This is an archive of the discontinued LLVM Phabricator instance.

Differential D112296

[Analyzer][solver] Handle adjustments in constraint assignor remainder
ClosedPublic

Authored by martong on Oct 22 2021, 1:18 AM.

Details

Reviewers
steakhal
ASDenysPetrov
NoQ
Szelethus
Commits
rGa8297ed99430: [Analyzer][solver] Handle adjustments in constraint assignor remainder
Summary

We can reuse the "adjustment" handling logic in the higher level
of the solver by calling assumeSymRel.

(Actually, this shows us that there is no point in separating the
RangeConstraintManager from the RangedConstraintManager, that
separation is in fact artificial. A follow-up NFC patch might
address this.)

Diff Detail

Event Timeline

martong created this revision.Oct 22 2021, 1:18 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptOct 22 2021, 1:18 AM
Herald added subscribers: manas, gamesh411, dkrupp and 9 others. · View Herald Transcript
martong requested review of this revision.Oct 22 2021, 1:18 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 22 2021, 1:18 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B130095: Diff 381476.Oct 22 2021, 1:18 AM
martong added a parent revision: D110357: [Analyzer] Extend ConstraintAssignor to handle remainder op.Oct 22 2021, 1:18 AM
steakhal accepted this revision.Oct 25 2021, 2:09 AM

<3

This revision is now accepted and ready to land.Oct 25 2021, 2:09 AM
ASDenysPetrov added inline comments.Oct 25 2021, 4:45 AM
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

What I see, you're still trying to avoid using State->assume, which I recommend in a parent revision, but coming closer using its guts.

martong marked an inline comment as done.Oct 25 2021, 7:12 AM
martong added inline comments.
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

So, it would look like this:

State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc::SymbolVal>(), true);

The main reason why we cannot use State->assume is that it boils down to RangedConstraintManager::assumeSym that has a specific logic for the boolean assumption. I.e. the operator is being negated in a case:

if (BinaryOperator::isComparisonOp(op) && op != BO_Cmp) {
  if (!Assumption)
    op = BinaryOperator::negateComparisonOp(op);

  return assumeSymRel(State, SIE->getLHS(), op, SIE->getRHS());
}

You can try it for yourself, and see that the test case added in this patch will not pass if we were to use State->assume. Essentially, we have to evade the special "bool" logic, and the closest we can get is using assumeSymRel.

Besides that, by using State->assume we would have a superfluous conversion chain Symbol->SVal->Symbol until we reach assumeSymRel.

ASDenysPetrov added inline comments.Oct 25 2021, 12:01 PM
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

You can try it for yourself, and see that the test case added in this patch will not pass if we were to use State->assume.

I can't confirm. Your test case passed when I replaced with State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc::SymbolVal>(), true);.

specific logic for the boolean assumption. I.e. the operator is being negated in a case:

That just simplifies the expression, say, you want to find whether x > 5 is false, than the Solver finds for you whether
x <= 5 is true, which is an equivalent.

Essentially, we have to evade the special "bool" logic

There is no problem with bool logic. It's an equivalent of SVal != 0 when true, and SVal == 0 when false. Nothing more.

All in all I see the problem to use assume. Not because of this function itself, but because you do it incorrect by getting an SVal from LHS with makeSymbolVal. We should get it with State->getSVal which needs LocationContext as a second parameter. And that's the challenge, to pass LocationContext here, since RangedConstraintManager doesn't use it, at least for now.

martong marked an inline comment as done.Oct 25 2021, 2:33 PM
martong added inline comments.
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

I can't confirm. Your test case passed when I replaced with State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc::SymbolVal>(), true);.

Actually, since the last time I tried with State->assume we merged D110913. If you revert the changes of that patch you'll see that this test case indeed fails. However, here is a slightly modified case that fails even on the current llvm/main branch with State->assume but passes with assumeSymRel:

void rem_constant_adj(int x, int y) {
  if ((x + y + 1) % 3 == 0) // (x + y + 1) % 3 != 0 -> x + y + 1 != 0 -> x != -1
    return;
  clang_analyzer_eval(x + y + 1 != 0); // expected-warning{{TRUE}}
  clang_analyzer_eval(x + y != -1);    // expected-warning{{TRUE}}
  (void)(x * y); // keep the constraints alive.
}

The only change is that we have x + y instead of x.

