Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impossible code path involving an expression and its negation #7863

Open
llvmbot opened this issue Jun 25, 2010 · 9 comments
Open

Impossible code path involving an expression and its negation #7863

llvmbot opened this issue Jun 25, 2010 · 9 comments
Assignees
@tkremenek
Labels
bugzilla Issues migrated from bugzilla clang:static analyzer

Comments

@llvmbot
Copy link
Collaborator

llvmbot commented Jun 25, 2010

Bugzilla Link 7491
Version unspecified
OS MacOS X
Reporter LLVM Bugzilla Contributor
CC @belkadan,@tkremenek,@xuzhongxing

Extended Description

As shown here http://people.freedesktop.org/~ranma42/scan-build-2010-06-25-1/report-RS3Z6A.html#EndPath
the static analyzer is reposting an impossible code path:
if (bytes_remaining) // not taken
and right after that
if (bytes_remaining == 0) // not taken

OS: MacOS 10.6.4
ANALYZER BUILD: checker-242 (2010-06-21 13:44:48)
@llvmbot
Copy link
Collaborator Author

llvmbot commented Jun 25, 2010

assigned to @tkremenek

@tkremenek
Copy link
Contributor

Andrea: Can you attached a preprocessed file of this source file? That will provide a self-contained test case. Thanks.

@llvmbot
Copy link
Collaborator Author

llvmbot commented Jun 26, 2010

Preprocessed source
This is the source file, preprocessed with gcc (i686-apple-darwin10-gcc-4.2.1) using the default configuration for the project.

@belkadan
Copy link
Contributor

Partly fixed in r106972 (see misc-ps.m for a reduced test case). The main thing was a FIXME left over in SimpleConstraintManager: non-comparison symbolic expressions weren't being implicitly compared to zero. But this is still going to be a problem for cases where the symbolic expression involves an operation we can't reason about.

int x = foo() * 2;
if (x) return;
if (!x) return;
(void)*NULL; // unreachable but will still warn.

@belkadan
Copy link
Contributor

We could fix this by using conjured symbols for /any/ binary operation whose result we can't model...i.e. whenever Bind() is given an UnknownVal, we conjure a symbol. But that wouldn't help for cases where the expression is repeated.

@xuzhongxing
Copy link
Mannequin

xuzhongxing mannequin commented Aug 16, 2010

We could fix this by using conjured symbols for /any/ binary operation whose
result we can't model...i.e. whenever Bind() is given an UnknownVal, we conjure
a symbol. But that wouldn't help for cases where the expression is repeated.

Hi Jordy,

What do you mean by "the expression is repeated"?

@tkremenek
Copy link
Contributor

We could fix this by using conjured symbols for /any/ binary operation whose
result we can't model...i.e. whenever Bind() is given an UnknownVal, we conjure
a symbol. But that wouldn't help for cases where the expression is repeated.

We should just fix it the right way, by improving the symbolic analysis. In practice conjuring a symbol here won't help much since we already conjure symbols in assignments (where values actually get propagated to be consulted farther down the path).

@tkremenek
Copy link
Contributor

We could fix this by using conjured symbols for /any/ binary operation whose
result we can't model...i.e. whenever Bind() is given an UnknownVal, we conjure
a symbol. But that wouldn't help for cases where the expression is repeated.

Hi Jordy,

What do you mean by "the expression is repeated"?

I'm assuming Jordy meant something like:

if (exp1 op exp2)
...
if (exp1 op exp2)

@belkadan
Copy link
Contributor

We could fix this by using conjured symbols for /any/ binary operation whose
result we can't model...i.e. whenever Bind() is given an UnknownVal, we conjure
a symbol. But that wouldn't help for cases where the expression is repeated.

Hi Jordy,

What do you mean by "the expression is repeated"?

I'm assuming Jordy meant something like:

if (exp1 op exp2)
...
if (exp1 op exp2)

Right, or the equivalent with a negation thrown in.

I didn't notice that assignments conjured symbols. That's probably as much as conjuring symbols is going to help, then, unless we can unique them by the SymExprs they represent and the current state, which is probably going too far.

Minimal test case is probably of the form ( && !), for any functional .

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 3, 2021
fhahn added a commit that referenced this issue Jan 30, 2024
@fhahn
[AArch64] Add tests with sext of vec3 loads.
6251b6b 
Another round of additional tests for
#7863
with different sext/zext and use variants.
fhahn added a commit to fhahn/llvm-project that referenced this issue Jan 30, 2024
@fhahn
[AArch64] Add tests with sext of vec3 loads.
ae2fb1c 
Another round of additional tests for
llvm#7863
with different sext/zext and use variants.

(cherry-picked from 6251b6b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tkremenek tkremenek

Labels
bugzilla Issues migrated from bugzilla clang:static analyzer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@belkadan @tkremenek @llvmbot