[PATCH] D13126: New static analyzer checker for loss of sign/precision
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Thu Dec 17 03:18:27 PST 2015
NoQ added a comment.
I've got a few minor code comments.
I really wish to have a look at false positives on which
> the value analysis fails and then there is not much my checker could do
either in a form of FIXME tests, or as preprocessed code samples, because i'm currently digging the topic of improving cast modeling (either through producing `SymbolCast` more often, or by taking sub-symbol-types vs. symbolic-expression-types vs. ast-expression-types into account during `assume()` and `evalBinOp()` and various`ExprEngine` calls. Eg, when casting an int into a char and then back into an int, ensure that the resulting int value carries, at most, a char-range constraint. So i wonder if such fix would help.
================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:78
@@ +77,3 @@
+
+// Can E value be greater or equal than Val?
+static bool canBeGreaterEqual(CheckerContext &C, const Expr *E,
----------------
It's not quite "the value can be greater or equal", but in fact rather "the value is certainly greater or equal".
Same applies to `canBeNegative()`.
================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:85
@@ +84,3 @@
+ return false;
+ DefinedSVal DefinedEVal = EVal.castAs<DefinedSVal>();
+
----------------
A slightly shorter way to express the same thing:
```
llvm::Optional<NonLoc> EVal = C.getSVal(E).getAs<NonLoc>();
if (!EVal)
return false;
// later use (*EVal)
```
================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:96
@@ +95,3 @@
+ ProgramStateRef StGE = State->assume(GE.castAs<DefinedSVal>(), true);
+ ProgramStateRef StLT = State->assume(GE.castAs<DefinedSVal>(), false);
+ return (StGE && !StLT);
----------------
You can use the overridden version of `assume()` that returns two states at once into a std::pair, in order to avoid double-work.
================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:121
@@ +120,3 @@
+
+static bool isConstant(const Expr *E, const ASTContext &Ctx) {
+ E = E->IgnoreParenCasts();
----------------
Not sure, but shouldn't the common `Expr::EvaluateAsInt()` mechanism handle it all of it, including recursive traversal through operators?
================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:142
@@ +141,3 @@
+
+ if (!SubType.getTypePtr()->isIntegerType() ||
+ !ResultType.getTypePtr()->isIntegerType())
----------------
You don't need to call `.getTypePtr()`, because `QualType` already has a convenient overridden `operator ->()`, which gives you quick access to the underlying `Type *`.
================
Comment at: lib/StaticAnalyzer/Checkers/ConversionChecker.cpp:158
@@ +157,3 @@
+
+ unsigned long long MaxVal = 1ULL << W;
+ if (canBeGreaterEqual(C, Cast->getSubExpr(), MaxVal))
----------------
`BasicValueFactory::getMaxValue(QualType)` might be useful.
http://reviews.llvm.org/D13126
More information about the cfe-commits
mailing list