llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT--> @llvm/pr-subscribers-clang-static-analyzer-1 Author: Balazs Benics (steakhal) <details> <summary>Changes</summary> This PR should be review commit by commit, and ought to be rebase-merged. See the individual commits for their summary. Once these two commits are reviewed, I'll force push to this PR the first commit, and open a new PR for the second commit because rebase-merge is not an option for upstream llvm, but I still wanted to let you know the whole picture, and that these two commits are related. --- Full diff: https://github.com/llvm/llvm-project/pull/112583.diff 3 Files Affected: - (modified) clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp (+20-5) - (modified) clang/test/Analysis/infeasible-sink.c (+6-17) - (modified) clang/test/Analysis/unary-sym-expr.c (+1-2) ``````````diff diff --git a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp index 70d5a609681790..2ee86a90a1f6d2 100644 --- a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp +++ b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp @@ -1249,6 +1249,8 @@ class SymbolicRangeInferrer // calculate the effective range set by intersecting the range set // for A - B and the negated range set of B - A. getRangeForNegatedSymSym(SSE), + // If commutative, we may have constaints for the commuted variant. + getRangeCommutativeSymSym(SSE), // If Sym is a comparison expression (except <=>), // find any other comparisons with the same operands. // See function description. @@ -1485,6 +1487,18 @@ class SymbolicRangeInferrer Sym->getType()); } + std::optional<RangeSet> getRangeCommutativeSymSym(const SymSymExpr *SSE) { + bool IsCommutative = llvm::is_contained({BO_Add, BO_Mul}, SSE->getOpcode()); + if (!IsCommutative) + return std::nullopt; + + SymbolRef Commuted = State->getSymbolManager().getSymSymExpr( + SSE->getRHS(), BO_Add, SSE->getLHS(), SSE->getType()); + if (const RangeSet *Range = getConstraint(State, Commuted)) + return *Range; + return std::nullopt; + } + // Returns ranges only for binary comparison operators (except <=>) // when left and right operands are symbolic values. // Finds any other comparisons with the same operands. @@ -1939,11 +1953,8 @@ class RangeConstraintManager : public RangedConstraintManager { RangeSet::Factory F; RangeSet getRange(ProgramStateRef State, SymbolRef Sym); - RangeSet getRange(ProgramStateRef State, EquivalenceClass Class); ProgramStateRef setRange(ProgramStateRef State, SymbolRef Sym, RangeSet Range); - ProgramStateRef setRange(ProgramStateRef State, EquivalenceClass Class, - RangeSet Range); RangeSet getSymLTRange(ProgramStateRef St, SymbolRef Sym, const llvm::APSInt &Int, @@ -2866,12 +2877,14 @@ ConditionTruthVal RangeConstraintManager::checkNull(ProgramStateRef State, const llvm::APSInt *RangeConstraintManager::getSymVal(ProgramStateRef St, SymbolRef Sym) const { - const RangeSet *T = getConstraint(St, Sym); - return T ? T->getConcreteValue() : nullptr; + auto &MutableSelf = const_cast<RangeConstraintManager &>(*this); + return MutableSelf.getRange(St, Sym).getConcreteValue(); } const llvm::APSInt *RangeConstraintManager::getSymMinVal(ProgramStateRef St, SymbolRef Sym) const { + // TODO: Use `getRange()` like in `getSymVal()`, but that would make some + // of the reports of `BitwiseShiftChecker` look awkward. const RangeSet *T = getConstraint(St, Sym); if (!T || T->isEmpty()) return nullptr; @@ -2880,6 +2893,8 @@ const llvm::APSInt *RangeConstraintManager::getSymMinVal(ProgramStateRef St, const llvm::APSInt *RangeConstraintManager::getSymMaxVal(ProgramStateRef St, SymbolRef Sym) const { + // TODO: Use `getRange()` like in `getSymVal()`, but that would make some + // of the reports of `BitwiseShiftChecker` look awkward. const RangeSet *T = getConstraint(St, Sym); if (!T || T->isEmpty()) return nullptr; diff --git a/clang/test/Analysis/infeasible-sink.c b/clang/test/Analysis/infeasible-sink.c index 9cb66fcac0b6be..d5b4e82268f5b6 100644 --- a/clang/test/Analysis/infeasible-sink.c +++ b/clang/test/Analysis/infeasible-sink.c @@ -38,7 +38,7 @@ void test1(int x) { } int a, b, c, d, e; -void test2() { +void test2(void) { if (a == 0) return; @@ -50,28 +50,17 @@ void test2() { b = d; a -= d; + clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}} + if (a != 0) return; - clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}} - - /* The BASELINE passes these checks ('wrning' is used to avoid lit to match) - // The parent state is already infeasible, look at this contradiction: - clang_analyzer_eval(b > 0); // expected-wrning{{FALSE}} - clang_analyzer_eval(b <= 0); // expected-wrning{{FALSE}} - // Crashes with expensive checks. - if (b > 0) { - clang_analyzer_warnIfReached(); // no-warning, OK - return; - } - // Should not be reachable. - clang_analyzer_warnIfReached(); // expected-wrning{{REACHABLE}} - */ + clang_analyzer_warnIfReached(); // no-warning: Even the parent state is unreachable. // The parent state is already infeasible, but we realize that only if b is // constrained. - clang_analyzer_eval(b > 0); // expected-warning{{UNKNOWN}} - clang_analyzer_eval(b <= 0); // expected-warning{{UNKNOWN}} + clang_analyzer_eval(b > 0); // no-warning + clang_analyzer_eval(b <= 0); // no-warning if (b > 0) { clang_analyzer_warnIfReached(); // no-warning return; diff --git a/clang/test/Analysis/unary-sym-expr.c b/clang/test/Analysis/unary-sym-expr.c index 7c4774f3cca82f..7ce7a3c5c24e35 100644 --- a/clang/test/Analysis/unary-sym-expr.c +++ b/clang/test/Analysis/unary-sym-expr.c @@ -33,8 +33,7 @@ void test_svalbuilder_simplification(int x, int y) { if (x + y != 3) return; clang_analyzer_eval(-(x + y) == -3); // expected-warning{{TRUE}} - // FIXME Commutativity is not supported yet. - clang_analyzer_eval(-(y + x) == -3); // expected-warning{{UNKNOWN}} + clang_analyzer_eval(-(y + x) == -3); // expected-warning{{TRUE}} } int test_fp(int flag) { `````````` </details> https://github.com/llvm/llvm-project/pull/112583 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
