This is an archive of the discontinued LLVM Phabricator instance.

Differential D124943

[clang][dataflow] Add flowConditionIsTautology function
ClosedPublic

Authored by li.zhe.hua on May 4 2022, 10:17 AM.

Details

Reviewers
ymandel
sgatev
xazax.hun
Commits
rG58abe36ae765: [clang][dataflow] Add flowConditionIsTautology function
Summary

Provide a way for users to check if a flow condition is
unconditionally true.

Diff Detail

Event Timeline

li.zhe.hua created this revision.May 4 2022, 10:17 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 4 2022, 10:17 AM
Herald added subscribers: tschuett, steakhal, rnkovacs. · View Herald Transcript
li.zhe.hua requested review of this revision.May 4 2022, 10:17 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 4 2022, 10:17 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
ymandel added a comment.May 4 2022, 10:27 AM

The code looks good, but what is the intended application?

li.zhe.hua added a comment.May 4 2022, 10:37 AM

This allows me to query when an expression is always encountered/executed. Alternatively, if I have a set of interesting expressions, I can note the flow condition at every expression, compute the disjunction of the set of flow conditions, and determine if execution will always encounter an interesting expression.

Harbormaster completed remote builds in B162731: Diff 427057.May 4 2022, 11:38 AM
xazax.hun accepted this revision.May 4 2022, 3:50 PM

The code looks good to me too. I was also wondering what sort of check will need this info.

This revision is now accepted and ready to land.May 4 2022, 3:50 PM
sgatev accepted this revision.May 4 2022, 8:42 PM
sgatev added inline comments.
clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h
176–177
clang/unittests/Analysis/FlowSensitive/DataflowAnalysisContextTest.cpp
144
151

I don't think this is doing what the comment above it says. We probably shouldn't add flow conditions directly as constraints because this isn't tracking flow condition dependencies. I suggest removing this case and keeping the one with FC5.

154

Again, I suggest removing this case. The one with FC6 should suffice.

li.zhe.hua added a comment.May 4 2022, 8:44 PM

I'm playing around with a tool to take raw pointers and add a non-null annotation or convert them to references, for code that is assumed to be correct. So in this case, "interesting expression" is anything that would be UB if the pointer was null, e.g. dereferencing the pointer.

li.zhe.hua updated this revision to Diff 427183.May 4 2022, 8:53 PM

Address reviewer comments.

li.zhe.hua marked 4 inline comments as done.May 4 2022, 8:54 PM

Ah, good catch regarding the flow condition deps not being tracked. Thanks for the review!

This revision was landed with ongoing or failed builds.May 4 2022, 8:58 PM
Closed by commit rG58abe36ae765: [clang][dataflow] Add flowConditionIsTautology function (authored by li.zhe.hua). · Explain Why
This revision was automatically updated to reflect the committed changes.
li.zhe.hua added a commit: rG58abe36ae765: [clang][dataflow] Add flowConditionIsTautology function.
Harbormaster completed remote builds in B162822: Diff 427183.May 4 2022, 9:19 PM

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
FlowSensitive/
4 lines
lib/
Analysis/
FlowSensitive/
13 lines
unittests/
Analysis/
FlowSensitive/
29 lines

Diff 427185

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysisContext.h

Show First 20 LinesShow All 167 Lines▼ Show 20 Linespublic:
/// token. /// token.
AtomicBoolValue &joinFlowConditions(AtomicBoolValue &FirstToken, AtomicBoolValue &joinFlowConditions(AtomicBoolValue &FirstToken,
AtomicBoolValue &SecondToken); AtomicBoolValue &SecondToken);
/// Returns true if and only if the constraints of the flow condition /// Returns true if and only if the constraints of the flow condition
/// identified by `Token` imply that `Val` is true. /// identified by `Token` imply that `Val` is true.
bool flowConditionImplies(AtomicBoolValue &Token, BoolValue &Val); bool flowConditionImplies(AtomicBoolValue &Token, BoolValue &Val);
/// Returns true if and only if the constraints of the flow condition
/// identified by `Token` are always true.
sgatevUnsubmitted
Done
ReplyInline Actions
bool flowConditionImplies(AtomicBoolValue &Token, BoolValue &Val);
- /// Returns true if the constraints of the flow condition identified by
- /// `Token` is always true.
+ /// Returns true if and only if the constraints of the flow condition
+ /// identified by `Token` are always true.
bool flowConditionIsTautology(AtomicBoolValue &Token);
sgatev:
bool flowConditionIsTautology(AtomicBoolValue &Token);
private: private:
/// Adds all constraints of the flow condition identified by `Token` and all /// Adds all constraints of the flow condition identified by `Token` and all
/// of its transitive dependencies to `Constraints`. `VisitedTokens` is used /// of its transitive dependencies to `Constraints`. `VisitedTokens` is used
/// to track tokens of flow conditions that were already visited by recursive /// to track tokens of flow conditions that were already visited by recursive
/// calls. /// calls.
void addTransitiveFlowConditionConstraints( void addTransitiveFlowConditionConstraints(
AtomicBoolValue &Token, llvm::DenseSet<BoolValue *> &Constraints, AtomicBoolValue &Token, llvm::DenseSet<BoolValue *> &Constraints,
llvm::DenseSet<AtomicBoolValue *> &VisitedTokens) const; llvm::DenseSet<AtomicBoolValue *> &VisitedTokens) const;
▲ Show 20 LinesShow All 54 LinesShow Last 20 Lines

