This is important because sometimes two nodes are identical, except the
second one is a sink.
This bug has probably been around for a while, but it wouldn't have been an
issue in the old report graph algorithm. I'm ashamed to say I actually looked
at this the first time around and thought it would never be a problem...and
then didn't include an assertion to back that up.
PR15684
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178944
91177308-0d34-0410-b5e6-
96231b3b80d8
while (true) {
// Create the equivalent node in the new graph with the same state
// and location.
- ExplodedNode *NewN = GNew->getNode(OrigN->getLocation(), OrigN->getState());
+ ExplodedNode *NewN = GNew->getNode(OrigN->getLocation(), OrigN->getState(),
+ OrigN->isSink());
// Store the mapping to the original node.
InterExplodedGraphMap::const_iterator IMitr = InverseMap.find(OrigN);
return !y;
}
+
+// PR15684: If a checker generates a sink node after generating a regular node
+// and no state changes between the two, graph trimming would consider the two
+// the same node, forming a loop.
+struct PR15684 {
+ void (*callback)(int);
+};
+void sinkAfterRegularNode(struct PR15684 *context) {
+ int uninitialized;
+ context->callback(uninitialized); // expected-warning {{uninitialized}}
+}
+