If size was equal to 0, either NULL or a pointer suitable to be passed to

free() is returned by realloc(). Most code expect NULL. And we only need to transfer one final ProgramState. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8
2011-09-01 04:53:59 +00:00 · 2011-09-01 04:53:59 +00:00 · d56763fd33
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@ -538,11 +538,8 @@ void MallocChecker::ReallocMem(CheckerContext &C, const CallExpr *CE) const {
      if (const ProgramState *stateFree = 
          FreeMemAux(C, CE, stateSizeZero, 0, false)) {

-        // Add the state transition to set input pointer argument to be free.
-        C.addTransition(stateFree);
-
-        // Bind the return value to UndefinedVal because it is now free.
-        C.addTransition(stateFree->BindExpr(CE, UndefinedVal(), true));
+        // Bind the return value to NULL because it is now free.
+        C.addTransition(stateFree->BindExpr(CE, svalBuilder.makeNull(), true));
      }
    if (const ProgramState *stateSizeNotZero = stateNotEqual->assume(SizeZero,false))
      if (const ProgramState *stateFree = FreeMemAux(C, CE, stateSizeNotZero,
--- a/test/Analysis/malloc.c
+++ b/test/Analysis/malloc.c
@ -41,7 +41,7 @@ void f2_realloc_0() {

 void f2_realloc_1() {
  int *p = malloc(12);
-  int *q = realloc(p,0); // expected-warning{{Assigned value is garbage or undefined}}
+  int *q = realloc(p,0); // no-warning
 }

 // ownership attributes tests