This is an archive of the discontinued LLVM Phabricator instance.

Differential D41938

[Analyzer] SValBuilder Comparison Rearrangement (with Restrictions and Analyzer Option)
ClosedPublic

Authored by baloghadamsoftware on Jan 11 2018, 1:44 AM.

Details

Reviewers
NoQ
dcoughlin
george.karpenkov
Commits
rG2bbccca9f75b: [Analyzer] SValBuilder Comparison Rearrangement (with Restrictions and Analyzer…
rC329780: [Analyzer] SValBuilder Comparison Rearrangement (with Restrictions and Analyzer…
rL329780: [Analyzer] SValBuilder Comparison Rearrangement (with Restrictions and Analyzer…
Summary

This patch is a "light" version of D35109:

Since the range-based constraint manager (default) is weak in handling comparisons where symbols are on both sides it is wise to rearrange them to have symbols only on the left side. Thus e.g. A + n >= B + m becomes A - B >= m - n which enables the constraint manager to store a range m - n .. MAX_VALUE for the symbolic expression A - B. This can be used later to check whether e.g. A + k == B + l can be true, which is also rearranged to A - B == l - k so the constraint manager can check whether l - k is in the range (thus greater than or equal to m - n).

The restriction in this version is the the rearrangement happens only if both the symbols and the concrete integers are within the range [min/4 .. max/4] where min and max are the minimal and maximal values of their type.

The rearrangement is not enabled by default. It has to be enabled by using -analyzer-config aggressive-relational-comparison-simplification=true.

Co-author of this patch is Artem Dergachev (NoQ).

Diff Detail

Repository
rL LLVM

Event Timeline

baloghadamsoftware created this revision.Jan 11 2018, 1:44 AM
Herald added subscribers: a.sidorin, szepet. · View Herald TranscriptJan 11 2018, 1:44 AM
baloghadamsoftware added a child revision: D35110: [Analyzer] Constraint Manager Negates Difference.Jan 11 2018, 2:11 AM
baloghadamsoftware mentioned this in D35110: [Analyzer] Constraint Manager Negates Difference.Jan 11 2018, 5:56 AM
baloghadamsoftware edited the summary of this revision. (Show Details)Jan 11 2018, 6:15 AM
baloghadamsoftware mentioned this in D32642: [Analyzer] Iterator Checker - Part 2: Increment, decrement operators and ahead-of-begin checks.Jan 11 2018, 6:48 AM
NoQ added a comment.Jan 17 2018, 10:16 AM

I think it'd be fine to do the rearrangement for additive ops without the option check, as we discussed. I.e., rearrange when it's either an additive op, or both the flag is set and the values are overflow-clamped. And remove the clamp checks (which are presumably heavy) for the additive ops, as they're not needed.

include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
591–596 ↗(On Diff #129406)

Fixed some typos:

/// Returns true if SValBuilder should rearrange comparisons of symbolic
/// expressions which consist of a sum of a symbol and a concrete integer
/// into the format where symbols are on the left-hand side and the integer is on the
/// right. This is only done if both concrete integers are greater than or equal to
/// the quarter of the minimum value of the type and less than or equal to the
/// quarter of the maximum value of that type.

(line breaks might need fixing)

test/Analysis/svalbuilder-rearrange-comparisons.c
5 ↗(On Diff #129406)

I guess you're not going to need the printState thing once these tests are settled down.

baloghadamsoftware updated this revision to Diff 130403.Jan 18 2018, 6:40 AM

Updated according to the comments.

baloghadamsoftware added a reviewer: george.karpenkov.Jan 18 2018, 6:41 AM
george.karpenkov added inline comments.Jan 18 2018, 1:16 PM
include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
597 ↗(On Diff #130403)

High level comment: can you list all rewriting rules you are applying in a formula explicitly in a comment?
From the phabricator discussion I see that you are applying

A + n >= B + m -> A - B >= n + m // A, B symbolic, n and m are integers

but from the code it seems that you are applying more canonicalization rules?

lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
317 ↗(On Diff #130403)

Can we have a better function name here? I can't think of one straight away, but "clamped" is not very self-descriptive. isWithinConstantOverflowBounds?

326 ↗(On Diff #130403)

Would just division produce the same result? Also probably it's better to make "4" a constant, at least with #define

330 ↗(On Diff #130403)

6 lines of branching is probably better expressed as

if (!isa<DefinedSVal>(IsCappedFromAbove) || State->assume(*dyn_cast<DefinedSVal>(IsCappedFromAbove), false))
   return false
337 ↗(On Diff #130403)

326-335 duplicates 338-346.
Perhaps we could have

static bool isCappedFrom(bool Above, llvm::APSInt bound, ...)

?

352 ↗(On Diff #130403)

Again, could we do better with a function name?

357 ↗(On Diff #130403)

I think you want

return (I <= Max) && (I >= -Max)

instead of 358-365

376 ↗(On Diff #130403)

Is it beneficial to do this though? At the point where decomposeSymbol is called we are still checking whether the rearrangement could be performed, so maybe just returning a false flag would be better?

403 ↗(On Diff #130403)

I think this is a separate rewrite, which is better performed in a separate function.
If you move it to decomposeSymbol or to a separate function, you would get a lot of simplifications:

  1. This function would be performing only a single rewrite.
  2. You would no longer need to take Lop and Rop as parameters
  3. At that point, two separate cases would be clearly seen: Op is a comparison operator, or Op is an additive operator.

I would separate those two rewrites in separate functions, distinguishing between them at the callsite.

429 ↗(On Diff #130403)

It seems that having a concrete positive RHS is a part of your rewrite rule. In that case, that should be documented in a high-level overview of the rewrite rules.

432 ↗(On Diff #130403)

I think this could be shortened and made more explicit by constructing the LHS and RHS first, and then reversing both and the comparison operator if RHS is negative.

472 ↗(On Diff #130403)

I am confused why the option shouldAggressivelySimplifyRelationalComparison is checked here. Do we rewrite cases where Op is additive even if the option is not checked? It's generally better to check the flag outside of the rearranging function, so that the high-level logic can be seen.

489 ↗(On Diff #130403)

This check is weird: you have just set SingleTy to ResultTy at line 477.
Instead of this whole if-block (from line 487), why not just set SingleTy above line 473. where you have already checked that the operator is performing comparison?

494 ↗(On Diff #130403)

I would also move this assert up, below line 481.

