This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
lib/Analysis/FlowSensitive/
-
Analysis/
-
FlowSensitive/
1
WatchedLiteralsSolver.cpp
-
unittests/Analysis/FlowSensitive/
-
Analysis/
-
FlowSensitive/
-
SolverTest.cpp

Differential D130522

[clang][dataflow] Fix SAT solver crashes on `X ^ X` and `X v X`
ClosedPublic

Authored by gribozavr on Jul 25 2022, 2:53 PM.

Download Raw Diff

Details

Reviewers

NoQ
sgatev
ymandel
xazax.hun
wyt

Commits

rG3281138aad80: [clang][dataflow] Fix SAT solver crashes on `X ^ X` and `X v X`

Summary

BooleanFormula::addClause has an invariant that a clause has no duplicated
literals. When the solver was desugaring a formula into CNF clauses, it
could construct a clause with such duplicated literals in two cases.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

gribozavr created this revision.Jul 25 2022, 2:53 PM

Herald added a reviewer: NoQ. · View Herald TranscriptJul 25 2022, 2:53 PM

Herald added a project: Restricted Project. · View Herald Transcript

Herald added subscribers: martong, tschuett, xazax.hun. · View Herald Transcript

gribozavr requested review of this revision.Jul 25 2022, 2:53 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 25 2022, 2:53 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

gribozavr2 added reviewers: sgatev, ymandel, xazax.hun, wyt.Jul 25 2022, 2:54 PM

Herald added a subscriber: rnkovacs. · View Herald TranscriptJul 25 2022, 2:54 PM

xazax.hun accepted this revision.Jul 25 2022, 3:21 PM

This revision is now accepted and ready to land.Jul 25 2022, 3:21 PM

gribozavr2 mentioned this in D130519: [clang][dataflow] Add explicit "AST" nodes for implications and iff.Jul 25 2022, 3:22 PM

Harbormaster completed remote builds in B177477: Diff 447483.Jul 25 2022, 3:49 PM

ymandel accepted this revision.Jul 25 2022, 4:47 PM

sgatev accepted this revision.Jul 25 2022, 11:29 PM

sgatev added inline comments.

clang/lib/Analysis/FlowSensitive/WatchedLiteralsSolver.cpp
273	Let's visit `C->getLeftSubValue()` here.

Actually visit a subexpression

This revision was landed with ongoing or failed builds.Jul 26 2022, 1:26 AM

Closed by commit rG3281138aad80: [clang][dataflow] Fix SAT solver crashes on `X ^ X` and `X v X` (authored by gribozavr). · Explain Why

This revision was automatically updated to reflect the committed changes.

gribozavr added a commit: rG3281138aad80: [clang][dataflow] Fix SAT solver crashes on `X ^ X` and `X v X`.

Harbormaster completed remote builds in B177564: Diff 447609.Jul 26 2022, 1:42 AM

Revision Contents

Path

Size

clang/

lib/

Analysis/

FlowSensitive/

WatchedLiteralsSolver.cpp

60 lines

unittests/

Analysis/

FlowSensitive/

SolverTest.cpp

20 lines

Diff 447613

clang/lib/Analysis/FlowSensitive/WatchedLiteralsSolver.cpp

Show First 20 Lines • Show All 257 Lines • ▼ Show 20 Lines	while (!UnprocessedSubVals.empty()) {
if (ProcessedSubVals[Var])		if (ProcessedSubVals[Var])
continue;		continue;
ProcessedSubVals[Var] = true;		ProcessedSubVals[Var] = true;

if (auto *C = dyn_cast<ConjunctionValue>(Val)) {		if (auto *C = dyn_cast<ConjunctionValue>(Val)) {
const Variable LeftSubVar = GetVar(&C->getLeftSubValue());		const Variable LeftSubVar = GetVar(&C->getLeftSubValue());
const Variable RightSubVar = GetVar(&C->getRightSubValue());		const Variable RightSubVar = GetVar(&C->getRightSubValue());

		if (LeftSubVar == RightSubVar) {
		// `X <=> (A ^ A)` is equivalent to `(!X v A) ^ (X v !A)` which is
		// already in conjunctive normal form. Below we add each of the
		// conjuncts of the latter expression to the result.
		Formula.addClause(negLit(Var), posLit(LeftSubVar));
		Formula.addClause(posLit(Var), negLit(LeftSubVar));

