Fold additive constants, and support comparsions of the form $sym+const1 <> const2
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106339 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/test/Analysis/additive-folding-range-constraints.c b/test/Analysis/additive-folding-range-constraints.c
new file mode 100644
index 0000000..1202328
--- /dev/null
+++ b/test/Analysis/additive-folding-range-constraints.c
@@ -0,0 +1,99 @@
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-experimental-checks -verify -analyzer-constraints=range %s
+#include <limits.h>
+
+// These are used to trigger warnings.
+typedef typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+void free(void *);
+#define NULL ((void*)0)
+
+// Each of these adjusted ranges has an adjustment small enough to split the
+// solution range across an overflow boundary (Min for <, Max for >).
+// This corresponds to one set of branches in RangeConstraintManager.
+void smallAdjustmentGT (unsigned a) {
+ char* b = NULL;
+ if (a+2 > 1)
+ b = malloc(1);
+ if (a == UINT_MAX-1 || a == UINT_MAX)
+ return; // no-warning
+ else if (a < UINT_MAX-1)
+ free(b);
+ return; // no-warning
+}
+
+void smallAdjustmentGE (unsigned a) {
+ char* b = NULL;
+ if (a+2 >= 1)
+ b = malloc(1);
+ if (a == UINT_MAX-1)
+ return; // no-warning
+ else if (a < UINT_MAX-1 || a == UINT_MAX)
+ free(b);
+ return; // no-warning
+}
+
+void smallAdjustmentLT (unsigned a) {
+ char* b = NULL;
+ if (a+1 < 2)
+ b = malloc(1);
+ if (a == 0 || a == UINT_MAX)
+ free(b);
+ return; // no-warning
+}
+
+void smallAdjustmentLE (unsigned a) {
+ char* b = NULL;
+ if (a+1 <= 2)
+ b = malloc(1);
+ if (a == 0 || a == 1 || a == UINT_MAX)
+ free(b);
+ return; // no-warning
+}
+
+
+// Each of these adjusted ranges has an adjustment large enough to push the
+// comparison value over an overflow boundary (Min for <, Max for >).
+// This corresponds to one set of branches in RangeConstraintManager.
+void largeAdjustmentGT (unsigned a) {
+ char* b = NULL;
+ if (a-2 > UINT_MAX-1)
+ b = malloc(1);
+ if (a == 1 || a == 0)
+ free(b);
+ else if (a > 1)
+ free(b);
+ return; // no-warning
+}
+
+void largeAdjustmentGE (unsigned a) {
+ char* b = NULL;
+ if (a-2 >= UINT_MAX-1)
+ b = malloc(1);
+ if (a > 1)
+ return; // no-warning
+ else if (a == 1 || a == 0)
+ free(b);
+ return; // no-warning
+}
+
+void largeAdjustmentLT (unsigned a) {
+ char* b = NULL;
+ if (a+2 < 1)
+ b = malloc(1);
+ if (a == UINT_MAX-1 || a == UINT_MAX)
+ free(b);
+ else if (a < UINT_MAX-1)
+ return; // no-warning
+ return; // no-warning
+}
+
+void largeAdjustmentLE (unsigned a) {
+ char* b = NULL;
+ if (a+2 <= 1)
+ b = malloc(1);
+ if (a < UINT_MAX-1)
+ return; // no-warning
+ else if (a == UINT_MAX-1 || a == UINT_MAX)
+ free(b);
+ return; // no-warning
+}
diff --git a/test/Analysis/additive-folding.c b/test/Analysis/additive-folding.c
new file mode 100644
index 0000000..14fd42a
--- /dev/null
+++ b/test/Analysis/additive-folding.c
@@ -0,0 +1,163 @@
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-experimental-checks -verify -analyzer-constraints=basic %s
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-experimental-checks -verify -analyzer-constraints=range %s
+#include <limits.h>
+
+// These are used to trigger warnings.
