This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
include/clang/Analysis/FlowSensitive/
-
clang/
-
Analysis/
-
FlowSensitive/
-
Models/
7/15
UncheckedOptionalAccessModel.h
1/1
TypeErasedDataflowAnalysis.h
-
lib/Analysis/FlowSensitive/
-
Analysis/
-
FlowSensitive/
-
Models/
2/2
UncheckedOptionalAccessModel.cpp
1/2
TypeErasedDataflowAnalysis.cpp
-
unittests/Analysis/FlowSensitive/
-
Analysis/
-
FlowSensitive/
9/14
TestingSupport.h
3/5
UncheckedOptionalAccessModelTest.cpp

Differential D127898

[clang][dataflow] Add API to separate analysis from diagnosis
ClosedPublic

Authored by samestep on Jun 15 2022, 12:35 PM.

Download Raw Diff

Details

Reviewers

ymandel
sgatev
gribozavr2
xazax.hun

Commits

rG58fe7f9683a0: [clang][dataflow] Add API to separate analysis from diagnosis

Summary

This patch adds an optional PostVisitStmt parameter to the runTypeErasedDataflowAnalysis function, which does one more pass over all statements in the CFG after a fixpoint is reached. It then defines a diagnose method for the optional model in a new UncheckedOptionalAccessDiagnosis class, but only integrates that into the tests and not the actual optional check for clang-tidy. That will be done in a followup patch.

The primary motivation is to separate the implementation of the unchecked optional access check into two parts, to allow for further refactoring of just the model part later, while leaving the checking part alone. Currently there is duplication between the transferUnwrapCall and diagnoseUnwrapCall functions, but that will be dealt with in the followup.

Because diagnostics are now all gathered into one collection rather than being populated at each program point like when computing a fixpoint, this patch removes the usage of Pair and UnorderedElementsAre from the optional model tests, and instead modifies all their expectations to simply check the stringified set of diagnostics against a single string, either "safe" or some concatenation of "unsafe: input.cc:y:x". This is not ideal as it loses any connection to the /*[[check]]*/ annotations in the source strings, but it does still retain the source locations from the diagnostic strings themselves.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

samestep created this revision.Jun 15 2022, 12:35 PM

Herald added a project: Restricted Project. · View Herald TranscriptJun 15 2022, 12:35 PM

Herald added subscribers: martong, tschuett, carlosgalvezp and 2 others. · View Herald Transcript

samestep requested review of this revision.Jun 15 2022, 12:35 PM

Herald added projects: Restricted Project, Restricted Project, Restricted Project. · View Herald TranscriptJun 15 2022, 12:35 PM

Herald added subscribers: cfe-commits, llvm-commits. · View Herald Transcript

samestep edited the summary of this revision. (Show Details)Jun 15 2022, 12:36 PM

samestep added reviewers: ymandel, sgatev.

samestep added a reviewer: gribozavr2.Jun 15 2022, 12:45 PM

Harbormaster completed remote builds in B170084: Diff 437299.Jun 15 2022, 2:18 PM

ymandel added inline comments.Jun 16 2022, 9:37 AM

clang/include/clang/Analysis/FlowSensitive/DataflowAnalysis.h
35 ↗	(On Diff #437299)	I'm not sure that this is valid style. It's essentially a unit type, which I quite like, but I've never seen this done before.
64 ↗	(On Diff #437299)	Please describe this parameter.
103 ↗	(On Diff #437299)	The virtual function seems out of place here, given that everything else is statically resolved. Either drop `virtual` or move to the dyn. typed super class. That said, I'm not clear on why this isn't a free function. I imagine a model of creating the analysis, running it and that results in blocks annotated with `Environment`s and custome lattices. Then, you run any function you want over that using some visitor template helper. To account for state, we either make it an explicit parameter or take a `std::function`.
clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
52 ↗	(On Diff #437299)	this implies that we want to support some form of accumulation. I'd argue that any accumulation should already occur in the lattice (or the environment) and this should be a straight read of the state and some output. So, the `TransferState` struct should be enough.

C++ seems to be tied to templates. I wonder if super classes resp. inheritance would make your life easier. You can explicitly define the API and documentation. You could provide default implementations.

xazax.hun added inline comments.Jun 17 2022, 10:11 AM

clang-tools-extra/clang-tidy/bugprone/UncheckedOptionalAccessCheck.cpp
66 ↗	(On Diff #437299)	While doing yet another iteration after we reached the fixed point is a valid approach, many analyses have a monotonic property when it comes to emitting diagnostics. In this case, when the analysis discovered that an optional access is unsafe in one of the iterations I would not expect it to become safe in subsequent iterations. In most of the cases this makes collecting diagnostics eagerly a viable option and saves us from doing one more traversal of the CFG. On the other hand, we need to be careful to not to emit duplicate diagnostics. I wonder whether, from a user point of view, not having to do one more iteration is a more ergonomic interface.

samestep added inline comments.Jun 21 2022, 8:44 AM

clang-tools-extra/clang-tidy/bugprone/UncheckedOptionalAccessCheck.cpp
66 ↗	(On Diff #437299)	@xazax.hun Agreed, I don't think for this particular analysis there's a risk of diagnostics being prematurely added and then becoming invalid as the analysis progresses. However, the broader goal of this patch is to separate the information-gathering part of the analysis to the diagnostic-flagging part of the analysis, with the hope that we can maybe derive the former automatically while still allowing the latter to be written manually. It seems to me that it would be infeasible to automatically derive both.

Only add the new API, don't change the check

samestep edited the summary of this revision. (Show Details)Jun 21 2022, 7:28 PM

samestep retitled this revision from [clang][dataflow] Find unsafe locs after fixpoint to [clang][dataflow] Add API to separate analysis from diagnosis.Jun 21 2022, 7:31 PM

Harbormaster completed remote builds in B171228: Diff 438891.Jun 21 2022, 8:06 PM

sgatev added inline comments.Jun 22 2022, 8:48 AM

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
26 ↗	(On Diff #438891)	Let's add some documentation for `Diagnosis` and `diagnoseCFG`.
27 ↗	(On Diff #438891)	`#include <functional>`
32 ↗	(On Diff #438891)	`#include <vector>` and `#include "llvm/ADT/Optional.h"`
49 ↗	(On Diff #438891)	`#include <utility>`
clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
49 ↗	(On Diff #438891)	Move this to Diagnosis.h?
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	Move this to a new UncheckedOptionalAccessDiagnosis.(h,cpp)?

samestep mentioned this in D128352: [clang][dataflow] Use diagnosis API in optional checker.Jun 22 2022, 8:59 AM

samestep added a child revision: D128352: [clang][dataflow] Use diagnosis API in optional checker.

Comment Diagnosis.h and add missing headers

Harbormaster completed remote builds in B171340: Diff 439045.Jun 22 2022, 9:06 AM

samestep marked 4 inline comments as done.Jun 22 2022, 9:07 AM

samestep added inline comments.

clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
49 ↗	(On Diff #438891)	I'd prefer to keep it in `MatchSwitch.h` alongside `TransferState`, unless we plan to, e.g., move that type to `DataflowAnalysis.h`.
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	OK! I'll do that next.

Try to fix the broken patch

Harbormaster completed remote builds in B171342: Diff 439048.Jun 22 2022, 9:11 AM

samestep marked an inline comment as not done.Jun 22 2022, 9:40 AM

samestep added inline comments.

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	Actually, @sgatev would that go under `FlowSensitive/Models/` or just under `FlowSensitive/`?

sgatev added inline comments.Jun 22 2022, 10:15 AM

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	I suggest keeping it under `FlowSensitive/Models/` for now. We can change that at a later point if there's a better alternative.

samestep added inline comments.Jun 22 2022, 11:37 AM

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	Where should I put the `UncheckedOptionalAccessModelOptions` type and `ignorableOptional` function that need to be shared between both the model and the diagnosis?

samestep added inline comments.Jun 22 2022, 11:47 AM

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	Same question for the following other helper functions: `hasOptionalType` `isOptionalMemberCallWithName` `isOptionalOperatorCallWithName` Given how much code is shared between the two, I'm really not sure whether it's the best idea to move this into a separate file in this patch...

xazax.hun added inline comments.Jun 22 2022, 4:47 PM

clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp
546	I think this should be moved closer to its use.
684–685	This logic is duplicated between the check and the diagnosis. I think it would be nice to factor this out to avoid these two parts getting out of sync.

Merge branch 'main' into diagnose-api
Incorporate Gábor's suggestions

samestep marked 2 inline comments as done.Jun 23 2022, 6:25 AM

Harbormaster completed remote builds in B171594: Diff 439372.Jun 23 2022, 7:10 AM

samestep added a child revision: D128446: [clang][dataflow] Use annotations for optional diagnostic tests.Jun 23 2022, 7:46 AM

samestep mentioned this in D128446: [clang][dataflow] Use annotations for optional diagnostic tests.Jun 23 2022, 7:53 AM

sgatev accepted this revision.Jun 23 2022, 8:21 AM

sgatev added inline comments.

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
57 ↗	(On Diff #439372)	Better to remove this and rely on NRVO? https://en.cppreference.com/w/cpp/language/copy_elision
clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
49 ↗	(On Diff #438891)	Fair enough, but generally I see `TransferState` and `DiagnoseState` as very specific to the dataflow analysis framework whereas `MatchSwitchBuilder` seems to be a bit more generic so I'd consider separating them.
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	I suggest either declaring those in the header and using them from `UncheckedOptionalAccessDiagnosis.cpp` or moving them to a separate file and including them both in the model and in the diagnosis. In general I think it's fair if the diagnosis depends on the model, but not the other way around. It's perfectly fine if we do this refactoring in a follow up.

