[all-commits] [llvm/llvm-project] dddeec: [analyzer] Avoid out-of-order node traversal on vo...

Wed Nov 27 05:27:53 PST 2024

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: dddeec4becabf71d4067080bcc2c09a9e67c3025
      https://github.com/llvm/llvm-project/commit/dddeec4becabf71d4067080bcc2c09a9e67c3025
  Author: Arseniy Zaostrovnykh <necto.ne at gmail.com>
  Date:   2024-11-27 (Wed, 27 Nov 2024)

  Changed paths:
    M clang/lib/StaticAnalyzer/Core/BugReporter.cpp
    M clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp
    M clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
    M clang/test/Analysis/copy-elision.cpp
    M clang/test/Analysis/cxx-uninitialized-object-unguarded-access.cpp
    A clang/test/Analysis/void-call-exit-modelling.c

  Log Message:
  -----------
  [analyzer] Avoid out-of-order node traversal on void return (#117863)

The motivating example: https://compiler-explorer.com/z/WjsxYfs43
```C++
#include <stdlib.h>
void inf_loop_break_callee() {
  void* data = malloc(10);
  while (1) {
    (void)data; // line 3
    break; // -> execution continues on line 3 ?!!
  }
}
```

To correct the flow steps in this example (see the fixed version in the
added test case) I changed two things in the engine:
- Make `processCallExit` create a new StmtPoint only for return
  statements. If the last non-jump statement is not a return statement,
  e.g. `(void)data;`, it is no longer inserted in the exploded graph after
  the function exit.
- Skip the purge program points. In the example above, purge
  points are still inserted after the `break;` executes. Now, when the bug
  reporter is looking for the next statement executed after the function
  execution is finished, it will ignore the purge program points, so it
  won't confusingly pick the `(void)data;` statement.

CPP-5778


To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications