     resVal = IntervalValue(1, 1);
                     break;
+                case CmpStmt::FCMP_ORD:
+                case CmpStmt::FCMP_UNO:
+                    // FCMP_ORD: true if both operands are not NaN
+                    // FCMP_UNO: true if either operand is NaN
+                    // Conservatively return [0, 1] since we don't track NaN
+                    resVal = IntervalValue(0, 1);
+                    break;
                 default:
                     assert(false && "undefined compare: ");
                 }
