Use the eager assumption tags only if the decision was ambiguous

steakhal · steakhal · commit c429df63af6c · 2024-10-05T15:14:37.000+02:00
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -3771,24 +3771,29 @@ void ExprEngine::evalEagerlyAssumeBinOpBifurcation(ExplodedNodeSet &Dst,
     SVal V = state->getSVal(Ex, Pred->getLocationContext());
     std::optional<nonloc::SymbolVal> SEV = V.getAs<nonloc::SymbolVal>();
     if (SEV && SEV->isExpression()) {
-      const std::pair<const ProgramPointTag *, const ProgramPointTag*> &tags =
-        geteagerlyAssumeBinOpBifurcationTags();
-
       ProgramStateRef StateTrue, StateFalse;
       std::tie(StateTrue, StateFalse) = state->assume(*SEV);
 
+      const ProgramPointTag *EagerTrueTag = nullptr;
+      const ProgramPointTag *EagerFalseTag = nullptr;
+
+      // Use the eager assumption tags if the choice was ambiguous.
+      if (StateTrue && StateFalse)
+        std::tie(EagerTrueTag, EagerFalseTag) =
+            geteagerlyAssumeBinOpBifurcationTags();
+
       // First assume that the condition is true.
       if (StateTrue) {
         SVal Val = svalBuilder.makeIntVal(1U, Ex->getType());
         StateTrue = StateTrue->BindExpr(Ex, Pred->getLocationContext(), Val);
-        Bldr.generateNode(Ex, Pred, StateTrue, tags.first);
+        Bldr.generateNode(Ex, Pred, StateTrue, EagerTrueTag);
       }
 
       // Next, assume that the condition is false.
       if (StateFalse) {
         SVal Val = svalBuilder.makeIntVal(0U, Ex->getType());
         StateFalse = StateFalse->BindExpr(Ex, Pred->getLocationContext(), Val);
-        Bldr.generateNode(Ex, Pred, StateFalse, tags.second);
+        Bldr.generateNode(Ex, Pred, StateFalse, EagerFalseTag);
       }
     }
   }
diff --git a/clang/test/Analysis/assuming-unsigned-ge-0.c b/clang/test/Analysis/assuming-unsigned-ge-0.c
@@ -2,10 +2,7 @@
 // RUN:     -analyzer-checker=core -verify %s
 
 int assuming_unsigned_ge_0(unsigned arg) {
-  // TODO This testcase demonstrates the current incorrect behavior of Clang
-  // Static Analyzer: here 'arg' is unsigned, so "arg >= 0" is not a fresh
-  // assumption, but it still appears in the diagnostics as if it's fresh:
-  // expected-note@+2 {{Assuming 'arg' is >= 0}}
+  // expected-note@+2 {{'arg' is >= 0}}
   // expected-note@+1 {{Taking false branch}}
   if (arg < 0)
     return 0;
diff --git a/clang/test/Analysis/cast-value-notes.cpp b/clang/test/Analysis/cast-value-notes.cpp
@@ -168,9 +168,8 @@ void evalNonNullParamNonNullReturnReference(const Shape &S) {
     // expected-note@-2 {{Taking true branch}}
 
     (void)(1 / !C);
-    // expected-note@-1 {{'C' is non-null}}
-    // expected-note@-2 {{Division by zero}}
-    // expected-warning@-3 {{Division by zero}}
+    // expected-note@-1 {{Division by zero}}
+    // expected-warning@-2 {{Division by zero}}
   }
 }
 
@@ -226,9 +225,8 @@ void evalNonNullParamNonNullReturn(const Shape *S) {
     // expected-note@-2 {{Taking true branch}}
 
     (void)(1 / !C);
-    // expected-note@-1 {{'C' is non-null}}
-    // expected-note@-2 {{Division by zero}}
-    // expected-warning@-3 {{Division by zero}}
+    // expected-note@-1 {{Division by zero}}
+    // expected-warning@-2 {{Division by zero}}
   }
 }
 
