This is an archive of the discontinued LLVM Phabricator instance.

Differential D42131

[analyzer] Helper method for checking whether two symbolic values are equal
AbandonedPublic

Authored by george.karpenkov on Jan 16 2018, 1:51 PM.

Details

Reviewers
dcoughlin
NoQ
Summary

Add a helper for checking equality to SValBuilder

Diff Detail

Event Timeline

george.karpenkov created this revision.Jan 16 2018, 1:51 PM
Herald added subscribers: a.sidorin, szepet, xazax.hun. · View Herald TranscriptJan 16 2018, 1:51 PM
george.karpenkov added a parent revision: D41848: [analyzer] mark returns of functions where the region passed as parameter was not initialized.Jan 16 2018, 3:51 PM
george.karpenkov removed a parent revision: D41848: [analyzer] mark returns of functions where the region passed as parameter was not initialized.Jan 16 2018, 5:59 PM
george.karpenkov added a child revision: D41848: [analyzer] mark returns of functions where the region passed as parameter was not initialized.
NoQ added inline comments.Jan 17 2018, 9:53 AM
lib/StaticAnalyzer/Core/SValBuilder.cpp
417

Hmm.

"Saying that LHS is unequal to RHS is not definitely true". Which means it's either false or unknown. Which means they're either equal or not known to be unequal. Which is not what we want. We want to make sure that they cannot be unequal.

427

I don't think you need explicit casts here.

george.karpenkov marked an inline comment as done.Jan 17 2018, 2:12 PM
george.karpenkov added inline comments.
lib/StaticAnalyzer/Core/SValBuilder.cpp
417

Great point!

427

otherwise this method would just call itself recursively.

george.karpenkov updated this revision to Diff 130273.Jan 17 2018, 2:12 PM
george.karpenkov marked an inline comment as done.
NoQ added inline comments.Jan 17 2018, 2:19 PM
lib/StaticAnalyzer/Core/SValBuilder.cpp
427

Whoops.

427

Maybe remove this method then?

george.karpenkov added a comment.Jan 17 2018, 3:02 PM

"Saying that LHS is unequal to RHS is not definitely true". Which means it's either false or unknown. Which means they're either equal or not known to be unequal. Which is not what we want. We want to make sure that they cannot be unequal.

After thinking about this a bit more, saying that two things are equal is ambiguous in a three-valued logic (are we saying they are definitely equal or that they could be equal?)
Let's do it in a different way.

lib/StaticAnalyzer/Core/SValBuilder.cpp
427

But then I would not be able to call it from evalEQ.

george.karpenkov abandoned this revision.Jan 17 2018, 3:42 PM

Revision Contents

PathSize
include/
clang/
StaticAnalyzer/
Core/
PathSensitive/
7 lines
lib/
StaticAnalyzer/
Core/
10 lines

Diff 130273

include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h

Show First 20 LinesShow All 118 Lines▼ Show 20 Linespublic:
virtual SVal simplifySVal(ProgramStateRef State, SVal Val) = 0; virtual SVal simplifySVal(ProgramStateRef State, SVal Val) = 0;
/// Constructs a symbolic expression for two non-location values. /// Constructs a symbolic expression for two non-location values.
SVal makeSymExprValNN(ProgramStateRef state, BinaryOperator::Opcode op, SVal makeSymExprValNN(ProgramStateRef state, BinaryOperator::Opcode op,
NonLoc lhs, NonLoc rhs, QualType resultTy); NonLoc lhs, NonLoc rhs, QualType resultTy);
SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, SVal evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op,
SVal lhs, SVal rhs, QualType type); SVal lhs, SVal rhs, QualType type);
/// \return Whether values in \p lhs and \p rhs are equal at \p state.
bool areEqual(ProgramStateRef state, SVal lhs, SVal rhs);
SVal evalEQ(ProgramStateRef state, SVal lhs, SVal rhs);
DefinedOrUnknownSVal evalEQ(ProgramStateRef state, DefinedOrUnknownSVal lhs, DefinedOrUnknownSVal evalEQ(ProgramStateRef state, DefinedOrUnknownSVal lhs,
DefinedOrUnknownSVal rhs); DefinedOrUnknownSVal rhs);
ASTContext &getContext() { return Context; } ASTContext &getContext() { return Context; }
const ASTContext &getContext() const { return Context; } const ASTContext &getContext() const { return Context; }
ProgramStateManager &getStateManager() { return StateMgr; } ProgramStateManager &getStateManager() { return StateMgr; }
▲ Show 20 LinesShow All 227 LinesShow Last 20 Lines