This revision is now accepted and ready to land.Jun 23 2022, 8:21 AM

samestep added inline comments.Jun 23 2022, 8:25 AM

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
57 ↗	(On Diff #439372)	Ah OK, I'm not a C++ expert so I wasn't sure when to write `std::move` and when not to. Will do, thanks!
clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
49 ↗	(On Diff #438891)	Sure, if people think it makes sense to put those two types elsewhere then we can do that in a followup.
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
76	Yep, makes sense; I just didn't want to make declarations for all those in a header file in this patch.

Remove unnecessary std::move

gribozavr2 added inline comments.Jun 23 2022, 9:12 AM

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
38 ↗	(On Diff #439372)	This function seems pretty general and not necessarily tied to diagnostics. WDYT about using "visitor" in the name? For example, "visitDataflowAnalysisResults". The "Diagnosis" would also become "DataflowAnalysisResultVisitor".
42 ↗	(On Diff #439372)	I'm leaning towards std::vector<Diag> instead of a set, to avoid requiring that Diag is hashable. Users who need hash-based deduplication can easily do it themselves (but why would they have duplication? we only visit each Stmt once)
57 ↗	(On Diff #439372)	https://stackoverflow.com/questions/14856344/when-should-stdmove-be-used-on-a-function-return-value
clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
49 ↗	(On Diff #438891)	For now, since there is only a single user, I'd actually prefer to move it into UncheckedOptionalAccessDiagnosis itself. It is a trivial component, basically a std::pair, it seems that exposing it as a public API might not be that helpful.
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
78	"Diagnosis" sounds like the result. Should this be a "Diagnoser"?
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
78–79	It is better to name a function with a verb. WDYT about "VerifyResults"? If you agree, please also update the functions below.
147
189	Can we use diagnoseCFG to implement the loop above?
clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp
1841	The original was unsafe, is it an intentional change?

Harbormaster completed remote builds in B171622: Diff 439411.Jun 23 2022, 9:15 AM

xazax.hun added inline comments.Jun 23 2022, 9:24 AM

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
38–42 ↗	(On Diff #439411)	I feel a bit uneasy about this API. The need of helpers in the tests is a signal that this API might not be ergonomic as is. One needs to pass a lot of stuff in, and it is really error prone. For example, the user might get confused what `Environment` to pass in. Or one might pass the wrong `Analysis` if there are multiple similar ones in scope. I wonder if there is a way to reduce the ceremony needed to get diagnostics out. How about adding an optional argument to `runDataflowAnalysis` function to collect the results? I wonder if that would be a bit cleaner. You do not need to change the return type of that function, the collector object could take a reference to the `llvm::DenseSet<Diag>` that it populates.
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
85	Do we expect this to modify the ASTContext? Could this be a const ref instead?

xazax.hun added inline comments.Jun 23 2022, 9:26 AM

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
38–42 ↗	(On Diff #439411)	Moreover, if we pass the diagnostic function to `runDataflowAnalysis`, the fact whether we collect diagnostic during the fixed-point iteration or after that in a separate pass becomes an implementation detail. We can easily change back and forth without affecting the callers. The current API mandates an implementation approach and makes it harder to change in the future.

samestep marked an inline comment as done.Jun 23 2022, 9:56 AM

samestep added inline comments.

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
38–42 ↗	(On Diff #439411)	I think this makes a lot of sense. I agree that the current set of parameters is unwieldy. I hadn't thought about your point of hiding the separate pass as an implementation detail, but that also makes sense to me. @gribozavr2 @ymandel @sgatev thoughts?
38 ↗	(On Diff #439372)	Sure, that sounds fine to me. What do you think about @xazax.hun's suggested alternate API? If we go with that, would we rename it to say "visitor" regardless?
42 ↗	(On Diff #439372)	This makes a lot of sense, I'll make that change. Somehow along the way I forgot that the whole reason we even needed a set was because we were using it as a lattice when computing a fixpoint, but you're right that since we're pulling this out of the fixpoint iteration, we a vector would do fine.
57 ↗	(On Diff #439372)	Thanks!
clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h
49 ↗	(On Diff #438891)	That's also fine; I can make that change here.
clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
78	Sure, I can change it to say "Diagnoser" instead (unless we want to just replace it with "Visitor").
85	I'd guess it shouldn't; I was mostly just copying the `ASTContext &` field from the `DataflowAnalysis` class, which is not `const`. I can try changing it to `const` here, though.
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
78–79	Sounds good to me, I can do that.
189	Possibly! I'll look into it.
clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp
1841	Oh! Good catch, I didn't notice that. Will fix.

gribozavr2 added inline comments.Jun 23 2022, 10:04 AM

clang/include/clang/Analysis/FlowSensitive/Diagnosis.h
38–42 ↗	(On Diff #439411)	I think that's a good idea, it will make a simpler API for typical usage scenarios. I still think there might be space for an API like diagnoseCFG (e.g., if you want to run multiple visitations of the analysis results), but we don't have a use case for it so far.

samestep added a parent revision: D128467: [clang][dataflow] Allow MatchSwitch to return a value.Jun 23 2022, 2:34 PM

samestep edited parent revisions, added: D128533: [clang][dataflow] Allow MatchSwitch to return a value; removed: D128467: [clang][dataflow] Allow MatchSwitch to return a value.Jun 24 2022, 7:32 AM

samestep marked an inline comment as done.Jun 24 2022, 8:16 AM

samestep added inline comments.

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
85	@xazax.hun Coming back to this today, I remembered why it has to be `ASTContext &` and not `const ASTContext &`: because `MatchSwitch` requires it to not be `const`.

xazax.hun added inline comments.Jun 24 2022, 9:15 AM

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
85	Thanks! Do you mean `MatchSwitch` cannot be refactored to use `const ASTContext&`? I quickly skimmed through the code and it looks like almost every instance of `ASTContext` is non-const. So I think it is ok to leave as is for this PR. I am also not sure if making it const at more places would bring any significant value.

Merge branch 'main' into diagnose-api
WIP

samestep edited the summary of this revision. (Show Details)Jun 24 2022, 1:36 PM

Harbormaster completed remote builds in B171940: Diff 439878.Jun 24 2022, 2:18 PM

Merge branch 'main' into diagnose-api

Harbormaster completed remote builds in B172184: Diff 440211.Jun 27 2022, 7:25 AM

Bring back Diagnosis.h

Harbormaster completed remote builds in B172335: Diff 440406.Jun 27 2022, 4:38 PM

samestep removed a child revision: D128446: [clang][dataflow] Use annotations for optional diagnostic tests.Jun 28 2022, 8:10 AM

Implement Gábor's suggestion
Merge branch 'main' into diagnose-api

samestep edited the summary of this revision. (Show Details)Jun 28 2022, 10:38 AM

samestep added a reviewer: xazax.hun.

Herald added a subscriber: rnkovacs. · View Herald TranscriptJun 28 2022, 10:38 AM

ymandel added inline comments.Jun 28 2022, 11:06 AM

clang/include/clang/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.h
128	Please update comment to mention this new param (and that its optional)
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
65–73	nit: since this includes both inputs and results, maybe `AnalysisData`?
114	nit: i prefer explicit comparisons, so `MakePostVisitStmt != nullptr`.
161
172–191	any chance that this could be folded into `MakePostVisitStmt`?
clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp
1249

Thanks, LGTM!

Harbormaster completed remote builds in B172533: Diff 440687.Jun 28 2022, 12:24 PM

gribozavr2 accepted this revision.Jun 28 2022, 1:31 PM

gribozavr2 added inline comments.

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h
78	Not done?
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
144–145
155
clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp
2335–2336

sgatev accepted this revision.Jun 28 2022, 11:34 PM

sgatev added inline comments.

clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp
401	Let's harmonize the arguments to `transferBlock` and `runTypeErasedDataflowAnalysis`. I think in both cases we only need access to the internal `Stmt` so there's no need to pass `CFGStmt` to `transferBlock`. This way we can pass `PostVisitStmt` directly here without having to wrap it in a lambda.
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
78–82	Why is this a function that returns a function? Couldn't it be simply a void function, like `VerifyResults`?

Fixed all the minor nits and responded to some comments.

clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp
401	Makes sense to me; should I do that in a followup?
clang/unittests/Analysis/FlowSensitive/TestingSupport.h
78–82	It needs to take in the `ASTContext`, and it needs to be able to close over state; see the one we pass from `UncheckedOptionalAccessModelTest.cpp`.
172–191	Looking into this now.
clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp
2335–2336	I don't think this is correct, is it?

Merge branch 'main' into diagnose-api
Fix minor nits

Tidy AnalysisData struct and PostVisitStmt param

This revision was landed with ongoing or failed builds.Jun 29 2022, 12:18 PM

Closed by commit rG58fe7f9683a0: [clang][dataflow] Add API to separate analysis from diagnosis (authored by samestep). · Explain Why

This revision was automatically updated to reflect the committed changes.

samestep added a commit: rG58fe7f9683a0: [clang][dataflow] Add API to separate analysis from diagnosis.

samestep mentioned this in rGcafb8b4ff2c3: [clang][dataflow] Use diagnosis API in optional checker.

samestep mentioned this in rG2adaca532df4: [clang][dataflow] Use diagnosis API in optional checker.Jun 29 2022, 12:51 PM

Harbormaster completed remote builds in B172839: Diff 441112.Jun 29 2022, 1:50 PM

Revision Contents

Path

Size

clang/

include/

clang/

Analysis/

FlowSensitive/

Models/

UncheckedOptionalAccessModel.h

15 lines

TypeErasedDataflowAnalysis.h

16 lines

lib/

Analysis/

FlowSensitive/

Models/

UncheckedOptionalAccessModel.cpp

79 lines

TypeErasedDataflowAnalysis.cpp

22 lines

unittests/

Analysis/

FlowSensitive/

TestingSupport.h

133 lines

UncheckedOptionalAccessModelTest.cpp

696 lines

Diff 441122

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h

Show All 14 Lines
#define CLANG_ANALYSIS_FLOWSENSITIVE_MODELS_UNCHECKEDOPTIONALACCESSMODEL_H		#define CLANG_ANALYSIS_FLOWSENSITIVE_MODELS_UNCHECKEDOPTIONALACCESSMODEL_H

