[PATCH] D82598: [analyzer][Liveness][NFC] Get rid of statement liveness, because such a thing doesn't exist

[Artem Dergachev via Phabricator via cfe-commits]

NoQ added a comment.

Ok, here's the crashing example with `ObjCForCollectionStmt`. It should be saved as an `.mm` file and it crashes under pure `--analyze`.

  @interface Item
  // ...
  @end
  
  @interface Collection
  // ...
  @end
  
  typedef void (^Blk)();
  
  struct RAII {
    Blk blk;
  
  public:
    RAII(Blk blk): blk(blk) {}
    ~RAII() { blk(); }
  };
  
  void foo(Collection *coll) {
    RAII raii(^{});
    for (Item *item in coll) {}
  }

The CFG ("allocate a variable, pick the item and put it into that variable, execute the body, repeat"):
F12397775: Screen Shot 2020-07-23 at 10.08.02 PM.png <https://reviews.llvm.org/F12397775>

The interesting part of the ExplodedGraph:
F12397783: Screen Shot 2020-07-23 at 10.11.42 PM.png <https://reviews.llvm.org/F12397783>

And here's the FIXME that you're looking for:

  ...
  44 /// Generate a node in \p Bldr for an iteration statement using ObjC
  45 /// for-loop iterator.
  46 static void populateObjCForDestinationSet(
  47     ExplodedNodeSet &dstLocation, SValBuilder &svalBuilder,
  48     const ObjCForCollectionStmt *S, const Stmt *elem, SVal elementV,
  49     SymbolManager &SymMgr, const NodeBuilderContext *currBldrCtx,
  50     StmtNodeBuilder &Bldr, bool hasElements) {
  ...
  56     SVal hasElementsV = svalBuilder.makeTruthVal(hasElements);
  57
  58     // FIXME: S is not an expression. We should not be binding values to it.
  59     ProgramStateRef nextState = state->BindExpr(S, LCtx, hasElementsV);
  ...

So, like, the engine is conveniently assigning 0 or 1 to the collection-statement in the Environment when the collection is assumed to be empty or not.

It's obviously a hack. This shouldn't be in the Environment. This should have been a GDM trait attached to the collection. Ideally it should also be modeled, i.e. sometimes we do know whether the collection is empty, and it might even be modeled occasionally. But in any case this shouldn't be in the Environment.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D82598/new/

https://reviews.llvm.org/D82598