zaks.anna added inline comments.
================
Comment at: lib/StaticAnalyzer/Core/SValBuilder.cpp:356
QualType ResultTy) {
- if (!State->isTainted(RHS) && !State->isTainted(LHS))
- return UnknownVal();
----------------
I am concerned that removing the guard will regress performance in the vanilla
case. (Note that Z3 support as well as taint are not on by default.)
I am curious how much of the regression you've measured could be gained back if
we make this conditional.
================
Comment at: lib/StaticAnalyzer/Core/SValBuilder.cpp:363
// instead of generating an Unknown value and propagate the taint info to it.
- const unsigned MaxComp = 10000; // 100000 28X
----------------
Reducing the MaxComp is going to regress taint analysis..
> I've updated this revision to account for the recent SVal simplification
> commit by @NoQ,
Which commit introduced the regression?
> but now there is an exponential blowup problem that prevents testcase
> PR24184.cpp from terminating,
What triggers the regression? Removing the if statement above? Does the
regression only effect the Z3 "mode" (I am guessing not since you said "due to
an interaction between Simplifier::VisitNonLocSymbolVal() and
SValBuilder::makeSymExprValNN()")?
https://reviews.llvm.org/D28953
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
