r211209 - [analyzer] Don't create new PostStmt nodes if we don't have to.
Jordan Rose
jordan_rose at apple.com
Wed Jun 18 12:23:31 PDT 2014
Author: jrose
Date: Wed Jun 18 14:23:30 2014
New Revision: 211209
URL: http://llvm.org/viewvc/llvm-project?rev=211209&view=rev
Log:
[analyzer] Don't create new PostStmt nodes if we don't have to.
Doing this caused us to mistakenly think we'd seen a particular state before
when we actually hadn't, which resulted in false negatives. Credit to
Rafael Auler for discovering this issue!
Added:
cfe/trunk/test/Analysis/retain-release-cache-out.m
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/CoreEngine.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/CoreEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/CoreEngine.cpp?rev=211209&r1=211208&r2=211209&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/CoreEngine.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/CoreEngine.cpp Wed Jun 18 14:23:30 2014
@@ -541,7 +541,7 @@ void CoreEngine::enqueueStmtNode(Explode
CFGStmt CS = (*Block)[Idx].castAs<CFGStmt>();
PostStmt Loc(CS.getStmt(), N->getLocationContext());
- if (Loc == N->getLocation()) {
+ if (Loc == N->getLocation().withTag(nullptr)) {
// Note: 'N' should be a fresh node because otherwise it shouldn't be
// a member of Deferred.
WList->enqueue(N, Block, Idx+1);
Added: cfe/trunk/test/Analysis/retain-release-cache-out.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/retain-release-cache-out.m?rev=211209&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/retain-release-cache-out.m (added)
+++ cfe/trunk/test/Analysis/retain-release-cache-out.m Wed Jun 18 14:23:30 2014
@@ -0,0 +1,27 @@
+// RUN: %clang_cc1 -analyze %s -analyzer-checker=core,osx.cocoa.RetainCount -fblocks -verify
+
+// This test is checking behavior when a single checker runs only with the core
+// checkers, testing that the traversal order in the CFG does not affect the
+// reporting of an error.
+
+#import "Inputs/system-header-simulator-objc.h"
+
+void testDoubleRelease(BOOL z) {
+ id x = [[NSObject alloc] init];
+ if (z) {
+ [x release];
+ } else {
+ ;
+ }
+ [x release]; // expected-warning {{Reference-counted object is used after it is released}}
+}
+
+void testDoubleRelease2(BOOL z) {
+ id x = [[NSObject alloc] init];
+ if (z) {
+ ;
+ } else {
+ [x release];
+ }
+ [x release]; // expected-warning {{Reference-counted object is used after it is released}}
+}
More information about the cfe-commits
mailing list