From f9db6a44eb37fe4c97521e033ff2e30e9558d86a Mon Sep 17 00:00:00 2001 From: Balazs Benics Date: Sat, 23 Oct 2021 21:01:59 +0200 Subject: [PATCH] Revert "[analyzer][solver] Introduce reasoning for not equal to operator" This reverts commit cac8808f154cef6446e507d55aba5721c3bd5352. #5 0x00007f28ec629859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x25859) #6 0x00007f28ec629729 (/lib/x86_64-linux-gnu/libc.so.6+0x25729) #7 0x00007f28ec63af36 (/lib/x86_64-linux-gnu/libc.so.6+0x36f36) #8 0x00007f28ecc2cc46 llvm::APInt::compareSigned(llvm::APInt const&) const (libLLVMSupport.so.14git+0xeac46) #9 0x00007f28e7bbf957 (anonymous namespace)::SymbolicRangeInferrer::VisitBinaryOperator(clang::ento::RangeSet, clang::BinaryOperatorKind, clang::ento::RangeSet, clang::QualType) (libclangStaticAnalyzerCore.so.14git+0x1df957) #10 0x00007f28e7bbf2db (anonymous namespace)::SymbolicRangeInferrer::infer(clang::ento::SymExpr const*) (libclangStaticAnalyzerCore.so.14git+0x1df2db) #11 0x00007f28e7bb2b5e (anonymous namespace)::RangeConstraintManager::assumeSymNE(llvm::IntrusiveRefCntPtr, clang::ento::SymExpr const*, llvm::APSInt const&, llvm::APSInt const&) (libclangStaticAnalyzerCore.so.14git+0x1d2b5e) #12 0x00007f28e7bc67af clang::ento::RangedConstraintManager::assumeSymUnsupported(llvm::IntrusiveRefCntPtr, clang::ento::SymExpr const*, bool) (libclangStaticAnalyzerCore.so.14git+0x1e67af) #13 0x00007f28e7be3578 clang::ento::SimpleConstraintManager::assumeAux(llvm::IntrusiveRefCntPtr, clang::ento::NonLoc, bool) (libclangStaticAnalyzerCore.so.14git+0x203578) #14 0x00007f28e7be33d8 clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr, clang::ento::NonLoc, bool) (libclangStaticAnalyzerCore.so.14git+0x2033d8) #15 0x00007f28e7be32fb clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr, clang::ento::DefinedSVal, bool) (libclangStaticAnalyzerCore.so.14git+0x2032fb) #16 0x00007f28e7b15dbc clang::ento::ConstraintManager::assumeDual(llvm::IntrusiveRefCntPtr, clang::ento::DefinedSVal) (libclangStaticAnalyzerCore.so.14git+0x135dbc) #17 0x00007f28e7b4780f clang::ento::ExprEngine::evalEagerlyAssumeBinOpBifurcation(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet&, clang::Expr const*) (libclangStaticAnalyzerCore.so.14git+0x16780f) This is known to be triggered on curl, tinyxml2, tmux, twin and on xerces. But @bjope also reported similar crashes. So, I'm reverting it to make our internal bots happy again. Differential Revision: https://reviews.llvm.org/D106102 --- .../Core/RangeConstraintManager.cpp | 55 +++++-------------- clang/test/Analysis/constant-folding.c | 46 ---------------- 2 files changed, 13 insertions(+), 88 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp index 2f69191a1792d..e75a207ee86ab 100644 --- a/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp +++ b/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp @@ -20,8 +20,8 @@ #include "llvm/ADT/FoldingSet.h" #include "llvm/ADT/ImmutableSet.h" #include "llvm/ADT/STLExtras.h" -#include "llvm/ADT/SmallSet.h" #include "llvm/ADT/StringExtras.h" +#include "llvm/ADT/SmallSet.h" #include "llvm/Support/Compiler.h" #include "llvm/Support/raw_ostream.h" #include @@ -955,7 +955,18 @@ class SymbolicRangeInferrer } RangeSet VisitBinaryOperator(RangeSet LHS, BinaryOperator::Opcode Op, - RangeSet RHS, QualType T); + RangeSet RHS, QualType T) { + switch (Op) { + case BO_Or: + return VisitBinaryOperator(LHS, RHS, T); + case BO_And: + return VisitBinaryOperator(LHS, RHS, T); + case BO_Rem: + return VisitBinaryOperator(LHS, RHS, T); + default: + return infer(T); + } + } //===----------------------------------------------------------------------===// // Ranges and operators @@ -1220,29 +1231,6 @@ class SymbolicRangeInferrer // Range-based reasoning about symbolic