This is an archive of the discontinued LLVM Phabricator instance.

Fix Z3 function calls regarding arithmetic operations
ClosedPublic

Authored by bruntib on May 13 2020, 9:51 AM.

Details

Summary

The order of Z3_mk_fpa_mul, Z3_mk_fpa_div, Z3_mk_fpa_add and Z3_mk_fpa_sub functions' arguments is: context, rounding_mode, ast1, ast2.
See for example: https://github.com/Z3Prover/z3/blob/a14c2a30516003cd1a60f8b7deca029033d11c78/src/api/api_fpa.cpp#L433

At function calls from LLVM the argument order was different: rounding_mode was passed as last argument.

Unfortunately these Z3_ast and other function parameter types are technically like void* which are reinterpret_cast-ed to a specific class type. So there was no type error, but the assertions fail in runtime if something goes wrong. Such a crash happened during Z3 refutation while using StaticAnalyzer.

Diff Detail

Event Timeline

bruntib created this revision.May 13 2020, 9:51 AM
martong accepted this revision.May 13 2020, 11:59 AM

LGTM!

This revision is now accepted and ready to land.May 13 2020, 11:59 AM
This revision was automatically updated to reflect the committed changes.

It's a huge copy-paste bug. Great job tracking this down.

I've checked several other Z3 API calls with more than 2 arguments.
They all seem to match the API specification.

steakhal added inline comments.May 20 2020, 12:26 PM
llvm/lib/Support/Z3Solver.cpp
257–270

Should we replace the std::set to a more performant data structure?
https://llvm.org/docs/ProgrammersManual.html#set

martong added inline comments.May 22 2020, 5:42 AM
llvm/lib/Support/Z3Solver.cpp
257–270

Do you have any measurements that indicate std::set functions as hotspots? If not, then it is probably not worth the effort...