[analyzer] Remove redundant check from DivZeroChecker

Analysis by Ted:
"
    if (stateZero && !stateNotZero) {

is checking to see if:

  (A)  "it is possible for the value to be zero"   (stateZero)

    AND

  (B) "it is not possible for the value to be non-zero"  (!stateNotZero)

That said, the only way for both B to be true AND A to be false is if the path is completely infeasible by the time we reach the divide-by-zero check.  For the most part (all cases?), such cases should automatically get pruned out at branches (i.e., an infeasible path gets dropped), which is the case in our tests.  So the question is whether or not such an infeasible path might not get dropped earlier?  I can't envision any right now.

Indeed, the rest of the checker assumes that if the bug condition didn't fire then 'stateNotZero' is non-NULL:

    C.addTransition(stateNotZero);
"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144114 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp b/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
index 75b7cc47aa79104b1a49d43054e2d1608e1e448e..d4fbfa14b9ea53e8d82b7b725f980ee36eb32f89 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
@@ -55,7 +55,8 @@ void DivZeroChecker::checkPreStmt(const BinaryOperator *B,
   const ProgramState *stateNotZero, *stateZero;
   llvm::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DV);
 
-  if (stateZero && !stateNotZero) {
+  if (!stateNotZero) {
+    assert(stateZero);
     if (ExplodedNode *N = C.generateSink(stateZero)) {
       if (!BT)
         BT.reset(new BuiltinBug("Division by zero"));