[clang] f9db6a4 - Revert "[analyzer][solver] Introduce reasoning for not equal to operator"

[Balazs Benics via cfe-commits]

Author: Balazs Benics
Date: 2021-10-23T21:01:59+02:00
New Revision: f9db6a44eb37fe4c97521e033ff2e30e9558d86a

URL: https://github.com/llvm/llvm-project/commit/f9db6a44eb37fe4c97521e033ff2e30e9558d86a
DIFF: https://github.com/llvm/llvm-project/commit/f9db6a44eb37fe4c97521e033ff2e30e9558d86a.diff

LOG: Revert "[analyzer][solver] Introduce reasoning for not equal to operator"

This reverts commit cac8808f154cef6446e507d55aba5721c3bd5352.

 #5 0x00007f28ec629859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25859)
 #6 0x00007f28ec629729 (/lib/x86_64-linux-gnu/libc.so.6+0x25729)
 #7 0x00007f28ec63af36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36)
 #8 0x00007f28ecc2cc46 llvm::APInt::compareSigned(llvm::APInt const&) const (libLLVMSupport.so.14git+0xeac46)
 #9 0x00007f28e7bbf957 (anonymous namespace)::SymbolicRangeInferrer::VisitBinaryOperator(clang::ento::RangeSet, clang::BinaryOperatorKind, clang::ento::RangeSet, clang::QualType) (libclangStaticAnalyzerCore.so.14git+0x1df957)
 #10 0x00007f28e7bbf2db (anonymous namespace)::SymbolicRangeInferrer::infer(clang::ento::SymExpr const*) (libclangStaticAnalyzerCore.so.14git+0x1df2db)
 #11 0x00007f28e7bb2b5e (anonymous namespace)::RangeConstraintManager::assumeSymNE(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SymExpr const*, llvm::APSInt const&, llvm::APSInt const&) (libclangStaticAnalyzerCore.so.14git+0x1d2b5e)
 #12 0x00007f28e7bc67af clang::ento::RangedConstraintManager::assumeSymUnsupported(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SymExpr const*, bool) (libclangStaticAnalyzerCore.so.14git+0x1e67af)
 #13 0x00007f28e7be3578 clang::ento::SimpleConstraintManager::assumeAux(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::NonLoc, bool) (libclangStaticAnalyzerCore.so.14git+0x203578)
 #14 0x00007f28e7be33d8 clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::NonLoc, bool) (libclangStaticAnalyzerCore.so.14git+0x2033d8)
 #15 0x00007f28e7be32fb clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::DefinedSVal, bool) (libclangStaticAnalyzerCore.so.14git+0x2032fb)
 #16 0x00007f28e7b15dbc clang::ento::ConstraintManager::assumeDual(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::DefinedSVal) (libclangStaticAnalyzerCore.so.14git+0x135dbc)
 #17 0x00007f28e7b4780f clang::ento::ExprEngine::evalEagerlyAssumeBinOpBifurcation(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet&, clang::Expr const*) (libclangStaticAnalyzerCore.so.14git+0x16780f)

This is known to be triggered on curl, tinyxml2, tmux, twin and on xerces.
But @bjope also reported similar crashes.
So, I'm reverting it to make our internal bots happy again.

Differential Revision: https://reviews.llvm.org/D106102

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
    clang/test/Analysis/constant-folding.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
index 2f69191a1792..e75a207ee86a 100644
--- a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
@@ -20,8 +20,8 @@
 #include "llvm/ADT/FoldingSet.h"
 #include "llvm/ADT/ImmutableSet.h"
 #include "llvm/ADT/STLExtras.h"
-#include "llvm/ADT/SmallSet.h"
 #include "llvm/ADT/StringExtras.h"
+#include "llvm/ADT/SmallSet.h"
 #include "llvm/Support/Compiler.h"
 #include "llvm/Support/raw_ostream.h"
 #include <algorithm>
@@ -955,7 +955,18 @@ class SymbolicRangeInferrer
   }
 
   RangeSet VisitBinaryOperator(RangeSet LHS, BinaryOperator::Opcode Op,
-                               RangeSet RHS, QualType T);
+                               RangeSet RHS, QualType T) {
+    switch (Op) {
+    case BO_Or:
+      return VisitBinaryOperator<BO_Or>(LHS, RHS, T);
+    case BO_And:
+      return VisitBinaryOperator<BO_And>(LHS, RHS, T);
+    case BO_Rem:
+      return VisitBinaryOperator<BO_Rem>(LHS, RHS, T);
+    default:
+      return infer(T);
+    }
+  }
 
   //===----------------------------------------------------------------------===//
   //                         Ranges and operators
@@ -1220,29 +1231,6 @@ class SymbolicRangeInferrer
 //               Range-based reasoning about symbolic operations
 //===----------------------------------------------------------------------===//
 