clang/lib/Analysis/FlowSensitive/DataflowAnalysisContext.cpp

Show First 20 LinesShow All 111 Lines▼ Show 20 Lines llvm::DenseSet<BoolValue *> Constraints = {
&getOrCreateNegationValue(getBoolLiteralValue(false)), &getOrCreateNegationValue(getBoolLiteralValue(false)),
&getOrCreateNegationValue(Val), &getOrCreateNegationValue(Val),
}; };
llvm::DenseSet<AtomicBoolValue *> VisitedTokens; llvm::DenseSet<AtomicBoolValue *> VisitedTokens;
addTransitiveFlowConditionConstraints(Token, Constraints, VisitedTokens); addTransitiveFlowConditionConstraints(Token, Constraints, VisitedTokens);
return S->solve(std::move(Constraints)) == Solver::Result::Unsatisfiable; return S->solve(std::move(Constraints)) == Solver::Result::Unsatisfiable;
} }
bool DataflowAnalysisContext::flowConditionIsTautology(AtomicBoolValue &Token) {
// Returns true if and only if we cannot prove that the flow condition can
// ever be false.
llvm::DenseSet<BoolValue *> Constraints = {
&getBoolLiteralValue(true),
&getOrCreateNegationValue(getBoolLiteralValue(false)),
&getOrCreateNegationValue(Token),
};
llvm::DenseSet<AtomicBoolValue *> VisitedTokens;
addTransitiveFlowConditionConstraints(Token, Constraints, VisitedTokens);
return S->solve(std::move(Constraints)) == Solver::Result::Unsatisfiable;
}
void DataflowAnalysisContext::addTransitiveFlowConditionConstraints( void DataflowAnalysisContext::addTransitiveFlowConditionConstraints(
AtomicBoolValue &Token, llvm::DenseSet<BoolValue *> &Constraints, AtomicBoolValue &Token, llvm::DenseSet<BoolValue *> &Constraints,
llvm::DenseSet<AtomicBoolValue *> &VisitedTokens) const { llvm::DenseSet<AtomicBoolValue *> &VisitedTokens) const {
auto Res = VisitedTokens.insert(&Token); auto Res = VisitedTokens.insert(&Token);
if (!Res.second) if (!Res.second)
return; return;
auto FirstConjunctIT = FlowConditionFirstConjuncts.find(&Token); auto FirstConjunctIT = FlowConditionFirstConjuncts.find(&Token);
Show All 17 Lines

clang/unittests/Analysis/FlowSensitive/DataflowAnalysisContextTest.cpp

Show First 20 LinesShow All 134 Lines▼ Show 20 LinesTEST_F(DataflowAnalysisContextTest, JoinFlowConditions) {
Context.addFlowConditionConstraint(FC2, C3); Context.addFlowConditionConstraint(FC2, C3);
auto &FC3 = Context.joinFlowConditions(FC1, FC2); auto &FC3 = Context.joinFlowConditions(FC1, FC2);
EXPECT_FALSE(Context.flowConditionImplies(FC3, C1)); EXPECT_FALSE(Context.flowConditionImplies(FC3, C1));
EXPECT_FALSE(Context.flowConditionImplies(FC3, C2)); EXPECT_FALSE(Context.flowConditionImplies(FC3, C2));
EXPECT_TRUE(Context.flowConditionImplies(FC3, C3)); EXPECT_TRUE(Context.flowConditionImplies(FC3, C3));
} }
TEST_F(DataflowAnalysisContextTest, FlowConditionTautologies) {
// Fresh flow condition with empty/no constraints is always true.
sgatevUnsubmitted
Done
ReplyInline Actions
TEST_F(DataflowAnalysisContextTest, FlowConditionTautologies) {
- // Default flow condition with empty/no constraints is always true.
+ // Fresh flow condition with empty/no constraints is always true.
auto &FC1 = Context.makeFlowConditionToken();
sgatev:
auto &FC1 = Context.makeFlowConditionToken();
EXPECT_TRUE(Context.flowConditionIsTautology(FC1));
// Literal `true` is always true.
auto &FC2 = Context.makeFlowConditionToken();
Context.addFlowConditionConstraint(FC2, Context.getBoolLiteralValue(true));
EXPECT_TRUE(Context.flowConditionIsTautology(FC2));
sgatevUnsubmitted
Done
ReplyInline Actions

I don't think this is doing what the comment above it says. We probably shouldn't add flow conditions directly as constraints because this isn't tracking flow condition dependencies. I suggest removing this case and keeping the one with FC5.

sgatev: I don't think this is doing what the comment above it says. We probably shouldn't add flow…
// Literal `false` is never true.
auto &FC3 = Context.makeFlowConditionToken();
sgatevUnsubmitted
Done
ReplyInline Actions

Again, I suggest removing this case. The one with FC6 should suffice.

sgatev: Again, I suggest removing this case. The one with `FC6` should suffice.
Context.addFlowConditionConstraint(FC3, Context.getBoolLiteralValue(false));
EXPECT_FALSE(Context.flowConditionIsTautology(FC3));
// We can't prove that an arbitrary bool A is always true...
auto &C1 = Context.createAtomicBoolValue();
auto &FC4 = Context.makeFlowConditionToken();
Context.addFlowConditionConstraint(FC4, C1);
EXPECT_FALSE(Context.flowConditionIsTautology(FC4));
// ... but we can prove A || !A is true.
auto &FC5 = Context.makeFlowConditionToken();
Context.addFlowConditionConstraint(
FC5, Context.getOrCreateDisjunctionValue(
C1, Context.getOrCreateNegationValue(C1)));
EXPECT_TRUE(Context.flowConditionIsTautology(FC5));
}
} // namespace } // namespace