[analyzer] When creating a trimmed graph, preserve whether a node is a sink.

This is important because sometimes two nodes are identical, except the second one is a sink. This bug has probably been around for a while, but it wouldn't have been an issue in the old report graph algorithm. I'm ashamed to say I actually looked at this the first time around and thought it would never be a problem...and then didn't include an assertion to back that up. PR15684 llvm-svn: 178944
2013-04-06 01:42:02 +00:00 · 2013-04-06 01:42:02 +00:00 · 4db7c1e7e5
parent 7caf2fbdc3
commit 4db7c1e7e5
2 changed files with 14 additions and 1 deletions
--- a/clang/lib/StaticAnalyzer/Core/BugReporter.cpp
+++ b/clang/lib/StaticAnalyzer/Core/BugReporter.cpp
@ -2010,7 +2010,8 @@ bool TrimmedGraph::popNextReportGraph(ReportGraph &GraphWrapper) {
  while (true) {
    // Create the equivalent node in the new graph with the same state
    // and location.
-    ExplodedNode *NewN = GNew->getNode(OrigN->getLocation(), OrigN->getState());
+    ExplodedNode *NewN = GNew->getNode(OrigN->getLocation(), OrigN->getState(),
+                                       OrigN->isSink());

    // Store the mapping to the original node.
    InterExplodedGraphMap::const_iterator IMitr = InverseMap.find(OrigN);
--- a/clang/test/Analysis/misc-ps.c
+++ b/clang/test/Analysis/misc-ps.c
@ -163,3 +163,15 @@ int PR14634(int x) {
  return !y;
 }

+
+// PR15684: If a checker generates a sink node after generating a regular node
+// and no state changes between the two, graph trimming would consider the two
+// the same node, forming a loop.
+struct PR15684 {
+  void (*callback)(int);
+};
+void sinkAfterRegularNode(struct PR15684 *context) {
+  int uninitialized;
+  context->callback(uninitialized); // expected-warning {{uninitialized}}
+}
+