From 8d0ffc7f8c9e7515c54d47b5fd37f8a62850dffb Mon Sep 17 00:00:00 2001 From: Anna Zaks Date: Tue, 8 Nov 2011 19:56:35 +0000 Subject: [PATCH] [analyzer] Remove redundant check from DivZeroChecker Analysis by Ted: " if (stateZero && !stateNotZero) { is checking to see if: (A) "it is possible for the value to be zero" (stateZero) AND (B) "it is not possible for the value to be non-zero" (!stateNotZero) That said, the only way for both B to be true AND A to be false is if the path is completely infeasible by the time we reach the divide-by-zero check. For the most part (all cases?), such cases should automatically get pruned out at branches (i.e., an infeasible path gets dropped), which is the case in our tests. So the question is whether or not such an infeasible path might not get dropped earlier? I can't envision any right now. Indeed, the rest of the checker assumes that if the bug condition didn't fire then 'stateNotZero' is non-NULL: C.addTransition(stateNotZero); " git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144114 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp b/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp index 75b7cc47aa..d4fbfa14b9 100644 --- a/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp @@ -55,7 +55,8 @@ void DivZeroChecker::checkPreStmt(const BinaryOperator *B, const ProgramState *stateNotZero, *stateZero; llvm::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DV); - if (stateZero && !stateNotZero) { + if (!stateNotZero) { + assert(stateZero); if (ExplodedNode *N = C.generateSink(stateZero)) { if (!BT) BT.reset(new BuiltinBug("Division by zero")); -- 2.50.1