[analyzer] Remove redundant check from DivZeroChecker

Analysis by Ted:
"
    if (stateZero && !stateNotZero) {

is checking to see if:

  (A)  "it is possible for the value to be zero"   (stateZero)

    AND

  (B) "it is not possible for the value to be non-zero"  (!stateNotZero)

That said, the only way for both B to be true AND A to be false is if the path is completely infeasible by the time we reach the divide-by-zero check.  For the most part (all cases?), such cases should automatically get pruned out at branches (i.e., an infeasible path gets dropped), which is the case in our tests.  So the question is whether or not such an infeasible path might not get dropped earlier?  I can't envision any right now.

Indeed, the rest of the checker assumes that if the bug condition didn't fire then 'stateNotZero' is non-NULL:

    C.addTransition(stateNotZero);
"

llvm-svn: 144114
This commit is contained in:
Anna Zaks 2011-11-08 19:56:35 +00:00
parent 767d356f87
commit 0d58033bdb
1 changed files with 2 additions and 1 deletions

View File

@ -55,7 +55,8 @@ void DivZeroChecker::checkPreStmt(const BinaryOperator *B,
const ProgramState *stateNotZero, *stateZero;
llvm::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DV);
if (stateZero && !stateNotZero) {
if (!stateNotZero) {
assert(stateZero);
if (ExplodedNode *N = C.generateSink(stateZero)) {
if (!BT)
BT.reset(new BuiltinBug("Division by zero"));