#include "clang/AST/ASTContext.h"		#include "clang/AST/ASTContext.h"
#include "clang/AST/Stmt.h"		#include "clang/AST/Stmt.h"
#include "clang/Analysis/FlowSensitive/DataflowAnalysis.h"		#include "clang/Analysis/FlowSensitive/DataflowAnalysis.h"
#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"		#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
#include "clang/Analysis/FlowSensitive/MatchSwitch.h"		#include "clang/Analysis/FlowSensitive/MatchSwitch.h"
#include "clang/Analysis/FlowSensitive/SourceLocationsLattice.h"		#include "clang/Analysis/FlowSensitive/SourceLocationsLattice.h"
		#include "clang/Basic/SourceLocation.h"
		#include <vector>

namespace clang {		namespace clang {
namespace dataflow {		namespace dataflow {

// FIXME: Explore using an allowlist-approach, where constructs supported by the		// FIXME: Explore using an allowlist-approach, where constructs supported by the
// analysis are always enabled and additional constructs are enabled through the		// analysis are always enabled and additional constructs are enabled through the
// `Options`.		// `Options`.
struct UncheckedOptionalAccessModelOptions {		struct UncheckedOptionalAccessModelOptions {
Show All 35 Lines	public:
bool merge(QualType Type, const Value &Val1, const Environment &Env1,		bool merge(QualType Type, const Value &Val1, const Environment &Env1,
const Value &Val2, const Environment &Env2, Value &MergedVal,		const Value &Val2, const Environment &Env2, Value &MergedVal,
Environment &MergedEnv) override;		Environment &MergedEnv) override;

private:		private:
MatchSwitch<TransferState<SourceLocationsLattice>> TransferMatchSwitch;		MatchSwitch<TransferState<SourceLocationsLattice>> TransferMatchSwitch;
};		};

		class UncheckedOptionalAccessDiagnoser {
		sgatevUnsubmitted Not Done Reply Inline Actions Move this to a new UncheckedOptionalAccessDiagnosis.(h,cpp)? sgatev: Move this to a new UncheckedOptionalAccessDiagnosis.(h,cpp)?
		samestepAuthorUnsubmitted Done Reply Inline Actions OK! I'll do that next. samestep: OK! I'll do that next.
		samestepAuthorUnsubmitted Not Done Reply Inline Actions Actually, @sgatev would that go under `FlowSensitive/Models/` or just under `FlowSensitive/`? samestep: Actually, @sgatev would that go under `FlowSensitive/Models/` or just under `FlowSensitive/`?
		sgatevUnsubmitted Not Done Reply Inline Actions I suggest keeping it under `FlowSensitive/Models/` for now. We can change that at a later point if there's a better alternative. sgatev: I suggest keeping it under `FlowSensitive/Models/` for now. We can change that at a later point…
		samestepAuthorUnsubmitted Not Done Reply Inline Actions Where should I put the `UncheckedOptionalAccessModelOptions` type and `ignorableOptional` function that need to be shared between both the model and the diagnosis? samestep: Where should I put the `UncheckedOptionalAccessModelOptions` type and `ignorableOptional`…
		samestepAuthorUnsubmitted Not Done Reply Inline Actions Same question for the following other helper functions: `hasOptionalType` `isOptionalMemberCallWithName` `isOptionalOperatorCallWithName` Given how much code is shared between the two, I'm really not sure whether it's the best idea to move this into a separate file in this patch... samestep: Same question for the following other helper functions: - `hasOptionalType`…
		sgatevUnsubmitted Not Done Reply Inline Actions I suggest either declaring those in the header and using them from `UncheckedOptionalAccessDiagnosis.cpp` or moving them to a separate file and including them both in the model and in the diagnosis. In general I think it's fair if the diagnosis depends on the model, but not the other way around. It's perfectly fine if we do this refactoring in a follow up. sgatev: I suggest either declaring those in the header and using them from…
		samestepAuthorUnsubmitted Done Reply Inline Actions Yep, makes sense; I just didn't want to make declarations for all those in a header file in this patch. samestep: Yep, makes sense; I just didn't want to make declarations for all those in a header file in…
		public:
		UncheckedOptionalAccessDiagnoser(
		gribozavr2Unsubmitted Done Reply Inline Actions "Diagnosis" sounds like the result. Should this be a "Diagnoser"? gribozavr2: "Diagnosis" sounds like the result. Should this be a "Diagnoser"?
		samestepAuthorUnsubmitted Done Reply Inline Actions Sure, I can change it to say "Diagnoser" instead (unless we want to just replace it with "Visitor"). samestep: Sure, I can change it to say "Diagnoser" instead (unless we want to just replace it with…
		gribozavr2Unsubmitted Done Reply Inline Actions Not done? gribozavr2: Not done?
		UncheckedOptionalAccessModelOptions Options = {});

		std::vector<SourceLocation> diagnose(ASTContext &Context, const Stmt *Stmt,
		const Environment &Env);

		private:
		MatchSwitch<const Environment, std::vector<SourceLocation>>
		xazax.hunUnsubmitted Not Done Reply Inline Actions Do we expect this to modify the ASTContext? Could this be a const ref instead? xazax.hun: Do we expect this to modify the ASTContext? Could this be a const ref instead?
		samestepAuthorUnsubmitted Done Reply Inline Actions I'd guess it shouldn't; I was mostly just copying the `ASTContext &` field from the `DataflowAnalysis` class, which is not `const`. I can try changing it to `const` here, though. samestep: I'd guess it shouldn't; I was mostly just copying the `ASTContext &` field from the…
		samestepAuthorUnsubmitted Done Reply Inline Actions @xazax.hun Coming back to this today, I remembered why it has to be `ASTContext &` and not `const ASTContext &`: because `MatchSwitch` requires it to not be `const`. samestep: @xazax.hun Coming back to this today, I remembered why it has to be `ASTContext &` and not…
		xazax.hunUnsubmitted Not Done Reply Inline Actions Thanks! Do you mean `MatchSwitch` cannot be refactored to use `const ASTContext&`? I quickly skimmed through the code and it looks like almost every instance of `ASTContext` is non-const. So I think it is ok to leave as is for this PR. I am also not sure if making it const at more places would bring any significant value. xazax.hun: Thanks! Do you mean `MatchSwitch` cannot be refactored to use `const ASTContext&`? I quickly…
		DiagnoseMatchSwitch;
		};

} // namespace dataflow		} // namespace dataflow
} // namespace clang		} // namespace clang

#endif // CLANG_ANALYSIS_FLOWSENSITIVE_MODELS_UNCHECKEDOPTIONALACCESSMODEL_H		#endif // CLANG_ANALYSIS_FLOWSENSITIVE_MODELS_UNCHECKEDOPTIONALACCESSMODEL_H

clang/include/clang/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.h

Show First 20 Lines • Show All 109 Lines • ▼ Show 20 Lines	TypeErasedDataflowAnalysisState transferBlock(
std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>> &BlockStates,		std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>> &BlockStates,
const CFGBlock &Block, const Environment &InitEnv,		const CFGBlock &Block, const Environment &InitEnv,
TypeErasedDataflowAnalysis &Analysis,		TypeErasedDataflowAnalysis &Analysis,
std::function<void(const CFGStmt &,		std::function<void(const CFGStmt &,
const TypeErasedDataflowAnalysisState &)>		const TypeErasedDataflowAnalysisState &)>
HandleTransferredStmt = nullptr);		HandleTransferredStmt = nullptr);

/// Performs dataflow analysis and returns a mapping from basic block IDs to		/// Performs dataflow analysis and returns a mapping from basic block IDs to
/// dataflow analysis states that model the respective basic blocks. Indices		/// dataflow analysis states that model the respective basic blocks. Indices of
/// of the returned vector correspond to basic block IDs. Returns an error if		/// the returned vector correspond to basic block IDs. Returns an error if the
/// the dataflow analysis cannot be performed successfully.		/// dataflow analysis cannot be performed successfully. Otherwise, calls
		/// `PostVisitStmt` on each statement with the final analysis results at that
		/// program point.
llvm::Expected<std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>>>		llvm::Expected<std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>>>
runTypeErasedDataflowAnalysis(const ControlFlowContext &CFCtx,		runTypeErasedDataflowAnalysis(
TypeErasedDataflowAnalysis &Analysis,		const ControlFlowContext &CFCtx, TypeErasedDataflowAnalysis &Analysis,
const Environment &InitEnv);		const Environment &InitEnv,
		std::function<void(const Stmt *, const TypeErasedDataflowAnalysisState &)>
		PostVisitStmt = nullptr);
		ymandelUnsubmitted Done Reply Inline Actions Please update comment to mention this new param (and that its optional) ymandel: Please update comment to mention this new param (and that its optional)

} // namespace dataflow		} // namespace dataflow
} // namespace clang		} // namespace clang

#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_TYPEERASEDDATAFLOWANALYSIS_H		#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_TYPEERASEDDATAFLOWANALYSIS_H

clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp

Show All 16 Lines
#include "clang/AST/Expr.h"		#include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"		#include "clang/AST/ExprCXX.h"
#include "clang/AST/Stmt.h"		#include "clang/AST/Stmt.h"
#include "clang/ASTMatchers/ASTMatchers.h"		#include "clang/ASTMatchers/ASTMatchers.h"
#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"		#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
#include "clang/Analysis/FlowSensitive/MatchSwitch.h"		#include "clang/Analysis/FlowSensitive/MatchSwitch.h"
#include "clang/Analysis/FlowSensitive/SourceLocationsLattice.h"		#include "clang/Analysis/FlowSensitive/SourceLocationsLattice.h"
#include "clang/Analysis/FlowSensitive/Value.h"		#include "clang/Analysis/FlowSensitive/Value.h"
		#include "clang/Basic/SourceLocation.h"
#include "llvm/ADT/StringRef.h"		#include "llvm/ADT/StringRef.h"
#include "llvm/Support/Casting.h"		#include "llvm/Support/Casting.h"
#include <cassert>		#include <cassert>
#include <memory>		#include <memory>
#include <utility>		#include <utility>
		#include <vector>

namespace clang {		namespace clang {
namespace dataflow {		namespace dataflow {
namespace {		namespace {

using namespace ::clang::ast_matchers;		using namespace ::clang::ast_matchers;
using LatticeTransferState = TransferState<SourceLocationsLattice>;		using LatticeTransferState = TransferState<SourceLocationsLattice>;

