[PATCH] D78638: [analyzer] Consider array subscripts to be interesting lvalues
Valeriy Savchenko via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Apr 22 13:03:24 PDT 2020
vsavchenko added a comment.
In D78638#1997576 <https://reviews.llvm.org/D78638#1997576>, @Szelethus wrote:
> How come rGe20b388e2f923bfc98f63a13fea9fc19aeaec425 <https://reviews.llvm.org/rGe20b388e2f923bfc98f63a13fea9fc19aeaec425> doesn't solve this? Or, rather, how come it even worked if this patch is needed? Is the index being a global variable the issue? The change looks great, but I'm a bit confused.
Hey, thanks! So, I've tried to cover it in the comment and in the commit message.
In this test, both `do while` and the global index help to reproduce the erroneous behaviour. Usually, the analyzer tracks through array subscript expressions and it adds notes like expected in the test ("Assuming pointer value is null"). But in the test snippet, it was not adding those. The main reason is not in `trackExpressionValue`, it works fine! `trackExpressionValue` starts with finding an exploded node, where the lvalue is defined, and such node was not found. A little bit of digging later I found out that the node collector (aka garbage collector) threw those nodes away (check `ExplodedGraph::shouldCollect` and `ExplodedGraph::reclaimRecentlyAllocatedNodes`)! Because of the `do while` loop and the global index, the number of exploded nodes is pretty large. This fact causes GC to kick in and remove the nodes that we need for `trackExpressionValue` to work. Interesting nodes are on the other hand not deleted and this what helped with the problem.
I hope this clears it a bit!
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D78638/new/
https://reviews.llvm.org/D78638
More information about the cfe-commits
mailing list