operations //===----------------------------------------------------------------------===// -template <> -RangeSet SymbolicRangeInferrer::VisitBinaryOperator(RangeSet LHS, - RangeSet RHS, - QualType T) { - // When both the RangeSets are non-overlapping then all possible pairs of - // (x, y) in LHS, RHS respectively, will satisfy expression (x != y). - if ((LHS.getMaxValue() < RHS.getMinValue()) || - (LHS.getMinValue() > RHS.getMaxValue())) { - return getTrueRange(T); - } - - // If both RangeSets contain only one Point which is equal then the - // expression will always return true. - if ((LHS.getMinValue() == RHS.getMaxValue()) && - (LHS.getMaxValue() == RHS.getMaxValue()) && - (LHS.getMinValue() == RHS.getMinValue())) { - return getFalseRange(T); - } - - // In all other cases, the resulting range cannot be deduced. - return infer(T); -} - template <> RangeSet SymbolicRangeInferrer::VisitBinaryOperator(Range LHS, Range RHS, QualType T) { @@ -1403,23 +1391,6 @@ RangeSet SymbolicRangeInferrer::VisitBinaryOperator(Range LHS, return {RangeFactory, ValueFactory.getValue(Min), ValueFactory.getValue(Max)}; } -RangeSet SymbolicRangeInferrer::VisitBinaryOperator(RangeSet LHS, - BinaryOperator::Opcode Op, - RangeSet RHS, QualType T) { - switch (Op) { - case BO_NE: - return VisitBinaryOperator(LHS, RHS, T); - case BO_Or: - return VisitBinaryOperator(LHS, RHS, T); - case BO_And: - return VisitBinaryOperator(LHS, RHS, T); - case BO_Rem: - return VisitBinaryOperator(LHS, RHS, T); - default: - return infer(T); - } -} - //===----------------------------------------------------------------------===// // Constraint manager implementation details //===----------------------------------------------------------------------===// diff --git a/clang/test/Analysis/constant-folding.c b/clang/test/Analysis/constant-folding.c index 9dab78e3e1987..116e74b746b4e 100644 --- a/clang/test/Analysis/constant-folding.c +++ b/clang/test/Analysis/constant-folding.c @@ -281,49 +281,3 @@ void testRemainderRules(unsigned int a, unsigned int b, int c, int d) { clang_analyzer_eval((b % a) < x + 10); // expected-warning{{TRUE}} } } - -void testDisequalityRules(unsigned int u1, unsigned int u2, int s1, int s2) { - // Checks when ranges are not overlapping - if (u1 <= 10 && u2 >= 20) { - // u1: [0,10], u2: [20,UINT_MAX] - clang_analyzer_eval((u1 != u2) != 0); // expected-warning{{TRUE}} - } - - if (s1 <= INT_MIN + 10 && s2 >= INT_MAX - 10) { - // s1: [INT_MIN,INT_MIN + 10], s2: [INT_MAX - 10,INT_MAX] - clang_analyzer_eval((s1 != s2) == 0); // expected-warning{{FALSE}} - } - - // Checks when ranges are completely overlapping and have more than one point - if (u1 >= 20 && u1 <= 50 && u2 >= 20 && u2 <= 50) { - // u1: [20,50], u2: [20,50] - clang_analyzer_eval((u1 != u2) != 0); // expected-warning{{UNKNOWN}} - } - - if (s1 >= -20 && s1 <= 20 && s2 >= -20 && s2 <= 20) { - // s1: [-20,20], s2: [-20,20] - clang_analyzer_eval((s1 != s2) != 0); // expected-warning{{UNKNOWN}} - } - - // Checks when ranges are partially overlapping - if (u1 >= 100 && u1 <= 200 && u2 >= 150 && u2 <= 300) { - // u1: [100,200], u2: [150,300] - clang_analyzer_eval((u1 != u2) != 0); // expected-warning{{UNKNOWN}} - } - - if (s1 >= -80 && s1 <= -50 && s2 >= -100 && s2 <= -75) { - // s1: [-80,-50], s2: [-100,-75] - clang_analyzer_eval((s1 != s2) == 0); // expected-warning{{UNKNOWN}} - } - - // Checks for ranges which are subset of one-another - if (u1 >= 500 && u1 <= 1000 && u2 >= 750 && u2 <= 1000) { - // u1: [500,1000], u2: [750,1000] - clang_analyzer_eval((u1 != u2) == 0); // expected-warning{{UNKNOWN}} - } - - if (s1 >= -1000 && s1 <= -500 && s2 <= -500 && s2 >= -750) { - // s1: [-1000,-500], s2: [-500,-750] - clang_analyzer_eval((s1 != s2) == 0); // expected-warning{{UNKNOWN}} - } -}