▲ Show 20 Lines • Show All 498 Lines • ▼ Show 20 Lines	void transferStdSwapCall(const CallExpr *E, const MatchFinder::MatchResult &,

auto *OptionalLoc2 =		auto *OptionalLoc2 =
State.Env.getStorageLocation(*E->getArg(1), SkipPast::Reference);		State.Env.getStorageLocation(*E->getArg(1), SkipPast::Reference);
assert(OptionalLoc2 != nullptr);		assert(OptionalLoc2 != nullptr);

transferSwap(OptionalLoc1, OptionalLoc2, State);		transferSwap(OptionalLoc1, OptionalLoc2, State);
}		}

llvm::Optional<StatementMatcher>		llvm::Optional<StatementMatcher>
		xazax.hunUnsubmitted Done Reply Inline Actions I think this should be moved closer to its use. xazax.hun: I think this should be moved closer to its use.
ignorableOptional(const UncheckedOptionalAccessModelOptions &Options) {		ignorableOptional(const UncheckedOptionalAccessModelOptions &Options) {
if (Options.IgnoreSmartPointerDereference)		if (Options.IgnoreSmartPointerDereference)
return memberExpr(hasObjectExpression(ignoringParenImpCasts(		return memberExpr(hasObjectExpression(ignoringParenImpCasts(
cxxOperatorCallExpr(anyOf(hasOverloadedOperatorName("->"),		cxxOperatorCallExpr(anyOf(hasOverloadedOperatorName("->"),
hasOverloadedOperatorName("*")),		hasOverloadedOperatorName("*")),
unless(hasArgument(0, expr(hasOptionalType())))))));		unless(hasArgument(0, expr(hasOptionalType())))))));
return llvm::None;		return llvm::None;
}		}

		StatementMatcher
		valueCall(llvm::Optional<StatementMatcher> &IgnorableOptional) {
		return isOptionalMemberCallWithName("value", IgnorableOptional);
		}

		StatementMatcher
		valueOperatorCall(llvm::Optional<StatementMatcher> &IgnorableOptional) {
		return expr(anyOf(isOptionalOperatorCallWithName("*", IgnorableOptional),
		isOptionalOperatorCallWithName("->", IgnorableOptional)));
		}

auto buildTransferMatchSwitch(		auto buildTransferMatchSwitch(
const UncheckedOptionalAccessModelOptions &Options) {		const UncheckedOptionalAccessModelOptions &Options) {
// FIXME: Evaluate the efficiency of matchers. If using matchers results in a		// FIXME: Evaluate the efficiency of matchers. If using matchers results in a
// lot of duplicated work (e.g. string comparisons), consider providing APIs		// lot of duplicated work (e.g. string comparisons), consider providing APIs
// that avoid it through memoization.		// that avoid it through memoization.
auto IgnorableOptional = ignorableOptional(Options);		auto IgnorableOptional = ignorableOptional(Options);
return MatchSwitchBuilder<LatticeTransferState>()		return MatchSwitchBuilder<LatticeTransferState>()
// Attach a symbolic "has_value" state to optional values that we see for		// Attach a symbolic "has_value" state to optional values that we see for
Show All 25 Lines	return MatchSwitchBuilder<LatticeTransferState>()
// optional::operator=		// optional::operator=
.CaseOf<CXXOperatorCallExpr>(isOptionalValueOrConversionAssignment(),		.CaseOf<CXXOperatorCallExpr>(isOptionalValueOrConversionAssignment(),
transferValueOrConversionAssignment)		transferValueOrConversionAssignment)
.CaseOf<CXXOperatorCallExpr>(isOptionalNulloptAssignment(),		.CaseOf<CXXOperatorCallExpr>(isOptionalNulloptAssignment(),
transferNulloptAssignment)		transferNulloptAssignment)

// optional::value		// optional::value
.CaseOf<CXXMemberCallExpr>(		.CaseOf<CXXMemberCallExpr>(
isOptionalMemberCallWithName("value", IgnorableOptional),		valueCall(IgnorableOptional),
[](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,		[](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
LatticeTransferState &State) {		LatticeTransferState &State) {
transferUnwrapCall(E, E->getImplicitObjectArgument(), State);		transferUnwrapCall(E, E->getImplicitObjectArgument(), State);
})		})

// optional::operator*, optional::operator->		// optional::operator*, optional::operator->
.CaseOf<CallExpr>(		.CaseOf<CallExpr>(valueOperatorCall(IgnorableOptional),
expr(anyOf(isOptionalOperatorCallWithName("*", IgnorableOptional),
isOptionalOperatorCallWithName("->", IgnorableOptional))),
[](const CallExpr *E, const MatchFinder::MatchResult &,		[](const CallExpr *E, const MatchFinder::MatchResult &,
LatticeTransferState &State) {		LatticeTransferState &State) {
transferUnwrapCall(E, E->getArg(0), State);		transferUnwrapCall(E, E->getArg(0), State);
})		})

// optional::has_value		// optional::has_value
.CaseOf<CXXMemberCallExpr>(isOptionalMemberCallWithName("has_value"),		.CaseOf<CXXMemberCallExpr>(isOptionalMemberCallWithName("has_value"),
transferOptionalHasValueCall)		transferOptionalHasValueCall)

// optional::operator bool		// optional::operator bool
.CaseOf<CXXMemberCallExpr>(isOptionalMemberCallWithName("operator bool"),		.CaseOf<CXXMemberCallExpr>(isOptionalMemberCallWithName("operator bool"),
transferOptionalHasValueCall)		transferOptionalHasValueCall)
Show All 31 Lines	return MatchSwitchBuilder<LatticeTransferState>()

// returns optional		// returns optional
.CaseOf<CallExpr>(isCallReturningOptional(),		.CaseOf<CallExpr>(isCallReturningOptional(),
transferCallReturningOptional)		transferCallReturningOptional)

.Build();		.Build();
}		}

		std::vector<SourceLocation> diagnoseUnwrapCall(const Expr *UnwrapExpr,
		const Expr *ObjectExpr,
		const Environment &Env) {
		if (auto *OptionalVal =
		Env.getValue(*ObjectExpr, SkipPast::ReferenceThenPointer)) {
		auto *Prop = OptionalVal->getProperty("has_value");
		if (auto *HasValueVal = cast_or_null<BoolValue>(Prop)) {
		if (Env.flowConditionImplies(*HasValueVal))
		return {};
		}
		}

		// Record that this unwrap is not provably safe.
		// FIXME: include either the name of the optional (if applicable) or a source
		// range of the access for easier interpretation of the result.
		return {ObjectExpr->getBeginLoc()};
		}

		auto buildDiagnoseMatchSwitch(
		xazax.hunUnsubmitted Done Reply Inline Actions This logic is duplicated between the check and the diagnosis. I think it would be nice to factor this out to avoid these two parts getting out of sync. xazax.hun: This logic is duplicated between the check and the diagnosis. I think it would be nice to…
		const UncheckedOptionalAccessModelOptions &Options) {
		// FIXME: Evaluate the efficiency of matchers. If using matchers results in a
		// lot of duplicated work (e.g. string comparisons), consider providing APIs
		// that avoid it through memoization.
		auto IgnorableOptional = ignorableOptional(Options);
		return MatchSwitchBuilder<const Environment, std::vector<SourceLocation>>()
		// optional::value
		.CaseOf<CXXMemberCallExpr>(
		valueCall(IgnorableOptional),
		[](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
		const Environment &Env) {
		return diagnoseUnwrapCall(E, E->getImplicitObjectArgument(), Env);
		})

		// optional::operator*, optional::operator->
		.CaseOf<CallExpr>(
		valueOperatorCall(IgnorableOptional),
		[](const CallExpr *E, const MatchFinder::MatchResult &,
		const Environment &Env) {
		return diagnoseUnwrapCall(E, E->getArg(0), Env);
		})
		.Build();
		}

} // namespace		} // namespace

ast_matchers::DeclarationMatcher		ast_matchers::DeclarationMatcher
UncheckedOptionalAccessModel::optionalClassDecl() {		UncheckedOptionalAccessModel::optionalClassDecl() {
return optionalClass();		return optionalClass();
}		}

UncheckedOptionalAccessModel::UncheckedOptionalAccessModel(		UncheckedOptionalAccessModel::UncheckedOptionalAccessModel(
Show All 30 Lines	bool UncheckedOptionalAccessModel::merge(QualType Type, const Value &Val1,
if (isNonEmptyOptional(Val1, Env1) && isNonEmptyOptional(Val2, Env2))		if (isNonEmptyOptional(Val1, Env1) && isNonEmptyOptional(Val2, Env2))
MergedEnv.addToFlowCondition(HasValueVal);		MergedEnv.addToFlowCondition(HasValueVal);
else if (isEmptyOptional(Val1, Env1) && isEmptyOptional(Val2, Env2))		else if (isEmptyOptional(Val1, Env1) && isEmptyOptional(Val2, Env2))
MergedEnv.addToFlowCondition(MergedEnv.makeNot(HasValueVal));		MergedEnv.addToFlowCondition(MergedEnv.makeNot(HasValueVal));
setHasValue(MergedVal, HasValueVal);		setHasValue(MergedVal, HasValueVal);
return true;		return true;
}		}

