This is an archive of the discontinued LLVM Phabricator instance.

Differential D98341

[analyzer][solver] Prevent infeasible states (PR49490)
ClosedPublic

Authored by vsavchenko on Mar 10 2021, 5:57 AM.

Details

Reviewers
steakhal
NoQ
xazax.hun
ASDenysPetrov
Commits
rG6dc152350824: [analyzer][solver] Prevent infeasible states (PR49490)
Summary

This patch fixes the situation when our knowledge of disequalities
can help us figuring out that some assumption is infeasible, but
the solver still produces a state with inconsistent constraints.

Additionally, this patch adds a couple of assertions to catch this
type of problems easier.

Diff Detail

Event Timeline

vsavchenko created this revision.Mar 10 2021, 5:57 AM
Herald added subscribers: martong, Charusso, dkrupp and 7 others. · View Herald TranscriptMar 10 2021, 5:57 AM
vsavchenko requested review of this revision.Mar 10 2021, 5:57 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 10 2021, 5:57 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
NoQ accepted this revision.Mar 10 2021, 8:42 AM

You're testing it with the help of an alpha checker. Is this checker doing something special that we don't do normally? In particular, both array bound checkers that we have are very likely to be re-done from scratch if they are ever to be completed. A lot of decisions in them are questionable. So i'm worried that this test will become stale in that process. Maybe a unittest would be more appropriate so that to guarantee the specific functionality without relying on implementation details of the specific checker(?)

Code looks great and I guess assertions are a test on their own.

This revision is now accepted and ready to land.Mar 10 2021, 8:42 AM
Harbormaster completed remote builds in B93076: Diff 329636.Mar 10 2021, 4:36 PM
steakhal accepted this revision.Mar 11 2021, 2:58 AM

Looks good btw.

clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1400–1406

inline is unnecessary. All member functions are inline by default.
I would take the parameter by const ref in the lambda.
Why did you mark it LLVM_ATTRIBUTE_UNUSED ? LLVM_NODISCARD would be probably a better choice.

vsavchenko updated this revision to Diff 329901.Mar 11 2021, 3:10 AM

Fix review comments

vsavchenko marked an inline comment as done.Mar 11 2021, 3:14 AM
vsavchenko added inline comments.
clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
1400–1406

Fair point about inline.
LLVM_NODISCARD doesn't exclude LLVM_ATTRIBUTE_UNUSED.
It should be marked that way for Release builds when compiler might figure out that this class is local to only this TU, and this function is not used here anywhere. You can see in the comment for this macro that this is actually the main motivation for this macro to be used.

vsavchenko updated this revision to Diff 329903.Mar 11 2021, 3:16 AM
vsavchenko marked an inline comment as done.

Make areFeasible function static

steakhal added inline comments.Mar 11 2021, 4:53 AM
clang/test/Analysis/PR49490.cpp
13

I think you can remove this line.
We already have a global variable to be invalidated by the evaluation of oob_access() call.

vsavchenko updated this revision to Diff 329928.Mar 11 2021, 4:58 AM

Remove unused global variable from the test

vsavchenko marked an inline comment as done.Mar 11 2021, 4:58 AM
Harbormaster completed remote builds in B93260: Diff 329901.Mar 11 2021, 9:13 AM
Harbormaster completed remote builds in B93262: Diff 329903.Mar 11 2021, 9:33 AM
Harbormaster completed remote builds in B93283: Diff 329928.Mar 11 2021, 11:13 AM
This revision was landed with ongoing or failed builds.Mar 12 2021, 4:57 AM
Closed by commit rG6dc152350824: [analyzer][solver] Prevent infeasible states (PR49490) (authored by vsavchenko). · Explain Why
This revision was automatically updated to reflect the committed changes.
vsavchenko added a commit: rG6dc152350824: [analyzer][solver] Prevent infeasible states (PR49490).
steakhal added a comment.Mar 19 2021, 5:38 AM

The assertion areFeasible(Constraints) triggered on trunk.
More details in the Bugzilla ticket.

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
28 lines
test/
Analysis/
30 lines

Diff 330209

clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp

Show All 13 Lines
#include "clang/Basic/JsonSupport.h" #include "clang/Basic/JsonSupport.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h" #include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/RangedConstraintManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/RangedConstraintManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SValVisitor.h"
#include "llvm/ADT/FoldingSet.h" #include "llvm/ADT/FoldingSet.h"
#include "llvm/ADT/ImmutableSet.h" #include "llvm/ADT/ImmutableSet.h"
#include "llvm/ADT/STLExtras.h"
#include "llvm/Support/Compiler.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
// This class can be extended with other tables which will help to reason // This class can be extended with other tables which will help to reason
// about ranges more precisely. // about ranges more precisely.
class OperatorRelationsTable { class OperatorRelationsTable {
▲ Show 20 LinesShow All 1,360 Lines▼ Show 20 Lines ProgramStateRef trackDisequality(ProgramStateRef State, SymbolRef LHS,
return EquivalenceClass::markDisequal(getBasicVals(), F, State, LHS, RHS); return EquivalenceClass::markDisequal(getBasicVals(), F, State, LHS, RHS);
} }
ProgramStateRef trackEquality(ProgramStateRef State, SymbolRef LHS, ProgramStateRef trackEquality(ProgramStateRef State, SymbolRef LHS,
SymbolRef RHS) { SymbolRef RHS) {
return EquivalenceClass::merge(getBasicVals(), F, State, LHS, RHS); return EquivalenceClass::merge(getBasicVals(), F, State, LHS, RHS);
} }
LLVM_NODISCARD inline ProgramStateRef setConstraint(ProgramStateRef State, LLVM_NODISCARD LLVM_ATTRIBUTE_UNUSED static bool
areFeasible(ConstraintRangeTy Constraints) {
return llvm::none_of(
Constraints,
[](const std::pair<EquivalenceClass, RangeSet> &ClassConstraint) {
return ClassConstraint.second.isEmpty();
});
steakhalUnsubmitted
Done
ReplyInline Actions

