The assertion gets exposed when changing the exploration order.
This is a quick hacky fix, but the intention is that if the nodes do
merge, it should not matter which predecessor should be traverse.
A proper fix would be not to traverse predecessors at all, as all
information relevant for any decision should be avilable locally.
rdar://
37540480
Differential Revision: https://reviews.llvm.org/D42773
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@325977
91177308-0d34-0410-b5e6-
96231b3b80d8
for (const ExplodedNode *N = Pred ; N ; N = *N->pred_begin()) {
ProgramPoint PP = N->getLocation();
if (PP.getAs<PreStmtPurgeDeadSymbols>() || PP.getAs<BlockEntrance>()) {
- assert(N->pred_size() == 1);
+ // If the state N has multiple predecessors P, it means that successors
+ // of P are all equivalent.
+ // In turn, that means that all nodes at P are equivalent in terms
+ // of observable behavior at N, and we can follow any of them.
+ // FIXME: a more robust solution which does not walk up the tree.
continue;
}
SrcBlock = PP.castAs<BlockEdge>().getSrc();
--- /dev/null
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config exploration_strategy=unexplored_first %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config exploration_strategy=dfs %s
+
+extern void clang_analyzer_eval(int);
+
+typedef struct { char a; } b;
+int c(b* input) {
+ int x = (input->a ?: input) ? 1 : 0; // expected-warning{{pointer/integer type mismatch}}
+ if (input->a) {
+ // FIXME: The value should actually be "TRUE",
+ // but is incorrect due to a bug.
+ clang_analyzer_eval(x); // expected-warning{{FALSE}}
+ } else {
+ clang_analyzer_eval(x); // expected-warning{{TRUE}}
+ }
+ return x;
+}
projects / clang / commitdiff