diff options
| author | Ding Fei <fding@feysh.com> | 2024-11-15 16:43:32 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-15 16:43:32 +0800 |
| commit | 4163136e2ee121a5d7b86cb1262a524dde4a5ec4 (patch) | |
| tree | e2c0409a169fa7ce73c26c570ccfd92839c64abb /clang/lib | |
| parent | a1a1a4ced9d4ecba428175c45a24da476bdc55f4 (diff) | |
| download | llvm-4163136e2ee121a5d7b86cb1262a524dde4a5ec4.zip llvm-4163136e2ee121a5d7b86cb1262a524dde4a5ec4.tar.gz llvm-4163136e2ee121a5d7b86cb1262a524dde4a5ec4.tar.bz2 | |
[analyzer][Solver] Early return if sym is concrete on assuming (#115579)
This could deduce some complex syms derived from simple ones whose
values could be constrainted to be concrete during execution, thus
reducing some overconstrainted states.
This commit also fix `unix.StdCLibraryFunctions` crash due to these
overconstrainted states being added to the graph, which is marked as
sink node (PosteriorlyOverconstrained). The 'assume' API is used in
non-dual style so the checker should protectively test whether these
newly added nodes are actually impossible.
1. The crash: https://godbolt.org/z/8KKWeKb86
2. The solver needs to solve equivalent: https://godbolt.org/z/ed8WqsbTh
Diffstat (limited to 'clang/lib')
3 files changed, 11 insertions, 2 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp index 4f30b2a..5faaf9c 100644 --- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp @@ -1354,6 +1354,8 @@ void StdLibraryFunctionsChecker::checkPreCall(const CallEvent &Call, if (BR.isInteresting(ArgSVal)) OS << Msg; })); + if (NewNode->isSink()) + break; } } } diff --git a/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp index c0b3f34..2b77167 100644 --- a/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp +++ b/clang/lib/StaticAnalyzer/Core/ConstraintManager.cpp @@ -74,7 +74,7 @@ ConstraintManager::assumeDualImpl(ProgramStateRef &State, // it might happen that a Checker uncoditionally uses one of them if the // other is a nullptr. This may also happen with the non-dual and // adjacent `assume(true)` and `assume(false)` calls. By implementing - // assume in therms of assumeDual, we can keep our API contract there as + // assume in terms of assumeDual, we can keep our API contract there as // well. return ProgramStatePair(StInfeasible, StInfeasible); } diff --git a/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp b/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp index 4bbe933..171b4c6 100644 --- a/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp +++ b/clang/lib/StaticAnalyzer/Core/RangedConstraintManager.cpp @@ -23,7 +23,14 @@ RangedConstraintManager::~RangedConstraintManager() {} ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State, SymbolRef Sym, bool Assumption) { - Sym = simplify(State, Sym); + SVal SimplifiedVal = simplifyToSVal(State, Sym); + if (SimplifiedVal.isConstant()) { + bool Feasible = SimplifiedVal.isZeroConstant() != Assumption; + return Feasible ? State : nullptr; + } + + if (SymbolRef SimplifiedSym = SimplifiedVal.getAsSymbol()) + Sym = SimplifiedSym; // Handle SymbolData. if (isa<SymbolData>(Sym)) |