+typedef typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+void free(void *);
+#define NULL ((void*)0)
+
+//---------------
+// Plus/minus
+//---------------
+
+void separateExpressions (int a) {
+ int b = a + 1;
+ --b;
+
+ char* buf = malloc(1);
+ if (a != 0 && b == 0)
+ return; // no-warning
+ free(buf);
+}
+
+void oneLongExpression (int a) {
+ // Expression canonicalization should still allow this to work, even though
+ // the first term is on the left.
+ int b = 15 + a + 15 - 10 - 20;
+
+ char* buf = malloc(1);
+ if (a != 0 && b == 0)
+ return; // no-warning
+ free(buf);
+}
+
+//---------------
+// Comparisons
+//---------------
+
+// Equality and inequality only
+void eq_ne (unsigned a) {
+ char* b = NULL;
+ if (a == UINT_MAX)
+ b = malloc(1);
+ if (a+1 != 0)
+ return; // no-warning
+ if (a-1 != UINT_MAX-1)
+ return; // no-warning
+ free(b);
+}
+
+void ne_eq (unsigned a) {
+ char* b = NULL;
+ if (a != UINT_MAX)
+ b = malloc(1);
+ if (a+1 == 0)
+ return; // no-warning
+ if (a-1 == UINT_MAX-1)
+ return; // no-warning
+ free(b);
+}
+
+
+// Simple order comparisons with no adjustment
+void baselineGT (unsigned a) {
+ char* b = NULL;
+ if (a > 0)
+ b = malloc(1);
+ if (a == 0)
+ return; // no-warning
+ free(b);
+}
+
+void baselineGE (unsigned a) {
+ char* b = NULL;
+ if (a >= UINT_MAX)
+ b = malloc(1);
+ if (a == UINT_MAX)
+ free(b);
+ return; // no-warning
+}
+
+void baselineLT (unsigned a) {
+ char* b = NULL;
+ if (a < UINT_MAX)
+ b = malloc(1);
+ if (a == UINT_MAX)
+ return; // no-warning
+ free(b);
+}
+
+void baselineLE (unsigned a) {
+ char* b = NULL;
+ if (a <= 0)
+ b = malloc(1);
+ if (a == 0)
+ free(b);
+ return; // no-warning
+}
+
+
+// Adjustment gives each of these an extra solution!
+void adjustedGT (unsigned a) {
+ char* b = NULL;
+ if (a-1 > UINT_MAX-1)
+ b = malloc(1);
+ return; // expected-warning{{leak}}
+}
+
+void adjustedGE (unsigned a) {
+ char* b = NULL;
+ if (a-1 >= UINT_MAX-1)
+ b = malloc(1);
+ if (a == UINT_MAX)
+ free(b);
+ return; // expected-warning{{leak}}
+}
+
+void adjustedLT (unsigned a) {
+ char* b = NULL;
+ if (a+1 < 1)
+ b = malloc(1);
+ return; // expected-warning{{leak}}
+}
+
+void adjustedLE (unsigned a) {
+ char* b = NULL;
+ if (a+1 <= 1)
+ b = malloc(1);
+ if (a == 0)
+ free(b);
+ return; // expected-warning{{leak}}
+}
+
+
+// Tautologies
+void tautologyGT (unsigned a) {
+ char* b = malloc(1);
+ if (a > UINT_MAX)
+ return; // no-warning
+ free(b);
+}
+
+void tautologyGE (unsigned a) {
+ char* b = malloc(1);
+ if (a >= 0)
+ free(b);
+ return; // no-warning
+}
+
+void tautologyLT (unsigned a) {
+ char* b = malloc(1);
+ if (a < 0)
+ return; // no-warning
+ free(b);
+}
+
+void tautologyLE (unsigned a) {
+ char* b = malloc(1);
+ if (a <= UINT_MAX)
+ free(b);
+ return; // no-warning
+}