infer_clone/infer/tests/codetoanalyze/c/bufferoverrun/prune_alias.c

/*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */
void prune_alias_le_Ok(int x) {
  int a[1];

  if (x <= x) {
    a[0] = 0;
  } else {
    a[1] = 0;
  }
}

void prune_alias_ge_Ok(int x) {
  int a[1];

  if (x >= x) {
    a[0] = 0;
  } else {
    a[1] = 0;
  }
}

void prune_alias_eq_Ok(int x) {
  int a[1];

  if (x == x) {
    a[0] = 0;
  } else {
    a[1] = 0;
  }
}

void prune_alias_lt_Ok(int x) {
  int a[1];

  if (x < x) {
    a[1] = 0;
  }
}

void prune_alias_gt_Ok(int x) {
  int a[1];

  if (x > x) {
    a[1] = 0;
  }
}

void prune_alias_ne_Ok(int x) {
  int a[1];

  if (x != x) {
    a[1] = 0;
  }
}

void prune_alias_not_Ok(int x) {
  int a[1];

  if (!(x == x)) {
    a[1] = 0;
  }

  if (!(x <= x)) {
    a[1] = 0;
  }

  if (!(x >= x)) {
    a[1] = 0;
  }
}

void prune_alias_and_Ok(int x) {
  int a[1];

  if (x == x && x != x) {
    a[1] = 0;
  }
}

void prune_alias_or_Ok(int x, int y) {
  int a[1];

  if (x != x || y != y) {
    a[1] = 0;
  }
}

void prune_alias_exp_Ok(int x) {
  int a[1];

  if (x + 1 != x + 1) {
    a[1] = 0;
  }
}

void prune_alias_exp2_CAF(int x) {
  int a[1];

  if (x + 1 != 1 + x) { // Condition always false
    a[1] = 0;
  }
}

void FP_prune_alias_exp_Ok(int* x) {
  int a[1];

  if (*x + 1 != 1 + *x) {
    a[1] = 0;
  }
}

#include <stdlib.h>

void prune_arrblk_ne_CAT(int* x) {
  int* y = x + 10;

  if (x != y) { // always true
    x[5] = 1;
  }
}

void call_prune_arrblk_ne_Ok() {
  int* x = (int*)malloc(sizeof(int) * 10);
  prune_arrblk_ne_CAT(x);
}

void call_prune_arrblk_ne_Bad() {
  int* x = (int*)malloc(sizeof(int) * 5);
  prune_arrblk_ne_CAT(x);
}

void prune_arrblk_eq_CAF(int* x) {
  int* y = x + 10;

  if (x == y) { // always false
    x[5] = 1; /* unreachable */
  }
}

void call_prune_arrblk_eq_Ok() {
  int* x = (int*)malloc(sizeof(int) * 5);
  prune_arrblk_eq_CAF(x);
}

void prune_minmax1_Ok(unsigned int x, unsigned int y) {
  if (x > 0) {
    if (y >= x + 1) {
      unsigned int z = y - 1;
    }
  }
}

void call_prune_minmax1_Ok() { prune_minmax1_Ok(0, 0); }

void prune_minmax2_Ok(unsigned int x, unsigned int y) {
  if (x > y) {
    unsigned int z = x - y;
  }
}

void call_prune_minmax2_Ok() { prune_minmax2_Ok(0, 2); }

void loop_prune_Good(int length, int j) {
  int i;
  char a[length];

  for (i = length - 1; i >= 0; i--) {
    if (j >= 0 && j < i) {
      /* here we always have i >= 1 */
      a[length - i] = 'Z';
    }
  }
}

void loop_prune2_Good_FP(int length, int j) {
  int i;
  char a[length];

  for (i = length - 1; i >= 0; i--) {
    /* need a relational domain */
    if (j < i && j >= 0) {
      /* here we always have i >= 1 */
      a[length - i] = 'Z';
    }
  }
}

void nested_loop_prune_Good(int length) {
  int i, j;
  char a[length];