Now, the explanation for the original test case when we have (x + 1) % 3: When we ask the value of x != -1 then assumeDual evaluates the TRUE case which is feasible and then it tries to evaluate the FALSE case, so it queries x == -1 is true. However, this kicks in the simplification, which simplifies the previous constraint of x+1, [not 0] to -1 + 1, [not 0] which is a contradiction, thus an infeasible state is returned.
When we have x + y in the test case, then simplification cannot simplify x + y + 1, thus the situation is different.

So, the main problem with State->assume is that it does not compute the adjustment. I.e. when we have x + 1 as LHS then assumeSym(LHS) calls into assumeSymUnsupported and that does not compute the adjustment. The only functions that compute the adjustment are assumeSymRel and assumeSymInclusiveRange.

martong added inline comments.Oct 25 2021, 2:44 PM
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

BTW, if D103317 was merged, then I'd have to find another test case that fails here, but I think I could find one. Anyway, the point is that we need a function here, that handles the adjustments.

ASDenysPetrov added inline comments.Oct 25 2021, 3:20 PM
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

So, the main problem with State->assume is that it does not compute the adjustment. I.e. when we have x + 1 as LHS then assumeSym(LHS) calls into assumeSymUnsupported and that does not compute the adjustment. The only functions that compute the adjustment are assumeSymRel and assumeSymInclusiveRange.

Wow, I've just seen a possible solution in the game of words. If assumeSym(LHS) leads to assumeSymUnsupported, then we just need to support it, namely, make it go to assumeSymRel. IMO it's worth to investigate such a chance.

steakhal added inline comments.Oct 26 2021, 1:59 AM
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

+1, Thank you for pushing this @ASDenysPetrov

martong marked 2 inline comments as done.Oct 26 2021, 9:13 AM
martong added inline comments.
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1618–1619

So, the main problem with State->assume is that it does not compute the adjustment. I.e. when we have x + 1 as LHS then assumeSym(LHS) calls into assumeSymUnsupported and that does not compute the adjustment. The only functions that compute the adjustment are assumeSymRel and assumeSymInclusiveRange.

Wow, I've just seen a possible solution in the game of words. If assumeSym(LHS) leads to assumeSymUnsupported, then we just need to support it, namely, make it go to assumeSymRel. IMO it's worth to investigate such a chance.

Okay, that could be a good alternative, good idea!

martong updated this revision to Diff 382362.Oct 26 2021, 9:14 AM
  • Handle adjustment in assumeSym for non-comparison ops.
martong updated this revision to Diff 382367.Oct 26 2021, 9:22 AM
  • Remove superflous change.
ASDenysPetrov added inline comments.Oct 26 2021, 9:32 AM
clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
46–49
52
ASDenysPetrov requested changes to this revision.Oct 26 2021, 9:48 AM
ASDenysPetrov added inline comments.
clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
44–50

Actually what you are trying to do here is already inside assumeSymUnsupported and it will work for all SymIntExpr.
Please, proveide a test case which works with assumeSymRel and doesn't with asume from the previous change. That is what we are trying to fix here.

This revision now requires changes to proceed.Oct 26 2021, 9:48 AM
Harbormaster completed remote builds in B130739: Diff 382367.Oct 26 2021, 10:06 AM
martong marked 4 inline comments as done.Oct 27 2021, 2:54 AM
martong added inline comments.
clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
44–50

Thanks for suggesting the use of the ternary op, the code is way more elegant that way!

Actually what you are trying to do here is already inside assumeSymUnsupported and it will work for all SymIntExpr.

I see your point and I acknowledge that this new code resembles to the one in assumeSymUnsupported. However, there is a subtle but very important difference. In assumeSymUnsupported we use assumeSymNE/EQ, but here I use assumeSymRel. And assumeSymRel does compute the adjustment, but assumeSymNE/EQ do not. Also, it makes sense to compute the adjustment only in case of SymIntExprs, thus this could not be done in assumeSymUnsupported.

Please, proveide a test case which works with assumeSymRel and doesn't with asume from the previous change. That is what we are trying to fix here.