497 ↗(On Diff #130403)

this check should be inside the block at line 477, since it does not make sense for relational comparisons.

508 ↗(On Diff #130403)

Why isComparisonOp() check is done in 512-516, but not here? Additionally, can this check be factored out into a function?

774 ↗(On Diff #130403)

I would expect that checking the analyzer option would be performed here?

test/Analysis/svalbuilder-rearrange-comparisons.c
19 ↗(On Diff #130403)

assert would express intent better

28 ↗(On Diff #130403)

Can we also have integration-like tests where rearrangement would affect observable behavior?

Also, clang_analyzer_dump is a debugging function, and I am not sure whether we should rely on its output in tests.

baloghadamsoftware added a comment.Jan 24 2018, 6:52 AM

Thank you for your comments. Since the original author of this particular code is Artem, I think he will answer your questions.

NoQ added a comment.Jan 24 2018, 10:41 AM

George's style comments are usually super spot-on. Please feel free to improve my code. Also it was only written as a proof-of-concept because i failed to explain my approach with natural language, so it definitely needs polishing. I'd let you know when i disagree with anything :)

lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
472 ↗(On Diff #130403)

Do we rewrite cases where Op is additive even if the option is not checked?

Yes. Because for additive ops the presumably-expensive clamped-by-max/4 check is not necessary (and is indeed skipped below).

This should be documented though.

test/Analysis/svalbuilder-rearrange-comparisons.c
19 ↗(On Diff #130403)

Yeah, but it's also a bit more painful to write in tests (i.e. __builtin_assert() and macros).

28 ↗(On Diff #130403)

Yeah, this test would be painful to maintain if we change the dump output. I guess we definitely need more integration tests.

I still wish there were ways to write "this" sort of tests without relying on dumps. Eg.:

clang_analyzer_denote(x, "$x");
clang_analyzer_denote(y, "$y");
clang_analyzer_express(x == y); // expected-warning{{($x - $y) == 0}}

It should be easy to make an SValVisitor that does that.

Given how painful this would be to actually update these numerous tests, i'm fine with leaving a comment explaining the above, as a bit of technical debt - for anyone who would need to update them in the future.

We still need more integration tests though.

100 ↗(On Diff #130403)

This one, for instance, is essentially an integration test. You can easily replace the last dump with clang_analyzer_eval(x == y) and the test would still test the same thing. All tests here that expect a concrete integer in the last check should probably be just converted to clang_analyzer_eval tests.

baloghadamsoftware added inline comments.Mar 19 2018, 9:39 AM
lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
330 ↗(On Diff #130403)

SVal is not a pointer, so isa<>() and dyn_cast<>() does not work here.

376 ↗(On Diff #130403)

Failing to decompose a symbol does not mean the rearrangement could not be performed. If we have just A on the left side instead of A+m or A-m, then we regard it as A+0.

432 ↗(On Diff #130403)

Are you sure it would be shorter? Anyway, how to reverse a SymSymExpr?

baloghadamsoftware updated this revision to Diff 138954.Mar 19 2018, 9:39 AM

Updated according to the comments.

baloghadamsoftware marked 12 inline comments as done.Mar 19 2018, 9:44 AM
baloghadamsoftware added inline comments.
lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
326 ↗(On Diff #130403)

I changed it to division, but I am not sure if we a constant would be more readable here than 4.

337 ↗(On Diff #130403)

isInRelation(), because the opcode itself is passed instead of a bool.

NoQ accepted this revision.Mar 27 2018, 4:08 PM

This looks good with a super tiny nit regarding comments about signed integers. George, are you happy with the changes? (:

include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
675–677 ↗(On Diff #138954)

I believe that we should mention that the integers are signed.

lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
330 ↗(On Diff #130403)

.getAs<>() would have been similar, but i'm not fond of double checks either.

429 ↗(On Diff #130403)

That's an invariant that we're maintaining in other places as well.

774 ↗(On Diff #130403)

Nope, not yet. The flag is only for range-checked rearrangements.

This revision is now accepted and ready to land.Mar 27 2018, 4:08 PM
baloghadamsoftware updated this revision to Diff 140061.Mar 28 2018, 3:45 AM
baloghadamsoftware marked an inline comment as done.

Comment fixed.

baloghadamsoftware marked an inline comment as done.Mar 28 2018, 3:47 AM
baloghadamsoftware added inline comments.
include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
675–677 ↗(On Diff #138954)

Also the symbols were forgotten. They must be in the range as well and must also be signed integers.

baloghadamsoftware marked an inline comment as done.Apr 9 2018, 1:32 AM

George or Devin, please accept it or give me some feedback if not. Since this patch affects the core infrastructure I think it is wise to merge it only if at least two of you have accepted it. Artem is one, I need a second one as well.

george.karpenkov accepted this revision.Apr 9 2018, 10:51 AM

LGTM. Sorry for the delay, I thought that a single acceptance was sufficient.

Closed by commit rL329780: [Analyzer] SValBuilder Comparison Rearrangement (with Restrictions and Analyzer… (authored by baloghadamsoftware). · Explain WhyApr 10 2018, 11:25 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptApr 10 2018, 11:25 PM
NoQ added a comment.Apr 11 2018, 3:32 PM

We've found a crash on our internal buildbot, would you like to have a look?:

$ cat repro.c

int foo(int x, int y) {
  short a = x - 1U;
  return a - y;
}

$ clang -cc1 -analyze -analyzer-checker=core repro.c

Assertion failed: (APSIntType(LInt) == BV.getAPSIntType(SymTy) && "Integers are not of the same type as symbols!"), function doRearrangeUnchecked, file /Users/adergachev/llvm/tools/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp, line 383.

1U can be replaced with 1L or 1UL.

NoQ added a comment.Jul 18 2018, 3:57 PM

There are still performance regressions coming in, and this time it doesn't look like it's my fault: https://bugs.llvm.org/show_bug.cgi?id=38208

I suspect that this might be because we aren't enforcing complexity thresholds over all the symbols we're constructing, but that's not certain, we need to get to the bottom of it some day.

I suggest reverting the patch or putting it behind an off-by-default flag until we debug these cases.

Herald added a subscriber: mikhail.ramalho. · View Herald TranscriptJul 18 2018, 3:57 PM
baloghadamsoftware added a comment.Jul 18 2018, 11:57 PM
In D41938#1167313, @NoQ wrote:

There are still performance regressions coming in, and this time it doesn't look like it's my fault: https://bugs.llvm.org/show_bug.cgi?id=38208

I suspect that this might be because we aren't enforcing complexity thresholds over all the symbols we're constructing, but that's not certain, we need to get to the bottom of it some day.

