[cfe-dev] [analyzer] Possible symbol leak?
Jordan Rose
jordan_rose at apple.com
Fri Aug 1 19:27:19 PDT 2014
On Jul 31, 2014, at 2:20 , Aleksei Sidorin <a.sidorin at samsung.com> wrote:
> Hello,
> I found an issue in analyzer that seems strange to me. SymbolRegionValues related to a region remain alive after binding a new value to this region even if there is no any references to this symbol. Test sample:
>
> void testStoreConstraint(int i) {
> if (i < 10) // create a new symbol related to a region
> i = 0; // bind a new value to this region
> else
> i = 1; // bind a new value to this region
> (void)i; // but symbol is still alive here in constraints
> }
>
> and one of ProgramStates in the end of analysis, before the final PostStmtPurgeDeadSymbols node (the second state is almost the same):
>
> Store (direct and default bindings), 0x6284fe8 :
> (i,0,direct) : 1 S32b
> Expressions:
> (0x6283f50,0x6278190) i : &i
> Ranges of symbol values:
> reg_$0<i> : { [10, 2147483647] }
>
>
> Can somebody tell me why reg_$0<i> is alive?
That does sound like a bug, but it's worth noting that the analyzer model does not actually promise that constraints will get cleaned up promptly. Please file a bug, and if you track this down, patches welcome. :-)
Jordan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140801/0c9a608f/attachment.html>
More information about the cfe-dev
mailing list