  for (i = length - 1; i >= 0; i--) {
    for (j = 0; j < i; j++) {
      /* here we always have i >= 1 */
      a[length - i] = 'Z';
    }
  }
}

void bad_if_alias(int* x, int* y) {
  char a[1];
  if (x == y) {
    a[1] = 'A';
  }
}

void call_bad_if_alias_Bad_AlreadyReported() {
  int x;
  bad_if_alias(x, x);
}

void call_bad_if_alias_Good() {
  int x, y;
  bad_if_alias(x, y);
}

void bad_if_not_alias(int* x, int* y) {
  char a[1];
  if (x != y) {
    a[1] = 'B';
  }
}

void call_bad_if_not_alias_Good() {
  int x;
  bad_if_not_alias(x, x);
}

void call_bad_if_not_alias_Bad_AlreadyReported() {
  int x, y;
  bad_if_not_alias(x, y);
}

int unknown_function();

void latest_prune_join(int* a, int n) {
  int x;
  if (unknown_function()) {
    if (n < 4) {
      x = 1;
    } else {
      x = 0;
    }
  } else {
    if (n < 5) {
      x = 1;
    } else {
      return;
    }
  }
  if (x) {
    a[n] = 0;
  }
}

void call_latest_prune_join_1_Good() {
  int a[5];
  latest_prune_join(a, 3);
}

void call_latest_prune_join_2_Good() {
  int a[5];
  latest_prune_join(a, 10);
}

void call_latest_prune_join_3_Bad() {
  int a[2];
  latest_prune_join(a, 3);
}

void forget_locs_latest_prune(unsigned int n) {
  int x;
  int* a[5];
  if (n < 5) {
    x = 1;
  } else {
    x = 0;
    x = 2;
  }
  if (x) {
    a[n] = 0;
  }
}

void call_forget_locs_latest_prune_Bad() { forget_locs_latest_prune(10); }

void not_prune_multiple1_Bad() {
  int a[5];
  int m[2] = {0, 10};
  if (m[0] < 5) {
    a[m[1]] = 0;
  }
}

void not_prune_multiple2(int* m) {
  int a[5];
  if (m[0] < 5) {
    a[m[1]] = 0;
  }
}

void call_not_prune_multiple2_Good() {
  int m[2] = {0, 4};
  not_prune_multiple2(m);
}

void call_not_prune_multiple2_Bad() {
  int m[2] = {0, 10};
  not_prune_multiple2(m);
}

void not_prune_multiple3_Bad() {
  int a[5];
  int* m = (int*)malloc(sizeof(int) * 2);
  m[0] = 0;
  m[1] = 10;
  if (*m < 5) {
    m++;
    a[*m] = 0;
  }
}

void not_prune_multiple4(int* m) {
  int a[5];
  if (*m < 5) {
    m++;
    a[*m] = 0;
  }
}

void call_not_prune_multiple4_Good() {
  int m[2] = {0, 4};
  not_prune_multiple4(m);
}

void call_not_prune_multiple4_Bad_FN() {
  int m[2] = {0, 10};
  not_prune_multiple4(m);
}

int* unknown1();
int* unknown2();

void unknown_alias_Good() {
  int* x = unknown1();
  int* y = unknown2();

  if (*x < *y) {
    int a[10]; // Here should be reachable.
    a[5] = 0;
  }
}

void unknown_alias_Bad() {
  int* x = unknown1();
  int* y = unknown2();

  if (*x < *y) {
    int a[10]; // Here should be reachable.
    a[10] = 0;
  }
}

void prune_linear_by_minmax(size_t s, size_t t) {
  if (s > 0 && s < 1000) {
    if (t >= s + 1) {
      size_t u = t - 2;
    }
  }
}

void call_prune_linear_by_minmax_Good() {
  prune_linear_by_minmax(unknown_function(), unknown_function());
}

