[PATCH] D12163: [Patch] [Analyzer] BugReporter.cpp:2869: Assertion failed: !RemainingNodes.empty() && "No error node found in the trimmed graph" (PR 24184)
Ying Yi via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 19 10:45:10 PDT 2015
MaggieYi created this revision.
MaggieYi added a reviewer: krememek.
MaggieYi added a subscriber: cfe-commits.
Dear All,
I would like to propose a patch to solve an assertion failure reported by Dmitry in https://llvm.org/bugs/show_bug.cgi?id=24184.
The assertion is caused by reusing a “filler” ExplodedNode as an error node. The “filler” nodes are only used for intermediate processing and are not essential for analyzer history, so they can be reclaimed when the ExplodedGraph is trimmed by the “collectNode” function. When a checker finds a bug, they generate a new transition in the ExplodedGraph. The analyzer will try to reuse the existing predecessor node. If it cannot, it creates a new ExplodedNode, which always has a tag to uniquely identify the creation site. The assertion is caused when the analyzer reuses a “filler” node.
In the test case, some “filler” nodes were reused and then reclaimed later when the ExplodedGraph was trimmed. This caused an assertion because the node was needed to generate the report. The “filler” nodes should not be reused as error nodes. The patch adds a constraint to prevent this happening, which solves the problem and makes the test cases pass.
Please let me know if this is an acceptable patch.
Regards,
Ying Yi
SN Systems Ltd - Sony Computer Entertainment Group.
http://reviews.llvm.org/D12163
Files:
include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h
test/Analysis/PR24184.cpp
test/Analysis/malloc.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D12163.32574.patch
Type: text/x-patch
Size: 4254 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150819/15aac287/attachment-0001.bin>
More information about the cfe-commits
mailing list