Author: dcoughlin Date: Wed Nov 29 10:25:37 2017 New Revision: 319333 URL: http://llvm.org/viewvc/llvm-project?rev=319333&view=rev Log: [analyzer] Fix unreachable creating PathDiagnosticLocation with widen-loops=true
In the original design of the analyzer, it was assumed that a BlockEntrance doesn't create a new binding on the Store, but this assumption isn't true when 'widen-loops' is set to true. Fix this by finding an appropriate location BlockEntrace program points. Patch by Henry Wong! Differential Revision: https://reviews.llvm.org/D37187 Added: cfe/trunk/test/Analysis/loop-widening-notes.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/PathDiagnostic.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/PathDiagnostic.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/PathDiagnostic.cpp?rev=319333&r1=319332&r2=319333&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/PathDiagnostic.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/PathDiagnostic.cpp Wed Nov 29 10:25:37 2017 @@ -690,6 +690,15 @@ PathDiagnosticLocation::create(const Pro return getLocationForCaller(CEE->getCalleeContext(), CEE->getLocationContext(), SMng); + } else if (Optional<BlockEntrance> BE = P.getAs<BlockEntrance>()) { + CFGElement BlockFront = BE->getBlock()->front(); + if (auto StmtElt = BlockFront.getAs<CFGStmt>()) { + return PathDiagnosticLocation(StmtElt->getStmt()->getLocStart(), SMng); + } else if (auto NewAllocElt = BlockFront.getAs<CFGNewAllocator>()) { + return PathDiagnosticLocation( + NewAllocElt->getAllocatorExpr()->getLocStart(), SMng); + } + llvm_unreachable("Unexpected CFG element at front of block"); } else { llvm_unreachable("Unexpected ProgramPoint"); } Added: cfe/trunk/test/Analysis/loop-widening-notes.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/loop-widening-notes.cpp?rev=319333&view=auto ============================================================================== --- cfe/trunk/test/Analysis/loop-widening-notes.cpp (added) +++ cfe/trunk/test/Analysis/loop-widening-notes.cpp Wed Nov 29 10:25:37 2017 @@ -0,0 +1,72 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha -analyzer-max-loop 2 -analyzer-config widen-loops=true -analyzer-output=text -verify %s + +int *p_a; +int bar(); +int flag_a; +int test_for_bug_25609() { + if (p_a == 0) // expected-note {{Assuming 'p_a' is equal to null}} + // expected-note@-1 {{Taking true branch}} + bar(); + for (int i = 0; // expected-note {{Loop condition is true. Entering loop body}} + // expected-note@-1 {{Loop condition is false. Execution continues on line 16}} + ++i, // expected-note {{Value assigned to 'p_a'}} + i < flag_a; + ++i) {} + + *p_a = 25609; // no-crash expected-warning {{Dereference of null pointer (loaded from variable 'p_a')}} + // expected-note@-1 {{Dereference of null pointer (loaded from variable 'p_a')}} + return *p_a; +} + +int flag_b; +int while_analyzer_output() { + flag_b = 100; + int num = 10; + while (flag_b-- > 0) { // expected-note {{Loop condition is true. Entering loop body}} + // expected-note@-1 {{Value assigned to 'num'}} + // expected-note@-2 {{Loop condition is false. Execution continues on line 30}} + num = flag_b; + } + if (num < 0) // expected-note {{Assuming 'num' is >= 0}} + // expected-note@-1 {{Taking false branch}} + flag_b = 0; + else if (num >= 1) // expected-note {{Assuming 'num' is < 1}} + // expected-note@-1 {{Taking false branch}} + flag_b = 50; + else + flag_b = 100; + return flag_b / num; // no-crash expected-warning {{Division by zero}} + // expected-note@-1 {{Division by zero}} +} + +int flag_c; +int do_while_analyzer_output() { + int num = 10; + do { // expected-note {{Loop condition is true. Execution continues on line 47}} + // expected-note@-1 {{Loop condition is false. Exiting loop}} + num--; + } while (flag_c-- > 0); //expected-note {{Value assigned to 'num'}} + int local = 0; + if (num == 0) // expected-note {{Assuming 'num' is equal to 0}} + // expected-note@-1 {{Taking true branch}} + local = 10 / num; // no-crash expected-warning {{Division by zero}} + // expected-note@-1 {{Division by zero}} + return local; +} + +int flag_d; +int test_for_loop() { + int num = 10; + for (int i = 0; // expected-note {{Loop condition is true. Entering loop body}} + // expected-note@-1 {{Loop condition is false. Execution continues on line 67}} + new int(10), // expected-note {{Value assigned to 'num'}} + i < flag_d; + ++i) { + ++num; + } + if (num == 0) // expected-note {{Assuming 'num' is equal to 0}} + // expected-note@-1 {{Taking true branch}} + flag_d += 10; + return flag_d / num; // no-crash expected-warning {{Division by zero}} + // expected-note@-1 {{Division by zero}} +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits