<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>On Nov 29, 2012, at 9:23 AM, Jordan Rose <<a href="mailto:jordan_rose@apple.com">jordan_rose@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Nov 28, 2012, at 22:22 , Ted Kremenek <<a href="mailto:kremenek@apple.com">kremenek@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>On Nov 28, 2012, at 4:54 PM, Jordan Rose <<a href="mailto:jordan_rose@apple.com">jordan_rose@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">On Nov 28, 2012, at 16:50 , Ted Kremenek <<a href="mailto:kremenek@apple.com">kremenek@apple.com</a>> wrote:</div><br class="Apple-interchange-newline" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><blockquote type="cite" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">Author: kremenek<br>Date: Wed Nov 28 18:50:20 2012<br>New Revision: 168843<br><br>URL:<span class="Apple-converted-space"> </span><a href="http://llvm.org/viewvc/llvm-project?rev=168843&view=rev">http://llvm.org/viewvc/llvm-project?rev=168843&view=rev</a><br>Log:<br>Correctly handle IntegralToBool casts in C++ in the static analyzer. Fixes <<a href="rdar://problem/12759044">rdar://problem/12759044</a>>.<br><br>Modified:<br> cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp<br> cfe/trunk/test/Analysis/misc-ps-region-store.cpp<br><br>Modified: cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp<br>URL:<span class="Apple-converted-space"> </span><a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp?rev=168843&r1=168842&r2=168843&view=diff">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp?rev=168843&r1=168842&r2=168843&view=diff</a><br>==============================================================================<br>--- cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp (original)<br>+++ cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp Wed Nov 28 18:50:20 2012<br>@@ -101,6 +101,12 @@<br> if (!isa<nonloc::ConcreteInt>(val))<br> return UnknownVal();<br><br>+ // Handle casts to a boolean type.<br>+ if (castTy->isBooleanType()) {<br>+ bool b = cast<nonloc::ConcreteInt>(val).getValue().getBoolValue();<br>+ return makeTruthVal(b, castTy);<br>+ }<br></blockquote><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><br></div><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">We can do better about nonloc::LocAsInteger and evalCastFromLoc as well.</div></blockquote><div><br></div><div>Agreed. Eli also made a good point that we should probably be utilizing CastKinds here. We're losing a bit of the intent of the cast by relying on just types.</div></div></blockquote><div><br></div><div>I think one of the reasons we don't is because people can call evalCast from Checker code, but we could either require a CastKind there or fall back to inference. The other reason is that most CastKinds are handled directly by ExprEngine. Neither of those are real reasons not to do it, though.</div></div></div></blockquote><div><br></div><div>Hmm. Another possibility is to require more specific "cast" entry points in SValBuilder. ExprEngine would pick the right ones (since it dispatches on CastKind already), and Checkers would need to be a bit smarter on what to use.</div><br><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><br></div><br><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br><blockquote type="cite"><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "> We<span class="Apple-converted-space"> </span><i>would</i> be able to do better about symbols if we had a state around for casts, but we don't.</div></blockquote></div><br><div>I think I follow you, but could you be more specific?</div></div></blockquote></div><br><div>We ought to be able to say (roughly):</div><div><br></div><div>Val = State->isNull(Sym);</div><div>if (Val.isConstrained())</div><div> Result = Val.isConstrainedTrue();</div><div>else</div><div> Result = /* our existing SymCast of Sym */</div><div><br></div><div>Actually, we could just evaluate boolean casts as if they were conditionals, using assumeDual to see if only one state is feasible, and only fall back to conjuring a new symbol or a SymCast if they both are. That way we'd be using the same logic for all SVals.</div></div></blockquote><br></div><div>That's an interesting idea.</div><br></body></html>