ProgramStateRef RangedConstraintManager::assumeSym(ProgramStateRef State, SymbolRef Sym, bool Assumption) { // Handle SymbolData. if (isa<SymbolData>(Sym)) { return assumeSymUnsupported(State, Sym, Assumption); // Handle symbolic expression. } else if (const SymIntExpr *SIE = dyn_cast<SymIntExpr>(Sym)) { // We can only simplify expressions whose RHS is an integer. BinaryOperator::Opcode op = SIE->getOpcode(); if (BinaryOperator::isComparisonOp(op) && op != BO_Cmp) { if (!Assumption) op = BinaryOperator::negateComparisonOp(op); return assumeSymRel(State, SIE->getLHS(), op, SIE->getRHS()); } } else if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) { // Translate "a != b" to "(b - a) != 0". // We invert the order of the operands as a heuristic for how loop // conditions are usually written ("begin != end") as compared to length // calculations ("end - begin"). The more correct thing to do would be to // canonicalize "a - b" and "b - a", which would allow us to treat // "a != b" and "b != a" the same. SymbolManager &SymMgr = getSymbolManager(); BinaryOperator::Opcode Op = SSE->getOpcode(); assert(BinaryOperator::isComparisonOp(Op)); // For now, we only support comparing pointers. if (Loc::isLocType(SSE->getLHS()->getType()) && Loc::isLocType(SSE->getRHS()->getType())) { QualType DiffTy = SymMgr.getContext().getPointerDiffType(); SymbolRef Subtraction = SymMgr.getSymSymExpr(SSE->getRHS(), BO_Sub, SSE->getLHS(), DiffTy); const llvm::APSInt &Zero = getBasicVals().getValue(0, DiffTy); Op = BinaryOperator::reverseComparisonOp(Op); if (!Assumption) Op = BinaryOperator::negateComparisonOp(Op); return assumeSymRel(State, Subtraction, Op, Zero); } } // If we get here, there's nothing else we can do but treat the symbol as // opaque. return assumeSymUnsupported(State, Sym, Assumption); }
ProgramStateRef SimpleConstraintManager::assumeAux(ProgramStateRef State, NonLoc Cond, bool Assumption) { // We cannot reason about SymSymExprs, and can only reason about some // SymIntExprs. if (!canReasonAbout(Cond)) { // Just add the constraint to the expression without trying to simplify. SymbolRef Sym = Cond.getAsSymExpr(); return assumeAuxForSymbol(State, Sym, Assumption); } switch (Cond.getSubKind()) { default: llvm_unreachable("'Assume' not implemented for this NonLoc"); case nonloc::SymbolValKind: { nonloc::SymbolVal SV = Cond.castAs<nonloc::SymbolVal>(); SymbolRef Sym = SV.getSymbol(); assert(Sym); // Handle SymbolData. if (!SV.isExpression()) { return assumeAuxForSymbol(State, Sym, Assumption); // Handle symbolic expression. } else if (const SymIntExpr *SE = dyn_cast<SymIntExpr>(Sym)) { // We can only simplify expressions whose RHS is an integer. BinaryOperator::Opcode Op = SE->getOpcode(); if (BinaryOperator::isComparisonOp(Op)) { if (!Assumption) Op = BinaryOperator::negateComparisonOp(Op); return assumeSymRel(State, SE->getLHS(), Op, SE->getRHS()); } } else if (const SymSymExpr *SSE = dyn_cast<SymSymExpr>(Sym)) { // Translate "a != b" to "(b - a) != 0". // We invert the order of the operands as a heuristic for how loop // conditions are usually written ("begin != end") as compared to length // calculations ("end - begin"). The more correct thing to do would be to // canonicalize "a - b" and "b - a", which would allow us to treat // "a != b" and "b != a" the same. SymbolManager &SymMgr = getSymbolManager(); BinaryOperator::Opcode Op = SSE->getOpcode(); assert(BinaryOperator::isComparisonOp(Op)); // For now, we only support comparing pointers. assert(Loc::isLocType(SSE->getLHS()->getType())); assert(Loc::isLocType(SSE->getRHS()->getType())); QualType DiffTy = SymMgr.getContext().getPointerDiffType(); SymbolRef Subtraction = SymMgr.getSymSymExpr(SSE->getRHS(), BO_Sub, SSE->getLHS(), DiffTy); const llvm::APSInt &Zero = getBasicVals().getValue(0, DiffTy); Op = BinaryOperator::reverseComparisonOp(Op); if (!Assumption) Op = BinaryOperator::negateComparisonOp(Op); return assumeSymRel(State, Subtraction, Op, Zero); } // If we get here, there's nothing else we can do but treat the symbol as // opaque. return assumeAuxForSymbol(State, Sym, Assumption); } case nonloc::ConcreteIntKind: { bool b = Cond.castAs<nonloc::ConcreteInt>().getValue() != 0; bool isFeasible = b ? Assumption : !Assumption; return isFeasible ? State : nullptr; } case nonloc::PointerToMemberKind: { bool IsNull = !Cond.castAs<nonloc::PointerToMember>().isNullMemberPointer(); bool IsFeasible = IsNull ? Assumption : !Assumption; return IsFeasible ? State : nullptr; } case nonloc::LocAsIntegerKind: return assume(State, Cond.castAs<nonloc::LocAsInteger>().getLoc(), Assumption); } // end switch }