Author: zaks
Date: Wed Apr 3 16:34:12 2013
New Revision: 178701
URL: http://llvm.org/viewvc/llvm-project?rev=178701&view=rev
Log:
[analyzer] Allow tracknullOrUndef look through the ternary operator even when
condition is unknown
Improvement of r178684 and r178685.
Jordan has pointed out that I should not rely on the value of the condition to
know which expression branch
has been taken. It will not work in cases the branch condition is an unknown
value (ex: we do not track the constraints for floats).
The better way of doing this would be to find out if the current node is the
right or left successor of the node
that has the ternary operator as a terminator (which is how this is done in
other places, like ConditionBRVisitor).
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
cfe/trunk/test/Analysis/inlining/false-positive-suppression.c
Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=178701&r1=178700&r2=178701&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Wed Apr 3
16:34:12 2013
@@ -799,21 +799,25 @@ static const Expr *peelOffOuterExpr(cons
// Peel off the ternary operator.
if (const ConditionalOperator *CO = dyn_cast<ConditionalOperator>(Ex)) {
- const Expr *CondEx = CO->getCond();
-
- // Find a node where the value of the condition is known.
+ // Find a node where the branching occured and find out which branch
+ // we took (true/false) by looking at the ExplodedGraph.
+ const ExplodedNode *NI = N;
do {
- ProgramStateRef State = N->getState();
- SVal CondVal = State->getSVal(CondEx, N->getLocationContext());
- ConditionTruthVal CondEvaluated = State->isNull(CondVal);
- if (CondEvaluated.isConstrained()) {
- if (CondEvaluated.isConstrainedTrue())
- return peelOffOuterExpr(CO->getFalseExpr(), N);
- else
- return peelOffOuterExpr(CO->getTrueExpr(), N);
+ ProgramPoint ProgPoint = NI->getLocation();
+ if (Optional<BlockEdge> BE = ProgPoint.getAs<BlockEdge>()) {
+ const CFGBlock *srcBlk = BE->getSrc();
+ if (const Stmt *term = srcBlk->getTerminator()) {
+ if (term == CO) {
+ bool TookTrueBranch = (*(srcBlk->succ_begin()) == BE->getDst());
+ if (TookTrueBranch)
+ return peelOffOuterExpr(CO->getTrueExpr(), N);
+ else
+ return peelOffOuterExpr(CO->getFalseExpr(), N);
+ }
+ }
}
- N = N->getFirstPred();
- } while (N);
+ NI = NI->getFirstPred();
+ } while (NI);
}
return Ex;
}
Modified: cfe/trunk/test/Analysis/inlining/false-positive-suppression.c
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inlining/false-positive-suppression.c?rev=178701&r1=178700&r2=178701&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/inlining/false-positive-suppression.c (original)
+++ cfe/trunk/test/Analysis/inlining/false-positive-suppression.c Wed Apr 3
16:34:12 2013
@@ -260,9 +260,10 @@ int testNestedConditionalOperator(int x)
return *(x ? (x ? 0 : getPtr()) : getPtr()); // expected-warning
{{Dereference of null pointer}}
}
-// False Positve - we are unable to suppress this case because the condition is
-// float.
int testConditionalOperatorSuppressFloatCond(float x) {
- return *(x ? getNull() : getPtr()); // expected-warning {{Dereference of
null pointer}}
+ return *(x ? getNull() : getPtr());
+#ifndef SUPPRESSED
+ // expected-warning@-2 {{Dereference of null pointer}}
+#endif
}
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
