mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-25 10:16:07 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/loop-widening.cpp
Kristof Umann b8ac93c73b [analyzer] PR43102: Fix an assertion and an out-of-bounds error for diagnostic location construction 
Summary:
https://bugs.llvm.org/show_bug.cgi?id=43102

In today's edition of "Is this any better now that it isn't crashing?", I'd like to show you a very interesting test case with loop widening.

Looking at the included test case, it's immediately obvious that this is not only a false positive, but also a very bad bug report in general. We can see how the analyzer mistakenly invalidated `b`, instead of its pointee, resulting in it reporting a null pointer dereference error. Not only that, the point at which this change of value is noted at is at the loop, rather then at the method call.

It turns out that `FindLastStoreVisitor` works correctly, rather the supplied explodedgraph is faulty, because `BlockEdge` really is the `ProgramPoint` where this happens.
{F9855739}
So it's fair to say that this needs improving on multiple fronts. In any case, at least the crash is gone.

Full ExplodedGraph: {F9855743}

Reviewers: NoQ, xazax.hun, baloghadamsoftware, Charusso, dcoughlin, rnkovacs, TWeaver

Subscribers: JesperAntonsson, uabelho, Ka-Ka, bjope, whisperity, szepet, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D66716

llvm-svn: 372269
2019-09-18 22:24:26 +00:00

28 lines
837 B
C++
Raw Blame History

// RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-config widen-loops=true \
// RUN: -analyzer-config track-conditions=false \
// RUN: -analyzer-max-loop 2 -analyzer-output=text
namespace pr43102 {
class A {
public:
void m_fn1();
};
bool g;
void fn1() {
A a;
A *b = &a;
for (;;) { // expected-note{{Loop condition is true. Entering loop body}}
// expected-note@-1{{Loop condition is true. Entering loop body}}
// expected-note@-2{{Value assigned to 'b'}}
// no crash during bug report construction
g = !b; // expected-note{{Assuming 'b' is null}}
b->m_fn1(); // expected-warning{{Called C++ object pointer is null}}
// expected-note@-1{{Called C++ object pointer is null}}
}
}
} // end of namespace pr43102
Reference in New Issue View Git Blame Copy Permalink