analyzer: reject ((i + 1 > 0) && (i < 0)) for integers [PR94362]

PR analyzer/94362 reports a false positive from
-Wanalyzer-null-dereference seen when analyzing OpenSSL.

The root cause is that the analyzer's path feasibility checker
erroneously considers this to be feasible:
  (R + 1 > 0) && (R < 0)
for int R (the return value from sk_EVP_PKEY_ASN1_METHOD_num),
whereas it's not satisfiable for any int R.

This patch makes the constraint manager try harder to reject
such combinations of conditions, fixing the false positive;
perhaps in the longer term we ought to use an SMT solver.

	PR analyzer/94362
	* (bound::ensure_closed): Convert param to
	enum bound_kind.
	(range::constrained_to_single_element): Likewise.
	(range::add_bound): New.
	(constraint_manager::add_constraint): Handle SVAL + OFFSET
	compared to a constant.
	(constraint_manager::get_ec_bounds): Rewrite in terms of
	(constraint_manager::eval_condition): Reject if range::add_bound
	(selftest::test_constant_comparisons): Add test coverage for
	various impossible combinations of integer comparisons.
	* constraint-manager.h (enum bound_kind): New.
	(struct bound): Likewise.
	(bound::ensure_closed): Convert to param to enum bound_kind.
	(struct range): Convert to...
	(class range): ...this, making fields private.
	(range::add_bound): New decls.
	* (region_model::add_constraint): Fail if
	constraint_manager::add_constraint fails.

	PR analyzer/94362
	* gcc.dg/analyzer/pr94362-1.c: New test.
	* gcc.dg/analyzer/pr94362-2.c: New test.

Signed-off-by: David Malcolm <>
5 files changed