[analyzer] Fix a spurious undef value warning.

When we timeout or exceed a max number of blocks within an inlined
function, we retry with no inlining starting from a node right before
the CallEnter node. We assume the state of that node is the state of the
program before we start evaluating the call. However, the node pruning
removes this node as unimportant.

Teach the node pruning to keep the predecessors of the call enter nodes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157860 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/ExplodedGraph.cpp b/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
index e433c353c1c2a70f86f8a1deeab99e0a6efc0c3f..5b9f451e971f75b2ee6dc70d4b64e878c0e5a96f 100644 (file)
--- a/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
+++ b/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
@@ -67,6 +67,8 @@ bool ExplodedGraph::shouldCollect(const ExplodedNode *node) {
   // (6) The 'GDM' is the same as the predecessor.
   // (7) The LocationContext is the same as the predecessor.
   // (8) The PostStmt is for a non-consumed Stmt or Expr.
+  // (9) The successor is a CallExpr StmtPoint (so that we would be able to
+  //     find it when retrying a call with no inlining).
 
   // Conditions 1 and 2.
   if (node->pred_size() != 1 || node->succ_size() != 1)
@@ -109,7 +111,13 @@ bool ExplodedGraph::shouldCollect(const ExplodedNode *node) {
       return false;
   }
   
-  return true; 
+  // Condition 9.
+  const ProgramPoint SuccLoc = succ->getLocation();
+  if (const StmtPoint *SP = dyn_cast<StmtPoint>(&SuccLoc))
+    if (isa<CallExpr>(SP->getStmt()))
+      return false;
+
+  return true;
 }
 
 void ExplodedGraph::collectNode(ExplodedNode *node) {

diff --git a/test/Analysis/engine/replay-without-inlining.c b/test/Analysis/engine/replay-without-inlining.c
new file mode 100644 (file)
index 0000000..9ec2d08
--- /dev/null
+++ b/test/Analysis/engine/replay-without-inlining.c
@@ -0,0 +1,57 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -verify %s
+
+typedef struct {
+    char I[4];
+    int S;
+} Hdr;
+typedef struct {
+    short w;
+} Hdr2;
+typedef struct {
+    Hdr2 usedtobeundef;
+} Info;
+typedef struct {
+    const unsigned char *ib;
+    int cur;
+    int end;
+} IB;
+inline unsigned long gl(IB *input);
+inline void gbs(IB *input, unsigned char *buf, int count);
+void getB(IB *st, Hdr2 *usedtobeundef);
+inline unsigned char gb(IB *input) {
+    if (input->cur + 1 > input->end)
+      ;
+    return input->ib[(input->cur)++];
+}
+static void getID(IB *st, char str[4]) {
+    str[0] = gb(st);
+    str[1] = gb(st);
+    str[2] = gb(st);
+    str[3] = gb(st);
+}
+static void getH(IB *st, Hdr *header) {
+    getID (st, header->I);
+    header->S = gl(st);
+}
+static void readILBM(IB *st, Info *pic) {
+    // Initialize field;
+    pic->usedtobeundef.w = 5;
+
+    // Time out in the function so that we will be forced to retry with no inlining.
+    Hdr header;
+    getH (st, &header);
+    getID(st, header.I);
+    int i = 0;
+    while (st->cur < st->end && i < 4) {
+      i++;
+      getH (st, &header);
+    }
+}
+int bitmapImageRepFromIFF(IB st, const unsigned char *ib, int il) {
+    Info pic;
+    st.ib = ib;
+    st.cur = 0;
+    st.end = il;
+    readILBM(&st,&pic);
+    return pic.usedtobeundef.w; // No undefined value warning here.
+}