I suggest reverting the patch or putting it behind an off-by-default flag until we debug these cases.

The flag is off by default. Except the rearrangement of additive operations. Should we put it also behind the flag?

baloghadamsoftware added a comment.Jul 19 2018, 3:32 AM
In D41938#1167639, @baloghadamsoftware wrote:

The flag is off by default. Except the rearrangement of additive operations. Should we put it also behind the flag?

I did it as a temporary quick fix: D49536.

baloghadamsoftware mentioned this in D55051: [Analyzer] [HOTFIX!] SValBuilder crash when `aggressive-binary-operation-simplification` enabled.Nov 29 2018, 1:54 AM
baloghadamsoftware mentioned this in rC347981: lyzer] [HOTFIX!] SValBuilder crash when `aggressive-binary-operation….Nov 30 2018, 2:40 AM
baloghadamsoftware mentioned this in rL347981: lyzer] [HOTFIX!] SValBuilder crash when `aggressive-binary-operation….Nov 30 2018, 2:48 AM
baloghadamsoftware mentioned this in rL348362: [Analyzer] [HOTFIX!] SValBuilder crash when `aggressive-binary-operation….Dec 5 2018, 5:21 AM

Revision Contents

PathSize
cfe/
trunk/
include/
clang/
StaticAnalyzer/
Core/
17 lines
lib/
StaticAnalyzer/
Core/
8 lines
191 lines
test/
Analysis/
86 lines
2 lines
931 lines

Diff 141952

cfe/trunk/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h

Show First 20 LinesShow All 306 Lines▼ Show 20 Linesprivate:
Optional<bool> WidenLoops; Optional<bool> WidenLoops;
/// \sa shouldUnrollLoops /// \sa shouldUnrollLoops
Optional<bool> UnrollLoops; Optional<bool> UnrollLoops;
/// \sa shouldDisplayNotesAsEvents /// \sa shouldDisplayNotesAsEvents
Optional<bool> DisplayNotesAsEvents; Optional<bool> DisplayNotesAsEvents;
/// \sa shouldAggressivelySimplifyRelationalComparison
Optional<bool> AggressiveRelationalComparisonSimplification;
/// \sa getCTUDir /// \sa getCTUDir
Optional<StringRef> CTUDir; Optional<StringRef> CTUDir;
/// \sa getCTUIndexName /// \sa getCTUIndexName
Optional<StringRef> CTUIndexName; Optional<StringRef> CTUIndexName;
/// \sa naiveCTUEnabled /// \sa naiveCTUEnabled
Optional<bool> NaiveCTU; Optional<bool> NaiveCTU;
▲ Show 20 LinesShow All 338 Lines▼ Show 20 Linespublic:
/// Returns true if the bug reporter should transparently treat extra note /// Returns true if the bug reporter should transparently treat extra note
/// diagnostic pieces as event diagnostic pieces. Useful when the diagnostic /// diagnostic pieces as event diagnostic pieces. Useful when the diagnostic
/// consumer doesn't support the extra note pieces. /// consumer doesn't support the extra note pieces.
/// ///
/// This is controlled by the 'extra-notes-as-events' option, which defaults /// This is controlled by the 'extra-notes-as-events' option, which defaults
/// to false when unset. /// to false when unset.
bool shouldDisplayNotesAsEvents(); bool shouldDisplayNotesAsEvents();
/// Returns true if SValBuilder should rearrange comparisons of symbolic
/// expressions which consist of a sum of a symbol and a concrete integer
/// into the format where symbols are on the left-hand side and the integer
/// is on the right. This is only done if both symbols and both concrete
/// integers are signed, greater than or equal to the quarter of the minimum
/// value of the type and less than or equal to the quarter of the maximum
/// value of that type.
///
/// A + n <REL> B + m becomes A - B <REL> m - n, where A and B symbolic,
/// n and m are integers. <REL> is any of '==', '!=', '<', '<=', '>' or '>='.
/// The rearrangement also happens with '-' instead of '+' on either or both
/// side and also if any or both integers are missing.
bool shouldAggressivelySimplifyRelationalComparison();
/// Returns the directory containing the CTU related files. /// Returns the directory containing the CTU related files.
StringRef getCTUDir(); StringRef getCTUDir();
/// Returns the name of the file containing the CTU index of functions. /// Returns the name of the file containing the CTU index of functions.
StringRef getCTUIndexName(); StringRef getCTUIndexName();
/// Returns true when naive cross translation unit analysis is enabled. /// Returns true when naive cross translation unit analysis is enabled.
/// This is an experimental feature to inline functions from another /// This is an experimental feature to inline functions from another
Show All 9 Lines

cfe/trunk/lib/StaticAnalyzer/Core/AnalyzerOptions.cpp

Show First 20 LinesShow All 439 Lines▼ Show 20 Lines
bool AnalyzerOptions::shouldDisplayNotesAsEvents() { bool AnalyzerOptions::shouldDisplayNotesAsEvents() {
if (!DisplayNotesAsEvents.hasValue()) if (!DisplayNotesAsEvents.hasValue())
DisplayNotesAsEvents = DisplayNotesAsEvents =
getBooleanOption("notes-as-events", /*Default=*/false); getBooleanOption("notes-as-events", /*Default=*/false);
return DisplayNotesAsEvents.getValue(); return DisplayNotesAsEvents.getValue();
} }
bool AnalyzerOptions::shouldAggressivelySimplifyRelationalComparison() {
if (!AggressiveRelationalComparisonSimplification.hasValue())
AggressiveRelationalComparisonSimplification =
getBooleanOption("aggressive-relational-comparison-simplification",
/*Default=*/false);
return AggressiveRelationalComparisonSimplification.getValue();
}
StringRef AnalyzerOptions::getCTUDir() { StringRef AnalyzerOptions::getCTUDir() {
if (!CTUDir.hasValue()) { if (!CTUDir.hasValue()) {
CTUDir = getOptionAsString("ctu-dir", ""); CTUDir = getOptionAsString("ctu-dir", "");
if (!llvm::sys::fs::is_directory(*CTUDir)) if (!llvm::sys::fs::is_directory(*CTUDir))
CTUDir = ""; CTUDir = "";
} }
return CTUDir.getValue(); return CTUDir.getValue();
} }
Show All 14 Lines

cfe/trunk/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp

// SimpleSValBuilder.cpp - A basic SValBuilder -----------------------*- C++ -*- // SimpleSValBuilder.cpp - A basic SValBuilder -----------------------*- C++ -*-
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file defines SimpleSValBuilder, a basic implementation of SValBuilder. // This file defines SimpleSValBuilder, a basic implementation of SValBuilder.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h" #include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
namespace { namespace {
class SimpleSValBuilder : public SValBuilder { class SimpleSValBuilder : public SValBuilder {
protected: protected:
▲ Show 20 LinesShow All 277 Lines▼ Show 20 Lines if (ValWidth < TypeWidth) {
ConvertedRHS = &BasicVals.Convert(SymbolType, RHS); ConvertedRHS = &BasicVals.Convert(SymbolType, RHS);
} }
} else } else
ConvertedRHS = &BasicVals.Convert(resultTy, RHS); ConvertedRHS = &BasicVals.Convert(resultTy, RHS);
return makeNonLoc(LHS, op, *ConvertedRHS, resultTy); return makeNonLoc(LHS, op, *ConvertedRHS, resultTy);
} }
// See if Sym is known to be a relation Rel with Bound.
static bool isInRelation(BinaryOperator::Opcode Rel, SymbolRef Sym,
llvm::APSInt Bound, ProgramStateRef State) {
SValBuilder &SVB = State->getStateManager().getSValBuilder();
SVal Result =
SVB.evalBinOpNN(State, Rel, nonloc::SymbolVal(Sym),
nonloc::ConcreteInt(Bound), SVB.getConditionType());
if (auto DV = Result.getAs<DefinedSVal>()) {
return !State->assume(*DV, false);
}
return false;
}
// See if Sym is known to be within [min/4, max/4], where min and max
// are the bounds of the symbol's integral type. With such symbols,
// some manipulations can be performed without the risk of overflow.
// assume() doesn't cause infinite recursion because we should be dealing
// with simpler symbols on every recursive call.
static bool isWithinConstantOverflowBounds(SymbolRef Sym,
ProgramStateRef State) {
SValBuilder &SVB = State->getStateManager().getSValBuilder();
BasicValueFactory &BV = SVB.getBasicValueFactory();
QualType T = Sym->getType();
assert(T->isSignedIntegerOrEnumerationType() &&
"This only works with signed integers!");
APSIntType AT = BV.getAPSIntType(T);
llvm::APSInt Max = AT.getMaxValue() / AT.getValue(4), Min = -Max;
return isInRelation(BO_LE, Sym, Max, State) &&
isInRelation(BO_GE, Sym, Min, State);
}
// Same for the concrete integers: see if I is within [min/4, max/4].
static bool isWithinConstantOverflowBounds(llvm::APSInt I) {
APSIntType AT(I);
assert(!AT.isUnsigned() &&
"This only works with signed integers!");
llvm::APSInt Max = AT.getMaxValue() / AT.getValue(4), Min = -Max;
return (I <= Max) && (I >= -Max);
}
static std::pair<SymbolRef, llvm::APSInt>
decomposeSymbol(SymbolRef Sym, BasicValueFactory &BV) {
if (const auto *SymInt = dyn_cast<SymIntExpr>(Sym))
if (BinaryOperator::isAdditiveOp(SymInt->getOpcode()))
return std::make_pair(SymInt->getLHS(),
(SymInt->getOpcode() == BO_Add) ?
(SymInt->getRHS()) :
(-SymInt->getRHS()));
// Fail to decompose: "reduce" the problem to the "$x + 0" case.
return std::make_pair(Sym, BV.getValue(0, Sym->getType()));
}
// Simplify "(LSym + LInt) Op (RSym + RInt)" assuming all values are of the
// same signed integral type and no overflows occur (which should be checked
// by the caller).
static NonLoc doRearrangeUnchecked(ProgramStateRef State,
BinaryOperator::Opcode Op,
SymbolRef LSym, llvm::APSInt LInt,
SymbolRef RSym, llvm::APSInt RInt) {
SValBuilder &SVB = State->getStateManager().getSValBuilder();
BasicValueFactory &BV = SVB.getBasicValueFactory();
SymbolManager &SymMgr = SVB.getSymbolManager();
QualType SymTy = LSym->getType();
assert(SymTy == RSym->getType() &&
"Symbols are not of the same type!");
assert(APSIntType(LInt) == BV.getAPSIntType(SymTy) &&
"Integers are not of the same type as symbols!");
assert(APSIntType(RInt) == BV.getAPSIntType(SymTy) &&
"Integers are not of the same type as symbols!");
QualType ResultTy;
if (BinaryOperator::isComparisonOp(Op))
ResultTy = SVB.getConditionType();
else if (BinaryOperator::isAdditiveOp(Op))
ResultTy = SymTy;
else
llvm_unreachable("Operation not suitable for unchecked rearrangement!");
// FIXME: Can we use assume() without getting into an infinite recursion?
if (LSym == RSym)
return SVB.evalBinOpNN(State, Op, nonloc::ConcreteInt(LInt),
nonloc::ConcreteInt(RInt), ResultTy)
.castAs<NonLoc>();
SymbolRef ResultSym = nullptr;
BinaryOperator::Opcode ResultOp;
llvm::APSInt ResultInt;
if (BinaryOperator::isComparisonOp(Op)) {
// Prefer comparing to a non-negative number.
// FIXME: Maybe it'd be better to have consistency in
// "$x - $y" vs. "$y - $x" because those are solver's keys.
if (LInt > RInt) {
ResultSym = SymMgr.getSymSymExpr(RSym, BO_Sub, LSym, SymTy);
ResultOp = BinaryOperator::reverseComparisonOp(Op);
ResultInt = LInt - RInt; // Opposite order!
} else {
ResultSym = SymMgr.getSymSymExpr(LSym, BO_Sub, RSym, SymTy);
ResultOp = Op;
ResultInt = RInt - LInt; // Opposite order!
}
} else {
ResultSym = SymMgr.getSymSymExpr(LSym, Op, RSym, SymTy);
ResultInt = (Op == BO_Add) ? (LInt + RInt) : (LInt - RInt);
ResultOp = BO_Add;
// Bring back the cosmetic difference.
if (ResultInt < 0) {
ResultInt = -ResultInt;
ResultOp = BO_Sub;
} else if (ResultInt == 0) {
// Shortcut: Simplify "$x + 0" to "$x".
return nonloc::SymbolVal(ResultSym);
}
}
const llvm::APSInt &PersistentResultInt = BV.getValue(ResultInt);
return nonloc::SymbolVal(
SymMgr.getSymIntExpr(ResultSym, ResultOp, PersistentResultInt, ResultTy));
}
// Rearrange if symbol type matches the result type and if the operator is a
// comparison operator, both symbol and constant must be within constant
// overflow bounds.
static bool shouldRearrange(ProgramStateRef State, BinaryOperator::Opcode Op,
SymbolRef Sym, llvm::APSInt Int, QualType Ty) {
return Sym->getType() == Ty &&
(!BinaryOperator::isComparisonOp(Op) ||
(isWithinConstantOverflowBounds(Sym, State) &&
isWithinConstantOverflowBounds(Int)));
}
static Optional<NonLoc> tryRearrange(ProgramStateRef State,
BinaryOperator::Opcode Op, NonLoc Lhs,
NonLoc Rhs, QualType ResultTy) {
ProgramStateManager &StateMgr = State->getStateManager();
SValBuilder &SVB = StateMgr.getSValBuilder();
// We expect everything to be of the same type - this type.
QualType SingleTy;
auto &Opts =
StateMgr.getOwningEngine()->getAnalysisManager().getAnalyzerOptions();
SymbolRef LSym = Lhs.getAsSymbol();
if (!LSym)
return None;
// Always rearrange additive operations but rearrange comparisons only if
// option is set.
if (BinaryOperator::isComparisonOp(Op) &&
Opts.shouldAggressivelySimplifyRelationalComparison()) {
SingleTy = LSym->getType();
if (ResultTy != SVB.getConditionType())
return None;
// Initialize SingleTy later with a symbol's type.
} else if (BinaryOperator::isAdditiveOp(Op)) {
SingleTy = ResultTy;
// Substracting unsigned integers is a nightmare.
if (!SingleTy->isSignedIntegerOrEnumerationType())
return None;
} else {
// Don't rearrange other operations.
return None;
}
assert(!SingleTy.isNull() && "We should have figured out the type by now!");
SymbolRef RSym = Rhs.getAsSymbol();
if (!RSym || RSym->getType() != SingleTy)
return None;
BasicValueFactory &BV = State->getBasicVals();
llvm::APSInt LInt, RInt;
std::tie(LSym, LInt) = decomposeSymbol(LSym, BV);
std::tie(RSym, RInt) = decomposeSymbol(RSym, BV);
if (!shouldRearrange(State, Op, LSym, LInt, SingleTy) ||
!shouldRearrange(State, Op, RSym, RInt, SingleTy))
return None;
// We know that no overflows can occur anymore.
return doRearrangeUnchecked(State, Op, LSym, LInt, RSym, RInt);
}
SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state,
BinaryOperator::Opcode op, BinaryOperator::Opcode op,
NonLoc lhs, NonLoc rhs, NonLoc lhs, NonLoc rhs,
QualType resultTy) { QualType resultTy) {
NonLoc InputLHS = lhs; NonLoc InputLHS = lhs;
NonLoc InputRHS = rhs; NonLoc InputRHS = rhs;
// Handle trivial case where left-side and right-side are the same. // Handle trivial case where left-side and right-side are the same.
▲ Show 20 LinesShow All 236 Lines▼ Show 20 Lines case nonloc::SymbolValKind: {
lhs = *simplifiedLhsAsNonLoc; lhs = *simplifiedLhsAsNonLoc;
continue; continue;
} }
// Is the RHS a constant? // Is the RHS a constant?
if (const llvm::APSInt *RHSValue = getKnownValue(state, rhs)) if (const llvm::APSInt *RHSValue = getKnownValue(state, rhs))
return MakeSymIntVal(Sym, op, *RHSValue, resultTy); return MakeSymIntVal(Sym, op, *RHSValue, resultTy);
if (Optional<NonLoc> V = tryRearrange(state, op, lhs, rhs, resultTy))
return *V;
// Give up -- this is not a symbolic expression we can handle. // Give up -- this is not a symbolic expression we can handle.
return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy); return makeSymExprValNN(state, op, InputLHS, InputRHS, resultTy);
} }
} }
} }
} }
static SVal evalBinOpFieldRegionFieldRegion(const FieldRegion *LeftFR, static SVal evalBinOpFieldRegionFieldRegion(const FieldRegion *LeftFR,
▲ Show 20 LinesShow All 524 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/conditional-path-notes.c

