[PATCH] D45517: [analyzer] WIP: False positive refutation with Z3
George Karpenkov via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sat Apr 21 05:14:55 PDT 2018
george.karpenkov added inline comments.
================
Comment at: include/clang/StaticAnalyzer/Core/AnalyzerOptions.h:284
+ /// \sa shouldPostProcessBugReports
+ Optional<bool> PostProcessBugReports;
+
----------------
The option name should be more self-explanatory, post-processing in general can mean anything
================
Comment at: include/clang/StaticAnalyzer/Core/AnalyzerOptions.h:586
+ /// which accepts the values "true" and "false".
+ bool shouldPostProcessBugReports();
+
----------------
Same here
================
Comment at: include/clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h:348
+ : public BugReporterVisitorImpl<FalsePositiveRefutationBRVisitor> {
+ bool isInvalidated = false;
+
----------------
LLVM coding standart mandates capital case for field names.
================
Comment at: lib/StaticAnalyzer/Core/AnalyzerOptions.cpp:301
+ return getBooleanOption(PostProcessBugReports,
+ "postprocess-reports",
+ /* Default = */ false);
----------------
Same for the option name. "crosscheck-with-z3"?
================
Comment at: lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:2342
+ BugReport &BR) {
+ if (isInvalidated)
+ return nullptr;
----------------
Is this field actually necessary? Do we ever check the same bug report with the same visitor multiple times?
================
Comment at: lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:2351
+
+ if (!RefutationMgr.checkRangedStateConstraints(Succ->getState())) {
+ const LocationContext *LC = Succ->getLocationContext();
----------------
For the initial version I would just do all work in the visitor, but that's a matter of taste.
================
Comment at: lib/StaticAnalyzer/Core/ProgramState.cpp:86
+ ? CreateZ3ConstraintManager(*this, SubEng)
+ : nullptr;
}
----------------
Would then we crash on NPE if `getRefutationManager` is called? Getters should preferably not cause crashes.
================
Comment at: lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:1268
+ if (From == To) {
+ Z3Expr Eq = getZ3BinExpr(Exp, SymTy, BO_EQ, FromExp, RangeTy, nullptr);
+ Solver.addConstraint(Eq);
----------------
I wouldn't even bother with this branch, but again, a matter of taste.
================
Comment at: lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:1273
+ Z3Expr RHS = getZ3BinExpr(Exp, SymTy, BO_LE, ToExp, RangeTy, nullptr);
+ Solver.addConstraint(Z3Expr::fromBinOp(LHS, BO_LOr, RHS, isSignedTy));
+ }
----------------
Why `OR`? Shouldn't it be AND?
https://reviews.llvm.org/D45517
More information about the cfe-commits
mailing list