[PATCH] D22862: [analyzer] Fix for PR15623: eliminate unwanted ProgramState checker data propagation.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 28 01:49:54 PDT 2016
NoQ added inline comments.
================
Comment at: test/Analysis/misc-ps-region-store.m:332
@@ -330,3 +331,3 @@
if (p < q) {
// If we reach here, 'p' cannot be null. If 'p' is null, then 'n' must
// be '0', meaning that this branch is not feasible.
----------------
ayartsev wrote:
> zaks.anna wrote:
> > Try substituting 'p' with null and you will se that n must be zero in that case because, otherwise, we would take the early return branch. Since p is not null, we should not warn here.
> >
> > This is a regression.
> If we reached the line "unsigned short *p = (unsigned short*) data;" then ''data" is definitely null and "n" is definitely >0, otherwise we would take the early return branch. Then we have "p" is definitely null and "q" is either equal (if n == 1) or greater then "p". In case of n > 1 we definitely have a null dereference. Please tell what I'm missing.
> "data" is definitely null and "n" is definitely >0
"data" is definitely non-null or "n" is definitely =0.
We return on 'not-or', which means we continue on plain 'or'.
I also agree that the easiest way to understand that is to substitute `data` with null and see what happens.
https://reviews.llvm.org/D22862
More information about the cfe-commits
mailing list