		// Visit a sub-value of `Val` (pick any, they are identical).
		sgatevUnsubmitted Not Done Reply Inline Actions Let's visit `C->getLeftSubValue()` here. sgatev: Let's visit `C->getLeftSubValue()` here.
		UnprocessedSubVals.push(&C->getLeftSubValue());
		} else {
// `X <=> (A ^ B)` is equivalent to `(!X v A) ^ (!X v B) ^ (X v !A v !B)`		// `X <=> (A ^ B)` is equivalent to `(!X v A) ^ (!X v B) ^ (X v !A v !B)`
// which is already in conjunctive normal form. Below we add each of the		// which is already in conjunctive normal form. Below we add each of the
// conjuncts of the latter expression to the result.		// conjuncts of the latter expression to the result.
Formula.addClause(negLit(Var), posLit(LeftSubVar));		Formula.addClause(negLit(Var), posLit(LeftSubVar));
Formula.addClause(negLit(Var), posLit(RightSubVar));		Formula.addClause(negLit(Var), posLit(RightSubVar));
Formula.addClause(posLit(Var), negLit(LeftSubVar), negLit(RightSubVar));		Formula.addClause(posLit(Var), negLit(LeftSubVar), negLit(RightSubVar));

// Visit the sub-values of `Val`.		// Visit the sub-values of `Val`.
UnprocessedSubVals.push(&C->getLeftSubValue());		UnprocessedSubVals.push(&C->getLeftSubValue());
UnprocessedSubVals.push(&C->getRightSubValue());		UnprocessedSubVals.push(&C->getRightSubValue());
		}
} else if (auto *D = dyn_cast<DisjunctionValue>(Val)) {		} else if (auto *D = dyn_cast<DisjunctionValue>(Val)) {
const Variable LeftSubVar = GetVar(&D->getLeftSubValue());		const Variable LeftSubVar = GetVar(&D->getLeftSubValue());
const Variable RightSubVar = GetVar(&D->getRightSubValue());		const Variable RightSubVar = GetVar(&D->getRightSubValue());

		if (LeftSubVar == RightSubVar) {
		// `X <=> (A v A)` is equivalent to `(!X v A) ^ (X v !A)` which is
		// already in conjunctive normal form. Below we add each of the
		// conjuncts of the latter expression to the result.
		Formula.addClause(negLit(Var), posLit(LeftSubVar));
		Formula.addClause(posLit(Var), negLit(LeftSubVar));

		// Visit a sub-value of `Val` (pick any, they are identical).
		UnprocessedSubVals.push(&D->getLeftSubValue());
		} else {
// `X <=> (A v B)` is equivalent to `(!X v A v B) ^ (X v !A) ^ (X v !B)`		// `X <=> (A v B)` is equivalent to `(!X v A v B) ^ (X v !A) ^ (X v !B)`
// which is already in conjunctive normal form. Below we add each of the		// which is already in conjunctive normal form. Below we add each of the
// conjuncts of the latter expression to the result.		// conjuncts of the latter expression to the result.
Formula.addClause(negLit(Var), posLit(LeftSubVar), posLit(RightSubVar));		Formula.addClause(negLit(Var), posLit(LeftSubVar), posLit(RightSubVar));
Formula.addClause(posLit(Var), negLit(LeftSubVar));		Formula.addClause(posLit(Var), negLit(LeftSubVar));
Formula.addClause(posLit(Var), negLit(RightSubVar));		Formula.addClause(posLit(Var), negLit(RightSubVar));

// Visit the sub-values of `Val`.		// Visit the sub-values of `Val`.
UnprocessedSubVals.push(&D->getLeftSubValue());		UnprocessedSubVals.push(&D->getLeftSubValue());
UnprocessedSubVals.push(&D->getRightSubValue());		UnprocessedSubVals.push(&D->getRightSubValue());
		}
} else if (auto *N = dyn_cast<NegationValue>(Val)) {		} else if (auto *N = dyn_cast<NegationValue>(Val)) {
const Variable SubVar = GetVar(&N->getSubVal());		const Variable SubVar = GetVar(&N->getSubVal());

