[LLVMbugs] [Bug 20563] New: Dead symbols leak in program state in some cases

[bugzilla-daemon at llvm.org]

http://llvm.org/bugs/show_bug.cgi?id=20563

            Bug ID: 20563
           Summary: Dead symbols leak in program state in some cases
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: a.sidorin at samsung.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

In some cases SymbolRegionValues related to a region remain alive after binding
a new value to this region even if there is no any references to this symbol.
Problem exists in release_34 and for trunk branch (r214868).
Test sample:

void testStoreConstraint(int i) {
  if (i < 10)  // create a new symbol related to a region
    i = 0;     // bind a new value to this region
  else
    i = 1;     // bind a new value to this region
  (void)i;     // but symbol is still alive here in constraints
}

and one of ProgramStates in the end of analysis, before the final
PostStmtPurgeDeadSymbols node (the second state is almost the same):

Store (direct and default bindings), 0x6284fe8 :
 (i,0,direct) : 1 S32b
Expressions:
 (0x6283f50,0x6278190) i : &i
Ranges of symbol values:
 reg_$0<i> : { [10, 2147483647] }

I'll try to investigate this behaviour to get more information. If you have any
ideas please share them.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140806/3ec40e37/attachment.html>