void prune_int_by_pointer_Bad(int* p) {
  int* x = (int*)100;
  if (x == p) {
  }
  int a[5];
  a[5] = 0;
}
[Bufferoverrun] More prune to make some nodes unreachable Summary: - Bottom-lift abstract memory domain to express unreachable node - Two cases to make a node unreachable + constant: when an evaluation result of condition expression is bottom or false, e.g., "prune(0)". + alias: when the same structure e is compared to itself with "<", ">", and "!=", e.g., "prune(e < e)". - Add test for the new prune (prune_constant.c, prune_alias.c) - Debug the semantics of comparison Reviewed By: mbouaziz Differential Revision: D4938055 fbshipit-source-id: d0fadf0 8 years ago			`/*`
[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3 6 years ago			`* Copyright (c) Facebook, Inc. and its affiliates.`
[Bufferoverrun] More prune to make some nodes unreachable Summary: - Bottom-lift abstract memory domain to express unreachable node - Two cases to make a node unreachable + constant: when an evaluation result of condition expression is bottom or false, e.g., "prune(0)". + alias: when the same structure e is compared to itself with "<", ">", and "!=", e.g., "prune(e < e)". - Add test for the new prune (prune_constant.c, prune_alias.c) - Debug the semantics of comparison Reviewed By: mbouaziz Differential Revision: D4938055 fbshipit-source-id: d0fadf0 8 years ago			`*`
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a 7 years ago			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
[Bufferoverrun] More prune to make some nodes unreachable Summary: - Bottom-lift abstract memory domain to express unreachable node - Two cases to make a node unreachable + constant: when an evaluation result of condition expression is bottom or false, e.g., "prune(0)". + alias: when the same structure e is compared to itself with "<", ">", and "!=", e.g., "prune(e < e)". - Add test for the new prune (prune_constant.c, prune_alias.c) - Debug the semantics of comparison Reviewed By: mbouaziz Differential Revision: D4938055 fbshipit-source-id: d0fadf0 8 years ago			`*/`
			`void prune_alias_le_Ok(int x) {`
			`int a[1];`

			`if (x <= x) {`
			`a[0] = 0;`
			`} else {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_ge_Ok(int x) {`
			`int a[1];`

			`if (x >= x) {`
			`a[0] = 0;`
			`} else {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_eq_Ok(int x) {`
			`int a[1];`

			`if (x == x) {`
			`a[0] = 0;`
			`} else {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_lt_Ok(int x) {`
			`int a[1];`

			`if (x < x) {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_gt_Ok(int x) {`
			`int a[1];`

			`if (x > x) {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_ne_Ok(int x) {`
			`int a[1];`

			`if (x != x) {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_not_Ok(int x) {`
			`int a[1];`

			`if (!(x == x)) {`
			`a[1] = 0;`
			`}`

			`if (!(x <= x)) {`
			`a[1] = 0;`
			`}`

			`if (!(x >= x)) {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_and_Ok(int x) {`
			`int a[1];`

			`if (x == x && x != x) {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_or_Ok(int x, int y) {`
			`int a[1];`

			`if (x != x \|\| y != y) {`
			`a[1] = 0;`
			`}`
			`}`

			`void prune_alias_exp_Ok(int x) {`
			`int a[1];`

			`if (x + 1 != x + 1) {`
			`a[1] = 0;`
			`}`
			`}`

[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`void prune_alias_exp2_CAF(int x) {`
[Bufferoverrun] More prune to make some nodes unreachable Summary: - Bottom-lift abstract memory domain to express unreachable node - Two cases to make a node unreachable + constant: when an evaluation result of condition expression is bottom or false, e.g., "prune(0)". + alias: when the same structure e is compared to itself with "<", ">", and "!=", e.g., "prune(e < e)". - Add test for the new prune (prune_constant.c, prune_alias.c) - Debug the semantics of comparison Reviewed By: mbouaziz Differential Revision: D4938055 fbshipit-source-id: d0fadf0 8 years ago			`int a[1];`

[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`if (x + 1 != 1 + x) { // Condition always false`
			`a[1] = 0;`
			`}`
			`}`