-template <>
-RangeSet SymbolicRangeInferrer::VisitBinaryOperator<BO_NE>(RangeSet LHS,
-                                                           RangeSet RHS,
-                                                           QualType T) {
-  // When both the RangeSets are non-overlapping then all possible pairs of
-  // (x, y) in LHS, RHS respectively, will satisfy expression (x != y).
-  if ((LHS.getMaxValue() < RHS.getMinValue()) ||
-      (LHS.getMinValue() > RHS.getMaxValue())) {
-    return getTrueRange(T);
-  }
-
-  // If both RangeSets contain only one Point which is equal then the
-  // expression will always return true.
-  if ((LHS.getMinValue() == RHS.getMaxValue()) &&
-      (LHS.getMaxValue() == RHS.getMaxValue()) &&
-      (LHS.getMinValue() == RHS.getMinValue())) {
-    return getFalseRange(T);
-  }
-
-  // In all other cases, the resulting range cannot be deduced.
-  return infer(T);
-}
-
 template <>
 RangeSet SymbolicRangeInferrer::VisitBinaryOperator<BO_Or>(Range LHS, Range RHS,
                                                            QualType T) {
@@ -1403,23 +1391,6 @@ RangeSet SymbolicRangeInferrer::VisitBinaryOperator<BO_Rem>(Range LHS,
   return {RangeFactory, ValueFactory.getValue(Min), ValueFactory.getValue(Max)};
 }
 
-RangeSet SymbolicRangeInferrer::VisitBinaryOperator(RangeSet LHS,
-                                                    BinaryOperator::Opcode Op,
-                                                    RangeSet RHS, QualType T) {
-  switch (Op) {
-  case BO_NE:
-    return VisitBinaryOperator<BO_NE>(LHS, RHS, T);
-  case BO_Or:
-    return VisitBinaryOperator<BO_Or>(LHS, RHS, T);
-  case BO_And:
-    return VisitBinaryOperator<BO_And>(LHS, RHS, T);
-  case BO_Rem:
-    return VisitBinaryOperator<BO_Rem>(LHS, RHS, T);
-  default:
-    return infer(T);
-  }
-}
-
 //===----------------------------------------------------------------------===//
 //                  Constraint manager implementation details
 //===----------------------------------------------------------------------===//

diff  --git a/clang/test/Analysis/constant-folding.c b/clang/test/Analysis/constant-folding.c
index 9dab78e3e198..116e74b746b4 100644
--- a/clang/test/Analysis/constant-folding.c
+++ b/clang/test/Analysis/constant-folding.c
@@ -281,49 +281,3 @@ void testRemainderRules(unsigned int a, unsigned int b, int c, int d) {
     clang_analyzer_eval((b % a) < x + 10); // expected-warning{{TRUE}}
   }
 }
-
-void testDisequalityRules(unsigned int u1, unsigned int u2, int s1, int s2) {
-  // Checks when ranges are not overlapping
-  if (u1 <= 10 && u2 >= 20) {
-    // u1: [0,10], u2: [20,UINT_MAX]
-    clang_analyzer_eval((u1 != u2) != 0); // expected-warning{{TRUE}}
-  }
-
-  if (s1 <= INT_MIN + 10 && s2 >= INT_MAX - 10) {
-    // s1: [INT_MIN,INT_MIN + 10], s2: [INT_MAX - 10,INT_MAX]
-    clang_analyzer_eval((s1 != s2) == 0); // expected-warning{{FALSE}}
-  }
-
-  // Checks when ranges are completely overlapping and have more than one point
-  if (u1 >= 20 && u1 <= 50 && u2 >= 20 && u2 <= 50) {
-    // u1: [20,50], u2: [20,50]
-    clang_analyzer_eval((u1 != u2) != 0); // expected-warning{{UNKNOWN}}
-  }
-
-  if (s1 >= -20 && s1 <= 20 && s2 >= -20 && s2 <= 20) {
-    // s1: [-20,20], s2: [-20,20]
-    clang_analyzer_eval((s1 != s2) != 0); // expected-warning{{UNKNOWN}}
-  }
-
-  // Checks when ranges are partially overlapping
-  if (u1 >= 100 && u1 <= 200 && u2 >= 150 && u2 <= 300) {
-    // u1: [100,200], u2: [150,300]
-    clang_analyzer_eval((u1 != u2) != 0); // expected-warning{{UNKNOWN}}
-  }
-
-  if (s1 >= -80 && s1 <= -50 && s2 >= -100 && s2 <= -75) {
-    // s1: [-80,-50], s2: [-100,-75]
-    clang_analyzer_eval((s1 != s2) == 0); // expected-warning{{UNKNOWN}}
-  }
-
-  // Checks for ranges which are subset of one-another
-  if (u1 >= 500 && u1 <= 1000 && u2 >= 750 && u2 <= 1000) {
-    // u1: [500,1000], u2: [750,1000]
-    clang_analyzer_eval((u1 != u2) == 0); // expected-warning{{UNKNOWN}}
-  }
-
-  if (s1 >= -1000 && s1 <= -500 && s2 <= -500 && s2 >= -750) {
-    // s1: [-1000,-500], s2: [-500,-750]
-    clang_analyzer_eval((s1 != s2) == 0); // expected-warning{{UNKNOWN}}
-  }
-}