[cfe-dev] [PATCH] GRExprEngine bug
Ted Kremenek
kremenek at apple.com
Wed May 21 08:58:48 PDT 2008
This patch looks good to me. Applied:
http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20080519/005812.html
The second argument to EvalLoad is the expression that the "loaded"
value should bind to. By binding it to the subexpression, "U" would
always bind to unknown instead.
On May 21, 2008, at 1:09 AM, Zhongxing Xu wrote:
> The patch is simple:
>
> Index: lib/Analysis/GRExprEngine.cpp
> ===================================================================
> --- lib/Analysis/GRExprEngine.cpp (版本 51366)
> +++ lib/Analysis/GRExprEngine.cpp (工作副本)
> @@ -1596,7 +1596,7 @@
> if (asLVal)
> MakeNode(Dst, U, *I, SetRVal(St, U, location));
> else
> - EvalLoad(Dst, Ex, *I, St, location);
> + EvalLoad(Dst, U, *I, St, location);
> }
>
> return;
>
> Test case:
>
> int foo(void) {
> int i;
> int *p = &i;
> if (*p > 0)
> return 0;
> else
> return 1;
> }
>
> Before patch:
> no warning
>
> After patch:
> ANALYZE: 2.c foo
> 2.c:4:3: warning: [CHECKER] Branch condition evaluates to an
> uninitialized value.
> if (*p > 0)
> ^ ~~
> 1 diagnostic generated.
>
> Reason:
> The loaded value should be set to the UnaryOperator *p, but not its
> subexpr p.
>
> Note:
> This patch is very likely incomplete. GRExprEngine::EvalLoad() might
> also be modified. Ted should do better than me.
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list