diff options
| author | George Karpenkov <ekarpenkov@apple.com> | 2018-02-23 23:26:57 +0000 |
|---|---|---|
| committer | George Karpenkov <ekarpenkov@apple.com> | 2018-02-23 23:26:57 +0000 |
| commit | 60c206e0bd70332630389b86ead1634368a720a8 (patch) | |
| tree | 2409246dd5bb60ba2a307b004a33a05d15ddb00e | |
| parent | e15451a9c04fa977a4911ca144904293e13e4326 (diff) | |
| download | bcm5719-llvm-60c206e0bd70332630389b86ead1634368a720a8.tar.gz bcm5719-llvm-60c206e0bd70332630389b86ead1634368a720a8.zip | |
[analyzer] Relax the assert used when traversing the node graph.
The assertion gets exposed when changing the exploration order.
This is a quick hacky fix, but the intention is that if the nodes do
merge, it should not matter which predecessor should be traverse.
A proper fix would be not to traverse predecessors at all, as all
information relevant for any decision should be avilable locally.
rdar://37540480
Differential Revision: https://reviews.llvm.org/D42773
llvm-svn: 325977
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp | 6 | ||||
| -rw-r--r-- | clang/test/Analysis/exploration_order/noexprcrash.c | 17 |
2 files changed, 22 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp index 3e7a50365f5..c3c1cb93fde 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp @@ -760,7 +760,11 @@ void ExprEngine::VisitGuardedExpr(const Expr *Ex, for (const ExplodedNode *N = Pred ; N ; N = *N->pred_begin()) { ProgramPoint PP = N->getLocation(); if (PP.getAs<PreStmtPurgeDeadSymbols>() || PP.getAs<BlockEntrance>()) { - assert(N->pred_size() == 1); + // If the state N has multiple predecessors P, it means that successors + // of P are all equivalent. + // In turn, that means that all nodes at P are equivalent in terms + // of observable behavior at N, and we can follow any of them. + // FIXME: a more robust solution which does not walk up the tree. continue; } SrcBlock = PP.castAs<BlockEdge>().getSrc(); diff --git a/clang/test/Analysis/exploration_order/noexprcrash.c b/clang/test/Analysis/exploration_order/noexprcrash.c new file mode 100644 index 00000000000..75c2f0e6798 --- /dev/null +++ b/clang/test/Analysis/exploration_order/noexprcrash.c @@ -0,0 +1,17 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config exploration_strategy=unexplored_first %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config exploration_strategy=dfs %s + +extern void clang_analyzer_eval(int); + +typedef struct { char a; } b; +int c(b* input) { + int x = (input->a ?: input) ? 1 : 0; // expected-warning{{pointer/integer type mismatch}} + if (input->a) { + // FIXME: The value should actually be "TRUE", + // but is incorrect due to a bug. + clang_analyzer_eval(x); // expected-warning{{FALSE}} + } else { + clang_analyzer_eval(x); // expected-warning{{TRUE}} + } + return x; +} |