Show First 20 LinesShow All 72 Lines▼ Show 20 Lines if (a && b) {
*(volatile int *)0 = 1; // expected-warning{{Dereference of null pointer}} *(volatile int *)0 = 1; // expected-warning{{Dereference of null pointer}}
// expected-note@-1 {{Dereference of null pointer}} // expected-note@-1 {{Dereference of null pointer}}
} }
} }
void testNonDiagnosableBranchArithmetic(int a, int b) { void testNonDiagnosableBranchArithmetic(int a, int b) {
if (a - b) { if (a - b) {
// expected-note@-1 {{Taking true branch}} // expected-note@-1 {{Taking true branch}}
// expected-note@-2 {{Assuming the condition is true}}
*(volatile int *)0 = 1; // expected-warning{{Dereference of null pointer}} *(volatile int *)0 = 1; // expected-warning{{Dereference of null pointer}}
// expected-note@-1 {{Dereference of null pointer}} // expected-note@-1 {{Dereference of null pointer}}
} }
} }
// CHECK: <key>diagnostics</key> // CHECK: <key>diagnostics</key>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
▲ Show 20 LinesShow All 1,479 Lines▼ Show 20 Lines
// CHECK-NEXT: <key>line</key><integer>79</integer> // CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>4</integer> // CHECK-NEXT: <key>col</key><integer>4</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: <key>end</key> // CHECK-NEXT: <key>end</key>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>7</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>7</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: </array>
// CHECK-NEXT: </dict>
// CHECK-NEXT: </array>
// CHECK-NEXT: </dict>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>kind</key><string>event</string>
// CHECK-NEXT: <key>location</key>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>7</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: <key>ranges</key>
// CHECK-NEXT: <array>
// CHECK-NEXT: <array>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>7</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>11</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: </array>
// CHECK-NEXT: </array>
// CHECK-NEXT: <key>depth</key><integer>0</integer>
// CHECK-NEXT: <key>extended_message</key>
// CHECK-NEXT: <string>Assuming the condition is true</string>
// CHECK-NEXT: <key>message</key>
// CHECK-NEXT: <string>Assuming the condition is true</string>
// CHECK-NEXT: </dict>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>kind</key><string>control</string>
// CHECK-NEXT: <key>edges</key>
// CHECK-NEXT: <array>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>start</key>
// CHECK-NEXT: <array>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>7</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>79</integer>
// CHECK-NEXT: <key>col</key><integer>7</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict>
// CHECK-NEXT: </array>
// CHECK-NEXT: <key>end</key>
// CHECK-NEXT: <array>
// CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>5</integer> // CHECK-NEXT: <key>col</key><integer>5</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>5</integer> // CHECK-NEXT: <key>col</key><integer>5</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>kind</key><string>control</string> // CHECK-NEXT: <key>kind</key><string>control</string>
// CHECK-NEXT: <key>edges</key> // CHECK-NEXT: <key>edges</key>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>start</key> // CHECK-NEXT: <key>start</key>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>5</integer> // CHECK-NEXT: <key>col</key><integer>5</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>5</integer> // CHECK-NEXT: <key>col</key><integer>5</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: <key>end</key> // CHECK-NEXT: <key>end</key>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>24</integer> // CHECK-NEXT: <key>col</key><integer>24</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>24</integer> // CHECK-NEXT: <key>col</key><integer>24</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>kind</key><string>event</string> // CHECK-NEXT: <key>kind</key><string>event</string>
// CHECK-NEXT: <key>location</key> // CHECK-NEXT: <key>location</key>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>24</integer> // CHECK-NEXT: <key>col</key><integer>24</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <key>ranges</key> // CHECK-NEXT: <key>ranges</key>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <array> // CHECK-NEXT: <array>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>5</integer> // CHECK-NEXT: <key>col</key><integer>5</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>26</integer> // CHECK-NEXT: <key>col</key><integer>26</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: <key>depth</key><integer>0</integer> // CHECK-NEXT: <key>depth</key><integer>0</integer>
// CHECK-NEXT: <key>extended_message</key> // CHECK-NEXT: <key>extended_message</key>
// CHECK-NEXT: <string>Dereference of null pointer</string> // CHECK-NEXT: <string>Dereference of null pointer</string>
// CHECK-NEXT: <key>message</key> // CHECK-NEXT: <key>message</key>
// CHECK-NEXT: <string>Dereference of null pointer</string> // CHECK-NEXT: <string>Dereference of null pointer</string>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: <key>description</key><string>Dereference of null pointer</string> // CHECK-NEXT: <key>description</key><string>Dereference of null pointer</string>
// CHECK-NEXT: <key>category</key><string>Logic error</string> // CHECK-NEXT: <key>category</key><string>Logic error</string>
// CHECK-NEXT: <key>type</key><string>Dereference of null pointer</string> // CHECK-NEXT: <key>type</key><string>Dereference of null pointer</string>
// CHECK-NEXT: <key>check_name</key><string>core.NullDereference</string> // CHECK-NEXT: <key>check_name</key><string>core.NullDereference</string>
// CHECK-NEXT: <!-- This hash is experimental and going to change! --> // CHECK-NEXT: <!-- This hash is experimental and going to change! -->
// CHECK-NEXT: <key>issue_hash_content_of_line_in_context</key><string>f56671e5f67c73abef619b56f7c29fa4</string> // CHECK-NEXT: <key>issue_hash_content_of_line_in_context</key><string>f56671e5f67c73abef619b56f7c29fa4</string>
// CHECK-NEXT: <key>issue_context_kind</key><string>function</string> // CHECK-NEXT: <key>issue_context_kind</key><string>function</string>
// CHECK-NEXT: <key>issue_context</key><string>testNonDiagnosableBranchArithmetic</string> // CHECK-NEXT: <key>issue_context</key><string>testNonDiagnosableBranchArithmetic</string>
// CHECK-NEXT: <key>issue_hash_function_offset</key><string>3</string> // CHECK-NEXT: <key>issue_hash_function_offset</key><string>4</string>
// CHECK-NEXT: <key>location</key> // CHECK-NEXT: <key>location</key>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>81</integer> // CHECK-NEXT: <key>line</key><integer>82</integer>
// CHECK-NEXT: <key>col</key><integer>24</integer> // CHECK-NEXT: <key>col</key><integer>24</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>

