[PATCH] D22862: [analyzer] Fix for PR15623: eliminate unwanted ProgramState checker data propagation.
Anton Yartsev via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 28 00:11:46 PDT 2016
ayartsev added inline comments.
================
Comment at: test/Analysis/misc-ps-region-store.m:332
@@ -330,3 +331,3 @@
if (p < q) {
// If we reach here, 'p' cannot be null. If 'p' is null, then 'n' must
// be '0', meaning that this branch is not feasible.
----------------
zaks.anna wrote:
> Try substituting 'p' with null and you will se that n must be zero in that case because, otherwise, we would take the early return branch. Since p is not null, we should not warn here.
>
> This is a regression.
If we reached the line "unsigned short *p = (unsigned short*) data;" then ''data" is definitely null and "n" is definitely >0, otherwise we would take the early return branch. Then we have "p" is definitely null and "q" is either equal (if n == 1) or greater then "p". In case of n > 1 we definitely have a null dereference. Please tell what I'm missing.
https://reviews.llvm.org/D22862
More information about the cfe-commits
mailing list