Skip to content

[analyzer][Solver] Early return if sym is concrete on assuming #115579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 15, 2024
Merged

[analyzer][Solver] Early return if sym is concrete on assuming #115579

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
19b47c6
[StaticAnalyzer] early return if sym is concrete on assuming
danix800 Nov 9, 2024
082e45a
dump more test details & simplify logic test expr
danix800 Nov 12, 2024
bae44da
fix insufficient test output matching
danix800 Nov 14, 2024
3ee424f
pin target for fixed width of int
danix800 Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1354,6 +1354,8 @@ void StdLibraryFunctionsChecker::checkPreCall(const CallEvent &Call,
if (BR.isInteresting(ArgSVal))
OS << Msg;
}));
if (NewNode->isSink())
break;
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ ConstraintManager::assumeDualImpl(ProgramStateRef &State,
// it might happen that a Checker uncoditionally uses one of them if the
// other is a nullptr. This may also happen with the non-dual and
// adjacent `assume(true)` and `assume(false)` calls. By implementing
// assume in therms of assumeDual, we can keep our API contract there as
// assume in terms of assumeDual, we can keep our API contract there as
// well.
return ProgramStatePair(StInfeasible, StInfeasible);
}
Expand Down
9 changes: 8 additions & 1 deletion clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,14 @@ RangedConstraintManager::~RangedConstraintManager() {}
ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State,
SymbolRef Sym,
bool Assumption) {
Sym = simplify(State, Sym);
SVal SimplifiedVal = simplifyToSVal(State, Sym);
if (SimplifiedVal.isConstant()) {
bool Feasible = SimplifiedVal.isZeroConstant() ? !Assumption : Assumption;
return Feasible ? State : nullptr;
}

if (SymbolRef SimplifiedSym = SimplifiedVal.getAsSymbol())
Sym = SimplifiedSym;

// Handle SymbolData.
if (isa<SymbolData>(Sym))
Expand Down
31 changes: 31 additions & 0 deletions clang/test/Analysis/solver-sym-simplification-on-assumption.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -verify

void clang_analyzer_eval(int);

void test_derived_sym_simplification_on_assume(int s0, int s1) {
int elem = s0 + s1 + 1;
if (elem-- == 0) // elem = s0 + s1
return;

if (elem-- == 0) // elem = s0 + s1 - 1
return;

if (s0 < 1) // s0: [1, 2147483647]
return;
if (s1 < 1) // s0: [1, 2147483647]
return;

if (elem-- == 0) // elem = s0 + s1 - 2
return;

if (s0 > 1) // s0: [-2147483648, 0] U [1, 2147483647] => s0 = 0
return;

if (s1 > 1) // s1: [-2147483648, 0] U [1, 2147483647] => s1 = 0
return;

// elem = s0 + s1 - 2 should be 0
clang_analyzer_eval(elem); // expected-warning{{FALSE}}
}
33 changes: 33 additions & 0 deletions clang/test/Analysis/std-c-library-functions-bufsize-nocrash-with-correct-solver.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -triple x86_64-unknown-linux-gnu \
// RUN: -verify

// expected-no-diagnostics

#include "Inputs/std-c-library-functions-POSIX.h"

void _add_one_to_index_C(int *indices, int *shape) {
int k = 1;
for (; k >= 0; k--)
if (indices[k] < shape[k])
indices[k]++;
else
indices[k] = 0;
}

void PyObject_CopyData_sptr(char *i, char *j, int *indices, int itemsize,
int *shape, struct sockaddr *restrict sa) {
int elements = 1;
for (int k = 0; k < 2; k++)
elements += shape[k];

// no contradiction after 3 iterations when 'elements' could be
// simplified to 0
while (elements--) {
_add_one_to_index_C(indices, shape);
getnameinfo(sa, 10, i, itemsize, i, itemsize, 0);
}
}
6 changes: 3 additions & 3 deletions clang/test/Analysis/symbol-simplification-fixpoint-two-iterations.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,13 @@ void test(int a, int b, int c, int d) {
return;
clang_analyzer_printState();
// CHECK: "constraints": [
// CHECK-NEXT: { "symbol": "(reg_$0<int a>) != (reg_$3<int d>)", "range": "{ [0, 0] }" },
// CHECK-NEXT: { "symbol": "((reg_$0<int a>) + (reg_$2<int c>)) != (reg_$3<int d>)", "range": "{ [0, 0] }" },
// CHECK-NEXT: { "symbol": "reg_$1<int b>", "range": "{ [0, 0] }" },
// CHECK-NEXT: { "symbol": "reg_$2<int c>", "range": "{ [0, 0] }" }
// CHECK-NEXT: ],
// CHECK-NEXT: "equivalence_classes": [
// CHECK-NEXT: [ "(reg_$0<int a>) != (reg_$3<int d>)" ],
// CHECK-NEXT: [ "reg_$0<int a>", "reg_$3<int d>" ],
// CHECK-NEXT: [ "((reg_$0<int a>) + (reg_$2<int c>)) != (reg_$3<int d>)" ],
// CHECK-NEXT: [ "(reg_$0<int a>) + (reg_$2<int c>)", "reg_$3<int d>" ],
// CHECK-NEXT: [ "reg_$2<int c>" ]
// CHECK-NEXT: ],
// CHECK-NEXT: "disequality_info": null,
Expand Down
Loading