From d56763fd33321cb3d0f17804abecb379cea78c01 Mon Sep 17 00:00:00 2001 From: Zhongxing Xu Date: Thu, 1 Sep 2011 04:53:59 +0000 Subject: [PATCH] If size was equal to 0, either NULL or a pointer suitable to be passed to free() is returned by realloc(). Most code expect NULL. And we only need to transfer one final ProgramState. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 7 ++----- test/Analysis/malloc.c | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index 7462ec5984..f0f56efa9e 100644 --- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -538,11 +538,8 @@ void MallocChecker::ReallocMem(CheckerContext &C, const CallExpr *CE) const { if (const ProgramState *stateFree = FreeMemAux(C, CE, stateSizeZero, 0, false)) { - // Add the state transition to set input pointer argument to be free. - C.addTransition(stateFree); - - // Bind the return value to UndefinedVal because it is now free. - C.addTransition(stateFree->BindExpr(CE, UndefinedVal(), true)); + // Bind the return value to NULL because it is now free. + C.addTransition(stateFree->BindExpr(CE, svalBuilder.makeNull(), true)); } if (const ProgramState *stateSizeNotZero = stateNotEqual->assume(SizeZero,false)) if (const ProgramState *stateFree = FreeMemAux(C, CE, stateSizeNotZero, diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c index dce9e4b5b2..d9087ab830 100644 --- a/test/Analysis/malloc.c +++ b/test/Analysis/malloc.c @@ -41,7 +41,7 @@ void f2_realloc_0() { void f2_realloc_1() { int *p = malloc(12); - int *q = realloc(p,0); // expected-warning{{Assigned value is garbage or undefined}} + int *q = realloc(p,0); // no-warning } // ownership attributes tests -- 2.40.0