<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Manas,<div class=""><br class=""></div><div class="">Great to see some interest for the project!</div><div class=""><br class=""></div><div class="">The solver in question is fully located in <b class="">RangeConstraintManager.cpp</b>. There we try our best to provide useful ranges for symbolic expressions AND do it real fast. The last part is probably the most important thing here. This solver works every time we see a condition in code and when we tried using <b class="">z3</b> for this instead, it degraded performance so drastically that the analyzer is not useable (e.g 10min --> 25h). </div><div class=""><br class=""></div><div class="">However, we have found another application for <b class="">z3 </b>- refute produced warnings. When we are about to report a new warning, we can check that constraints are <b class="">sat/unsat</b> and discard the warning in the latter case. This happens way less frequently and good in terms of performance. Alas, the majority of users have static analyzer build without <b class="">z3</b>, and some false positives warnings sneak in.</div><div class=""><br class=""></div><div class="">So, there are two main directions that I see:</div><div class=""><ul class="MailOutline"><li class="">Figure out cases when <b class="">z3 </b>refutation works better than the built-in fast solver. <br class="">Run the analyzer in both modes and analyze the difference. Usually it’s under 10 warnings, so it won’t be very tedious.</li><li class="">Add reasoning about range-based binary operations. <br class="">If we know ranges for symbols or symbolic expressions <b class="">x </b>and <b class="">y</b>, we can often reason about possible ranges for <b class="">x OP y</b>, where <b class="">OP</b> is some binary operator. At the moment, we have support for <b class="">&, |, </b>and <b class="">% </b>(it’s a bit weird set of operators, but it was driven by reported false positives).</li></ul><div class=""><br class=""></div><div class="">We are open for other suggestions and algorithms in this component, but I guess it’s valuable to start with the first bullet point to have a good motivation for improvements.</div><div class=""><br class=""></div><div class="">@Balazs, sorry for confusion. Here is a short description of the project I suggested for this year: <a href="https://llvm.org/OpenProjects.html#static_analyzer_constraint_solver" class="">https://llvm.org/OpenProjects.html#static_analyzer_constraint_solver</a></div><div class=""><br class=""></div><div class="">It’s a logical continuation of my work:</div><div class="">D86465, D82445, D83286, D82381, D80117, D79434, and D79336</div><div class=""><br class=""></div><div class="">Cheers,</div><div class="">Valeriy</div><div><br class=""><blockquote type="cite" class=""><div class="">On 9 Apr 2021, at 11:37, via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Good to hear that someone is interested in the SMT Solver part of the analyzer.<br class=""><br class="">Mikhail Ramalho is probably the primary driving factor in this direction, but I try to participate/help as much as I can.<br class="">You probably already know, Artem Dergachev is the code owner of the CSA, so I guess, you can count on him as well.<br class=""><br class="">Unfortunately, the SMT solver is not maintained, thus it is in pretty bad shape. It can not pass the tests for various reasons.<br class="">I planned to improve the situation, but it was always a low priority for me. My primary concern is the Z3 solver for bugreport refutation for the range-based solver.<br class=""><br class="">I recommend you have a look at patches in the past using git blame.<br class="">AFAIK these three are the most important patches which not landed yet:<br class="">D83677, D83660, D85528<br class=""><br class="">Regards, Balazs.<br class=""><br class="">-----Original Message-----<br class="">From: cfe-dev <<a href="mailto:cfe-dev-bounces@lists.llvm.org" class="">cfe-dev-bounces@lists.llvm.org</a>> On Behalf Of Manas via cfe-dev<br class="">Sent: 2021. április 9., péntek 10:01<br class="">To: clang-front-end mailing list <<a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a>><br class="">Subject: [cfe-dev] [GSoC] Re: CSA constraint solver improvements<br class=""><br class="">Hi everyone, <br class=""><br class="">I am a pre-final year undergraduate in computer science. I am interested in "Clang Static Analyzer: constraint solver improvements" project.<br class=""><br class="">I have around 8 months of experience with LLVM/Clang during my compilers class where I also implemented some dataflow analysis techniques for LLVM IR. I am also in middle of completing my decision procedures course at university. This course has helped me in gaining fundamental knowledge about solvers. I am familiar with range-based logic. Along with these, I have tried z3 while learning about solvers, and I think I can learn more about it fairly quickly.<br class=""><br class="">I think this project fits for me. It will also help me in improving my knowledge further. I have started working on my proposal.<br class=""><br class="">Can you give me further directions regarding the proposal for this project?<br class=""><br class="">Thank you<br class="">--<br class="">Manas<br class="">CSAM Undergraduate | 2022<br class="">IIIT-Delhi, India<br class="">_______________________________________________<br class="">cfe-dev mailing list<br class=""><a href="mailto:cfe-dev@lists.llvm.org" class="">cfe-dev@lists.llvm.org</a><br class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev<br class=""><br class="">_______________________________________________<br class="">cfe-dev mailing list<br class="">cfe-dev@lists.llvm.org<br class="">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev<br class=""></div></div></blockquote></div><br class=""></div></body></html>