This is an archive of the discontinued LLVM Phabricator instance.

Differential D125379

[analyzer][solver] Do not negate unsigned ranges
AbandonedPublic

Authored by martong on May 11 2022, 5:29 AM.

Details

Reviewers
NoQ
steakhal
Szelethus
Summary

This is a bugfix. Simply put, 2u - 1u != 2u - 1u. See the static
assertion in the test file. The fix simply ban the negation of unsigned
expressions. This way the we are getting a little bit more conservatie,
but at least we do not infer wrong values.

Diff Detail

Event Timeline

martong created this revision.May 11 2022, 5:29 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptMay 11 2022, 5:29 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: manas, ASDenysPetrov, gamesh411 and 9 others. · View Herald Transcript
martong requested review of this revision.May 11 2022, 5:29 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 11 2022, 5:29 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
martong added a child revision: D125318: [analyzer] Add UnarySymExpr.May 11 2022, 5:29 AM
steakhal added a comment.May 11 2022, 5:39 AM

Seems reasonable.

clang/test/Analysis/constraint_manager_negate_difference.c
145–148

It's not immediately clear what you refer to by the TRUE case. The two evals the opposite condition, consequently one of them should be FALSE. Same for the next case.

martong abandoned this revision.May 11 2022, 8:22 AM
martong added inline comments.
clang/test/Analysis/constraint_manager_negate_difference.c
125–130

Actually, this test case was correct, because UINT_MID is a special value and for that

_Static_assert(UINT_MID == -UINT_MID, "");

holds.
So, this patch is meaningless.

martong removed a child revision: D125318: [analyzer] Add UnarySymExpr.May 11 2022, 8:23 AM

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
3 lines
test/
Analysis/
24 lines

Diff 428633

clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp

Show First 20 LinesShow All 1,448 Lines▼ Show 20 Linesprivate:
// only negated SymSymExpr-type expressions, but also of other, simpler // only negated SymSymExpr-type expressions, but also of other, simpler
// expressions which we currently do not know how to negate. // expressions which we currently do not know how to negate.
Optional<RangeSet> getRangeForNegatedSub(SymbolRef Sym) { Optional<RangeSet> getRangeForNegatedSub(SymbolRef Sym) {
if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) { if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) {
if (SSE->getOpcode() == BO_Sub) { if (SSE->getOpcode() == BO_Sub) {
QualType T = Sym->getType(); QualType T = Sym->getType();
// Do not negate unsigned ranges // Do not negate unsigned ranges
if (!T->isUnsignedIntegerOrEnumerationType() && if (T->isUnsignedIntegerOrEnumerationType())
!T->isSignedIntegerOrEnumerationType())
return llvm::None; return llvm::None;
SymbolManager &SymMgr = State->getSymbolManager(); SymbolManager &SymMgr = State->getSymbolManager();
SymbolRef NegatedSym = SymbolRef NegatedSym =
SymMgr.getSymSymExpr(SSE->getRHS(), BO_Sub, SSE->getLHS(), T); SymMgr.getSymSymExpr(SSE->getRHS(), BO_Sub, SSE->getLHS(), T);
if (const RangeSet *NegatedRange = getConstraint(State, NegatedSym)) { if (const RangeSet *NegatedRange = getConstraint(State, NegatedSym)) {
return RangeFactory.negate(*NegatedRange); return RangeFactory.negate(*NegatedRange);
▲ Show 20 LinesShow All 1,867 LinesShow Last 20 Lines

clang/test/Analysis/constraint_manager_negate_difference.c

Show First 20 LinesShow All 116 Lines▼ Show 20 Linesvoid negate_unsigned_min(unsigned m, unsigned n) {
if (m - n == UINT_MIN) { if (m - n == UINT_MIN) {
clang_analyzer_eval(n - m == UINT_MIN); // expected-warning{{TRUE}} clang_analyzer_eval(n - m == UINT_MIN); // expected-warning{{TRUE}}
clang_analyzer_eval(n - m != UINT_MIN); // expected-warning{{FALSE}} clang_analyzer_eval(n - m != UINT_MIN); // expected-warning{{FALSE}}
clang_analyzer_eval(n - m > UINT_MIN); // expected-warning{{FALSE}} clang_analyzer_eval(n - m > UINT_MIN); // expected-warning{{FALSE}}
clang_analyzer_eval(n - m < UINT_MIN); // expected-warning{{FALSE}} clang_analyzer_eval(n - m < UINT_MIN); // expected-warning{{FALSE}}
} }
} }
_Static_assert(12u - 1u != 1u - 12u, "Good modulo arithmetic");
void negate_unsigned_mid(unsigned m, unsigned n) { void negate_unsigned_mid(unsigned m, unsigned n) {
if (m - n == UINT_MID) { if (m - n == UINT_MID) {
clang_analyzer_eval(n - m == UINT_MID); // expected-warning{{TRUE}} clang_analyzer_eval(n - m == UINT_MID); // expected-warning{{TRUE}} expected-warning{{FALSE}}
clang_analyzer_eval(n - m != UINT_MID); // expected-warning{{FALSE}} clang_analyzer_eval(n - m != UINT_MID); // expected-warning{{FALSE}} expected-warning{{TRUE}}
} }
} }
martongAuthorUnsubmitted
Done
ReplyInline Actions

