Fix handling in GRExprEngine of 'default' branch in switch statements

when the default case is winnowed down to be infeasible.  When all
cases were ruled out (and the analysis state for the default case
would be infeasible) we would still consider the default case
possible.  This fixes PR 5969.

llvm-svn: 93017
This commit is contained in:
Ted Kremenek 2010-01-08 18:54:04 +00:00
parent af07fbe210
commit b92304b42f
2 changed files with 49 additions and 5 deletions

View File

@ -1221,7 +1221,8 @@ void GRExprEngine::ProcessSwitch(GRSwitchNodeBuilder& builder) {
do { do {
nonloc::ConcreteInt CaseVal(getBasicVals().getValue(V1.Val.getInt())); nonloc::ConcreteInt CaseVal(getBasicVals().getValue(V1.Val.getInt()));
DefinedOrUnknownSVal Res = SVator.EvalEQ(DefaultSt, CondV, CaseVal); DefinedOrUnknownSVal Res = SVator.EvalEQ(DefaultSt ? DefaultSt : state,
CondV, CaseVal);
// Now "assume" that the case matches. // Now "assume" that the case matches.
if (const GRState* stateNew = state->Assume(Res, true)) { if (const GRState* stateNew = state->Assume(Res, true)) {
@ -1236,11 +1237,17 @@ void GRExprEngine::ProcessSwitch(GRSwitchNodeBuilder& builder) {
// Now "assume" that the case doesn't match. Add this state // Now "assume" that the case doesn't match. Add this state
// to the default state (if it is feasible). // to the default state (if it is feasible).
if (const GRState *stateNew = DefaultSt->Assume(Res, false)) { if (DefaultSt) {
defaultIsFeasible = true; if (const GRState *stateNew = DefaultSt->Assume(Res, false)) {
DefaultSt = stateNew; defaultIsFeasible = true;
DefaultSt = stateNew;
}
else {
defaultIsFeasible = false;
DefaultSt = NULL;
}
} }
// Concretize the next value in the range. // Concretize the next value in the range.
if (V1.Val.getInt() == V2.Val.getInt()) if (V1.Val.getInt() == V2.Val.getInt())
break; break;

View File

@ -21,3 +21,40 @@ int main(int argc, char* argv[]) {
return *p; // no-warning return *p; // no-warning
} }
// PR 5969: the comparison of argc < 3 || argc > 4 should constraint the switch
// statement from having the 'default' branch taken. This previously reported a false
// positive with the use of 'v'.
int pr5969(int argc, char *argv[]) {
int v;
if ((argc < 3) || (argc > 4)) return 0;
switch(argc) {
case 3:
v = 33;
break;
case 4:
v = 44;
break;
}
return v; // no-warning
}
int pr5969_positive(int argc, char *argv[]) {
int v;
if ((argc < 3) || (argc > 4)) return 0;
switch(argc) {
case 3:
v = 33;
break;
}
return v; // expected-warning{{Undefined or garbage value returned to caller}}
}