inline is unnecessary. All member functions are inline by default.
I would take the parameter by const ref in the lambda.
Why did you mark it LLVM_ATTRIBUTE_UNUSED ? LLVM_NODISCARD would be probably a better choice.

steakhal: `inline` is unnecessary. All member functions are inline by default. I would take the parameter…
vsavchenkoAuthorUnsubmitted
Done
ReplyInline Actions

Fair point about inline.
LLVM_NODISCARD doesn't exclude LLVM_ATTRIBUTE_UNUSED.
It should be marked that way for Release builds when compiler might figure out that this class is local to only this TU, and this function is not used here anywhere. You can see in the comment for this macro that this is actually the main motivation for this macro to be used.

vsavchenko: Fair point about `inline`. `LLVM_NODISCARD` doesn't exclude `LLVM_ATTRIBUTE_UNUSED`. It should…
}
LLVM_NODISCARD ProgramStateRef setConstraint(ProgramStateRef State,
EquivalenceClass Class, EquivalenceClass Class,
RangeSet Constraint) { RangeSet Constraint) {
ConstraintRangeTy Constraints = State->get<ConstraintRange>(); ConstraintRangeTy Constraints = State->get<ConstraintRange>();
ConstraintRangeTy::Factory &CF = State->get_context<ConstraintRange>(); ConstraintRangeTy::Factory &CF = State->get_context<ConstraintRange>();
assert(!Constraint.isEmpty() && "New constraint should not be empty");
// Add new constraint. // Add new constraint.
Constraints = CF.add(Constraints, Class, Constraint); Constraints = CF.add(Constraints, Class, Constraint);
// There is a chance that we might need to update constraints for the // There is a chance that we might need to update constraints for the
// classes that are known to be disequal to Class. // classes that are known to be disequal to Class.
// //
// In order for this to be even possible, the new constraint should // In order for this to be even possible, the new constraint should
// be simply a constant because we can't reason about range disequalities. // be simply a constant because we can't reason about range disequalities.
if (const llvm::APSInt *Point = Constraint.getConcreteValue()) if (const llvm::APSInt *Point = Constraint.getConcreteValue())
for (EquivalenceClass DisequalClass : Class.getDisequalClasses(State)) { for (EquivalenceClass DisequalClass : Class.getDisequalClasses(State)) {
RangeSet UpdatedConstraint = RangeSet UpdatedConstraint =
getRange(State, DisequalClass).Delete(getBasicVals(), F, *Point); getRange(State, DisequalClass).Delete(getBasicVals(), F, *Point);
// If we end up with at least one of the disequal classes to be
// constrainted with an empty range-set, the state is infeasible.
if (UpdatedConstraint.isEmpty())
return nullptr;
Constraints = CF.add(Constraints, DisequalClass, UpdatedConstraint); Constraints = CF.add(Constraints, DisequalClass, UpdatedConstraint);
} }
assert(areFeasible(Constraints) && "Constraint manager shouldn't produce "
"a state with infeasible constraints");
return State->set<ConstraintRange>(Constraints); return State->set<ConstraintRange>(Constraints);
} }
LLVM_NODISCARD inline ProgramStateRef LLVM_NODISCARD inline ProgramStateRef
setConstraint(ProgramStateRef State, SymbolRef Sym, RangeSet Constraint) { setConstraint(ProgramStateRef State, SymbolRef Sym, RangeSet Constraint) {
return setConstraint(State, EquivalenceClass::find(State, Sym), Constraint); return setConstraint(State, EquivalenceClass::find(State, Sym), Constraint);
} }
}; };
▲ Show 20 LinesShow All 855 LinesShow Last 20 Lines

clang/test/Analysis/PR49490.cpp

  • This file was added.
// RUN: %clang_analyze_cc1 -w -analyzer-checker=core -verify %s
// expected-no-diagnostics
struct toggle {
bool value;
};
toggle global_toggle;
toggle get_global_toggle() { return global_toggle; }
int oob_access();
steakhalUnsubmitted
Done
ReplyInline Actions

I think you can remove this line.
We already have a global variable to be invalidated by the evaluation of oob_access() call.

steakhal: I think you can remove this line. We already have a global variable to be invalidated by the…
bool compare(toggle one, bool other) {
if (one.value != other)
return true;
if (one.value)
oob_access();
return true;
}
bool coin();
void bar() {
bool left = coin();
bool right = coin();
for (;;)
compare(get_global_toggle(), left) && compare(get_global_toggle(), right);
}