You are right, it desires a test case, so I just added the one I had pasted here previously (with (x + y + 1) % 3). If you comment-out the modifications here in assumSym then that test case will fail.

46–49
52

Yep, good point.

martong updated this revision to Diff 382581.Oct 27 2021, 2:54 AM
martong marked 3 inline comments as done.
  • Add new test case
  • Adapt style changes
Harbormaster completed remote builds in B130899: Diff 382581.Oct 27 2021, 3:28 AM
ASDenysPetrov accepted this revision.Oct 27 2021, 3:51 AM
ASDenysPetrov added inline comments.
clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp
44–50

However, there is a subtle but very important difference.

Now I see the difference. OK, then. Your solution is sensible.

This revision is now accepted and ready to land.Oct 27 2021, 3:51 AM
steakhal accepted this revision.Oct 27 2021, 4:17 AM
steakhal added inline comments.
clang/test/Analysis/constraint-assignor.c
7

Expect an int parameter.

martong marked an inline comment as done.Oct 27 2021, 8:14 AM

@ASDenysPetrov @steakhal Thanks for the assiduous reviews!

This revision was landed with ongoing or failed builds.Oct 27 2021, 8:15 AM
Closed by commit rGa8297ed99430: [Analyzer][solver] Handle adjustments in constraint assignor remainder (authored by martong). · Explain Why
This revision was automatically updated to reflect the committed changes.
martong added a commit: rGa8297ed99430: [Analyzer][solver] Handle adjustments in constraint assignor remainder.

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
12 lines
7 lines
test/
Analysis/
19 lines

Diff 382681

clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp

Show First 20 LinesShow All 1,608 Lines▼ Show 20 Lines assign(ProgramStateRef State, RangeConstraintManager &RCM,
return Assignor.assign(CoS, NewConstraint); return Assignor.assign(CoS, NewConstraint);
} }
/// Handle expressions like: a % b != 0. /// Handle expressions like: a % b != 0.
template <typename SymT> template <typename SymT>
bool handleRemainderOp(const SymT *Sym, RangeSet Constraint) { bool handleRemainderOp(const SymT *Sym, RangeSet Constraint) {
if (Sym->getOpcode() != BO_Rem) if (Sym->getOpcode() != BO_Rem)
return true; return true;
const SymbolRef LHS = Sym->getLHS();
const llvm::APSInt &Zero =
Builder.getBasicValueFactory().getValue(0, Sym->getType());
// a % b != 0 implies that a != 0. // a % b != 0 implies that a != 0.
if (!Constraint.containsZero()) { if (!Constraint.containsZero()) {
State = RCM.assumeSymNE(State, LHS, Zero, Zero); SVal SymSVal = Builder.makeSymbolVal(Sym->getLHS());
ASDenysPetrovUnsubmitted
Done
ReplyInline Actions

What I see, you're still trying to avoid using State->assume, which I recommend in a parent revision, but coming closer using its guts.

ASDenysPetrov: What I see, you're still trying to avoid using `State->assume`, which I recommend in a parent…
martongAuthorUnsubmitted
Done
ReplyInline Actions

So, it would look like this:

State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc::SymbolVal>(), true);

The main reason why we cannot use State->assume is that it boils down to RangedConstraintManager::assumeSym that has a specific logic for the boolean assumption. I.e. the operator is being negated in a case:

if (BinaryOperator::isComparisonOp(op) && op != BO_Cmp) {
  if (!Assumption)
    op = BinaryOperator::negateComparisonOp(op);

  return assumeSymRel(State, SIE->getLHS(), op, SIE->getRHS());
}

You can try it for yourself, and see that the test case added in this patch will not pass if we were to use State->assume. Essentially, we have to evade the special "bool" logic, and the closest we can get is using assumeSymRel.

Besides that, by using State->assume we would have a superfluous conversion chain Symbol->SVal->Symbol until we reach assumeSymRel.

martong: So, it would look like this: ``` State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc…
ASDenysPetrovUnsubmitted
Done
ReplyInline Actions

You can try it for yourself, and see that the test case added in this patch will not pass if we were to use State->assume.