@@ -243,9 +241,8 @@ void evalNonNullParamNullReturn(const Shape *S) {
     // expected-note@-4 {{Taking true branch}}
 
     (void)(1 / !T);
-    // expected-note@-1 {{'T' is non-null}}
-    // expected-note@-2 {{Division by zero}}
-    // expected-warning@-3 {{Division by zero}}
+    // expected-note@-1 {{Division by zero}}
+    // expected-warning@-2 {{Division by zero}}
   }
 }
 
@@ -265,9 +262,8 @@ void evalZeroParamNonNullReturnPointer(const Shape *S) {
   // expected-note@-2 {{'C' initialized here}}
 
   (void)(1 / !C);
-  // expected-note@-1 {{'C' is non-null}}
-  // expected-note@-2 {{Division by zero}}
-  // expected-warning@-3 {{Division by zero}}
+  // expected-note@-1 {{Division by zero}}
+  // expected-warning@-2 {{Division by zero}}
 }
 
 void evalZeroParamNonNullReturn(const Shape &S) {
diff --git a/clang/test/Analysis/cast-value-state-dump.cpp b/clang/test/Analysis/cast-value-state-dump.cpp
@@ -40,8 +40,7 @@ void evalNonNullParamNonNullReturn(const Shape *S) {
   // CHECK-NEXT:   ] }
 
   (void)(1 / !C);
-  // expected-note@-1 {{'C' is non-null}}
-  // expected-note@-2 {{Division by zero}}
-  // expected-warning@-3 {{Division by zero}}
+  // expected-note@-1 {{Division by zero}}
+  // expected-warning@-2 {{Division by zero}}
 }
 
diff --git a/clang/test/Analysis/std-c-library-functions-arg-constraints.c b/clang/test/Analysis/std-c-library-functions-arg-constraints.c
@@ -42,8 +42,7 @@ void test_alnum_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}} \
-  // bugpath-note{{'x' is <= 255}}
+  // bugpath-note{{Left side of '&&' is true}}
 }
 
 void test_alnum_symbolic2(int x) {
@@ -76,8 +75,7 @@ void test_toupper_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}} \
-  // bugpath-note{{'x' is <= 255}}
+  // bugpath-note{{Left side of '&&' is true}}
 }
 
 void test_toupper_symbolic2(int x) {
@@ -110,8 +108,7 @@ void test_tolower_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}} \
-  // bugpath-note{{'x' is <= 255}}
+  // bugpath-note{{Left side of '&&' is true}}
 }
 
 void test_tolower_symbolic2(int x) {
@@ -144,8 +141,7 @@ void test_toascii_symbolic(int x) {
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
   // bugpath-note{{TRUE}} \
-  // bugpath-note{{Left side of '&&' is true}} \
-  // bugpath-note{{'x' is <= 255}}
+  // bugpath-note{{Left side of '&&' is true}}
 }
 
 void test_toascii_symbolic2(int x) {
@@ -173,8 +169,7 @@ void test_notnull_symbolic(FILE *fp, int *buf) {
   clang_analyzer_eval(buf != 0); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}} \
-  // bugpath-note{{'buf' is not equal to null}}
+  // bugpath-note{{TRUE}}
 }
 void test_notnull_symbolic2(FILE *fp, int *buf) {
   if (!buf)                          // bugpath-note{{Assuming 'buf' is null}} \
@@ -218,8 +213,7 @@ void test_notnull_buffer_3(void *buf) {
   clang_analyzer_eval(buf != 0); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}} \
-  // bugpath-note{{'buf' is not equal to null}}
+  // bugpath-note{{TRUE}}
 }
 
 void test_no_node_after_bug(FILE *fp, size_t size, size_t n, void *buf) {
@@ -299,17 +293,15 @@ void test_buf_size_symbolic(int s) {
   clang_analyzer_eval(s <= 3); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}} \
-  // bugpath-note{{'s' is <= 3}}
+  // bugpath-note{{TRUE}}
 }
 void test_buf_size_symbolic_and_offset(int s) {
   char buf[3];
   __buf_size_arg_constraint(buf + 1, s);
   clang_analyzer_eval(s <= 2); // \
   // report-warning{{TRUE}} \
   // bugpath-warning{{TRUE}} \
-  // bugpath-note{{TRUE}} \
-  // bugpath-note{{'s' is <= 2}}
+  // bugpath-note{{TRUE}}
 }
 
 int __buf_size_arg_constraint_mul(const void *, size_t, size_t);