			`void FP_prune_alias_exp_Ok(int* x) {`
			`int a[1];`

			`if (x + 1 != 1 + x) {`
[Bufferoverrun] More prune to make some nodes unreachable Summary: - Bottom-lift abstract memory domain to express unreachable node - Two cases to make a node unreachable + constant: when an evaluation result of condition expression is bottom or false, e.g., "prune(0)". + alias: when the same structure e is compared to itself with "<", ">", and "!=", e.g., "prune(e < e)". - Add test for the new prune (prune_constant.c, prune_alias.c) - Debug the semantics of comparison Reviewed By: mbouaziz Differential Revision: D4938055 fbshipit-source-id: d0fadf0 8 years ago			`a[1] = 0;`
			`}`
			`}`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago
			`#include <stdlib.h>`

[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`void prune_arrblk_ne_CAT(int* x) {`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`int* y = x + 10;`

[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`if (x != y) { // always true`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`x[5] = 1;`
			`}`
			`}`

			`void call_prune_arrblk_ne_Ok() {`
			`int* x = (int)malloc(sizeof(int) 10);`
[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`prune_arrblk_ne_CAT(x);`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`}`

			`void call_prune_arrblk_ne_Bad() {`
			`int* x = (int)malloc(sizeof(int) 5);`
[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`prune_arrblk_ne_CAT(x);`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`}`

[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`void prune_arrblk_eq_CAF(int* x) {`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`int* y = x + 10;`

[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`if (x == y) { // always false`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`x[5] = 1; /* unreachable */`
			`}`
			`}`

[inferbo] Extend conditional proof obligation for inequalities Summary: This diff extends the abstract domain to keep binary conditions on prunings, so Inferbo can suppress more proof obligations (i.e., false positives) that are known to be unreachable according to the binary conditions. Depends on D13729600 Reviewed By: mbouaziz Differential Revision: D13749914 fbshipit-source-id: 314f048f1 6 years ago			`void call_prune_arrblk_eq_Ok() {`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`int* x = (int)malloc(sizeof(int) 5);`
[inferbo] Symbols for one value Summary: For abstract values representing one concrete value, create only one symbol instead of two. Still create two symbols (lb, ub) for abstract values representing multiple concrete values (like array cells). As a consequence, comparisons of symbolic values are more precise (we can even prove equality). I expect to remove a bunch of FPs. Another consequence is the disappearance of `.lb` and `.ub` in many reports. Reviewed By: skcho Differential Revision: D13072084 fbshipit-source-id: 9bc0b9881 6 years ago			`prune_arrblk_eq_CAF(x);`
[inferbo][bugfix] Pruning array block (NE case) Reviewed By: mbouaziz Differential Revision: D7235584 fbshipit-source-id: 2ef9144 7 years ago			`}`
[inferbo] Add integer overflow issue type Reviewed By: mbouaziz Differential Revision: D10253878 fbshipit-source-id: 9905d7db4 6 years ago
			`void prune_minmax1_Ok(unsigned int x, unsigned int y) {`
			`if (x > 0) {`
			`if (y >= x + 1) {`
			`unsigned int z = y - 1;`
			`}`
			`}`
			`}`

[inferbo] Simplify and improve Itv.prune_comp Reviewed By: skcho Differential Revision: D10386789 fbshipit-source-id: f9c7e33ef 6 years ago			`void call_prune_minmax1_Ok() { prune_minmax1_Ok(0, 0); }`
[inferbo] Add integer overflow issue type Reviewed By: mbouaziz Differential Revision: D10253878 fbshipit-source-id: 9905d7db4 6 years ago
			`void prune_minmax2_Ok(unsigned int x, unsigned int y) {`
			`if (x > y) {`
			`unsigned int z = x - y;`
			`}`
			`}`

[inferbo] Simplify and improve Itv.prune_comp Reviewed By: skcho Differential Revision: D10386789 fbshipit-source-id: f9c7e33ef 6 years ago			`void call_prune_minmax2_Ok() { prune_minmax2_Ok(0, 2); }`
[inferbo] Normalize intervals after substitution Summary: Gets rid of impossible cases Reviewed By: jvillard Differential Revision: D10487811 fbshipit-source-id: b2966131a 6 years ago
			`void loop_prune_Good(int length, int j) {`
			`int i;`
			`char a[length];`