lib/StaticAnalyzer/Core/SValBuilder.cpp

Show First 20 LinesShow All 407 Lines▼ Show 20 Lines if (Optional<Loc> RV = rhs.getAs<Loc>()) {
// Commute the operands. // Commute the operands.
return evalBinOpLN(state, op, *RV, lhs.castAs<NonLoc>(), type); return evalBinOpLN(state, op, *RV, lhs.castAs<NonLoc>(), type);
} }
return evalBinOpNN(state, op, lhs.castAs<NonLoc>(), rhs.castAs<NonLoc>(), return evalBinOpNN(state, op, lhs.castAs<NonLoc>(), rhs.castAs<NonLoc>(),
type); type);
} }
bool SValBuilder::areEqual(ProgramStateRef state, SVal lhs, SVal rhs) {
return state->isNull(evalEQ(state, lhs, rhs)).isConstrainedFalse();
NoQUnsubmitted
Done
ReplyInline Actions

Hmm.

"Saying that LHS is unequal to RHS is not definitely true". Which means it's either false or unknown. Which means they're either equal or not known to be unequal. Which is not what we want. We want to make sure that they cannot be unequal.

NoQ: Hmm. "Saying that LHS is unequal to RHS is not definitely true". Which means it's either…
george.karpenkovAuthorUnsubmitted
Not Done
ReplyInline Actions

Great point!

george.karpenkov: Great point!
}
SVal SValBuilder::evalEQ(ProgramStateRef state, SVal lhs, SVal rhs) {
return evalBinOp(state, BO_EQ, lhs, rhs, getConditionType());
}
DefinedOrUnknownSVal SValBuilder::evalEQ(ProgramStateRef state, DefinedOrUnknownSVal SValBuilder::evalEQ(ProgramStateRef state,
DefinedOrUnknownSVal lhs, DefinedOrUnknownSVal lhs,
DefinedOrUnknownSVal rhs) { DefinedOrUnknownSVal rhs) {
return evalBinOp(state, BO_EQ, lhs, rhs, getConditionType()) return evalEQ(state, static_cast<SVal>(lhs), static_cast<SVal>(rhs))
NoQUnsubmitted
Not Done
ReplyInline Actions

I don't think you need explicit casts here.

NoQ: I don't think you need explicit casts here.
george.karpenkovAuthorUnsubmitted
Not Done
ReplyInline Actions

otherwise this method would just call itself recursively.

george.karpenkov: otherwise this method would just call itself recursively.
NoQUnsubmitted
Not Done
ReplyInline Actions

Whoops.

NoQ: Whoops.
NoQUnsubmitted
Not Done
ReplyInline Actions

Maybe remove this method then?

NoQ: Maybe remove this method then?
george.karpenkovAuthorUnsubmitted
Not Done
ReplyInline Actions

But then I would not be able to call it from evalEQ.

george.karpenkov: But then I would not be able to call it from evalEQ.
.castAs<DefinedOrUnknownSVal>(); .castAs<DefinedOrUnknownSVal>();
} }
/// Recursively check if the pointer types are equal modulo const, volatile, /// Recursively check if the pointer types are equal modulo const, volatile,
/// and restrict qualifiers. Also, assume that all types are similar to 'void'. /// and restrict qualifiers. Also, assume that all types are similar to 'void'.
/// Assumes the input types are canonical. /// Assumes the input types are canonical.
static bool shouldBeModeledWithNoOp(ASTContext &Context, QualType ToTy, static bool shouldBeModeledWithNoOp(ASTContext &Context, QualType ToTy,
QualType FromTy) { QualType FromTy) {
▲ Show 20 LinesShow All 194 LinesShow Last 20 Lines