cfe/trunk/test/Analysis/explain-svals.cpp

Show First 20 LinesShow All 63 Lines▼ Show 20 Linesvoid test_3(S s) {
} }
} }
void test_4(int x, int y) { void test_4(int x, int y) {
int z; int z;
static int stat; static int stat;
clang_analyzer_explain(x + 1); // expected-warning-re{{{{^\(argument 'x'\) \+ 1$}}}} clang_analyzer_explain(x + 1); // expected-warning-re{{{{^\(argument 'x'\) \+ 1$}}}}
clang_analyzer_explain(1 + y); // expected-warning-re{{{{^\(argument 'y'\) \+ 1$}}}} clang_analyzer_explain(1 + y); // expected-warning-re{{{{^\(argument 'y'\) \+ 1$}}}}
clang_analyzer_explain(x + y); // expected-warning-re{{{{^unknown value$}}}} clang_analyzer_explain(x + y); // expected-warning-re{{{{^\(argument 'x'\) \+ \(argument 'y'\)$}}}}
clang_analyzer_explain(z); // expected-warning-re{{{{^undefined value$}}}} clang_analyzer_explain(z); // expected-warning-re{{{{^undefined value$}}}}
clang_analyzer_explain(&z); // expected-warning-re{{{{^pointer to local variable 'z'$}}}} clang_analyzer_explain(&z); // expected-warning-re{{{{^pointer to local variable 'z'$}}}}
clang_analyzer_explain(stat); // expected-warning-re{{{{^signed 32-bit integer '0'$}}}} clang_analyzer_explain(stat); // expected-warning-re{{{{^signed 32-bit integer '0'$}}}}
clang_analyzer_explain(&stat); // expected-warning-re{{{{^pointer to static local variable 'stat'$}}}} clang_analyzer_explain(&stat); // expected-warning-re{{{{^pointer to static local variable 'stat'$}}}}
clang_analyzer_explain(stat_glob); // expected-warning-re{{{{^initial value of global variable 'stat_glob'$}}}} clang_analyzer_explain(stat_glob); // expected-warning-re{{{{^initial value of global variable 'stat_glob'$}}}}
clang_analyzer_explain(&stat_glob); // expected-warning-re{{{{^pointer to global variable 'stat_glob'$}}}} clang_analyzer_explain(&stat_glob); // expected-warning-re{{{{^pointer to global variable 'stat_glob'$}}}}
clang_analyzer_explain((int[]){1, 2, 3}); // expected-warning-re{{{{^pointer to element of type 'int' with index 0 of temporary object constructed at statement '\(int \[3\]\)\{1, 2, 3\}'$}}}} clang_analyzer_explain((int[]){1, 2, 3}); // expected-warning-re{{{{^pointer to element of type 'int' with index 0 of temporary object constructed at statement '\(int \[3\]\)\{1, 2, 3\}'$}}}}
} }
Show All 18 Lines

