[clang] Revert "[analyzer][Solver] Early return if sym is concrete on assuming" (PR #116362)

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Fri Nov 15 01:28:31 PST 2024


https://github.com/steakhal created https://github.com/llvm/llvm-project/pull/116362

Reverts llvm/llvm-project#115579

This introduced a breakage: https://lab.llvm.org/buildbot/#/builders/46/builds/7928

>From 42c0948d6102cf3f5a7baad52db5e16aaf5eacc8 Mon Sep 17 00:00:00 2001
From: Balazs Benics <benicsbalazs at gmail.com>
Date: Fri, 15 Nov 2024 10:27:44 +0100
Subject: [PATCH] Revert "[analyzer][Solver] Early return if sym is concrete on
 assuming (#115579)"

This reverts commit 4163136e2ee121a5d7b86cb1262a524dde4a5ec4.
---
 .../Checkers/StdLibraryFunctionsChecker.cpp   |  2 -
 .../StaticAnalyzer/Core/ConstraintManager.cpp |  2 +-
 .../Core/RangedConstraintManager.cpp          |  9 +---
 .../solver-sym-simplification-on-assumption.c | 37 ----------------
 ...ions-bufsize-nocrash-with-correct-solver.c | 43 -------------------
 ...simplification-fixpoint-two-iterations.cpp |  6 +--
 6 files changed, 5 insertions(+), 94 deletions(-)
 delete mode 100644 clang/test/Analysis/solver-sym-simplification-on-assumption.c
 delete mode 100644 clang/test/Analysis/std-c-library-functions-bufsize-nocrash-with-correct-solver.c

diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index 5faaf9cf274531..4f30b2a0e7e7da 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -1354,8 +1354,6 @@ void StdLibraryFunctionsChecker::checkPreCall(const CallEvent &Call,
             if (BR.isInteresting(ArgSVal))
               OS << Msg;
           }));
-      if (NewNode->isSink())
-        break;
     }
   }
 }
diff --git a/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp
index 2b77167fab86f2..c0b3f346b654df 100644
--- a/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp
@@ -74,7 +74,7 @@ ConstraintManager::assumeDualImpl(ProgramStateRef &State,
       // it might happen that a Checker uncoditionally uses one of them if the
       // other is a nullptr. This may also happen with the non-dual and
       // adjacent `assume(true)` and `assume(false)` calls. By implementing
-      // assume in terms of assumeDual, we can keep our API contract there as
+      // assume in therms of assumeDual, we can keep our API contract there as
       // well.
       return ProgramStatePair(StInfeasible, StInfeasible);
     }
diff --git a/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
index 171b4c6392d2f8..4bbe933be2129e 100644
--- a/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
@@ -23,14 +23,7 @@ RangedConstraintManager::~RangedConstraintManager() {}
 ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State,
                                                    SymbolRef Sym,
                                                    bool Assumption) {
-  SVal SimplifiedVal = simplifyToSVal(State, Sym);
-  if (SimplifiedVal.isConstant()) {
-    bool Feasible = SimplifiedVal.isZeroConstant() != Assumption;
-    return Feasible ? State : nullptr;
-  }
-
-  if (SymbolRef SimplifiedSym = SimplifiedVal.getAsSymbol())
-    Sym = SimplifiedSym;
+  Sym = simplify(State, Sym);
 