			`for (i = length - 1; i >= 0; i--) {`
			`if (j >= 0 && j < i) {`
			`/* here we always have i >= 1 */`
			`a[length - i] = 'Z';`
			`}`
			`}`
			`}`

			`void loop_prune2_Good_FP(int length, int j) {`
			`int i;`
			`char a[length];`

			`for (i = length - 1; i >= 0; i--) {`
			`/* need a relational domain */`
			`if (j < i && j >= 0) {`
			`/* here we always have i >= 1 */`
			`a[length - i] = 'Z';`
			`}`
			`}`
			`}`

			`void nested_loop_prune_Good(int length) {`
			`int i, j;`
			`char a[length];`

			`for (i = length - 1; i >= 0; i--) {`
			`for (j = 0; j < i; j++) {`
			`/* here we always have i >= 1 */`
			`a[length - i] = 'Z';`
			`}`
			`}`
			`}`
[inferbo] Pointer comparison Reviewed By: skcho Differential Revision: D13066771 fbshipit-source-id: 134b27db8 6 years ago
			`void bad_if_alias(int* x, int* y) {`
			`char a[1];`
			`if (x == y) {`
			`a[1] = 'A';`
			`}`
			`}`

			`void call_bad_if_alias_Bad_AlreadyReported() {`
			`int x;`
			`bad_if_alias(x, x);`
			`}`

			`void call_bad_if_alias_Good() {`
			`int x, y;`
			`bad_if_alias(x, y);`
			`}`

			`void bad_if_not_alias(int* x, int* y) {`
			`char a[1];`
			`if (x != y) {`
			`a[1] = 'B';`
			`}`
			`}`

			`void call_bad_if_not_alias_Good() {`
			`int x;`
			`bad_if_not_alias(x, x);`
			`}`

			`void call_bad_if_not_alias_Bad_AlreadyReported() {`
			`int x, y;`
			`bad_if_not_alias(x, y);`
			`}`
[inferbo] Revise join of LatestPrune Reviewed By: mbouaziz Differential Revision: D13449197 fbshipit-source-id: a2913c494 6 years ago
			`int unknown_function();`

			`void latest_prune_join(int* a, int n) {`
			`int x;`
			`if (unknown_function()) {`
			`if (n < 4) {`
			`x = 1;`
			`} else {`
			`x = 0;`
			`}`
			`} else {`
			`if (n < 5) {`
			`x = 1;`
			`} else {`
			`return;`
			`}`
			`}`
			`if (x) {`
			`a[n] = 0;`
			`}`
			`}`

			`void call_latest_prune_join_1_Good() {`
			`int a[5];`
			`latest_prune_join(a, 3);`
			`}`

			`void call_latest_prune_join_2_Good() {`
			`int a[5];`
			`latest_prune_join(a, 10);`
			`}`

			`void call_latest_prune_join_3_Bad() {`
			`int a[2];`
			`latest_prune_join(a, 3);`
			`}`
[inferbo] Forget only updated locations from latest prune at Store Reviewed By: mbouaziz Differential Revision: D13414636 fbshipit-source-id: 8dbe7ceb6 6 years ago
			`void forget_locs_latest_prune(unsigned int n) {`
			`int x;`
			`int* a[5];`
			`if (n < 5) {`
			`x = 1;`
			`} else {`
			`x = 0;`
			`x = 2;`
			`}`
			`if (x) {`
			`a[n] = 0;`
			`}`
			`}`

			`void call_forget_locs_latest_prune_Bad() { forget_locs_latest_prune(10); }`
[inferbo] Add tests: values representing multiple values Reviewed By: mbouaziz Differential Revision: D13606721 fbshipit-source-id: 594d24d4a 6 years ago
			`void not_prune_multiple1_Bad() {`
			`int a[5];`
			`int m[2] = {0, 10};`
			`if (m[0] < 5) {`
			`a[m[1]] = 0;`
			`}`
			`}`