// `X <=> !Y` is equivalent to `(!X v !Y) ^ (X v Y)` which is already in		// `X <=> !Y` is equivalent to `(!X v !Y) ^ (X v Y)` which is already in
// conjunctive normal form. Below we add each of the conjuncts of the		// conjunctive normal form. Below we add each of the conjuncts of the
// latter expression to the result.		// latter expression to the result.
Formula.addClause(negLit(Var), negLit(SubVar));		Formula.addClause(negLit(Var), negLit(SubVar));
Formula.addClause(posLit(Var), posLit(SubVar));		Formula.addClause(posLit(Var), posLit(SubVar));
▲ Show 20 Lines • Show All 345 Lines • Show Last 20 Lines

clang/unittests/Analysis/FlowSensitive/SolverTest.cpp

Show First 20 Lines • Show All 114 Lines • ▼ Show 20 Lines	TEST(SolverTest, NegatedConjunction) {
auto Y = Ctx.atom();		auto Y = Ctx.atom();
auto XAndY = Ctx.conj(X, Y);		auto XAndY = Ctx.conj(X, Y);
auto NotXAndY = Ctx.neg(XAndY);		auto NotXAndY = Ctx.neg(XAndY);

// !(X ^ Y) ^ (X ^ Y)		// !(X ^ Y) ^ (X ^ Y)
expectUnsatisfiable(solve({NotXAndY, XAndY}));		expectUnsatisfiable(solve({NotXAndY, XAndY}));
}		}

TEST(SolverTest, DisjunctionSameVars) {		TEST(SolverTest, DisjunctionSameVarWithNegation) {
ConstraintContext Ctx;		ConstraintContext Ctx;
auto X = Ctx.atom();		auto X = Ctx.atom();
auto NotX = Ctx.neg(X);		auto NotX = Ctx.neg(X);
auto XOrNotX = Ctx.disj(X, NotX);		auto XOrNotX = Ctx.disj(X, NotX);

// X v !X		// X v !X
expectSatisfiable(solve({XOrNotX}), _);		expectSatisfiable(solve({XOrNotX}), _);
}		}

		TEST(SolverTest, DisjunctionSameVar) {
		ConstraintContext Ctx;
		auto X = Ctx.atom();
		auto XOrX = Ctx.disj(X, X);

		// X v X
		expectSatisfiable(solve({XOrX}), _);
		}

TEST(SolverTest, ConjunctionSameVarsConflict) {		TEST(SolverTest, ConjunctionSameVarsConflict) {
ConstraintContext Ctx;		ConstraintContext Ctx;
auto X = Ctx.atom();		auto X = Ctx.atom();
auto NotX = Ctx.neg(X);		auto NotX = Ctx.neg(X);
auto XAndNotX = Ctx.conj(X, NotX);		auto XAndNotX = Ctx.conj(X, NotX);

// X ^ !X		// X ^ !X
expectUnsatisfiable(solve({XAndNotX}));		expectUnsatisfiable(solve({XAndNotX}));
}		}

		TEST(SolverTest, ConjunctionSameVar) {
		ConstraintContext Ctx;
		auto X = Ctx.atom();
		auto XAndX = Ctx.conj(X, X);

		// X ^ X
		expectSatisfiable(solve({XAndX}), _);
		}

TEST(SolverTest, PureVar) {		TEST(SolverTest, PureVar) {
ConstraintContext Ctx;		ConstraintContext Ctx;
auto X = Ctx.atom();		auto X = Ctx.atom();
auto Y = Ctx.atom();		auto Y = Ctx.atom();
auto NotX = Ctx.neg(X);		auto NotX = Ctx.neg(X);
auto NotXOrY = Ctx.disj(NotX, Y);		auto NotXOrY = Ctx.disj(NotX, Y);
auto NotY = Ctx.neg(Y);		auto NotY = Ctx.neg(Y);
auto NotXOrNotY = Ctx.disj(NotX, NotY);		auto NotXOrNotY = Ctx.disj(NotX, NotY);
▲ Show 20 Lines • Show All 143 Lines • Show Last 20 Lines