This is an archive of the discontinued LLVM Phabricator instance.

[analyzer][solver] Prevent use of a null state
ClosedPublic

Authored by vsavchenko on May 11 2021, 7:31 AM.

Diff Detail

Event Timeline

vsavchenko created this revision.May 11 2021, 7:31 AM
vsavchenko requested review of this revision.May 11 2021, 7:31 AM
Herald added a project: Restricted Project. Β· View Herald TranscriptMay 11 2021, 7:31 AM
Herald added a subscriber: cfe-commits. Β· View Herald Transcript

Dam, we will be always haunted by these.
Looks good btw.
The test looks somewhat artificial - like a raw creduce result.

Do you think It worth the effort to make it look like it was written by a human?
I also somewhy prefer function parameters to globals for this specific use-case.

This seems to depend on the -analyzer-config eagerly-assume=true. We should probably add this option explicitly, just in case.

Modify test

Dam, we will be always haunted by these.

Yep, it was one place where we didn't expect a null state, but after one of the later patches, it became possible. 🀞it's the final one.

Looks good btw.
The test looks somewhat artificial - like a raw creduce result.

Do you think It worth the effort to make it look like it was written by a human?

OK, I tried. and surprisingly I couldn't transform c == b into a condition, so it crashes. While it's interesting why exactly this happens, I don't think that it's worth it (in this particular case).

I also somewhy prefer function parameters to globals for this specific use-case.

βœ…

This seems to depend on the -analyzer-config eagerly-assume=true. We should probably add this option explicitly, just in case.

βœ…

steakhal accepted this revision.May 13 2021, 9:29 AM

I couldn't transform c == b into a condition, so it crashes.

Well, that's interesting. It might worth investigating. @NoQ ?
Regardless, it's an improvement, let's land it :D

This revision is now accepted and ready to land.May 13 2021, 9:29 AM
This revision was automatically updated to reflect the committed changes.
NoQ added a comment.May 13 2021, 10:51 AM

Thx for the fix!

I couldn't transform c == b into a condition, so it crashes.

Well, that's interesting. It might worth investigating. @NoQ ?
Regardless, it's an improvement, let's land it :D

At a glance it looks like this has something to do with liveness. When c == b is surrounded by an if-statement, the CFG starts having more blocks and live variables analysis becomes more fine-grained and constraints for 'b' get cleaned up more quickly. Which is bad because this means that we're cleaning up constraints that are still useful.