   // Handle SymbolData.
   if (isa<SymbolData>(Sym))
diff --git a/clang/test/Analysis/solver-sym-simplification-on-assumption.c b/clang/test/Analysis/solver-sym-simplification-on-assumption.c
deleted file mode 100644
index c2db144b8a7244..00000000000000
--- a/clang/test/Analysis/solver-sym-simplification-on-assumption.c
+++ /dev/null
@@ -1,37 +0,0 @@
-// RUN: %clang_analyze_cc1 -triple=x86_64-unknown-linux-gnu %s \
-// RUN:   -analyzer-checker=debug.ExprInspection \
-// RUN:   -verify
-
-void clang_analyzer_eval(int);
-void clang_analyzer_value(int);
-
-void test_derived_sym_simplification_on_assume(int s0, int s1) {
-  int elem = s0 + s1 + 1;
-  if (elem-- == 0)
-    return;
-
-  if (elem-- == 0)
-    return;
-
-  if (s0 < 1)
-    return;
-  clang_analyzer_value(s0); // expected-warning{{[1, 2147483647]}}
-
-  if (s1 < 1)
-    return;
-  clang_analyzer_value(s1); // expected-warning{{[1, 2147483647]}}
-
-  clang_analyzer_eval(elem); // expected-warning{{UNKNOWN}}
-  if (elem-- == 0)
-    return;
-
-  if (s0 > 1)
-    return;
-  clang_analyzer_eval(s0 == 1); // expected-warning{{TRUE}}
-
-  if (s1 > 1)
-    return;
-  clang_analyzer_eval(s1 == 1); // expected-warning{{TRUE}}
-
-  clang_analyzer_eval(elem); // expected-warning{{FALSE}}
-}
diff --git a/clang/test/Analysis/std-c-library-functions-bufsize-nocrash-with-correct-solver.c b/clang/test/Analysis/std-c-library-functions-bufsize-nocrash-with-correct-solver.c
deleted file mode 100644
index 595b8b30ee1dff..00000000000000
--- a/clang/test/Analysis/std-c-library-functions-bufsize-nocrash-with-correct-solver.c
+++ /dev/null
@@ -1,43 +0,0 @@
-// RUN: %clang_analyze_cc1 %s \
-// RUN:   -analyzer-max-loop 6 \
-// RUN:   -analyzer-checker=unix.StdCLibraryFunctions \
-// RUN:   -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
-// RUN:   -analyzer-checker=debug.ExprInspection \
-// RUN:   -triple x86_64-unknown-linux-gnu \
-// RUN:   -verify
-
-#include "Inputs/std-c-library-functions-POSIX.h"
-
-void clang_analyzer_value(int);
-void clang_analyzer_warnIfReached();
-void clang_analyzer_printState();
-
-void _add_one_to_index_C(int *indices, int *shape) {
-  int k = 1;
-  for (; k >= 0; k--)
-    if (indices[k] < shape[k])
-      indices[k]++;
-    else
-      indices[k] = 0;
-}
-
-void PyObject_CopyData_sptr(char *i, char *j, int *indices, int itemsize,
-    int *shape, struct sockaddr *restrict sa) {
-  int elements = 1;
-  for (int k = 0; k < 2; k++)
-    elements += shape[k];
-
-  // no contradiction after 3 iterations when 'elements' could be
-  // simplified to 0
-  int iterations = 0;
-  while (elements--) {
-    iterations++;
-    _add_one_to_index_C(indices, shape);
-    getnameinfo(sa, 10, i, itemsize, i, itemsize, 0); // no crash here
-  }
-
-  if (shape[0] == 1 && shape[1] == 1 && indices[0] == 0 && indices[1] == 0) {
-    clang_analyzer_value(iterations == 3 && elements == -1);
-    // expected-warning at -1{{1}}
-  }
-}
diff --git a/clang/test/Analysis/symbol-simplification-fixpoint-two-iterations.cpp b/clang/test/Analysis/symbol-simplification-fixpoint-two-iterations.cpp
index 3f34d9982e7c8a..679ed3fda7a7a7 100644
--- a/clang/test/Analysis/symbol-simplification-fixpoint-two-iterations.cpp
+++ b/clang/test/Analysis/symbol-simplification-fixpoint-two-iterations.cpp
@@ -28,13 +28,13 @@ void test(int a, int b, int c, int d) {
     return;
   clang_analyzer_printState();
   // CHECK:       "constraints": [
-  // CHECK-NEXT:    { "symbol": "((reg_$0<int a>) + (reg_$2<int c>)) != (reg_$3<int d>)", "range": "{ [0, 0] }" },
+  // CHECK-NEXT:    { "symbol": "(reg_$0<int a>) != (reg_$3<int d>)", "range": "{ [0, 0] }" },
   // CHECK-NEXT:    { "symbol": "reg_$1<int b>", "range": "{ [0, 0] }" },
   // CHECK-NEXT:    { "symbol": "reg_$2<int c>", "range": "{ [0, 0] }" }
   // CHECK-NEXT:  ],
   // CHECK-NEXT:  "equivalence_classes": [
-  // CHECK-NEXT:    [ "((reg_$0<int a>) + (reg_$2<int c>)) != (reg_$3<int d>)" ],
-  // CHECK-NEXT:    [ "(reg_$0<int a>) + (reg_$2<int c>)", "reg_$3<int d>" ],
+  // CHECK-NEXT:    [ "(reg_$0<int a>) != (reg_$3<int d>)" ],
+  // CHECK-NEXT:    [ "reg_$0<int a>", "reg_$3<int d>" ],
   // CHECK-NEXT:    [ "reg_$2<int c>" ]
   // CHECK-NEXT:  ],
   // CHECK-NEXT:  "disequality_info": null,



More information about the cfe-commits mailing list