Revert "Use the eager assumption tags only if the decision was ambiguous"

This reverts commit c429df6.

Author: steakhal

clang/lib/StaticAnalyzer/Core/ExprEngine.cpp

@@ -3771,29 +3771,24 @@ void ExprEngine::evalEagerlyAssumeBinOpBifurcation(ExplodedNodeSet &Dst,
     SVal V = state->getSVal(Ex, Pred->getLocationContext());
     std::optional<nonloc::SymbolVal> SEV = V.getAs<nonloc::SymbolVal>();
     if (SEV && SEV->isExpression()) {
+      const std::pair<const ProgramPointTag *, const ProgramPointTag*> &tags =
+        geteagerlyAssumeBinOpBifurcationTags();
+
       ProgramStateRef StateTrue, StateFalse;
       std::tie(StateTrue, StateFalse) = state->assume(*SEV);
 
-      const ProgramPointTag *EagerTrueTag = nullptr;
-      const ProgramPointTag *EagerFalseTag = nullptr;
-
-      // Use the eager assumption tags if the choice was ambiguous.
-      if (StateTrue && StateFalse)
-        std::tie(EagerTrueTag, EagerFalseTag) =
-            geteagerlyAssumeBinOpBifurcationTags();
-
       // First assume that the condition is true.
       if (StateTrue) {
         SVal Val = svalBuilder.makeIntVal(1U, Ex->getType());
         StateTrue = StateTrue->BindExpr(Ex, Pred->getLocationContext(), Val);
-        Bldr.generateNode(Ex, Pred, StateTrue, EagerTrueTag);
+        Bldr.generateNode(Ex, Pred, StateTrue, tags.first);
       }
 
       // Next, assume that the condition is false.
       if (StateFalse) {
         SVal Val = svalBuilder.makeIntVal(0U, Ex->getType());
         StateFalse = StateFalse->BindExpr(Ex, Pred->getLocationContext(), Val);
-        Bldr.generateNode(Ex, Pred, StateFalse, EagerFalseTag);
+        Bldr.generateNode(Ex, Pred, StateFalse, tags.second);
       }
     }
   }

clang/test/Analysis/assuming-unsigned-ge-0.c

@@ -2,7 +2,10 @@
 // RUN:     -analyzer-checker=core -verify %s
 
 int assuming_unsigned_ge_0(unsigned arg) {
-  // expected-note@+2 {{'arg' is >= 0}}
+  // TODO This testcase demonstrates the current incorrect behavior of Clang
+  // Static Analyzer: here 'arg' is unsigned, so "arg >= 0" is not a fresh
+  // assumption, but it still appears in the diagnostics as if it's fresh:
+  // expected-note@+2 {{Assuming 'arg' is >= 0}}
   // expected-note@+1 {{Taking false branch}}
   if (arg < 0)
     return 0;

clang/test/Analysis/cast-value-notes.cpp

@@ -168,8 +168,9 @@ void evalNonNullParamNonNullReturnReference(const Shape &S) {
     // expected-note@-2 {{Taking true branch}}
 
     (void)(1 / !C);
-    // expected-note@-1 {{Division by zero}}
-    // expected-warning@-2 {{Division by zero}}
+    // expected-note@-1 {{'C' is non-null}}
+    // expected-note@-2 {{Division by zero}}
+    // expected-warning@-3 {{Division by zero}}
   }
 }
 
@@ -225,8 +226,9 @@ void evalNonNullParamNonNullReturn(const Shape *S) {
     // expected-note@-2 {{Taking true branch}}
 
     (void)(1 / !C);
-    // expected-note@-1 {{Division by zero}}
-    // expected-warning@-2 {{Division by zero}}
+    // expected-note@-1 {{'C' is non-null}}
+    // expected-note@-2 {{Division by zero}}
+    // expected-warning@-3 {{Division by zero}}
   }
 }
 
@@ -241,8 +243,9 @@ void evalNonNullParamNullReturn(const Shape *S) {
     // expected-note@-4 {{Taking true branch}}
 