		UncheckedOptionalAccessDiagnoser::UncheckedOptionalAccessDiagnoser(
		UncheckedOptionalAccessModelOptions Options)
		: DiagnoseMatchSwitch(buildDiagnoseMatchSwitch(Options)) {}

		std::vector<SourceLocation> UncheckedOptionalAccessDiagnoser::diagnose(
		ASTContext &Context, const Stmt *Stmt, const Environment &Env) {
		return DiagnoseMatchSwitch(*Stmt, Context, Env);
		}

} // namespace dataflow		} // namespace dataflow
} // namespace clang		} // namespace clang

clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp

Show First 20 Lines • Show All 320 Lines • ▼ Show 20 Lines	default:
// FIXME: Evaluate other kinds of `CFGElement`.		// FIXME: Evaluate other kinds of `CFGElement`.
break;		break;
}		}
}		}
return State;		return State;
}		}

llvm::Expected<std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>>>		llvm::Expected<std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>>>
runTypeErasedDataflowAnalysis(const ControlFlowContext &CFCtx,		runTypeErasedDataflowAnalysis(
TypeErasedDataflowAnalysis &Analysis,		const ControlFlowContext &CFCtx, TypeErasedDataflowAnalysis &Analysis,
const Environment &InitEnv) {		const Environment &InitEnv,
		std::function<void(const Stmt *, const TypeErasedDataflowAnalysisState &)>
		PostVisitStmt) {
PostOrderCFGView POV(&CFCtx.getCFG());		PostOrderCFGView POV(&CFCtx.getCFG());
ForwardDataflowWorklist Worklist(CFCtx.getCFG(), &POV);		ForwardDataflowWorklist Worklist(CFCtx.getCFG(), &POV);

std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>> BlockStates;		std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>> BlockStates;
BlockStates.resize(CFCtx.getCFG().size(), llvm::None);		BlockStates.resize(CFCtx.getCFG().size(), llvm::None);

// The entry basic block doesn't contain statements so it can be skipped.		// The entry basic block doesn't contain statements so it can be skipped.
const CFGBlock &Entry = CFCtx.getCFG().getEntry();		const CFGBlock &Entry = CFCtx.getCFG().getEntry();
▲ Show 20 Lines • Show All 42 Lines • ▼ Show 20 Lines	while (const CFGBlock *Block = Worklist.dequeue()) {
if (Block->hasNoReturnElement())		if (Block->hasNoReturnElement())
continue;		continue;

Worklist.enqueueSuccessors(Block);		Worklist.enqueueSuccessors(Block);
}		}
// FIXME: Consider evaluating unreachable basic blocks (those that have a		// FIXME: Consider evaluating unreachable basic blocks (those that have a
// state set to `llvm::None` at this point) to also analyze dead code.		// state set to `llvm::None` at this point) to also analyze dead code.

		if (PostVisitStmt) {
		for (const CFGBlock *Block : CFCtx.getCFG()) {
		// Skip blocks that were not evaluated.
		if (!BlockStates[Block->getBlockID()])
		continue;
		transferBlock(
		CFCtx, BlockStates, *Block, InitEnv, Analysis,
		[&PostVisitStmt](const clang::CFGStmt &Stmt,
		const TypeErasedDataflowAnalysisState &State) {
		PostVisitStmt(Stmt.getStmt(), State);
		sgatevUnsubmitted Not Done Reply Inline Actions Let's harmonize the arguments to `transferBlock` and `runTypeErasedDataflowAnalysis`. I think in both cases we only need access to the internal `Stmt` so there's no need to pass `CFGStmt` to `transferBlock`. This way we can pass `PostVisitStmt` directly here without having to wrap it in a lambda. sgatev: Let's harmonize the arguments to `transferBlock` and `runTypeErasedDataflowAnalysis`. I think…
		samestepAuthorUnsubmitted Done Reply Inline Actions Makes sense to me; should I do that in a followup? samestep: Makes sense to me; should I do that in a followup?
		});
		}
		}

return BlockStates;		return BlockStates;
}		}

} // namespace dataflow		} // namespace dataflow
} // namespace clang		} // namespace clang

clang/unittests/Analysis/FlowSensitive/TestingSupport.h

Show First 20 Lines • Show All 56 Lines • ▼ Show 20 Lines

namespace test { namespace test {

// Returns assertions based on annotations that are present after statements in // Returns assertions based on annotations that are present after statements in

// `AnnotatedCode`. // `AnnotatedCode`.

llvm::Expected<llvm::DenseMap<const Stmt *, std::string>> llvm::Expected<llvm::DenseMap<const Stmt *, std::string>>

buildStatementToAnnotationMapping(const FunctionDecl *Func, buildStatementToAnnotationMapping(const FunctionDecl *Func,

llvm::Annotations AnnotatedCode); llvm::Annotations AnnotatedCode);

// Runs dataflow on the body of the function that matches `func_matcher` in code struct AnalysisData {

// snippet `code`. Requires: `Analysis` contains a type `Lattice`. ASTContext &ASTCtx;

const ControlFlowContext &CFCtx;

const Environment &Env;

TypeErasedDataflowAnalysis &Analysis;

llvm::DenseMap<const clang::Stmt *, std::string> &Annotations;

std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>> &BlockStates;

};

ymandelUnsubmitted

Done

nit: since this includes both inputs and results, maybe AnalysisData?

ymandel: nit: since this includes both inputs and results, maybe `AnalysisData`?

template <typename AnalysisT> template <typename AnalysisT>

llvm::Error checkDataflow( llvm::Error checkDataflow(

llvm::StringRef Code, llvm::StringRef Code,

ast_matchers::internal::Matcher<FunctionDecl> FuncMatcher, ast_matchers::internal::Matcher<FunctionDecl> TargetFuncMatcher,

std::function<AnalysisT(ASTContext &, Environment &)> MakeAnalysis, std::function<AnalysisT(ASTContext &, Environment &)> MakeAnalysis,

std::function<void( std::function<void(ASTContext &, const Stmt *,

gribozavr2Unsubmitted

Not Done

It is better to name a function with a verb. WDYT about "VerifyResults"?

If you agree, please also update the functions below.

gribozavr2: It is better to name a function with a verb. WDYT about "VerifyResults"? If you agree, please…

samestepAuthorUnsubmitted

Done

Sounds good to me, I can do that.

samestep: Sounds good to me, I can do that.

llvm::ArrayRef<std::pair< const TypeErasedDataflowAnalysisState &)>

std::string, DataflowAnalysisState<typename AnalysisT::Lattice>>>, PostVisitStmt,

ASTContext &)> std::function<void(AnalysisData)> VerifyResults, ArrayRef<std::string> Args,

sgatevUnsubmitted

Not Done

Why is this a function that returns a function? Couldn't it be simply a void function, like VerifyResults?

sgatev: Why is this a function that returns a function? Couldn't it be simply a void function, like…

samestepAuthorUnsubmitted

Done

It needs to take in the ASTContext, and it needs to be able to close over state; see the one we pass from UncheckedOptionalAccessModelTest.cpp.

samestep: It needs to take in the `ASTContext`, and it needs to be able to close over state; see the one…

Expectations,

ArrayRef<std::string> Args,

const tooling::FileContentMappings &VirtualMappedFiles = {}) { const tooling::FileContentMappings &VirtualMappedFiles = {}) {

using StateT = DataflowAnalysisState<typename AnalysisT::Lattice>;

llvm::Annotations AnnotatedCode(Code); llvm::Annotations AnnotatedCode(Code);

auto Unit = tooling::buildASTFromCodeWithArgs( auto Unit = tooling::buildASTFromCodeWithArgs(

AnnotatedCode.code(), Args, "input.cc", "clang-dataflow-test", AnnotatedCode.code(), Args, "input.cc", "clang-dataflow-test",

std::make_shared<PCHContainerOperations>(), std::make_shared<PCHContainerOperations>(),

tooling::getClangStripDependencyFileAdjuster(), VirtualMappedFiles); tooling::getClangStripDependencyFileAdjuster(), VirtualMappedFiles);

auto &Context = Unit->getASTContext(); auto &Context = Unit->getASTContext();

if (Context.getDiagnostics().getClient()->getNumErrors() != 0) { if (Context.getDiagnostics().getClient()->getNumErrors() != 0) {

return llvm::make_error<llvm::StringError>( return llvm::make_error<llvm::StringError>(

llvm::errc::invalid_argument, "Source file has syntax or type errors, " llvm::errc::invalid_argument, "Source file has syntax or type errors, "

"they were printed to the test log"); "they were printed to the test log");

} }

const FunctionDecl *F = ast_matchers::selectFirst<FunctionDecl>( const FunctionDecl *F = ast_matchers::selectFirst<FunctionDecl>(

"target", "target",

ast_matchers::match( ast_matchers::match(ast_matchers::functionDecl(

ast_matchers::functionDecl(ast_matchers::isDefinition(), FuncMatcher) ast_matchers::isDefinition(), TargetFuncMatcher)

.bind("target"), .bind("target"),

Context)); Context));

if (F == nullptr) if (F == nullptr)

return llvm::make_error<llvm::StringError>( return llvm::make_error<llvm::StringError>(

llvm::errc::invalid_argument, "Could not find target function."); llvm::errc::invalid_argument, "Could not find target function.");

auto CFCtx = ControlFlowContext::build(F, F->getBody(), &F->getASTContext()); auto CFCtx = ControlFlowContext::build(F, F->getBody(), &F->getASTContext());

if (!CFCtx) if (!CFCtx)

return CFCtx.takeError(); return CFCtx.takeError();

DataflowAnalysisContext DACtx(std::make_unique<WatchedLiteralsSolver>()); DataflowAnalysisContext DACtx(std::make_unique<WatchedLiteralsSolver>());