I can't confirm. Your test case passed when I replaced with State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc::SymbolVal>(), true);.

specific logic for the boolean assumption. I.e. the operator is being negated in a case:

That just simplifies the expression, say, you want to find whether x > 5 is false, than the Solver finds for you whether
x <= 5 is true, which is an equivalent.

Essentially, we have to evade the special "bool" logic

There is no problem with bool logic. It's an equivalent of SVal != 0 when true, and SVal == 0 when false. Nothing more.

All in all I see the problem to use assume. Not because of this function itself, but because you do it incorrect by getting an SVal from LHS with makeSymbolVal. We should get it with State->getSVal which needs LocationContext as a second parameter. And that's the challenge, to pass LocationContext here, since RangedConstraintManager doesn't use it, at least for now.

ASDenysPetrov: >You can try it for yourself, and see that the test case added in this patch will not pass if…
martongAuthorUnsubmitted
Done
ReplyInline Actions

I can't confirm. Your test case passed when I replaced with State = State->assume(Builder.makeSymbolVal(LHS).castAs<nonloc::SymbolVal>(), true);.

Actually, since the last time I tried with State->assume we merged D110913. If you revert the changes of that patch you'll see that this test case indeed fails. However, here is a slightly modified case that fails even on the current llvm/main branch with State->assume but passes with assumeSymRel:

void rem_constant_adj(int x, int y) {
  if ((x + y + 1) % 3 == 0) // (x + y + 1) % 3 != 0 -> x + y + 1 != 0 -> x != -1
    return;
  clang_analyzer_eval(x + y + 1 != 0); // expected-warning{{TRUE}}
  clang_analyzer_eval(x + y != -1);    // expected-warning{{TRUE}}
  (void)(x * y); // keep the constraints alive.
}

The only change is that we have x + y instead of x.

Now, the explanation for the original test case when we have (x + 1) % 3: When we ask the value of x != -1 then assumeDual evaluates the TRUE case which is feasible and then it tries to evaluate the FALSE case, so it queries x == -1 is true. However, this kicks in the simplification, which simplifies the previous constraint of x+1, [not 0] to -1 + 1, [not 0] which is a contradiction, thus an infeasible state is returned.
When we have x + y in the test case, then simplification cannot simplify x + y + 1, thus the situation is different.

So, the main problem with State->assume is that it does not compute the adjustment. I.e. when we have x + 1 as LHS then assumeSym(LHS) calls into assumeSymUnsupported and that does not compute the adjustment. The only functions that compute the adjustment are assumeSymRel and assumeSymInclusiveRange.

martong: > I can't confirm. Your test case passed when I replaced with `State = State->assume(Builder.
martongAuthorUnsubmitted
Done
ReplyInline Actions

BTW, if D103317 was merged, then I'd have to find another test case that fails here, but I think I could find one. Anyway, the point is that we need a function here, that handles the adjustments.

martong: BTW, if D103317 was merged, then I'd have to find another test case that fails here, but I…
ASDenysPetrovUnsubmitted
Done
ReplyInline Actions

So, the main problem with State->assume is that it does not compute the adjustment. I.e. when we have x + 1 as LHS then assumeSym(LHS) calls into assumeSymUnsupported and that does not compute the adjustment. The only functions that compute the adjustment are assumeSymRel and assumeSymInclusiveRange.

Wow, I've just seen a possible solution in the game of words. If assumeSym(LHS) leads to assumeSymUnsupported, then we just need to support it, namely, make it go to assumeSymRel. IMO it's worth to investigate such a chance.

ASDenysPetrov: > So, the main problem with State->assume is that it does not compute the adjustment. I.e. when…
steakhalUnsubmitted
Done
ReplyInline Actions

+1, Thank you for pushing this @ASDenysPetrov

steakhal: +1, Thank you for pushing this @ASDenysPetrov
martongAuthorUnsubmitted
Done
ReplyInline Actions

So, the main problem with State->assume is that it does not compute the adjustment. I.e. when we have x + 1 as LHS then assumeSym(LHS) calls into assumeSymUnsupported and that does not compute the adjustment. The only functions that compute the adjustment are assumeSymRel and assumeSymInclusiveRange.