			`void not_prune_multiple2(int* m) {`
			`int a[5];`
			`if (m[0] < 5) {`
			`a[m[1]] = 0;`
			`}`
			`}`

			`void call_not_prune_multiple2_Good() {`
			`int m[2] = {0, 4};`
			`not_prune_multiple2(m);`
			`}`

[inferbo] Avoid pruning on array elements Summary: This diff tries to do weak update for the abstract locations by pointer arithmetic, e.g. `p[n]` or `p+n`, even if the type of `p` is declared as a simple pointer, not an array. Reviewed By: ezgicicek Differential Revision: D16458367 fbshipit-source-id: 3b4cdd7e4 5 years ago			`void call_not_prune_multiple2_Bad() {`
[inferbo] Add tests: values representing multiple values Reviewed By: mbouaziz Differential Revision: D13606721 fbshipit-source-id: 594d24d4a 6 years ago			`int m[2] = {0, 10};`
			`not_prune_multiple2(m);`
			`}`

			`void not_prune_multiple3_Bad() {`
			`int a[5];`
			`int* m = (int)malloc(sizeof(int) 2);`
			`m[0] = 0;`
			`m[1] = 10;`
			`if (*m < 5) {`
			`m++;`
			`a[*m] = 0;`
			`}`
			`}`

			`void not_prune_multiple4(int* m) {`
			`int a[5];`
			`if (*m < 5) {`
			`m++;`
			`a[*m] = 0;`
			`}`
			`}`

			`void call_not_prune_multiple4_Good() {`
			`int m[2] = {0, 4};`
			`not_prune_multiple4(m);`
			`}`

			`void call_not_prune_multiple4_Bad_FN() {`
			`int m[2] = {0, 10};`
			`not_prune_multiple4(m);`
			`}`
[inferbo] Do not add Unknown location to alias Summary: Unknown locations in the alias domain resulted in unexpected unreachable code. Reviewed By: mbouaziz Differential Revision: D14339412 fbshipit-source-id: a5dca6489 6 years ago
			`int* unknown1();`
			`int* unknown2();`

			`void unknown_alias_Good() {`
			`int* x = unknown1();`
			`int* y = unknown2();`

			`if (x < y) {`
			`int a[10]; // Here should be reachable.`
			`a[5] = 0;`
			`}`
			`}`

			`void unknown_alias_Bad() {`
			`int* x = unknown1();`
			`int* y = unknown2();`

			`if (x < y) {`
			`int a[10]; // Here should be reachable.`
			`a[10] = 0;`
			`}`
			`}`
[inferbo] Prune linear bound by minmax Summary: Before this diff, it gave up pruning of linear bound by minmax bound. For example, `overapprox_min (x+c1, c2+min(d1,y))` was `x+c1`. However, we can get a bit more preciser value as follows. ``` overapprox_min (x+c1, c2+min(d1,y)) <= min (x+c1, c2+d1) = c1+min(c2+d1-c1, x) ``` Reviewed By: ezgicicek Differential Revision: D16543837 fbshipit-source-id: 8fdbce097 5 years ago
			`void prune_linear_by_minmax(size_t s, size_t t) {`
			`if (s > 0 && s < 1000) {`
			`if (t >= s + 1) {`
			`size_t u = t - 2;`
			`}`
			`}`
			`}`

			`void call_prune_linear_by_minmax_Good() {`
			`prune_linear_by_minmax(unknown_function(), unknown_function());`
			`}`
[inferbo] Fix bug in integer pruning by pointer Summary: This diff avoids that an integer value is pruned to the bottom by comparing to a pointer. For example, before this diff, assume((int)x == p); assume((int)x != p); where x is an integer, x is pruned to the bottom in both of the assume cases. So, there were some, unintentional and false, unreachable code. Depends on D16960199 Reviewed By: ezgicicek Differential Revision: D16964735 fbshipit-source-id: 90a3c8c80 5 years ago
			`void prune_int_by_pointer_Bad(int* p) {`
			`int* x = (int*)100;`
			`if (x == p) {`
			`}`
			`int a[5];`
			`a[5] = 0;`
			`}`