Original file line number	Diff line number	Diff line change
`@@ -168,9 +168,8 @@ void evalNonNullParamNonNullReturnReference(const Shape &S) {`
`168`	`168`	`// expected-note@-2 {{Taking true branch}}`
`169`	`169`
`170`	`170`	`(void)(1 / !C);`
`171`		`- // expected-note@-1 {{'C' is non-null}}`
`172`		`- // expected-note@-2 {{Division by zero}}`
`173`		`- // expected-warning@-3 {{Division by zero}}`
	`171`	`+ // expected-note@-1 {{Division by zero}}`
	`172`	`+ // expected-warning@-2 {{Division by zero}}`
`174`	`173`	`}`
`175`	`174`	`}`
`176`	`175`
`@@ -226,9 +225,8 @@ void evalNonNullParamNonNullReturn(const Shape *S) {`
`226`	`225`	`// expected-note@-2 {{Taking true branch}}`
`227`	`226`
`228`	`227`	`(void)(1 / !C);`
`229`		`- // expected-note@-1 {{'C' is non-null}}`
`230`		`- // expected-note@-2 {{Division by zero}}`
`231`		`- // expected-warning@-3 {{Division by zero}}`
	`228`	`+ // expected-note@-1 {{Division by zero}}`
	`229`	`+ // expected-warning@-2 {{Division by zero}}`
`232`	`230`	`}`
`233`	`231`	`}`
`234`	`232`
`@@ -243,9 +241,8 @@ void evalNonNullParamNullReturn(const Shape *S) {`
`243`	`241`	`// expected-note@-4 {{Taking true branch}}`
`244`	`242`
`245`	`243`	`(void)(1 / !T);`
`246`		`- // expected-note@-1 {{'T' is non-null}}`
`247`		`- // expected-note@-2 {{Division by zero}}`
`248`		`- // expected-warning@-3 {{Division by zero}}`
	`244`	`+ // expected-note@-1 {{Division by zero}}`
	`245`	`+ // expected-warning@-2 {{Division by zero}}`
`249`	`246`	`}`
`250`	`247`	`}`
`251`	`248`
`@@ -265,9 +262,8 @@ void evalZeroParamNonNullReturnPointer(const Shape *S) {`
`265`	`262`	`// expected-note@-2 {{'C' initialized here}}`
`266`	`263`
`267`	`264`	`(void)(1 / !C);`
`268`		`- // expected-note@-1 {{'C' is non-null}}`
`269`		`- // expected-note@-2 {{Division by zero}}`
`270`		`- // expected-warning@-3 {{Division by zero}}`
	`265`	`+ // expected-note@-1 {{Division by zero}}`
	`266`	`+ // expected-warning@-2 {{Division by zero}}`
`271`	`267`	`}`
`272`	`268`
`273`	`269`	`void evalZeroParamNonNullReturn(const Shape &S) {`
Original file line number	Diff line number	Diff line change
`@@ -40,8 +40,7 @@ void evalNonNullParamNonNullReturn(const Shape *S) {`
`40`	`40`	`// CHECK-NEXT: ] }`
`41`	`41`
`42`	`42`	`(void)(1 / !C);`
`43`		`- // expected-note@-1 {{'C' is non-null}}`
`44`		`- // expected-note@-2 {{Division by zero}}`
`45`		`- // expected-warning@-3 {{Division by zero}}`
	`43`	`+ // expected-note@-1 {{Division by zero}}`
	`44`	`+ // expected-warning@-2 {{Division by zero}}`
`46`	`45`	`}`
`47`	`46`