intel/llvm
1
0
Fork 0
mirror of https://github.com/intel/llvm.git synced 2026-01-20 10:58:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

[analyzer] SValBuilder::evalBinOpLN: try simplifying the RHS first (#161537)

Browse Source 
The first thing `SValBuilder::evalBinOpNN` does is simplify both
operators
([here](https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp#L430-L437)),
why wouldn't we simplify the RHS in `SValBuilder::evalBinOpLN`?

When the LHS is an `Element`, the right side is simplified incidentally
when calling `evalBinOpNN`
([here](https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp#L1169-L1170)).

Without this patch, the “base_complex” test case is **UNKNOWN** instead of **TRUE**.
This commit is contained in:
guillem-bartrina-sonarsource
2025-10-14 10:25:48 +02:00
committed by GitHub
parent a8057ff129
commit d49aa40fc7
2 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
View File

@@ -1111,6 +1111,10 @@ SVal SimpleSValBuilder::evalBinOpLN(ProgramStateRef state,
assert(!BinaryOperator::isComparisonOp(op) &&
"arguments to comparison ops must be of the same type");
SVal simplifiedRhs = simplifySVal(state, rhs);
if (auto simplifiedRhsAsNonLoc = simplifiedRhs.getAs<NonLoc>())
rhs = *simplifiedRhsAsNonLoc;
// Special case: rhs is a zero constant.
if (rhs.isZeroConstant())
return lhs;

61
clang/test/Analysis/loc-folding.cpp Normal file
View File

@@ -0,0 +1,61 @@
// RUN: %clang_analyze_cc1 -verify %s -analyzer-config eagerly-assume=false \
// RUN: -analyzer-checker=core,debug.ExprInspection
void clang_analyzer_eval(bool);
void element_constant() {
char arr[10];
clang_analyzer_eval(arr + 1 > arr); // expected-warning{{TRUE}}
}
void element_known() {
char arr[10];
int off = 1;
clang_analyzer_eval(arr + off > arr); // expected-warning{{TRUE}}
}
void element_constrained(int off) {
char arr[10];
if (off == 1) {
clang_analyzer_eval(arr + off > arr); // expected-warning{{TRUE}}
}
}
void element_unknown(int off) {
char arr[10];
clang_analyzer_eval(arr + off > arr); // expected-warning{{UNKNOWN}}
}
void element_complex(int off) {
char arr[10];
int comp = off * 2;
if (off == 1) {
clang_analyzer_eval(arr + comp); // expected-warning{{TRUE}}
}
}
void base_constant(int *arr) {
clang_analyzer_eval(arr + 1 > arr); // expected-warning{{TRUE}}
}
void base_known(int *arr) {
int off = 1;
clang_analyzer_eval(arr + off > arr); // expected-warning{{TRUE}}
}
void base_constrained(int *arr, int off) {
if (off == 1) {
clang_analyzer_eval(arr + off > arr); // expected-warning{{TRUE}}
}
}
void base_unknown(int *arr, int off) {
clang_analyzer_eval(arr + off > arr); // expected-warning{{UNKNOWN}}
}
void base_complex(int *arr, int off) {
int comp = off * 2;
if (off == 1) {
clang_analyzer_eval(arr + comp > arr); // expected-warning{{TRUE}}
}
}