cfe/trunk/test/Analysis/svalbuilder-rearrange-comparisons.c

// RUN: %clang_analyze_cc1 -analyzer-checker=debug.ExprInspection,core.builtin -analyzer-config aggressive-relational-comparison-simplification=true -verify %s
void clang_analyzer_dump(int x);
void clang_analyzer_eval(int x);
void exit(int);
#define UINT_MAX (~0U)
#define INT_MAX (UINT_MAX & (UINT_MAX >> 1))
extern void __assert_fail (__const char *__assertion, __const char *__file,
unsigned int __line, __const char *__function)
__attribute__ ((__noreturn__));
#define assert(expr) \
((expr) ? (void)(0) : __assert_fail (#expr, __FILE__, __LINE__, __func__))
int g();
int f() {
int x = g();
// Assert that no overflows occur in this test file.
// Assuming that concrete integers are also within that range.
assert(x <= ((int)INT_MAX / 4));
assert(x >= -((int)INT_MAX / 4));
return x;
}
void compare_different_symbol_equal() {
int x = f(), y = f();
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 0}}
}
void compare_different_symbol_plus_left_int_equal() {
int x = f()+1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 1}}
}
void compare_different_symbol_minus_left_int_equal() {
int x = f()-1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 1}}
}
void compare_different_symbol_plus_right_int_equal() {
int x = f(), y = f()+2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 2}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 2}}
}
void compare_different_symbol_minus_right_int_equal() {
int x = f(), y = f()-2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 2}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 2}}
}
void compare_different_symbol_plus_left_plus_right_int_equal() {
int x = f()+2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 1}}
}
void compare_different_symbol_plus_left_minus_right_int_equal() {
int x = f()+2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 3}}
}
void compare_different_symbol_minus_left_plus_right_int_equal() {
int x = f()-2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 3}}
}
void compare_different_symbol_minus_left_minus_right_int_equal() {
int x = f()-2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 1}}
}
void compare_same_symbol_equal() {
int x = f(), y = x;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_int_equal() {
int x = f(), y = x;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_int_equal() {
int x = f(), y = x;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_right_int_equal() {
int x = f(), y = x+1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_right_int_equal() {
int x = f(), y = x-1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_plus_right_int_equal() {
int x = f(), y = x+1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_minus_right_int_equal() {
int x = f(), y = x-1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_plus_right_int_equal() {
int x = f(), y = x+1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_minus_right_int_equal() {
int x = f(), y = x-1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{TRUE}}
}
void compare_different_symbol_less_or_equal() {
int x = f(), y = f();
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 0}}
}
void compare_different_symbol_plus_left_int_less_or_equal() {
int x = f()+1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 1}}
}
void compare_different_symbol_minus_left_int_less_or_equal() {
int x = f()-1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 1}}
}
void compare_different_symbol_plus_right_int_less_or_equal() {
int x = f(), y = f()+2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 2}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 2}}
}
void compare_different_symbol_minus_right_int_less_or_equal() {
int x = f(), y = f()-2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 2}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 2}}
}
void compare_different_symbol_plus_left_plus_right_int_less_or_equal() {
int x = f()+2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 1}}
}
void compare_different_symbol_plus_left_minus_right_int_less_or_equal() {
int x = f()+2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 3}}
}
void compare_different_symbol_minus_left_plus_right_int_less_or_equal() {
int x = f()-2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 3}}
}
void compare_different_symbol_minus_left_minus_right_int_less_or_equal() {
int x = f()-2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 1}}
}
void compare_same_symbol_less_or_equal() {
int x = f(), y = x;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_int_less_or_equal() {
int x = f(), y = x;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_int_less_or_equal() {
int x = f(), y = x;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_right_int_less_or_equal() {
int x = f(), y = x+1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_minus_right_int_less_or_equal() {
int x = f(), y = x-1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_plus_right_int_less_or_equal() {
int x = f(), y = x+1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_minus_right_int_less_or_equal() {
int x = f(), y = x-1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_plus_right_int_less_or_equal() {
int x = f(), y = x+1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_minus_left_minus_right_int_less_or_equal() {
int x = f(), y = x-1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_different_symbol_less() {
int x = f(), y = f();
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 0}}
}
void compare_different_symbol_plus_left_int_less() {
int x = f()+1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 1}}
}
void compare_different_symbol_minus_left_int_less() {
int x = f()-1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 1}}
}
void compare_different_symbol_plus_right_int_less() {
int x = f(), y = f()+2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 2}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 2}}
}
void compare_different_symbol_minus_right_int_less() {
int x = f(), y = f()-2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 2}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 2}}
}
void compare_different_symbol_plus_left_plus_right_int_less() {
int x = f()+2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 1}}
}
void compare_different_symbol_plus_left_minus_right_int_less() {
int x = f()+2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 3}}
}
void compare_different_symbol_minus_left_plus_right_int_less() {
int x = f()-2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 3}}
}
void compare_different_symbol_minus_left_minus_right_int_less() {
int x = f()-2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 1}}
}
void compare_same_symbol_less() {
int x = f(), y = x;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_int_less() {
int x = f(), y = x;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_int_less() {
int x = f(), y = x;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_right_int_less() {
int x = f(), y = x+1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_minus_right_int_less() {
int x = f(), y = x-1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_plus_right_int_less() {
int x = f(), y = x+1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_minus_right_int_less() {
int x = f(), y = x-1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_minus_left_plus_right_int_less() {
int x = f(), y = x+1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_minus_left_minus_right_int_less() {
int x = f(), y = x-1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_different_symbol_equal_unsigned() {
unsigned x = f(), y = f();
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 0}}
}
void compare_different_symbol_plus_left_int_equal_unsigned() {
unsigned x = f()+1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 1}}
}
void compare_different_symbol_minus_left_int_equal_unsigned() {
unsigned x = f()-1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 1}}
}
void compare_different_symbol_plus_right_int_equal_unsigned() {
