[PATCH] D65239: [analyzer] RangeConstraintManager: Apply constraint ranges of bitwise operations
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Jul 24 13:09:57 PDT 2019
NoQ added a comment.
Aha, great, the overall structure of the code is correct!
================
Comment at: clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp:477
+
+ // For all of the bitwise operations,
+ // if they remain in that 'SymIntExpr' form that means we cannot evaluate the
----------------
Let's do some math.
Suppose `$x` is in range `[2, 3]`. In this case the true range for `$x & 1` is `[0, 1]` (because `2 & 1 == 0` and `3 & 1 == 1`).
The range for `$x & 8` would be `[0, 0]`.
The range for `$x | 8` would be `[10, 11]`.
The range for `$x << 1` would be `[4, 4], [6, 6]`.
The range for `$x >> 1` would be `[0, 1]`.
None of these ranges are contained within `[2, 3]`. In fact, none of them even contain either `2` or `3`. However, when you intersect the resulting range with `[2, 3]`, you make sure that the resulting range is contained within `[2, 3]`. I don't think that's correct.
================
Comment at: clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp:487-488
+ if (!PreviousRS->isEmpty()) {
+ RangeSet::iterator I = PreviousRS->begin();
+ Result = Result.Intersect(BV, F, I->From(), I->To());
+ }
----------------
You're only taking a single segment out of the range. The range may be a union of multiple segments. You should intersect with the whole range instead.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D65239/new/
https://reviews.llvm.org/D65239
More information about the cfe-commits
mailing list