Wow, I've just seen a possible solution in the game of words. If assumeSym(LHS) leads to assumeSymUnsupported, then we just need to support it, namely, make it go to assumeSymRel. IMO it's worth to investigate such a chance.

Okay, that could be a good alternative, good idea!

martong: > > So, the main problem with State->assume is that it does not compute the adjustment. I.e.
if (auto NonLocSymSVal = SymSVal.getAs<nonloc::SymbolVal>()) {
State = State->assume(*NonLocSymSVal, true);
if (!State) if (!State)
return false; return false;
} }
}
return true; return true;
} }
inline bool assignSymExprToConst(const SymExpr *Sym, Const Constraint); inline bool assignSymExprToConst(const SymExpr *Sym, Const Constraint);
inline bool assignSymIntExprToRangeSet(const SymIntExpr *Sym, inline bool assignSymIntExprToRangeSet(const SymIntExpr *Sym,
RangeSet Constraint) { RangeSet Constraint) {
return handleRemainderOp(Sym, Constraint); return handleRemainderOp(Sym, Constraint);
} }
▲ Show 20 LinesShow All 1,252 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp

Show All 35 Lines if (const SymIntExpr *SIE = dyn_cast<SymIntExpr>(Sym)) {
BinaryOperator::Opcode op = SIE->getOpcode(); BinaryOperator::Opcode op = SIE->getOpcode();
if (BinaryOperator::isComparisonOp(op) && op != BO_Cmp) { if (BinaryOperator::isComparisonOp(op) && op != BO_Cmp) {
if (!Assumption) if (!Assumption)
op = BinaryOperator::negateComparisonOp(op); op = BinaryOperator::negateComparisonOp(op);
return assumeSymRel(State, SIE->getLHS(), op, SIE->getRHS()); return assumeSymRel(State, SIE->getLHS(), op, SIE->getRHS());
} }
} else if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) { // Handle adjustment with non-comparison ops.
const llvm::APSInt &Zero = getBasicVals().getValue(0, SIE->getType());
return assumeSymRel(State, SIE, (Assumption ? BO_NE : BO_EQ), Zero);
}
if (const auto *SSE = dyn_cast<SymSymExpr>(Sym)) {
ASDenysPetrovUnsubmitted
Done
ReplyInline Actions
const llvm::APSInt &Zero = getBasicVals().getValue(0, SIE->getType());
- if (Assumption) {
- return assumeSymRel(State, SIE, BO_NE, Zero);
- }
- return assumeSymRel(State, SIE, BO_EQ, Zero);
+ return assumeSymRel(State, SIE, (Assumption ? BO_NE : BO_EQ), Zero);
}
if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) {
ASDenysPetrov:
martongAuthorUnsubmitted
Done
ReplyInline Actions
martong: >
BinaryOperator::Opcode Op = SSE->getOpcode(); BinaryOperator::Opcode Op = SSE->getOpcode();
ASDenysPetrovUnsubmitted
Done
ReplyInline Actions

Actually what you are trying to do here is already inside assumeSymUnsupported and it will work for all SymIntExpr.
Please, proveide a test case which works with assumeSymRel and doesn't with asume from the previous change. That is what we are trying to fix here.

ASDenysPetrov: Actually what you are trying to do here is already inside `assumeSymUnsupported` and it will…
martongAuthorUnsubmitted
Done
ReplyInline Actions

Thanks for suggesting the use of the ternary op, the code is way more elegant that way!

Actually what you are trying to do here is already inside assumeSymUnsupported and it will work for all SymIntExpr.

I see your point and I acknowledge that this new code resembles to the one in assumeSymUnsupported. However, there is a subtle but very important difference. In assumeSymUnsupported we use assumeSymNE/EQ, but here I use assumeSymRel. And assumeSymRel does compute the adjustment, but assumeSymNE/EQ do not. Also, it makes sense to compute the adjustment only in case of SymIntExprs, thus this could not be done in assumeSymUnsupported.

Please, proveide a test case which works with assumeSymRel and doesn't with asume from the previous change. That is what we are trying to fix here.

You are right, it desires a test case, so I just added the one I had pasted here previously (with (x + y + 1) % 3). If you comment-out the modifications here in assumSym then that test case will fail.

martong: Thanks for suggesting the use of the ternary op, the code is way more elegant that way! >…
ASDenysPetrovUnsubmitted
Not Done
ReplyInline Actions

However, there is a subtle but very important difference.

