From 0674b813aa85ee53ab5ece6efd7f982aa04652d9 Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Wed, 18 Jun 2014 19:23:30 +0000 Subject: [PATCH] [analyzer] Don't create new PostStmt nodes if we don't have to. Doing this caused us to mistakenly think we'd seen a particular state before when we actually hadn't, which resulted in false negatives. Credit to Rafael Auler for discovering this issue! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@211209 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/CoreEngine.cpp | 2 +- test/Analysis/retain-release-cache-out.m | 27 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 test/Analysis/retain-release-cache-out.m diff --git a/lib/StaticAnalyzer/Core/CoreEngine.cpp b/lib/StaticAnalyzer/Core/CoreEngine.cpp index e710c7f717..4623c358a9 100644 --- a/lib/StaticAnalyzer/Core/CoreEngine.cpp +++ b/lib/StaticAnalyzer/Core/CoreEngine.cpp @@ -541,7 +541,7 @@ void CoreEngine::enqueueStmtNode(ExplodedNode *N, CFGStmt CS = (*Block)[Idx].castAs(); PostStmt Loc(CS.getStmt(), N->getLocationContext()); - if (Loc == N->getLocation()) { + if (Loc == N->getLocation().withTag(nullptr)) { // Note: 'N' should be a fresh node because otherwise it shouldn't be // a member of Deferred. WList->enqueue(N, Block, Idx+1); diff --git a/test/Analysis/retain-release-cache-out.m b/test/Analysis/retain-release-cache-out.m new file mode 100644 index 0000000000..54573a4606 --- /dev/null +++ b/test/Analysis/retain-release-cache-out.m @@ -0,0 +1,27 @@ +// RUN: %clang_cc1 -analyze %s -analyzer-checker=core,osx.cocoa.RetainCount -fblocks -verify + +// This test is checking behavior when a single checker runs only with the core +// checkers, testing that the traversal order in the CFG does not affect the +// reporting of an error. + +#import "Inputs/system-header-simulator-objc.h" + +void testDoubleRelease(BOOL z) { + id x = [[NSObject alloc] init]; + if (z) { + [x release]; + } else { + ; + } + [x release]; // expected-warning {{Reference-counted object is used after it is released}} +} + +void testDoubleRelease2(BOOL z) { + id x = [[NSObject alloc] init]; + if (z) { + ; + } else { + [x release]; + } + [x release]; // expected-warning {{Reference-counted object is used after it is released}} +} -- 2.40.0