[PATCH] D82598: [analyzer][Liveness][NFC] Get rid of statement liveness, because such a thing doesn't exist

Artem Dergachev via Phabricator via cfe-commits Thu, 23 Jul 2020 22:18:25 -0700

NoQ added a comment.

Ok, here's the crashing example with `ObjCForCollectionStmt`. It should be 
saved as an `.mm` file and it crashes under pure `--analyze`.


  @interface Item
  // ...
  @end
  
  @interface Collection
  // ...
  @end
  
  typedef void (^Blk)();
  
  struct RAII {
    Blk blk;
  
  public:
    RAII(Blk blk): blk(blk) {}
    ~RAII() { blk(); }
  };
  
  void foo(Collection *coll) {
    RAII raii(^{});
    for (Item *item in coll) {}
  }

The CFG ("allocate a variable, pick the item and put it into that variable, 
execute the body, repeat"):
F12397775: Screen Shot 2020-07-23 at 10.08.02 PM.png 
<https://reviews.llvm.org/F12397775>

The interesting part of the ExplodedGraph:
F12397783: Screen Shot 2020-07-23 at 10.11.42 PM.png 
<https://reviews.llvm.org/F12397783>

And here's the FIXME that you're looking for:

  ...
  44 /// Generate a node in \p Bldr for an iteration statement using ObjC
  45 /// for-loop iterator.
  46 static void populateObjCForDestinationSet(
  47     ExplodedNodeSet &dstLocation, SValBuilder &svalBuilder,
  48     const ObjCForCollectionStmt *S, const Stmt *elem, SVal elementV,
  49     SymbolManager &SymMgr, const NodeBuilderContext *currBldrCtx,
  50     StmtNodeBuilder &Bldr, bool hasElements) {
  ...
  56     SVal hasElementsV = svalBuilder.makeTruthVal(hasElements);
  57
  58     // FIXME: S is not an expression. We should not be binding values to 
it.
  59     ProgramStateRef nextState = state->BindExpr(S, LCtx, hasElementsV);
  ...

So, like, the engine is conveniently assigning 0 or 1 to the 
collection-statement in the Environment when the collection is assumed to be 
empty or not.

It's obviously a hack. This shouldn't be in the Environment. This should have 
been a GDM trait attached to the collection. Ideally it should also be modeled, 
i.e. sometimes we do know whether the collection is empty, and it might even be 
modeled occasionally. But in any case this shouldn't be in the Environment.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D82598/new/

https://reviews.llvm.org/D82598



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D82598: [analyzer][Liveness][NFC] Get rid of statement liveness, because such a thing doesn't exist

Reply via email to