Now I see the difference. OK, then. Your solution is sensible.

ASDenysPetrov: > However, there is a subtle but very important difference. Now I see the difference. OK, then.
assert(BinaryOperator::isComparisonOp(Op)); assert(BinaryOperator::isComparisonOp(Op));
ASDenysPetrovUnsubmitted
Done
ReplyInline Actions
return assumeSymRel(State, SIE, BO_EQ, Zero);
}
- if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) {
+ if (const auto *SSE = dyn_cast<SymSymExpr>(Sym)) {
BinaryOperator::Opcode Op = SSE->getOpcode();
ASDenysPetrov:
martongAuthorUnsubmitted
Done
ReplyInline Actions

Yep, good point.

martong: Yep, good point.
// We convert equality operations for pointers only. // We convert equality operations for pointers only.
if (Loc::isLocType(SSE->getLHS()->getType()) && if (Loc::isLocType(SSE->getLHS()->getType()) &&
Loc::isLocType(SSE->getRHS()->getType())) { Loc::isLocType(SSE->getRHS()->getType())) {
// Translate "a != b" to "(b - a) != 0". // Translate "a != b" to "(b - a) != 0".
// We invert the order of the operands as a heuristic for how loop // We invert the order of the operands as a heuristic for how loop
// conditions are usually written ("begin != end") as compared to length // conditions are usually written ("begin != end") as compared to length
// calculations ("end - begin"). The more correct thing to do would be to // calculations ("end - begin"). The more correct thing to do would be to
// canonicalize "a - b" and "b - a", which would allow us to treat // canonicalize "a - b" and "b - a", which would allow us to treat
▲ Show 20 LinesShow All 187 LinesShow Last 20 Lines

clang/test/Analysis/constraint-assignor.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -verify // RUN: -verify
// expected-no-diagnostics
void clang_analyzer_warnIfReached(); void clang_analyzer_warnIfReached();
void clang_analyzer_eval(int);
steakhalUnsubmitted
Done
ReplyInline Actions

Expect an int parameter.

steakhal: Expect an `int` parameter.
void rem_constant_rhs_ne_zero(int x, int y) { void rem_constant_rhs_ne_zero(int x, int y) {
if (x % 3 == 0) // x % 3 != 0 -> x != 0 if (x % 3 == 0) // x % 3 != 0 -> x != 0
return; return;
if (x * y != 0) // x * y == 0 if (x * y != 0) // x * y == 0
return; return;
if (y != 1) // y == 1 -> x == 0 if (y != 1) // y == 1 -> x == 0
return; return;
▲ Show 20 LinesShow All 45 Lines▼ Show 20 Linesvoid internal_unsigned_signed_mismatch(unsigned a) {
int d = a; int d = a;
// Implicit casts are not handled, thus the analyzer models `d % 2` as // Implicit casts are not handled, thus the analyzer models `d % 2` as
// `(reg_$0<unsigned int a>) % 2` // `(reg_$0<unsigned int a>) % 2`
// However, this should not result in internal signedness mismatch error when // However, this should not result in internal signedness mismatch error when
// we assign new constraints below. // we assign new constraints below.
if (d % 2 != 0) if (d % 2 != 0)
return; return;
} }
void remainder_with_adjustment(int x) {
if ((x + 1) % 3 == 0) // (x + 1) % 3 != 0 -> x + 1 != 0 -> x != -1
return;
clang_analyzer_eval(x + 1 != 0); // expected-warning{{TRUE}}
clang_analyzer_eval(x != -1); // expected-warning{{TRUE}}
(void)x; // keep the constraints alive.
}
void remainder_with_adjustment_of_composit_lhs(int x, int y) {
if ((x + y + 1) % 3 == 0) // (x + 1) % 3 != 0 -> x + 1 != 0 -> x != -1
return;
clang_analyzer_eval(x + y + 1 != 0); // expected-warning{{TRUE}}
clang_analyzer_eval(x + y != -1); // expected-warning{{TRUE}}
(void)(x * y); // keep the constraints alive.
}