From 0674b813aa85ee53ab5ece6efd7f982aa04652d9 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jordan_rose@apple.com>
Date: Wed, 18 Jun 2014 19:23:30 +0000
Subject: [PATCH] [analyzer] Don't create new PostStmt nodes if we don't have
 to.

Doing this caused us to mistakenly think we'd seen a particular state before
when we actually hadn't, which resulted in false negatives. Credit to
Rafael Auler for discovering this issue!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@211209 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Core/CoreEngine.cpp   |  2 +-
 test/Analysis/retain-release-cache-out.m | 27 ++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 test/Analysis/retain-release-cache-out.m

diff --git a/lib/StaticAnalyzer/Core/CoreEngine.cpp b/lib/StaticAnalyzer/Core/CoreEngine.cpp
index e710c7f717b..4623c358a9e 100644
--- a/lib/StaticAnalyzer/Core/CoreEngine.cpp
+++ b/lib/StaticAnalyzer/Core/CoreEngine.cpp
@@ -541,7 +541,7 @@ void CoreEngine::enqueueStmtNode(ExplodedNode *N,
   CFGStmt CS = (*Block)[Idx].castAs<CFGStmt>();
   PostStmt Loc(CS.getStmt(), N->getLocationContext());
 
-  if (Loc == N->getLocation()) {
+  if (Loc == N->getLocation().withTag(nullptr)) {
     // Note: 'N' should be a fresh node because otherwise it shouldn't be
     // a member of Deferred.
     WList->enqueue(N, Block, Idx+1);
diff --git a/test/Analysis/retain-release-cache-out.m b/test/Analysis/retain-release-cache-out.m
new file mode 100644
index 00000000000..54573a46063
--- /dev/null
+++ b/test/Analysis/retain-release-cache-out.m
@@ -0,0 +1,27 @@
+// RUN: %clang_cc1 -analyze %s -analyzer-checker=core,osx.cocoa.RetainCount -fblocks -verify
+
+// This test is checking behavior when a single checker runs only with the core
+// checkers, testing that the traversal order in the CFG does not affect the
+// reporting of an error.
+
+#import "Inputs/system-header-simulator-objc.h"
+
+void testDoubleRelease(BOOL z) {
+  id x = [[NSObject alloc] init];
+  if (z) {
+    [x release];
+  } else {
+    ;
+  }
+  [x release]; // expected-warning {{Reference-counted object is used after it is released}}
+}
+
+void testDoubleRelease2(BOOL z) {
+  id x = [[NSObject alloc] init];
+  if (z) {
+    ;
+  } else {
+    [x release];
+  }
+  [x release]; // expected-warning {{Reference-counted object is used after it is released}}
+}
-- 
GitLab