const GRState *SimpleConstraintManager::AssumeAux(const GRState *state, NonLoc Cond, bool Assumption) { // We cannot reason about SymSymExprs, // and can only reason about some SymIntExprs. if (!canReasonAbout(Cond)) { // Just return the current state indicating that the path is feasible. // This may be an over-approximation of what is possible. return state; } BasicValueFactory &BasicVals = state->getBasicVals(); SymbolManager &SymMgr = state->getSymbolManager(); switch (Cond.getSubKind()) { default: assert(false && "'Assume' not implemented for this NonLoc"); case nonloc::SymbolValKind: { nonloc::SymbolVal& SV = cast<nonloc::SymbolVal>(Cond); SymbolRef sym = SV.getSymbol(); QualType T = SymMgr.getType(sym); const llvm::APSInt &zero = BasicVals.getValue(0, T); if (Assumption) return AssumeSymNE(state, sym, zero, zero); else return AssumeSymEQ(state, sym, zero, zero); } case nonloc::SymExprValKind: { nonloc::SymExprVal V = cast<nonloc::SymExprVal>(Cond); // For now, we only handle expressions whose RHS is an integer. // All other expressions are assumed to be feasible. const SymIntExpr *SE = dyn_cast<SymIntExpr>(V.getSymbolicExpression()); if (!SE) return state; BinaryOperator::Opcode op = SE->getOpcode(); // Implicitly compare non-comparison expressions to 0. if (!BinaryOperator::isComparisonOp(op)) { QualType T = SymMgr.getType(SE); const llvm::APSInt &zero = BasicVals.getValue(0, T); op = (Assumption ? BO_NE : BO_EQ); return AssumeSymRel(state, SE, op, zero); } // From here on out, op is the real comparison we'll be testing. if (!Assumption) op = NegateComparison(op); return AssumeSymRel(state, SE->getLHS(), op, SE->getRHS()); } case nonloc::ConcreteIntKind: { bool b = cast<nonloc::ConcreteInt>(Cond).getValue() != 0; bool isFeasible = b ? Assumption : !Assumption; return isFeasible ? state : NULL; } case nonloc::LocAsIntegerKind: return AssumeAux(state, cast<nonloc::LocAsInteger>(Cond).getLoc(), Assumption); } // end switch }
ProgramStateRef SimpleConstraintManager::assumeAux(ProgramStateRef state, NonLoc Cond, bool Assumption) { // We cannot reason about SymSymExprs, and can only reason about some // SymIntExprs. if (!canReasonAbout(Cond)) { // Just add the constraint to the expression without trying to simplify. SymbolRef sym = Cond.getAsSymExpr(); return assumeAuxForSymbol(state, sym, Assumption); } BasicValueFactory &BasicVals = getBasicVals(); switch (Cond.getSubKind()) { default: llvm_unreachable("'Assume' not implemented for this NonLoc"); case nonloc::SymbolValKind: { nonloc::SymbolVal& SV = cast<nonloc::SymbolVal>(Cond); SymbolRef sym = SV.getSymbol(); assert(sym); // Handle SymbolData. if (!SV.isExpression()) { return assumeAuxForSymbol(state, sym, Assumption); // Handle symbolic expression. } else { // We can only simplify expressions whose RHS is an integer. const SymIntExpr *SE = dyn_cast<SymIntExpr>(sym); if (!SE) return assumeAuxForSymbol(state, sym, Assumption); BinaryOperator::Opcode op = SE->getOpcode(); // Implicitly compare non-comparison expressions to 0. if (!BinaryOperator::isComparisonOp(op)) { QualType T = SE->getType(BasicVals.getContext()); const llvm::APSInt &zero = BasicVals.getValue(0, T); op = (Assumption ? BO_NE : BO_EQ); return assumeSymRel(state, SE, op, zero); } // From here on out, op is the real comparison we'll be testing. if (!Assumption) op = NegateComparison(op); return assumeSymRel(state, SE->getLHS(), op, SE->getRHS()); } } case nonloc::ConcreteIntKind: { bool b = cast<nonloc::ConcreteInt>(Cond).getValue() != 0; bool isFeasible = b ? Assumption : !Assumption; return isFeasible ? state : NULL; } case nonloc::LocAsIntegerKind: return assumeAux(state, cast<nonloc::LocAsInteger>(Cond).getLoc(), Assumption); } // end switch }