[PATCH] D42773: [analyzer] Remove crashing unneeded assert

George Karpenkov via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Feb 23 15:29:24 PST 2018 

This revision was automatically updated to reflect the committed changes.
Closed by commit rL325977: [analyzer] Relax the assert used when traversing the node graph. (authored by george.karpenkov, committed by ).
Herald added a subscriber: llvm-commits.

Changed prior to commit:
  https://reviews.llvm.org/D42773?vs=134505&id=135720#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D42773

Files:
  cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
  cfe/trunk/test/Analysis/exploration_order/noexprcrash.c


Index: cfe/trunk/test/Analysis/exploration_order/noexprcrash.c
===================================================================
--- cfe/trunk/test/Analysis/exploration_order/noexprcrash.c
+++ cfe/trunk/test/Analysis/exploration_order/noexprcrash.c
@@ -0,0 +1,17 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config exploration_strategy=unexplored_first %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config exploration_strategy=dfs %s
+
+extern void clang_analyzer_eval(int);
+
+typedef struct { char a; } b;
+int c(b* input) {
+    int x = (input->a ?: input) ? 1 : 0; // expected-warning{{pointer/integer type mismatch}}
+    if (input->a) {
+      // FIXME: The value should actually be "TRUE",
+      // but is incorrect due to a bug.
+      clang_analyzer_eval(x); // expected-warning{{FALSE}}
+    } else {
+      clang_analyzer_eval(x); // expected-warning{{TRUE}}
+    }
+    return x;
+}
Index: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -760,7 +760,11 @@
   for (const ExplodedNode *N = Pred ; N ; N = *N->pred_begin()) {
     ProgramPoint PP = N->getLocation();
     if (PP.getAs<PreStmtPurgeDeadSymbols>() || PP.getAs<BlockEntrance>()) {
-      assert(N->pred_size() == 1);
+      // If the state N has multiple predecessors P, it means that successors
+      // of P are all equivalent.
+      // In turn, that means that all nodes at P are equivalent in terms
+      // of observable behavior at N, and we can follow any of them.
+      // FIXME: a more robust solution which does not walk up the tree.
       continue;
     }
     SrcBlock = PP.castAs<BlockEdge>().getSrc();


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D42773.135720.patch
Type: text/x-patch
Size: 1872 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180223/81402439/attachment.bin>

More information about the llvm-commits mailing list