const GRState*
SimpleConstraintManager::AssumeSymInt(const GRState* St, bool Assumption,
const SymIntExpr *SE, bool& isFeasible) {
// Here we assume that LHS is a symbol. This is consistent with the
// rest of the constraint manager logic.
SymbolRef Sym = cast<SymbolData>(SE->getLHS());
const llvm::APSInt &Int = SE->getRHS();
switch (SE->getOpcode()) {
default:
// No logic yet for other operators.
isFeasible = true;
return St;
case BinaryOperator::EQ:
return Assumption ? AssumeSymEQ(St, Sym, Int, isFeasible)
: AssumeSymNE(St, Sym, Int, isFeasible);
case BinaryOperator::NE:
return Assumption ? AssumeSymNE(St, Sym, Int, isFeasible)
: AssumeSymEQ(St, Sym, Int, isFeasible);
case BinaryOperator::GT:
return Assumption ? AssumeSymGT(St, Sym, Int, isFeasible)
: AssumeSymLE(St, Sym, Int, isFeasible);
case BinaryOperator::GE:
return Assumption ? AssumeSymGE(St, Sym, Int, isFeasible)
: AssumeSymLT(St, Sym, Int, isFeasible);
case BinaryOperator::LT:
return Assumption ? AssumeSymLT(St, Sym, Int, isFeasible)
: AssumeSymGE(St, Sym, Int, isFeasible);
case BinaryOperator::LE:
return Assumption ? AssumeSymLE(St, Sym, Int, isFeasible)
: AssumeSymGT(St, Sym, Int, isFeasible);
} // end switch
}
const GRState *SimpleConstraintManager::AssumeSymRel(const GRState *state,
const SymExpr *LHS,
BinaryOperator::Opcode op,
const llvm::APSInt& Int) {
assert(BinaryOperator::isComparisonOp(op) &&
"Non-comparison ops should be rewritten as comparisons to zero.");
// We only handle simple comparisons of the form "$sym == constant"
// or "($sym+constant1) == constant2".
// The adjustment is "constant1" in the above expression. It's used to
// "slide" the solution range around for modular arithmetic. For example,
// x < 4 has the solution [0, 3]. x+2 < 4 has the solution [0-2, 3-2], which
// in modular arithmetic is [0, 1] U [UINT_MAX-1, UINT_MAX]. It's up to
// the subclasses of SimpleConstraintManager to handle the adjustment.
llvm::APSInt Adjustment;
// First check if the LHS is a simple symbol reference.
SymbolRef Sym = dyn_cast<SymbolData>(LHS);
if (Sym) {
Adjustment = 0;
} else {
// Next, see if it's a "($sym+constant1)" expression.
const SymIntExpr *SE = dyn_cast<SymIntExpr>(LHS);
// We don't handle "($sym1+$sym2)".
// Give up and assume the constraint is feasible.
if (!SE)
return state;
// We don't handle "(<expr>+constant1)".
// Give up and assume the constraint is feasible.
Sym = dyn_cast<SymbolData>(SE->getLHS());
if (!Sym)
return state;
// Get the constant out of the expression "($sym+constant1)".
switch (SE->getOpcode()) {
case BO_Add:
Adjustment = SE->getRHS();
break;
case BO_Sub:
Adjustment = -SE->getRHS();
break;
default:
// We don't handle non-additive operators.
// Give up and assume the constraint is feasible.
return state;
}
}
// FIXME: This next section is a hack. It silently converts the integers to
// be of the same type as the symbol, which is not always correct. Really the
// comparisons should be performed using the Int's type, then mapped back to
// the symbol's range of values.
GRStateManager &StateMgr = state->getStateManager();
ASTContext &Ctx = StateMgr.getContext();
QualType T = Sym->getType(Ctx);
assert(T->isIntegerType() || Loc::IsLocType(T));
unsigned bitwidth = Ctx.getTypeSize(T);
bool isSymUnsigned = T->isUnsignedIntegerType() || Loc::IsLocType(T);
// Convert the adjustment.
Adjustment.setIsUnsigned(isSymUnsigned);
Adjustment.extOrTrunc(bitwidth);
// Convert the right-hand side integer.
llvm::APSInt ConvertedInt(Int, isSymUnsigned);
ConvertedInt.extOrTrunc(bitwidth);
switch (op) {
default:
// No logic yet for other operators. Assume the constraint is feasible.
return state;
case BO_EQ:
return AssumeSymEQ(state, Sym, ConvertedInt, Adjustment);
case BO_NE:
return AssumeSymNE(state, Sym, ConvertedInt, Adjustment);
case BO_GT:
return AssumeSymGT(state, Sym, ConvertedInt, Adjustment);
case BO_GE:
return AssumeSymGE(state, Sym, ConvertedInt, Adjustment);
case BO_LT:
return AssumeSymLT(state, Sym, ConvertedInt, Adjustment);
case BO_LE:
return AssumeSymLE(state, Sym, ConvertedInt, Adjustment);
} // end switch
}