[PATCH] D27710: [analyzer] Prohibit ExplodedGraph's edges duplicating

Ilya Palachev via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Jan 19 06:23:59 PST 2017

ilya-palachev added a comment.

Thanks for review!

> As Artem points out, the checkers in tree do not create a node for every bug reported - there is no reason to do that.

Yes... But why does `generateNonFatalErrorNode` return `nullptr` in case when the node already exists? Isn't it designed so that to prevent multiple reports being thrown for the same node? If so, then the code contains a lot of such checks.

I don't understand why the following test passes, because each of two checkers: `MallocChecker` and `SimpleStreamChecker` are using `generateNonFatalErrorNode` method:

  // RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc,alpha.unix.SimpleStream -analyzer-store region -verify %s
  typedef struct _IO_FILE FILE;
  extern FILE *fopen(const char *path, const char *mode);
  extern int fclose(FILE *fp);
  typedef __typeof(sizeof(int)) size_t;
  void *malloc(size_t);
  void free(void *);
  void test() {
    void *p = malloc(1);
    void *r = fopen("foo", "r");
    if (r) {
      (void)(p - r);
      // expected-warning at -1{{Potential leak of memory}}
      // expected-warning at -2{{Opened file is never closed}}
    else {

Maybe it's possible to invent such a testcase when two checkers begin to conflict for the node. Or not?



More information about the cfe-commits mailing list