diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2019-02-06 23:56:43 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2019-02-06 23:56:43 +0000 |
| commit | b7e33f640432cc66f49bebe27fd2c66b9083bcb3 (patch) | |
| tree | c652092dbea42358116cb85b5c6586a6c5b13989 /clang/test | |
| parent | db5036504ec5815363f661103d7edf51b0b8f1a4 (diff) | |
| download | bcm5719-llvm-b7e33f640432cc66f49bebe27fd2c66b9083bcb3.tar.gz bcm5719-llvm-b7e33f640432cc66f49bebe27fd2c66b9083bcb3.zip | |
Revert "[analyzer] Remove the "postponed" hack, deal with derived symbols..."
This reverts commit r341722.
The "postponed" mechanism turns out to be necessary in order to handle
situations when a symbolic region is only kept alive by implicit bindings
in the Store. Otherwise the region is never scanned by the Store's worklist
and the binding gets dropped despite being live, as demonstrated
by the newly added tests.
Differential Revision: https://reviews.llvm.org/D57554
llvm-svn: 353350
Diffstat (limited to 'clang/test')
| -rw-r--r-- | clang/test/Analysis/malloc.c | 18 | ||||
| -rw-r--r-- | clang/test/Analysis/symbol-reaper.c | 25 |
2 files changed, 43 insertions, 0 deletions
diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index d4a44c57624..cbc21b492e5 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -1794,6 +1794,24 @@ void testNoCrashOnOffendingParameter() { allocateSomeMemory(offendingParameter, &ptr); } // expected-warning {{Potential leak of memory pointed to by 'ptr'}} + +// Test a false positive caused by a bug in liveness analysis. +struct A { + int *buf; +}; +struct B { + struct A *a; +}; +void livenessBugRealloc(struct A *a) { + a->buf = realloc(a->buf, sizeof(int)); // no-warning +} +void testLivenessBug(struct B *in_b) { + struct B *b = in_b; + livenessBugRealloc(b->a); + ((void) 0); // An attempt to trick liveness analysis. + livenessBugRealloc(b->a); +} + // ---------------------------------------------------------------------------- // False negatives. diff --git a/clang/test/Analysis/symbol-reaper.c b/clang/test/Analysis/symbol-reaper.c index ef8ff18a2d8..62bb5d6c6b3 100644 --- a/clang/test/Analysis/symbol-reaper.c +++ b/clang/test/Analysis/symbol-reaper.c @@ -133,3 +133,28 @@ void test_zombie_referenced_only_through_field_in_store_value() { clang_analyzer_warnOnDeadSymbol((int) s); int *x = &s->field; } // expected-warning{{SYMBOL DEAD}} + +void double_dereference_of_implicit_value_aux1(int *p) { + *p = 0; +} + +void double_dereference_of_implicit_value_aux2(int *p) { + if (*p != 0) + clang_analyzer_warnIfReached(); // no-warning +} + +void test_double_dereference_of_implicit_value(int **x) { + clang_analyzer_warnOnDeadSymbol(**x); + int **y = x; + { + double_dereference_of_implicit_value_aux1(*y); + // Give time for symbol reaping to happen. + ((void)0); + // The symbol for **y was cleaned up from the Store at this point, + // even though it was not perceived as dead when asked explicitly. + // For that reason the SYMBOL DEAD warning never appeared at this point. + double_dereference_of_implicit_value_aux2(*y); + } + // The symbol is generally reaped here regardless. + ((void)0); // expected-warning{{SYMBOL DEAD}} +} |
