[cfe-dev] [RFC][StaticAnalyzer] Fix false negative
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Fri Nov 13 01:21:19 PST 2015
Hello Daniel,
> Expressions:
> (0x75af750,0x75569b0) s[a] : &element{s,reg_$0<a>,char}
> Ranges of symbol values:
> reg_$0<a> : { [20, 18446744073709551615] }
> Before ArrayBoundChecker::checkLocation() is executed, dead symbols
are removed from the ProgramState.
I think i had recently made a patch for this issue: the range is removed
from the constraint manager because the only reference to the symbol is
from the element region index [in the environment value], which isn't
accounted for during garbage collection. The review is
http://reviews.llvm.org/D12726, you can see if this patch fixes the problem.
More information about the cfe-dev
mailing list