Environment Env(DACtx, *F); Environment Env(DACtx, *F);

auto Analysis = MakeAnalysis(Context, Env); auto Analysis = MakeAnalysis(Context, Env);

ymandelUnsubmitted

Done

nit: i prefer explicit comparisons, so MakePostVisitStmt != nullptr.

ymandel: nit: i prefer explicit comparisons, so `MakePostVisitStmt != nullptr`.

std::function<void(const Stmt *, const TypeErasedDataflowAnalysisState &)>

PostVisitStmtClosure = nullptr;

if (PostVisitStmt != nullptr) {

PostVisitStmtClosure = [&PostVisitStmt, &Context](

const Stmt *Stmt,

const TypeErasedDataflowAnalysisState &State) {

PostVisitStmt(Context, Stmt, State);

};

}

llvm::Expected<llvm::DenseMap<const clang::Stmt *, std::string>> llvm::Expected<llvm::DenseMap<const clang::Stmt *, std::string>>

StmtToAnnotations = buildStatementToAnnotationMapping(F, AnnotatedCode); StmtToAnnotations = buildStatementToAnnotationMapping(F, AnnotatedCode);

if (!StmtToAnnotations) if (!StmtToAnnotations)

return StmtToAnnotations.takeError(); return StmtToAnnotations.takeError();

auto &Annotations = *StmtToAnnotations; auto &Annotations = *StmtToAnnotations;

llvm::Expected<std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>>> llvm::Expected<std::vector<llvm::Optional<TypeErasedDataflowAnalysisState>>>

MaybeBlockStates = runTypeErasedDataflowAnalysis(*CFCtx, Analysis, Env); MaybeBlockStates = runTypeErasedDataflowAnalysis(*CFCtx, Analysis, Env,

PostVisitStmtClosure);

if (!MaybeBlockStates) if (!MaybeBlockStates)

return MaybeBlockStates.takeError(); return MaybeBlockStates.takeError();

auto &BlockStates = *MaybeBlockStates; auto &BlockStates = *MaybeBlockStates;

if (BlockStates.empty()) { AnalysisData AnalysisData{Context, *CFCtx, Env,

Expectations({}, Context); Analysis, Annotations, BlockStates};

VerifyResults(AnalysisData);

return llvm::Error::success(); return llvm::Error::success();

} }

// Runs dataflow on the body of the function that matches `TargetFuncMatcher` in

// code snippet `Code`. Requires: `AnalysisT` contains a type `Lattice`.

gribozavr2Unsubmitted

Done

return llvm::Error::success();

}

- // Runs dataflow on the body of the function that matches `func_matcher` in code

- // snippet `code`. Requires: `Analysis` contains a type `Lattice`.

+ // Runs dataflow on the body of the function that matches `FuncMatcher` in code

+ // snippet `Code`. Requires: `Analysis` contains a type `Lattice`.

template <typename AnalysisT>

gribozavr2:

template <typename AnalysisT>

llvm::Error checkDataflow(

gribozavr2Unsubmitted

Done

llvm::StringRef Code,

- ast_matchers::internal::Matcher<FunctionDecl> FuncMatcher,

+ ast_matchers::internal::Matcher<FunctionDecl> TargetFuncMatcher,

std::function<AnalysisT(ASTContext &, Environment &)> MakeAnalysis,

gribozavr2:

llvm::StringRef Code,

ast_matchers::internal::Matcher<FunctionDecl> TargetFuncMatcher,

std::function<AnalysisT(ASTContext &, Environment &)> MakeAnalysis,

std::function<void(

llvm::ArrayRef<std::pair<

std::string, DataflowAnalysisState<typename AnalysisT::Lattice>>>,

ASTContext &)>

VerifyResults,

gribozavr2Unsubmitted

Not Done

ASTContext &)>

- Expectations,

+ VerifyResults,

ArrayRef<std::string> Args,

gribozavr2:

ArrayRef<std::string> Args,

const tooling::FileContentMappings &VirtualMappedFiles = {}) {

using StateT = DataflowAnalysisState<typename AnalysisT::Lattice>;

return checkDataflow(

Code, std::move(TargetFuncMatcher), std::move(MakeAnalysis),

ymandelUnsubmitted

Done

return checkDataflow(

- Code, std::move(FuncMatcher), std::move(MakeAnalysis), nullptr,

+ Code, std::move(FuncMatcher), std::move(MakeAnalysis), /*MakePostVisitStmt=*/nullptr,

[&Expectations](AnalysisResults AnalysisResults) {

ymandel:

/*PostVisitStmt=*/nullptr,

[&VerifyResults](AnalysisData AnalysisData) {

if (AnalysisData.BlockStates.empty()) {

VerifyResults({}, AnalysisData.ASTCtx);

return;

}

auto &Annotations = AnalysisData.Annotations;

// Compute a map from statement annotations to the state computed for // Compute a map from statement annotations to the state computed for

// the program point immediately after the annotated statement. // the program point immediately after the annotated statement.

std::vector<std::pair<std::string, StateT>> Results; std::vector<std::pair<std::string, StateT>> Results;

for (const CFGBlock *Block : CFCtx->getCFG()) { for (const CFGBlock *Block : AnalysisData.CFCtx.getCFG()) {

// Skip blocks that were not evaluated. // Skip blocks that were not evaluated.

if (!BlockStates[Block->getBlockID()]) if (!AnalysisData.BlockStates[Block->getBlockID()])

continue; continue;

transferBlock( transferBlock(

*CFCtx, BlockStates, *Block, Env, Analysis, AnalysisData.CFCtx, AnalysisData.BlockStates, *Block,

[&Results, &Annotations](const clang::CFGStmt &Stmt, AnalysisData.Env, AnalysisData.Analysis,

[&Results,

&Annotations](const clang::CFGStmt &Stmt,

const TypeErasedDataflowAnalysisState &State) { const TypeErasedDataflowAnalysisState &State) {

auto It = Annotations.find(Stmt.getStmt()); auto It = Annotations.find(Stmt.getStmt());

if (It == Annotations.end()) if (It == Annotations.end())

return; return;

auto *Lattice = auto *Lattice = llvm::any_cast<typename AnalysisT::Lattice>(

llvm::any_cast<typename AnalysisT::Lattice>(&State.Lattice.Value); &State.Lattice.Value);

gribozavr2Unsubmitted

Not Done

Can we use diagnoseCFG to implement the loop above?

gribozavr2: Can we use diagnoseCFG to implement the loop above?

samestepAuthorUnsubmitted

Done

Possibly! I'll look into it.

samestep: Possibly! I'll look into it.

Results.emplace_back(It->second, StateT{*Lattice, State.Env}); Results.emplace_back(It->second, StateT{*Lattice, State.Env});

}); });

ymandelUnsubmitted

Not Done

any chance that this could be folded into MakePostVisitStmt?

ymandel: any chance that this could be folded into `MakePostVisitStmt`?

samestepAuthorUnsubmitted

Done

Looking into this now.

samestep: Looking into this now.

} }

Expectations(Results, Context); VerifyResults(Results, AnalysisData.ASTCtx);

return llvm::Error::success(); },

Args, VirtualMappedFiles);

} }

// Runs dataflow on the body of the function named `target_fun` in code snippet // Runs dataflow on the body of the function named `target_fun` in code snippet

// `code`. // `code`.

template <typename AnalysisT> template <typename AnalysisT>

llvm::Error checkDataflow( llvm::Error checkDataflow(

llvm::StringRef Code, llvm::StringRef TargetFun, llvm::StringRef Code, llvm::StringRef TargetFun,

std::function<AnalysisT(ASTContext &, Environment &)> MakeAnalysis, std::function<AnalysisT(ASTContext &, Environment &)> MakeAnalysis,

std::function<void( std::function<void(

llvm::ArrayRef<std::pair< llvm::ArrayRef<std::pair<

std::string, DataflowAnalysisState<typename AnalysisT::Lattice>>>, std::string, DataflowAnalysisState<typename AnalysisT::Lattice>>>,

ASTContext &)> ASTContext &)>

Expectations, VerifyResults,

ArrayRef<std::string> Args, ArrayRef<std::string> Args,

const tooling::FileContentMappings &VirtualMappedFiles = {}) { const tooling::FileContentMappings &VirtualMappedFiles = {}) {

return checkDataflow(Code, ast_matchers::hasName(TargetFun), return checkDataflow(Code, ast_matchers::hasName(TargetFun),

std::move(MakeAnalysis), std::move(Expectations), Args, std::move(MakeAnalysis), std::move(VerifyResults), Args,

VirtualMappedFiles); VirtualMappedFiles);

} }

/// Returns the `ValueDecl` for the given identifier. /// Returns the `ValueDecl` for the given identifier.

/// ///

/// Requirements: /// Requirements:

/// ///

/// `Name` must be unique in `ASTCtx`. /// `Name` must be unique in `ASTCtx`.

const ValueDecl *findValueDecl(ASTContext &ASTCtx, llvm::StringRef Name); const ValueDecl *findValueDecl(ASTContext &ASTCtx, llvm::StringRef Name);

} // namespace test } // namespace test

} // namespace dataflow } // namespace dataflow

} // namespace clang } // namespace clang

#endif // LLVM_CLANG_ANALYSIS_FLOW_SENSITIVE_TESTING_SUPPORT_H_ #endif // LLVM_CLANG_ANALYSIS_FLOW_SENSITIVE_TESTING_SUPPORT_H_

clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp

//===- UncheckedOptionalAccessModelTest.cpp -------------------------------===//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//===----------------------------------------------------------------------===//

// FIXME: Move this to clang/unittests/Analysis/FlowSensitive/Models.

