From: Anna Zaks Date: Tue, 1 Nov 2011 22:41:06 +0000 (+0000) Subject: [analyzer] BranchNodeBuilder should not generate autotransitions. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cdcc653642d4ac9255c574fabe74a48149e06733;p=clang [analyzer] BranchNodeBuilder should not generate autotransitions. This fixes radar://10367606 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143514 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h b/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h index 87751d28a3..a3e5a19ab2 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h @@ -378,6 +378,8 @@ public: } }; +/// \brief BranchNodeBuilder is responsible for constructing the nodes +/// corresponding to the two branches of the if statement - true and false. class BranchNodeBuilder: public NodeBuilder { const CFGBlock *DstT; const CFGBlock *DstF; @@ -390,13 +392,19 @@ public: const NodeBuilderContext &C, const CFGBlock *dstT, const CFGBlock *dstF) : NodeBuilder(SrcNode, DstSet, C), DstT(dstT), DstF(dstF), - InFeasibleTrue(!DstT), InFeasibleFalse(!DstF) {} + InFeasibleTrue(!DstT), InFeasibleFalse(!DstF) { + // The Banch node builder does not generate autotransitions. + // If there are no successors it means that both branches are infeasible. + takeNodes(SrcNode); + } BranchNodeBuilder(const ExplodedNodeSet &SrcSet, ExplodedNodeSet &DstSet, const NodeBuilderContext &C, const CFGBlock *dstT, const CFGBlock *dstF) : NodeBuilder(SrcSet, DstSet, C), DstT(dstT), DstF(dstF), - InFeasibleTrue(!DstT), InFeasibleFalse(!DstF) {} + InFeasibleTrue(!DstT), InFeasibleFalse(!DstF) { + takeNodes(SrcSet); + } ExplodedNode *generateNode(const ProgramState *State, bool branch, ExplodedNode *Pred); diff --git a/include/clang/StaticAnalyzer/Core/PathSensitive/WorkList.h b/include/clang/StaticAnalyzer/Core/PathSensitive/WorkList.h index fa340753e5..51aa753f11 100644 --- a/include/clang/StaticAnalyzer/Core/PathSensitive/WorkList.h +++ b/include/clang/StaticAnalyzer/Core/PathSensitive/WorkList.h @@ -73,6 +73,7 @@ public: } void enqueue(ExplodedNode *N) { + assert(N->getLocation().getKind() != ProgramPoint::PostStmtKind); enqueue(WorkListUnit(N, CurrentCounter)); } diff --git a/lib/StaticAnalyzer/Core/CoreEngine.cpp b/lib/StaticAnalyzer/Core/CoreEngine.cpp index 5ab55b5ee3..db007feafb 100644 --- a/lib/StaticAnalyzer/Core/CoreEngine.cpp +++ b/lib/StaticAnalyzer/Core/CoreEngine.cpp @@ -456,6 +456,7 @@ void CoreEngine::generateNode(const ProgramPoint &Loc, void CoreEngine::enqueueStmtNode(ExplodedNode *N, const CFGBlock *Block, unsigned Idx) { + assert(Block); assert (!N->isSink()); // Check if this node entered a callee. diff --git a/test/Analysis/misc-ps.c b/test/Analysis/misc-ps.c index 0dfb3ae1ac..be0bbf58ff 100644 --- a/test/Analysis/misc-ps.c +++ b/test/Analysis/misc-ps.c @@ -95,4 +95,14 @@ void rdar10308201 (int valA, void *valB, unsigned valC) { } } +typedef struct Struct103 { + unsigned i; +} Struct103; +typedef unsigned int size_t; +void __my_memset_chk(char*, int, size_t); +static int radar10367606(int t) { + Struct103 overall; + ((__builtin_object_size ((char *) &overall, 0) != (size_t) -1) ? __builtin___memset_chk ((char *) &overall, 0, sizeof(Struct103), __builtin_object_size ((char *) &overall, 0)) : __my_memset_chk ((char *) &overall, 0, sizeof(Struct103))); + return 0; +}