[PATCH] D18860: [analyzer] Fix the "Zombie symbols" issue.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Nov 9 18:55:05 PST 2018
NoQ updated this revision to Diff 173487.
NoQ added a comment.
Add an interesting test for the `MisusedMovedObject` checker that demonstrates one more potential source of false positives caused by the zombie symbol problem. In this test there are, well, //no symbols//. Therefore, there are no dead symbols or zombie symbols. Therefore `SymReaper.hasDeadSymbols()` is always `false`. Therefore `checkDeadSymbols()` is never called at all. However, `MisusedMovedObject` checker is not interested in symbols; it is only interested in regions, including concrete regions that aren't based on symbols. So it was missing the `checkDeadSymbols()` callback that would have unmarked the region for variable `e` (in inlined function or not in inlined function - doesn't matter). And next time it sees variable `e` in that function within the same stack frame, it thinks it's the same variable that has just been moved.
This problem was already discussed in D24246?id=82469#inline-249803 <https://reviews.llvm.org/D24246?id=82469#inline-249803>.
Add tests in `loop-block-counts.c` that demonstrate the other source of the problem in `MisusedMovedObject`: in fact, variable `e` should not be the same variable on different iterations of the loop. In case of the inlined function, the problem is caused by how our `StackFrameContext` doesn't contain "block count" for the entrance - which is a hack to discriminate between different iterations of the loop that is used for, eg., conjured symbols, but, unfortunately, not for addresses of variables / temporaries. In case of non-inlined functions, the problem is deeper: we simply don't have a `LocationContext` for a single loop iteration, so there's no way we can discriminate between loop locals on different loop iterations by their memory spaces.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 25551 bytes
Desc: not available
More information about the cfe-commits