#include "clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h"

#include "TestingSupport.h"

#include "clang/AST/ASTContext.h"

#include "clang/ASTMatchers/ASTMatchers.h"

#include "clang/Analysis/FlowSensitive/SourceLocationsLattice.h"

#include "clang/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.h"

#include "clang/Basic/SourceLocation.h"

#include "clang/Tooling/Tooling.h"

#include "llvm/ADT/ArrayRef.h"

#include "llvm/ADT/DenseSet.h"

#include "llvm/ADT/STLExtras.h"

#include "llvm/ADT/StringExtras.h"

#include "llvm/Support/Error.h"

#include "gmock/gmock.h"

#include "gtest/gtest.h"

#include <string>

#include <utility>

#include <vector>

using namespace clang;

using namespace dataflow;

using namespace test;

using ::testing::Pair;

using ::testing::ContainerEq;

using ::testing::UnorderedElementsAre;

// FIXME: Move header definitions in separate file(s).

static constexpr char CSDtdDefHeader[] = R"(

#ifndef CSTDDEF_H

#define CSTDDEF_H

namespace std {

▲ Show 20 Lines • Show All 1,136 Lines • ▼ Show 20 Lines

template <typename T, typename U, typename... Args>

constexpr Optional<T> make_optional(std::initializer_list<U> il,

Args&&... args);

} // namespace base

)";

/// Converts `L` to string.

static std::string ConvertToString(const SourceLocationsLattice &L,

const ASTContext &Ctx) {

return L.getSourceLocations().empty() ? "safe"

: "unsafe: " + DebugString(L, Ctx);

}

/// Replaces all occurrences of `Pattern` in `S` with `Replacement`.

static void ReplaceAllOccurrences(std::string &S, const std::string &Pattern,

const std::string &Replacement) {

size_t Pos = 0;

while (true) {

Pos = S.find(Pattern, Pos);

if (Pos == std::string::npos)

break;

S.replace(Pos, Pattern.size(), Replacement);

}

struct OptionalTypeIdentifier {

std::string NamespaceName;

std::string TypeName;

};

class UncheckedOptionalAccessTest

: public ::testing::TestWithParam<OptionalTypeIdentifier> {

protected:

template <typename LatticeChecksMatcher>

void ExpectDiagnosticsFor(std::string SourceCode) {

void ExpectLatticeChecksFor(std::string SourceCode,

ExpectDiagnosticsFor(SourceCode, ast_matchers::hasName("target"));

LatticeChecksMatcher MatchesLatticeChecks) {

ExpectLatticeChecksFor(SourceCode, ast_matchers::hasName("target"),

MatchesLatticeChecks);

}

private:

template <typename FuncDeclMatcher, typename LatticeChecksMatcher>

template <typename FuncDeclMatcher>

void ExpectLatticeChecksFor(std::string SourceCode,

void ExpectDiagnosticsFor(std::string SourceCode,

FuncDeclMatcher FuncMatcher,

FuncDeclMatcher FuncMatcher) {

LatticeChecksMatcher MatchesLatticeChecks) {

ReplaceAllOccurrences(SourceCode, "$ns", GetParam().NamespaceName);

ReplaceAllOccurrences(SourceCode, "$optional", GetParam().TypeName);

std::vector<std::pair<std::string, std::string>> Headers;

Headers.emplace_back("cstddef.h", CSDtdDefHeader);

Headers.emplace_back("std_initializer_list.h", StdInitializerListHeader);

Headers.emplace_back("std_string.h", StdStringHeader);

Headers.emplace_back("std_type_traits.h", StdTypeTraitsHeader);

Show All 10 Lines

Headers.emplace_back("unchecked_optional_access_test.h", R"(

#include "std_string.h"

#include "std_utility.h"

template <typename T>

T Make();

)");

const tooling::FileContentMappings FileContents(Headers.begin(),

Headers.end());

UncheckedOptionalAccessModelOptions Options{

/*IgnoreSmartPointerDereference=*/true};

std::vector<SourceLocation> Diagnostics;

llvm::Error Error = checkDataflow<UncheckedOptionalAccessModel>(

SourceCode, FuncMatcher,

[](ASTContext &Ctx, Environment &) {

[Options](ASTContext &Ctx, Environment &) {

return UncheckedOptionalAccessModel(

return UncheckedOptionalAccessModel(Ctx, Options);

Ctx, UncheckedOptionalAccessModelOptions{

/*IgnoreSmartPointerDereference=*/true});

[&MatchesLatticeChecks](

[&Diagnostics, Diagnoser = UncheckedOptionalAccessDiagnoser(Options)](

llvm::ArrayRef<std::pair<

ASTContext &Ctx, const Stmt *Stmt,

std::string, DataflowAnalysisState<SourceLocationsLattice>>>

const TypeErasedDataflowAnalysisState &State) mutable {

ymandelUnsubmitted

Done

UncheckedOptionalAccessDiagnosis Diagnosis(Ctx, Options);

- return [&Diagnostics, Diagnosis = std::move(Diagnosis)](

+ return [&Diagnostics, Diagnosis = UncheckedOptionalAccessDiagnosis(Ctx, Options)](

const Stmt *Stmt,

ymandel:

CheckToLatticeMap,

auto StmtDiagnostics = Diagnoser.diagnose(Ctx, Stmt, State.Env);

ASTContext &Ctx) {

llvm::move(StmtDiagnostics, std::back_inserter(Diagnostics));

// FIXME: Consider using a matcher instead of translating

// `CheckToLatticeMap` to `CheckToStringifiedLatticeMap`.

[&Diagnostics](AnalysisData AnalysisData) {

std::vector<std::pair<std::string, std::string>>

auto &SrcMgr = AnalysisData.ASTCtx.getSourceManager();

CheckToStringifiedLatticeMap;

for (const auto &E : CheckToLatticeMap) {

llvm::DenseSet<unsigned> AnnotationLines;

CheckToStringifiedLatticeMap.emplace_back(

for (const auto &Pair : AnalysisData.Annotations) {

E.first, ConvertToString(E.second.Lattice, Ctx));

auto *Stmt = Pair.getFirst();

AnnotationLines.insert(

SrcMgr.getPresumedLineNumber(Stmt->getBeginLoc()));

// We add both the begin and end locations, so that if the

// statement spans multiple lines then the test will fail.

// FIXME: Going forward, we should change this to instead just

// get the single line number from the annotation itself, rather

// than looking at the statement it's attached to.

AnnotationLines.insert(

SrcMgr.getPresumedLineNumber(Stmt->getEndLoc()));

}

llvm::DenseSet<unsigned> DiagnosticLines;

for (SourceLocation &Loc : Diagnostics) {

DiagnosticLines.insert(SrcMgr.getPresumedLineNumber(Loc));

}

EXPECT_THAT(CheckToStringifiedLatticeMap, MatchesLatticeChecks);

EXPECT_THAT(DiagnosticLines, ContainerEq(AnnotationLines));

{"-fsyntax-only", "-std=c++17", "-Wno-undefined-inline"}, FileContents);

if (Error)

FAIL() << llvm::toString(std::move(Error));

}

};

INSTANTIATE_TEST_SUITE_P(

UncheckedOptionalUseTestInst, UncheckedOptionalAccessTest,

::testing::Values(OptionalTypeIdentifier{"std", "optional"},

OptionalTypeIdentifier{"absl", "optional"},

OptionalTypeIdentifier{"base", "Optional"}),

[](const ::testing::TestParamInfo<OptionalTypeIdentifier> &Info) {

return Info.param.NamespaceName;

});

TEST_P(UncheckedOptionalAccessTest, EmptyFunctionBody) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

void target() {

(void)0;

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, UnwrapUsingValueNoCheck) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:5:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

std::move(opt).value();

std::move(opt).value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:5:7")));

}

TEST_P(UncheckedOptionalAccessTest, UnwrapUsingOperatorStarNoCheck) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

*opt;

*opt; // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:5:8")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

*std::move(opt);

*std::move(opt); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:5:8")));

}

TEST_P(UncheckedOptionalAccessTest, UnwrapUsingOperatorArrowNoCheck) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {

void foo();

};

void target($ns::$optional<Foo> opt) {

opt->foo();

opt->foo(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:9:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {

void foo();

};

void target($ns::$optional<Foo> opt) {

std::move(opt)->foo();

std::move(opt)->foo(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:9:7")));

}

TEST_P(UncheckedOptionalAccessTest, HasValueCheck) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

if (opt.has_value()) {

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, OperatorBoolCheck) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

if (opt) {

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, UnwrapFunctionCallResultNoCheck) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

Make<$ns::$optional<int>>().value();

Make<$ns::$optional<int>>().value(); // [[unsafe]]

(void)0;

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:5:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

std::move(opt).value();

std::move(opt).value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:5:7")));

}

TEST_P(UncheckedOptionalAccessTest, DefaultConstructor) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt;

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:6:7")));

}

TEST_P(UncheckedOptionalAccessTest, NulloptConstructor) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt($ns::nullopt);

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:6:7")));

}

TEST_P(UncheckedOptionalAccessTest, InPlaceConstructor) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt($ns::in_place, 3);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

void target() {

$ns::$optional<Foo> opt($ns::in_place);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {

explicit Foo(int, bool);

};

void target() {

$ns::$optional<Foo> opt($ns::in_place, 3, false);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {

explicit Foo(std::initializer_list<int>);

};

void target() {

$ns::$optional<Foo> opt($ns::in_place, {3});

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, ValueConstructor) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt(21);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = $ns::$optional<int>(21);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectDiagnosticsFor(R"(

ExpectLatticeChecksFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<$ns::$optional<int>> opt(Make<$ns::$optional<int>>());

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct MyString {

MyString(const char*);

};

void target() {

$ns::$optional<MyString> opt("foo");

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Bar> opt(Make<Foo>());

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {

explicit Foo(int);

};

void target() {

$ns::$optional<Foo> opt(3);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, ConvertibleOptionalConstructor) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Bar> opt(Make<$ns::$optional<Foo>>());

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:12:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

explicit Bar(const Foo&);

};

void target() {

$ns::$optional<Bar> opt(Make<$ns::$optional<Foo>>());

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:12:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Foo> opt1 = $ns::nullopt;

