vsavchenko added a comment. In D78638#1997576 <https://reviews.llvm.org/D78638#1997576>, @Szelethus wrote:
> How come rGe20b388e2f923bfc98f63a13fea9fc19aeaec425 > <https://reviews.llvm.org/rGe20b388e2f923bfc98f63a13fea9fc19aeaec425> doesn't > solve this? Or, rather, how come it even worked if this patch is needed? Is > the index being a global variable the issue? The change looks great, but I'm > a bit confused. Hey, thanks! So, I've tried to cover it in the comment and in the commit message. In this test, both `do while` and the global index help to reproduce the erroneous behaviour. Usually, the analyzer tracks through array subscript expressions and it adds notes like expected in the test ("Assuming pointer value is null"). But in the test snippet, it was not adding those. The main reason is not in `trackExpressionValue`, it works fine! `trackExpressionValue` starts with finding an exploded node, where the lvalue is defined, and such node was not found. A little bit of digging later I found out that the node collector (aka garbage collector) threw those nodes away (check `ExplodedGraph::shouldCollect` and `ExplodedGraph::reclaimRecentlyAllocatedNodes`)! Because of the `do while` loop and the global index, the number of exploded nodes is pretty large. This fact causes GC to kick in and remove the nodes that we need for `trackExpressionValue` to work. Interesting nodes are on the other hand not deleted and this what helped with the problem. I hope this clears it a bit! Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D78638/new/ https://reviews.llvm.org/D78638 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
