From 015c39882ebc1771713a7523ae76903ebae83288 Mon Sep 17 00:00:00 2001 From: Gabor Marton Date: Thu, 25 Mar 2021 15:29:41 +0100 Subject: [PATCH] [Analyzer] Infer 0 value when the divisible is 0 (bug fix) Currently, we infer 0 if the divisible of the modulo op is 0: int a = x < 0; // a can be 0 int b = a % y; // b is either 1 % sym or 0 However, we don't when the op is / : int a = x < 0; // a can be 0 int b = a / y; // b is either 1 / sym or 0 / sym This commit fixes the discrepancy. Differential Revision: https://reviews.llvm.org/D99343 --- .../lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp | 2 + clang/test/Analysis/zero-operands.c | 53 ++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 clang/test/Analysis/zero-operands.c diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp index facadaf..872616f 100644 --- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp +++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp @@ -652,6 +652,8 @@ SVal SimpleSValBuilder::evalBinOpNN(ProgramStateRef state, if (LHSValue == 0) return evalCastFromNonLoc(lhs, resultTy); return makeSymExprValNN(op, InputLHS, InputRHS, resultTy); + case BO_Div: + // 0 / x == 0 case BO_Rem: // 0 % x == 0 if (LHSValue == 0) diff --git a/clang/test/Analysis/zero-operands.c b/clang/test/Analysis/zero-operands.c new file mode 100644 index 0000000..3311c52 --- /dev/null +++ b/clang/test/Analysis/zero-operands.c @@ -0,0 +1,53 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core \ +// RUN: -analyzer-checker=debug.ExprInspection \ +// RUN: -verify %s + +void clang_analyzer_dump(int); + +void test_0_multiplier1(int x, int y) { + int a = x < 0; // Eagerly bifurcate. + clang_analyzer_dump(a); + // expected-warning@-1{{0 S32b}} + // expected-warning@-2{{1 S32b}} + + int b = a * y; + clang_analyzer_dump(b); + // expected-warning@-1{{0 S32b}} + // expected-warning-re@-2{{reg_${{[[:digit:]]+}}}} +} + +void test_0_multiplier2(int x, int y) { + int a = x < 0; // Eagerly bifurcate. + clang_analyzer_dump(a); + // expected-warning@-1{{0 S32b}} + // expected-warning@-2{{1 S32b}} + + int b = y * a; + clang_analyzer_dump(b); + // expected-warning@-1{{0 S32b}} + // expected-warning-re@-2{{reg_${{[[:digit:]]+}}}} +} + +void test_0_modulo(int x, int y) { + int a = x < 0; // Eagerly bifurcate. + clang_analyzer_dump(a); + // expected-warning@-1{{0 S32b}} + // expected-warning@-2{{1 S32b}} + + int b = a % y; + clang_analyzer_dump(b); + // expected-warning@-1{{0 S32b}} + // expected-warning-re@-2{{1 % (reg_${{[[:digit:]]+}})}} +} + +void test_0_divisible(int x, int y) { + int a = x < 0; // Eagerly bifurcate. + clang_analyzer_dump(a); + // expected-warning@-1{{0 S32b}} + // expected-warning@-2{{1 S32b}} + + int b = a / y; + clang_analyzer_dump(b); + // expected-warning@-1{{0 S32b}} + // expected-warning-re@-2{{1 / (reg_${{[[:digit:]]+}})}} +} -- 2.7.4