unsigned x = f(), y = f()+2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 2}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 2}}
}
void compare_different_symbol_minus_right_int_equal_unsigned() {
unsigned x = f(), y = f()-2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 2}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 2}}
}
void compare_different_symbol_plus_left_plus_right_int_equal_unsigned() {
unsigned x = f()+2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 1}}
}
void compare_different_symbol_plus_left_minus_right_int_equal_unsigned() {
unsigned x = f()+2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) == 3}}
}
void compare_different_symbol_minus_left_plus_right_int_equal_unsigned() {
unsigned x = f()-2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 3}}
}
void compare_different_symbol_minus_left_minus_right_int_equal_unsigned() {
unsigned x = f()-2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) == 1}}
}
void compare_same_symbol_equal_unsigned() {
unsigned x = f(), y = x;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_int_equal_unsigned() {
unsigned x = f(), y = x;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_int_equal_unsigned() {
unsigned x = f(), y = x;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_plus_right_int_equal_unsigned() {
unsigned x = f(), y = x+1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_right_int_equal_unsigned() {
unsigned x = f(), y = x-1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_plus_left_plus_right_int_equal_unsigned() {
unsigned x = f(), y = x+1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_minus_right_int_equal_unsigned() {
unsigned x = f(), y = x-1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_plus_right_int_equal_unsigned() {
unsigned x = f(), y = x+1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(x == y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_minus_right_int_equal_unsigned() {
unsigned x = f(), y = x-1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x == y);
// expected-warning@-1{{TRUE}}
}
void compare_different_symbol_less_or_equal_unsigned() {
unsigned x = f(), y = f();
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 0}}
}
void compare_different_symbol_plus_left_int_less_or_equal_unsigned() {
unsigned x = f()+1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 1}}
}
void compare_different_symbol_minus_left_int_less_or_equal_unsigned() {
unsigned x = f()-1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 1}}
}
void compare_different_symbol_plus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = f()+2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 2}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 2}}
}
void compare_different_symbol_minus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = f()-2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 2}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 2}}
}
void compare_different_symbol_plus_left_plus_right_int_less_or_equal_unsigned() {
unsigned x = f()+2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 1}}
}
void compare_different_symbol_plus_left_minus_right_int_less_or_equal_unsigned() {
unsigned x = f()+2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) >= 3}}
}
void compare_different_symbol_minus_left_plus_right_int_less_or_equal_unsigned() {
unsigned x = f()-2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 3}}
}
void compare_different_symbol_minus_left_minus_right_int_less_or_equal_unsigned() {
unsigned x = f()-2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) <= 1}}
}
void compare_same_symbol_less_or_equal_unsigned() {
unsigned x = f(), y = x;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_int_less_or_equal_unsigned() {
unsigned x = f(), y = x;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_int_less_or_equal_unsigned() {
unsigned x = f(), y = x;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_plus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = x+1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = x-1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_plus_left_plus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = x+1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_same_symbol_plus_left_minus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = x-1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_plus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = x+1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(x <= y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_minus_right_int_less_or_equal_unsigned() {
unsigned x = f(), y = x-1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x <= y);
// expected-warning@-1{{TRUE}}
}
void compare_different_symbol_less_unsigned() {
unsigned x = f(), y = f();
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 0}}
}
void compare_different_symbol_plus_left_int_less_unsigned() {
unsigned x = f()+1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 1}}
}
void compare_different_symbol_minus_left_int_less_unsigned() {
unsigned x = f()-1, y = f();
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$9{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 1}}
}
void compare_different_symbol_plus_right_int_less_unsigned() {
unsigned x = f(), y = f()+2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 2}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 2}}
}
void compare_different_symbol_minus_right_int_less_unsigned() {
unsigned x = f(), y = f()-2;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 2}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 2}}
}
void compare_different_symbol_plus_left_plus_right_int_less_unsigned() {
unsigned x = f()+2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 1}}
}
void compare_different_symbol_plus_left_minus_right_int_less_unsigned() {
unsigned x = f()+2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$9{int}) - (conj_$2{int})) > 3}}
}
void compare_different_symbol_minus_left_plus_right_int_less_unsigned() {
unsigned x = f()-2, y = f()+1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) + 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 3}}
}
void compare_different_symbol_minus_left_minus_right_int_less_unsigned() {
unsigned x = f()-2, y = f()-1;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 2}}
clang_analyzer_dump(y); // expected-warning{{(conj_$9{int}) - 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{((conj_$2{int}) - (conj_$9{int})) < 1}}
}
void compare_same_symbol_less_unsigned() {
unsigned x = f(), y = x;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_int_less_unsigned() {
unsigned x = f(), y = x;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_int_less_unsigned() {
unsigned x = f(), y = x;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_plus_right_int_less_unsigned() {
unsigned x = f(), y = x+1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_right_int_less_unsigned() {
unsigned x = f(), y = x-1;
clang_analyzer_dump(x); // expected-warning{{conj_$2{int}}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_plus_left_plus_right_int_less_unsigned() {
unsigned x = f(), y = x+1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void compare_same_symbol_plus_left_minus_right_int_less_unsigned() {
unsigned x = f(), y = x-1;
++x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_plus_right_int_less_unsigned() {
unsigned x = f(), y = x+1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) + 1}}
clang_analyzer_dump(x < y);
// expected-warning@-1{{Unknown}} // FIXME: Can this be simplified?
}
void compare_same_symbol_minus_left_minus_right_int_less_unsigned() {
unsigned x = f(), y = x-1;
--x;
clang_analyzer_dump(x); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_dump(y); // expected-warning{{(conj_$2{int}) - 1}}
clang_analyzer_eval(x < y);
// expected-warning@-1{{FALSE}}
}
void overflow(signed char n, signed char m) {
if (n + 0 > m + 0) {
clang_analyzer_eval(n - 126 == m + 3); // expected-warning{{UNKNOWN}}
}
}