[PATCH] D103440: [WIP][analyzer] Introduce range-based reasoning for addition operator

[Valeriy Savchenko via Phabricator via cfe-commits]

vsavchenko added a comment.

I also would like to see tests where the ranges are not going all the way to 
either `INT_MIN` or `INT_MAX` (if we talk about `int`), but overflow still 
might happen, and cases where overflow might happen, but we still can identify 
the overflowing results precisely (e.g. the result is `[INT_MIN, INT_MIN + 10] 
and [INT_MAX - 5, INT_MAX])



================
Comment at: clang/test/Analysis/constant-folding.c:279
+    if (c == INT_MIN && d == INT_MIN) {
+      clang_analyzer_eval((c + d) == 0); // expected-warning{{TRUE}}
+    }
----------------
Good!


================
Comment at: clang/test/Analysis/constant-folding.c:282
+
+    if (c >= -20 && d >= -40) {
+      clang_analyzer_eval((c + d) < -1); // expected-warning{{TRUE}}
----------------
Great, it's good to check negative numbers.
I have one note here.  The fact that we don't have a testing framework and use 
this approach of inspecting the actual analysis has an interesting implication.

```
if (a == 10) { // here we split path into 2 paths: one where a == 10, and one 
where a != 10;
               // one goes inside of if, one doesn't
  . . .
}
if (a >= 5) { // here we split into 3 paths: a == 10, a < 5, and a in [5, 9] 
and [11, INT_MAX] (aka a >= 5 and a != 10).
              // 1 path was infeasible: a == 10 and a < 5
              // Two of these paths go inside of the if, one doesn't
  . . .
  clang_analyzer_eval(a == 10); // it will produce two results: TRUE and FALSE
}
clang_analyzer_eval(a == 10); // it will produce three results: TRUE, FALSE, 
and FALSE
```

We don't want to test how path splitting works in these particular tests (they 
are about solver and constant folding after all), that's why we try to have 
only one path going through each `clang_analyzer_eval(...)`

In this example, you still have residual paths where `c != INT_MIN`, `c == 
INT_MIN and d != INT_MIN`, and `c == INT_MIN and d == INT_MIN`.


================
Comment at: clang/test/Analysis/constant-folding.c:304-305
+  if (c > 0 && d > 0) {
+    clang_analyzer_eval((c + d) > 1); // expected-warning{{TRUE}}
+    clang_analyzer_eval((c + d) < -1); // expected-warning{{TRUE}}
+  }
----------------
How can these two statements be TRUE at the same time?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D103440/new/

https://reviews.llvm.org/D103440

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits