Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 5481cfefa63624c4a91da0e05a1140e29ce6f65a^! / . / clang / lib / StaticAnalyzer
commit5481cfefa63624c4a91da0e05a1140e29ce6f65a[log] [tgz]
authorJordan Rose <jordan_rose@apple.com>Sat Sep 08 01:47:28 2012 +0000
committerJordan Rose <jordan_rose@apple.com>Sat Sep 08 01:47:28 2012 +0000
tree5d26e608c771d274a213e33a9b8b95befd56140e
parentbd94e5d8156669d62f8724b2c7df8cf9ddd845c1 [diff]
[analyzer] ObjCSelfInitChecker should always clean up in postCall checks.

ObjCSelfInitChecker stashes information in the GDM to persist it across
function calls; it is stored in pre-call checks and retrieved post-call.
The post-call check is supposed to clear out the stored state, but was
failing to do so in cases where the call did not have a symbolic return
value.

This was actually causing the inappropriate cache-out from r163361.
Per discussion with Anna, we should never actually cache out when
assuming the receiver of an Objective-C message is non-nil, because
we guarded that node generation by checking that the state has changed.
Therefore, the only states that could reach this exact ExplodedNode are
ones that should have merged /before/ making this assumption.

r163361 has been reverted and the test case removed, since it won't
actually test anything interesting now.

llvm-svn: 163449

diff --git a/clang/lib/StaticAnalyzer/Checkers/ObjCSelfInitChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/ObjCSelfInitChecker.cpp
index 2fb0229..dc902b9 100644
--- a/clang/lib/StaticAnalyzer/Checkers/ObjCSelfInitChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ObjCSelfInitChecker.cpp

@@ -140,7 +140,8 @@
                         SelfFlagEnum flag, CheckerContext &C) {
   // We tag the symbol that the SVal wraps.
   if (SymbolRef sym = val.getAsSymbol())
-    C.addTransition(state->set<SelfFlag>(sym, getSelfFlags(val, C) | flag));
+    state = state->set<SelfFlag>(sym, getSelfFlags(val, state) | flag);
+  C.addTransition(state);
 }
 
 static bool hasSelfFlag(SVal val, SelfFlagEnum flag, CheckerContext &C) {
@@ -310,7 +311,7 @@
       const Expr *CallExpr = CE.getOriginExpr();
       if (CallExpr)
         addSelfFlag(state, state->getSVal(CallExpr, C.getLocationContext()),
-                                          prevFlags, C);
+                    prevFlags, C);
       return;
     }
   }

diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp
index abe18bf..4f1a76e 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp

@@ -192,8 +192,10 @@
         }
         
         // Generate a transition to non-Nil state.
-        if (notNilState != State)
+        if (notNilState != State) {
           Pred = Bldr.generateNode(currStmt, Pred, notNilState);
+          assert(Pred && "Should have cached out already!");
+        }
       }
     } else {
       // Check for special class methods.
@@ -245,9 +247,7 @@
       }
     }
 
-    // Evaluate the call if we haven't cached out.
-    if (Pred)
-      defaultEvalCall(Bldr, Pred, *UpdatedMsg);
+    defaultEvalCall(Bldr, Pred, *UpdatedMsg);
   }
   
   ExplodedNodeSet dstPostvisit;