     (void)(1 / !T);
-    // expected-note@-1 {{Division by zero}}
-    // expected-warning@-2 {{Division by zero}}
+    // expected-note@-1 {{'T' is non-null}}
+    // expected-note@-2 {{Division by zero}}
+    // expected-warning@-3 {{Division by zero}}
   }
 }
 
@@ -262,8 +265,9 @@ void evalZeroParamNonNullReturnPointer(const Shape *S) {
   // expected-note@-2 {{'C' initialized here}}
 
   (void)(1 / !C);
-  // expected-note@-1 {{Division by zero}}
-  // expected-warning@-2 {{Division by zero}}
+  // expected-note@-1 {{'C' is non-null}}
+  // expected-note@-2 {{Division by zero}}
+  // expected-warning@-3 {{Division by zero}}
 }
 
 void evalZeroParamNonNullReturn(const Shape &S) {

clang/test/Analysis/cast-value-state-dump.cpp

@@ -40,7 +40,8 @@ void evalNonNullParamNonNullReturn(const Shape *S) {
   // CHECK-NEXT:   ] }
 
   (void)(1 / !C);
-  // expected-note@-1 {{Division by zero}}
-  // expected-warning@-2 {{Division by zero}}
+  // expected-note@-1 {{'C' is non-null}}
+  // expected-note@-2 {{Division by zero}}
+  // expected-warning@-3 {{Division by zero}}
 }
 

clang/test/Analysis/std-c-library-functions-arg-constraints.c

@@ -42,7 +42,8 @@ void test_alnum_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}}
+  // bugpath-note{{Left side of '&&' is true}} \
+  // bugpath-note{{'x' is <= 255}}
 }
 
 void test_alnum_symbolic2(int x) {
@@ -75,7 +76,8 @@ void test_toupper_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}}
+  // bugpath-note{{Left side of '&&' is true}} \
+  // bugpath-note{{'x' is <= 255}}
 }
 
 void test_toupper_symbolic2(int x) {
@@ -108,7 +110,8 @@ void test_tolower_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}}
+  // bugpath-note{{Left side of '&&' is true}} \
+  // bugpath-note{{'x' is <= 255}}
 }
 
 void test_tolower_symbolic2(int x) {
@@ -141,7 +144,8 @@ void test_toascii_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}}
+  // bugpath-note{{Left side of '&&' is true}} \
+  // bugpath-note{{'x' is <= 255}}
 }
 
 void test_toascii_symbolic2(int x) {
@@ -169,7 +173,8 @@ void test_notnull_symbolic(FILE *fp, int *buf) {
   clang_analyzer_eval(buf != 0); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}}
+  // bugpath-note{{TRUE}} \
+  // bugpath-note{{'buf' is not equal to null}}
 }
 void test_notnull_symbolic2(FILE *fp, int *buf) {
   if (!buf)                          // bugpath-note{{Assuming 'buf' is null}} \
@@ -213,7 +218,8 @@ void test_notnull_buffer_3(void *buf) {
   clang_analyzer_eval(buf != 0); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}}
+  // bugpath-note{{TRUE}} \
+  // bugpath-note{{'buf' is not equal to null}}
 }
 
 void test_no_node_after_bug(FILE *fp, size_t size, size_t n, void *buf) {
@@ -293,15 +299,17 @@ void test_buf_size_symbolic(int s) {
   clang_analyzer_eval(s <= 3); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}}
+  // bugpath-note{{TRUE}} \
+  // bugpath-note{{'s' is <= 3}}
 }
 void test_buf_size_symbolic_and_offset(int s) {
   char buf[3];
   __buf_size_arg_constraint(buf + 1, s);
   clang_analyzer_eval(s <= 2); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}}
+  // bugpath-note{{TRUE}} \
+  // bugpath-note{{'s' is <= 2}}
 }
 
 int __buf_size_arg_constraint_mul(const void *, size_t, size_t);