[PATCH] D37187: [Analyzer] Fix Bug 25609 - Assertion UNREACHABLE: 'Unexpected ProgramPoint' with widen-loops=true

Henry Wong via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Oct 25 08:50:08 PDT 2017


MTC updated this revision to Diff 120265.
MTC marked 3 inline comments as done.
MTC added a comment.

The message about invalidate variable values is temporarily not printed. This work can be done with separate patch.


https://reviews.llvm.org/D37187

Files:
  lib/StaticAnalyzer/Core/PathDiagnostic.cpp
  test/Analysis/loop-widening-notes.c


Index: test/Analysis/loop-widening-notes.c
===================================================================
--- /dev/null
+++ test/Analysis/loop-widening-notes.c
@@ -0,0 +1,55 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha -analyzer-max-loop 2 -analyzer-config widen-loops=true -analyzer-output=text -verify %s
+
+int *p_a;
+int bar();
+int flag_a;
+int test_for_bug_25609() {
+  if (p_a == 0) // expected-note {{Assuming 'p_a' is equal to null}} expected-note {{Taking true branch}}
+    bar();
+  for (int i = 0; i < flag_a; ++i) {} // expected-note {{Loop condition is true.  Entering loop body}} expected-note {{Value assigned to 'p_a'}} expected-note {{Loop condition is false. Execution continues on line 10}}
+  *p_a = 25609; // no-crash expected-note {{Dereference of null pointer (loaded from variable 'p_a')}} expected-warning {{Dereference of null pointer (loaded from variable 'p_a')}}
+  return *p_a;
+}
+
+int flag_b;
+int while_analyzer_output() {
+  flag_b = 100;
+  int num = 10;
+  while (flag_b-- > 0) { // expected-note {{Loop condition is true.  Entering loop body}} expected-note {{Value assigned to 'num'}} expected-note {{Loop condition is false. Execution continues on line 21}}
+    num = flag_b;
+  }
+  if (num < 0) // expected-note {{Assuming 'num' is >= 0}} expected-note {{Taking false branch}}
+    flag_b = 0;
+  else if (num >= 1) // expected-note {{Assuming 'num' is < 1}} expected-note {{Taking false branch}}
+    flag_b = 50;
+  else
+    flag_b = 100;
+  return flag_b / num; // no-crash expected-warning {{Division by zero}} expected-note {{Division by zero}}
+}
+
+int flag_c;
+int do_while_analyzer_output() {
+  int num = 10;
+  do { // expected-note {{Loop condition is true. Execution continues on line 34}} expected-note {{Loop condition is false.  Exiting loop}}
+    num--;
+  } while (flag_c-- > 0); //expected-note {{Value assigned to 'num'}}
+  int local = 0;
+  if (num == 0)       // expected-note{{Assuming 'num' is equal to 0}} expected-note{{Taking true branch}}
+    local = 10 / num; // no-crash expected-note {{Division by zero}} expected-warning {{Division by zero}}
+  return local;
+}
+
+int flag_d;
+int test_for_loop() {
+  int num = 10;
+  int tmp = 0;
+  for (int i = 0; // expected-note {{Loop condition is true.  Entering loop body}} expected-note {{Loop condition is false. Execution continues on line 52}}
+       ++tmp,  // expected-note {{Value assigned to 'num'}}
+       i < flag_d;
+       ++i) {
+    ++num;
+  }
+  if (num == 0) // expected-note {{Assuming 'num' is equal to 0}} expected-note {{Taking true branch}}
+    flag_d += tmp;
+  return flag_d / num; // no-crash expected-warning {{Division by zero}} expected-note {{Division by zero}}
+}
Index: lib/StaticAnalyzer/Core/PathDiagnostic.cpp
===================================================================
--- lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -690,6 +690,8 @@
     return getLocationForCaller(CEE->getCalleeContext(),
                                 CEE->getLocationContext(),
                                 SMng);
+  } else if (Optional<BlockEntrance> BE = P.getAs<BlockEntrance>()) {
+    S = BE->getBlock()->getTerminatorCondition();
   } else {
     llvm_unreachable("Unexpected ProgramPoint");
   }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D37187.120265.patch
Type: text/x-patch
Size: 3320 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20171025/4dba2dd3/attachment.bin>


More information about the cfe-commits mailing list