@@ -70,87 +70,26 @@ void BoolAssignmentChecker::checkBind(SVal loc, SVal val, const Stmt *S,
7070 // Get the value of the right-hand side. We only care about values
7171 // that are defined (UnknownVals and UndefinedVals are handled by other
7272 // checkers).
73- Optional<DefinedSVal> DV = val.getAs <DefinedSVal >();
74- if (!DV )
73+ Optional<NonLoc> NV = val.getAs <NonLoc >();
74+ if (!NV )
7575 return ;
7676
7777 // Check if the assigned value meets our criteria for correctness. It must
7878 // be a value that is either 0 or 1. One way to check this is to see if
7979 // the value is possibly < 0 (for a negative value) or greater than 1.
8080 ProgramStateRef state = C.getState ();
8181 SValBuilder &svalBuilder = C.getSValBuilder ();
82+ BasicValueFactory &BVF = svalBuilder.getBasicValueFactory ();
8283 ConstraintManager &CM = C.getConstraintManager ();
8384
84- // First, ensure that the value is >= 0.
85- DefinedSVal zeroVal = svalBuilder.makeIntVal (0 , valTy);
86- SVal greaterThanOrEqualToZeroVal =
87- svalBuilder.evalBinOp (state, BO_GE, *DV, zeroVal,
88- svalBuilder.getConditionType ());
85+ llvm::APSInt Zero = BVF.getValue (0 , valTy);
86+ llvm::APSInt One = BVF.getValue (1 , valTy);
8987
90- Optional<DefinedSVal> greaterThanEqualToZero =
91- greaterThanOrEqualToZeroVal. getAs <DefinedSVal>( );
88+ ProgramStateRef StIn, StOut;
89+ std::tie (StIn, StOut) = CM. assumeInclusiveRangeDual (state, *NV, Zero, One );
9290
93- if (!greaterThanEqualToZero) {
94- // The SValBuilder cannot construct a valid SVal for this condition.
95- // This means we cannot properly reason about it.
96- return ;
97- }
98-
99- ProgramStateRef stateLT, stateGE;
100- std::tie (stateGE, stateLT) = CM.assumeDual (state, *greaterThanEqualToZero);
101-
102- // Is it possible for the value to be less than zero?
103- if (stateLT) {
104- // It is possible for the value to be less than zero. We only
105- // want to emit a warning, however, if that value is fully constrained.
106- // If it it possible for the value to be >= 0, then essentially the
107- // value is underconstrained and there is nothing left to be done.
108- if (!stateGE)
109- emitReport (stateLT, C);
110-
111- // In either case, we are done.
112- return ;
113- }
114-
115- // If we reach here, it must be the case that the value is constrained
116- // to only be >= 0.
117- assert (stateGE == state);
118-
119- // At this point we know that the value is >= 0.
120- // Now check to ensure that the value is <= 1.
121- DefinedSVal OneVal = svalBuilder.makeIntVal (1 , valTy);
122- SVal lessThanEqToOneVal =
123- svalBuilder.evalBinOp (state, BO_LE, *DV, OneVal,
124- svalBuilder.getConditionType ());
125-
126- Optional<DefinedSVal> lessThanEqToOne =
127- lessThanEqToOneVal.getAs <DefinedSVal>();
128-
129- if (!lessThanEqToOne) {
130- // The SValBuilder cannot construct a valid SVal for this condition.
131- // This means we cannot properly reason about it.
132- return ;
133- }
134-
135- ProgramStateRef stateGT, stateLE;
136- std::tie (stateLE, stateGT) = CM.assumeDual (state, *lessThanEqToOne);
137-
138- // Is it possible for the value to be greater than one?
139- if (stateGT) {
140- // It is possible for the value to be greater than one. We only
141- // want to emit a warning, however, if that value is fully constrained.
142- // If it is possible for the value to be <= 1, then essentially the
143- // value is underconstrained and there is nothing left to be done.
144- if (!stateLE)
145- emitReport (stateGT, C);
146-
147- // In either case, we are done.
148- return ;
149- }
150-
151- // If we reach here, it must be the case that the value is constrained
152- // to only be <= 1.
153- assert (stateLE == state);
91+ if (!StIn)
92+ emitReport (StOut, C);
15493}
15594
15695void ento::registerBoolAssignmentChecker (CheckerManager &mgr) {
0 commit comments