[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.

The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.

Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time.  There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 15 insertions, 2 deletions

diff --git a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
index 8e31adead1..75e232f5bd 100644
--- a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -39,8 +39,6 @@ const Stmt *bugreporter::GetDerefExpr(const ExplodedNode *N) {
     return ME->getBase()->IgnoreParenCasts();
   }
   else if (const ArraySubscriptExpr *AE = dyn_cast<ArraySubscriptExpr>(S)) {
-    // Retrieve the base for arrays since BasicStoreManager doesn't know how
-    // to reason about them.
     return AE->getBase();
   }
 
@@ -314,6 +312,21 @@ void bugreporter::registerTrackNullOrUndefValue(BugReporterContext& BRC,
     return;
 
   GRStateManager &StateMgr = BRC.getStateManager();
+  
+  // Walk through nodes until we get one that matches the statement
+  // exactly.
+  while (N) {
+    const ProgramPoint &pp = N->getLocation();
+    if (const PostStmt *ps = dyn_cast<PostStmt>(&pp)) {
+      if (ps->getStmt() == S)
+        break;
+    }
+    N = *N->pred_begin();
+  }
+
+  if (!N)
+    return;
+  
   const GRState *state = N->getState();
 
   // Walk through lvalue-to-rvalue conversions.