Actually, this test case was correct, because UINT_MID is a special value and for that

_Static_assert(UINT_MID == -UINT_MID, "");

holds.
So, this patch is meaningless.

martong: Actually, this test case was correct, because UINT_MID is a special value and for that ```…
void negate_unsigned_mid2(unsigned m, unsigned n) { void negate_unsigned_mid2(unsigned m, unsigned n) {
if (m - n < UINT_MID && m - n > UINT_MIN) { if (m - n < UINT_MID && m - n > UINT_MIN) {
clang_analyzer_eval(n - m > UINT_MID); // expected-warning{{TRUE}} clang_analyzer_eval(n - m > UINT_MID); // expected-warning{{TRUE}} expected-warning{{FALSE}}
clang_analyzer_eval(n - m < UINT_MID); // expected-warning{{FALSE}} clang_analyzer_eval(n - m < UINT_MID); // expected-warning{{FALSE}} expected-warning{{TRUE}}
} }
} }
_Static_assert(1u - 2u == UINT_MAX, "Good modulo arithmetic");
_Static_assert(2u - 1u == 1, "Good modulo arithmetic");
void negate_unsigned_max(unsigned m, unsigned n) { void negate_unsigned_max(unsigned m, unsigned n) {
if (m - n == UINT_MAX) { if (m - n == UINT_MAX) {
clang_analyzer_eval(n - m == 1); // expected-warning{{TRUE}} // FIXME only the TRUE case should appear. But it is better to be
clang_analyzer_eval(n - m != 1); // expected-warning{{FALSE}} // conservative than faulty.
clang_analyzer_eval(n - m == 1); // expected-warning{{TRUE}} expected-warning{{FALSE}}
clang_analyzer_eval(n - m != 1); // expected-warning{{FALSE}} expected-warning{{TRUE}}
steakhalUnsubmitted
Not Done
ReplyInline Actions

It's not immediately clear what you refer to by the TRUE case. The two evals the opposite condition, consequently one of them should be FALSE. Same for the next case.

steakhal: It's not immediately clear what you refer to by the `TRUE` case. The two evals the opposite…
} }
} }
void negate_unsigned_one(unsigned m, unsigned n) { void negate_unsigned_one(unsigned m, unsigned n) {
if (m - n == 1) { if (m - n == 1) {
clang_analyzer_eval(n - m == UINT_MAX); // expected-warning{{TRUE}} // FIXME only the TRUE case should appear.
clang_analyzer_eval(n - m < UINT_MAX); // expected-warning{{FALSE}} clang_analyzer_eval(n - m == UINT_MAX); // expected-warning{{TRUE}} expected-warning{{FALSE}}
clang_analyzer_eval(n - m < UINT_MAX); // expected-warning{{FALSE}} expected-warning{{TRUE}}
} }
} }
// The next code is a repro for the bug PR41588 // The next code is a repro for the bug PR41588
void negated_unsigned_range(unsigned x, unsigned y) { void negated_unsigned_range(unsigned x, unsigned y) {
clang_analyzer_eval(x - y != 0); // expected-warning{{FALSE}} expected-warning{{TRUE}} clang_analyzer_eval(x - y != 0); // expected-warning{{FALSE}} expected-warning{{TRUE}}
clang_analyzer_eval(y - x != 0); // expected-warning{{FALSE}} expected-warning{{TRUE}} clang_analyzer_eval(y - x != 0); // expected-warning{{FALSE}} expected-warning{{TRUE}}
// expected no assertion on the next line // expected no assertion on the next line
clang_analyzer_eval(x - y != 0); // expected-warning{{FALSE}} expected-warning{{TRUE}} clang_analyzer_eval(x - y != 0); // expected-warning{{FALSE}} expected-warning{{TRUE}}
} }