diff options
| -rw-r--r-- | lib/Checker/Environment.cpp | 31 | ||||
| -rw-r--r-- | test/Analysis/inline4.c | 14 |
2 files changed, 43 insertions, 2 deletions
diff --git a/lib/Checker/Environment.cpp b/lib/Checker/Environment.cpp index e2568b6637..be1a677d91 100644 --- a/lib/Checker/Environment.cpp +++ b/lib/Checker/Environment.cpp @@ -96,6 +96,19 @@ public: }; } // end anonymous namespace +static bool isBlockExprInCallers(const Stmt *E, const LocationContext *LC) { + const LocationContext *ParentLC = LC->getParent(); + while (ParentLC) { + CFG &C = *ParentLC->getCFG(); + if (C.isBlkExpr(E)) + return true; + ParentLC = ParentLC->getParent(); + } + + return false; +} + + // RemoveDeadBindings: // - Remove subexpression bindings. // - Remove dead block expression bindings. @@ -122,13 +135,27 @@ EnvironmentManager::RemoveDeadBindings(Environment Env, const Stmt *S, I != E; ++I) { const Stmt *BlkExpr = I.getKey(); + const SVal &X = I.getData(); + + // Block-level expressions in callers are assumed always live. + if (isBlockExprInCallers(BlkExpr, SymReaper.getLocationContext())) { + NewEnv.ExprBindings = F.Add(NewEnv.ExprBindings, BlkExpr, X); + + if (isa<loc::MemRegionVal>(X)) { + const MemRegion* R = cast<loc::MemRegionVal>(X).getRegion(); + DRoots.push_back(R); + } + + // Mark all symbols in the block expr's value live. + MarkLiveCallback cb(SymReaper); + ST->scanReachableSymbols(X, cb); + continue; + } // Not a block-level expression? if (!C.isBlkExpr(BlkExpr)) continue; - const SVal &X = I.getData(); - if (SymReaper.isLive(S, BlkExpr)) { // Copy the binding to the new map. NewEnv.ExprBindings = F.Add(NewEnv.ExprBindings, BlkExpr, X); diff --git a/test/Analysis/inline4.c b/test/Analysis/inline4.c new file mode 100644 index 0000000000..dd2379f043 --- /dev/null +++ b/test/Analysis/inline4.c @@ -0,0 +1,14 @@ +// RUN: %clang_cc1 -analyze -inline-call -analyzer-store region -analyze-function f -verify %s + +int g(int a) { + return a; +} + +int f(int a) { + // Do not remove block-level expression bindings of caller when analyzing + // in the callee. + if (1 && g(a)) // The binding of '1 && g(a)' which is an UndefinedVal + // carries important information. + return 1; + return 0; +} |