[analyzer] Fix crash in RetainCountChecker::checkEndFunction

The class BodyFarm creates bodies for
OSAtomicCompareAndSwap*, objc_atomicCompareAndSwap*, dispatch_sync*, dispatch_once*
and for them the flag isBodyAutosynthesized is set to true.

This diff
1. makes AnalysisConsumer::HandleCode skip the autosynthesized code
2. replaces assert(LCtx->getParent()) in RetainCountChecker::checkEndFunction
by assert(!LCtx->inTopFrame()) (minor cleanup)

Test plan: make -j8 check-clang-analysis

Differential revision: https://reviews.llvm.org/D24792

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@282293 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp b/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
index d445e91b0d6989160f0a10213a0ac8c592e9a7ca..13a4f87bd9d3bb23d14853be0af393c886b8138c 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
@@ -3863,7 +3863,7 @@ void RetainCountChecker::checkEndFunction(CheckerContext &Ctx) const {
   // Don't process anything within synthesized bodies.
   const LocationContext *LCtx = Pred->getLocationContext();
   if (LCtx->getAnalysisDeclContext()->isBodyAutosynthesized()) {
-    assert(LCtx->getParent());
+    assert(!LCtx->inTopFrame()); 
     return;
   }
 

diff --git a/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp b/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
index 2faf62e3fcc73e235d2e2dce7d984ef44e115ccc..1dc490e1c70b95ce226101b668a38cd24b2cde5b 100644 (file)
--- a/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
+++ b/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
@@ -652,6 +652,12 @@ void AnalysisConsumer::HandleCode(Decl *D, AnalysisMode Mode,
   if (Mode == AM_None)
     return;
 
+  // Clear the AnalysisManager of old AnalysisDeclContexts.
+  Mgr->ClearContexts();
+  // Ignore autosynthesized code.
+  if (Mgr->getAnalysisDeclContext(D)->isBodyAutosynthesized())
+    return;
+
   DisplayFunction(D, Mode, IMode);
   CFG *DeclCFG = Mgr->getCFG(D);
   if (DeclCFG) {
@@ -659,8 +665,6 @@ void AnalysisConsumer::HandleCode(Decl *D, AnalysisMode Mode,
     MaxCFGSize = MaxCFGSize < CFGSize ? CFGSize : MaxCFGSize;
   }
 
-  // Clear the AnalysisManager of old AnalysisDeclContexts.
-  Mgr->ClearContexts();
   BugReporter BR(*Mgr);
 
   if (Mode & AM_Syntax)

diff --git a/test/Analysis/NSString.m b/test/Analysis/NSString.m
index 799f813022ebd30e4e586b2a25b69ef9aa6c70ff..9038388811ad08baf61f5c48ee839cd4b9c89c5a 100644 (file)
--- a/test/Analysis/NSString.m
+++ b/test/Analysis/NSString.m
@@ -289,7 +289,11 @@ _Bool opaque_OSAtomicCompareAndSwapPtr( void *__oldValue, void *__newValue, void
 _Bool OSAtomicCompareAndSwapPtr( void *__oldValue, void *__newValue, void * volatile *__theValue ) {
   return opaque_OSAtomicCompareAndSwapPtr(__oldValue, __newValue, __theValue);
 }
-
+// Test that the analyzer doesn't crash when the farm model is used. 
+// The analyzer ignores the autosynthesized code.
+_Bool OSAtomicCompareAndSwapEmptyFunction( void *__oldValue, void *__newValue, void * volatile *__theValue ) {
+  return 0;
+}
 extern BOOL opaque_objc_atomicCompareAndSwapPtr(id predicate, id replacement, volatile id *objectLocation);
 extern BOOL objc_atomicCompareAndSwapPtr(id predicate, id replacement, volatile id *objectLocation) {
   return opaque_objc_atomicCompareAndSwapPtr(predicate, replacement, objectLocation);
@@ -441,4 +445,4 @@ void testOSCompareAndSwapXXBarrier_parameter_no_direct_release(NSString **old) {
 - (void)callValue {
   [self _value];
 }
-@end
\ No newline at end of file
+@end