NoQ added a comment.
Aha, great, the overall structure of the code is correct!
================
Comment at: clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp:477
+
+ // For all of the bitwise operations,
+ // if they remain in that 'SymIntExpr' form that means we cannot evaluate the
----------------
Let's do some math.
Suppose `$x` is in range `[2, 3]`. In this case the true range for `$x & 1` is
`[0, 1]` (because `2 & 1 == 0` and `3 & 1 == 1`).
The range for `$x & 8` would be `[0, 0]`.
The range for `$x | 8` would be `[10, 11]`.
The range for `$x << 1` would be `[4, 4], [6, 6]`.
The range for `$x >> 1` would be `[0, 1]`.
None of these ranges are contained within `[2, 3]`. In fact, none of them even
contain either `2` or `3`. However, when you intersect the resulting range with
`[2, 3]`, you make sure that the resulting range is contained within `[2, 3]`.
I don't think that's correct.
================
Comment at: clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp:487-488
+ if (!PreviousRS->isEmpty()) {
+ RangeSet::iterator I = PreviousRS->begin();
+ Result = Result.Intersect(BV, F, I->From(), I->To());
+ }
----------------
You're only taking a single segment out of the range. The range may be a union
of multiple segments. You should intersect with the whole range instead.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D65239/new/
https://reviews.llvm.org/D65239
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
