From a31c224bb4fb426a147db7a9b49d47917a2280ad Mon Sep 17 00:00:00 2001 From: George Karpenkov Date: Fri, 21 Sep 2018 20:36:01 +0000 Subject: [PATCH] [analyzer] Fix bug in isInevitablySinking If the non-sink report is generated at the exit node, it will be suppressed by the current functionality in isInevitablySinking, as it only checks the successors of the block, but not the block itself. The bug shows up in RetainCountChecker checks. Differential Revision: https://reviews.llvm.org/D52284 llvm-svn: 342766 --- clang/lib/StaticAnalyzer/Core/BugReporter.cpp | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Core/BugReporter.cpp b/clang/lib/StaticAnalyzer/Core/BugReporter.cpp index 483fb50..048c8aa 100644 --- a/clang/lib/StaticAnalyzer/Core/BugReporter.cpp +++ b/clang/lib/StaticAnalyzer/Core/BugReporter.cpp @@ -2812,16 +2812,15 @@ static bool isInevitablySinking(const ExplodedNode *N) { DFSWorkList.pop_back(); Visited.insert(Blk); + // If at least one path reaches the CFG exit, it means that control is + // returned to the caller. For now, say that we are not sure what + // happens next. If necessary, this can be improved to analyze + // the parent StackFrameContext's call site in a similar manner. + if (Blk == &Cfg.getExit()) + return false; + for (const auto &Succ : Blk->succs()) { if (const CFGBlock *SuccBlk = Succ.getReachableBlock()) { - if (SuccBlk == &Cfg.getExit()) { - // If at least one path reaches the CFG exit, it means that control is - // returned to the caller. For now, say that we are not sure what - // happens next. If necessary, this can be improved to analyze - // the parent StackFrameContext's call site in a similar manner. - return false; - } - if (!isImmediateSinkBlock(SuccBlk) && !Visited.count(SuccBlk)) { // If the block has reachable child blocks that aren't no-return, // add them to the worklist. -- 2.7.4