$ns::$optional<Bar> opt2(opt1);

opt2.value();

opt2.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:13:7")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Foo> opt1(Make<Foo>());

$ns::$optional<Bar> opt2(opt1);

opt2.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

explicit Bar(const Foo&);

};

void target() {

$ns::$optional<Foo> opt1(Make<Foo>());

$ns::$optional<Bar> opt2(opt1);

opt2.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, MakeOptional) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = $ns::make_optional(0);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {

Foo(int, int);

};

void target() {

$ns::$optional<Foo> opt = $ns::make_optional<Foo>(21, 22);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {

constexpr Foo(std::initializer_list<char>);

};

void target() {

char a = 'a';

$ns::$optional<Foo> opt = $ns::make_optional<Foo>({a});

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, ValueOr) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt;

opt.value_or(0);

(void)0;

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, ValueOrComparison) {

// Pointers.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int*> opt) {

if (opt.value_or(nullptr) != nullptr) {

opt.value();

/*[[check-ptrs-1]]*/

} else {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-ptrs-2]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-ptrs-1", "safe"),

Pair("check-ptrs-2", "unsafe: input.cc:9:9")));

// Integers.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> opt) {

if (opt.value_or(0) != 0) {

opt.value();

/*[[check-ints-1]]*/

} else {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-ints-2]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-ints-1", "safe"),

Pair("check-ints-2", "unsafe: input.cc:9:9")));

// Strings.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<std::string> opt) {

if (!opt.value_or("").empty()) {

opt.value();

/*[[check-strings-1]]*/

} else {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-strings-2]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-strings-1", "safe"),

Pair("check-strings-2", "unsafe: input.cc:9:9")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<std::string> opt) {

if (opt.value_or("") != "") {

opt.value();

/*[[check-strings-neq-1]]*/

} else {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-strings-neq-2]]*/

}

)code",

)code");

UnorderedElementsAre(

Pair("check-strings-neq-1", "safe"),

Pair("check-strings-neq-2", "unsafe: input.cc:9:9")));

// Pointer-to-optional.

// FIXME: make `opt` a parameter directly, once we ensure that all `optional`

// values have a `has_value` property.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> p) {

$ns::$optional<int> *opt = &p;

if (opt->value_or(0) != 0) {

opt->value();

/*[[check-pto-1]]*/

} else {

opt->value();

opt->value(); // [[unsafe]]

/*[[check-pto-2]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-pto-1", "safe"),

Pair("check-pto-2", "unsafe: input.cc:10:9")));

}

TEST_P(UncheckedOptionalAccessTest, Emplace) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt;

opt.emplace(0);

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> *opt) {

opt->emplace(0);

opt->value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

// FIXME: Add tests that call `emplace` in conditional branches:

// ExpectLatticeChecksFor(

// ExpectDiagnosticsFor(

// R"(

// #include "unchecked_optional_access_test.h"

// void target($ns::$optional<int> opt, bool b) {

// if (b) {

// opt.emplace(0);

// }

// if (b) {

// opt.value();

// /*[[check-1]]*/

// } else {

// opt.value();

// opt.value(); // [[unsafe]]

// /*[[check-2]]*/

// }

// )",

// )");

// UnorderedElementsAre(Pair("check-1", "safe"),

// Pair("check-2", "unsafe: input.cc:12:9")));

}

TEST_P(UncheckedOptionalAccessTest, Reset) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = $ns::make_optional(0);

opt.reset();

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:7:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target($ns::$optional<int> &opt) {

if (opt.has_value()) {

opt.reset();

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:7:9")));

// FIXME: Add tests that call `reset` in conditional branches:

// ExpectLatticeChecksFor(

// ExpectDiagnosticsFor(

// R"(

// #include "unchecked_optional_access_test.h"

// void target(bool b) {

// $ns::$optional<int> opt = $ns::make_optional(0);

// if (b) {

// opt.reset();

// }

// if (b) {

// opt.value();

// opt.value(); // [[unsafe]]

// /*[[check-1]]*/

// } else {

// opt.value();

// /*[[check-2]]*/

// }

// )",

// )");

gribozavr2Unsubmitted

Not Done

The original was unsafe, is it an intentional change?

gribozavr2: The original was unsafe, is it an intentional change?

samestepAuthorUnsubmitted

Done

Oh! Good catch, I didn't notice that. Will fix.

samestep: Oh! Good catch, I didn't notice that. Will fix.

// UnorderedElementsAre(Pair("check-1", "unsafe: input.cc:10:9"),

// Pair("check-2", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, ValueAssignment) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

void target() {

$ns::$optional<Foo> opt;

opt = Foo();

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

void target() {

$ns::$optional<Foo> opt;

(opt = Foo()).value();

(void)0;

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct MyString {

MyString(const char*);

};

void target() {

$ns::$optional<MyString> opt;

opt = "foo";

opt.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

struct MyString {

MyString(const char*);

};

void target() {

$ns::$optional<MyString> opt;

(opt = "foo").value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, OptionalConversionAssignment) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Foo> opt1 = Foo();

$ns::$optional<Bar> opt2;

opt2 = opt1;

opt2.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Foo> opt1;

$ns::$optional<Bar> opt2;

if (opt2.has_value()) {

opt2 = opt1;

opt2.value();

opt2.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:15:9")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {};

struct Bar {

Bar(const Foo&);

};

void target() {

$ns::$optional<Foo> opt1 = Foo();

$ns::$optional<Bar> opt2;

(opt2 = opt1).value();

(void)0;

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, NulloptAssignment) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = 3;

opt = $ns::nullopt;

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:7:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = 3;

(opt = $ns::nullopt).value();

(opt = $ns::nullopt).value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:6:7")));

}

TEST_P(UncheckedOptionalAccessTest, OptionalSwap) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt1 = $ns::nullopt;

$ns::$optional<int> opt2 = 3;

opt1.swap(opt2);

opt1.value();

/*[[check-1]]*/

opt2.value();

opt2.value(); // [[unsafe]]

/*[[check-2]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-1", "safe"),

Pair("check-2", "unsafe: input.cc:13:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt1 = $ns::nullopt;

$ns::$optional<int> opt2 = 3;

opt2.swap(opt1);

opt1.value();

/*[[check-3]]*/

opt2.value();

opt2.value(); // [[unsafe]]

/*[[check-4]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-3", "safe"),

Pair("check-4", "unsafe: input.cc:13:7")));

}

TEST_P(UncheckedOptionalAccessTest, StdSwap) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt1 = $ns::nullopt;

$ns::$optional<int> opt2 = 3;

std::swap(opt1, opt2);

opt1.value();

/*[[check-1]]*/

opt2.value();

opt2.value(); // [[unsafe]]

/*[[check-2]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-1", "safe"),

Pair("check-2", "unsafe: input.cc:13:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt1 = $ns::nullopt;

$ns::$optional<int> opt2 = 3;

std::swap(opt2, opt1);

opt1.value();

/*[[check-3]]*/

opt2.value();

opt2.value(); // [[unsafe]]

/*[[check-4]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-3", "safe"),

Pair("check-4", "unsafe: input.cc:13:7")));

}

TEST_P(UncheckedOptionalAccessTest, UniquePtrToStructWithOptionalField) {

// We suppress diagnostics for values reachable from smart pointers (other

// than `optional` itself).

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

template <typename T>

struct smart_ptr {

T& operator*() &;

T* operator->();

};

struct Foo {

$ns::$optional<int> opt;

};

void target() {

smart_ptr<Foo> foo;

*foo->opt;

/*[[check-1]]*/

*(*foo).opt;

/*[[check-2]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-1", "safe"), Pair("check-2", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, CallReturningOptional) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

$ns::$optional<int> MakeOpt();

void target() {

$ns::$optional<int> opt = 0;

opt = MakeOpt();

opt.value();

opt.value(); // [[unsafe]]

/*[[check-1]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-1", "unsafe: input.cc:9:7")));

ExpectDiagnosticsFor(

ExpectLatticeChecksFor(

R"(

#include "unchecked_optional_access_test.h"

const $ns::$optional<int>& MakeOpt();

void target() {

$ns::$optional<int> opt = 0;

opt = MakeOpt();

opt.value();

opt.value(); // [[unsafe]]

/*[[check-2]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-2", "unsafe: input.cc:9:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

using IntOpt = $ns::$optional<int>;

IntOpt MakeOpt();

void target() {

IntOpt opt = 0;

opt = MakeOpt();

opt.value();

opt.value(); // [[unsafe]]

/*[[check-3]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-3", "unsafe: input.cc:10:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

using IntOpt = $ns::$optional<int>;

const IntOpt& MakeOpt();

void target() {

IntOpt opt = 0;

opt = MakeOpt();

opt.value();

opt.value(); // [[unsafe]]

/*[[check-4]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-4", "unsafe: input.cc:10:7")));

}

// Verifies that the model sees through aliases.

TEST_P(UncheckedOptionalAccessTest, WithAlias) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

template <typename T>

using MyOptional = $ns::$optional<T>;

void target(MyOptional<int> opt) {

opt.value();

opt.value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:8:7")));

}

TEST_P(UncheckedOptionalAccessTest, OptionalValueOptional) {

// Basic test that nested values are populated. We nest an optional because

// its easy to use in a test, but the type of the nested value shouldn't

// matter.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

using Foo = $ns::$optional<std::string>;

void target($ns::$optional<Foo> foo) {

if (foo && *foo) {

foo->value();

/*[[access]]*/

}

)",

)");

UnorderedElementsAre(Pair("access", "safe")));

// Mutation is supported for nested values.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

using Foo = $ns::$optional<std::string>;

void target($ns::$optional<Foo> foo) {

if (foo && *foo) {

foo->reset();

foo->value();

foo->value(); // [[unsafe]]

/*[[reset]]*/

}

)",

)");

UnorderedElementsAre(Pair("reset", "unsafe: input.cc:9:9")));

}

// Tests that structs can be nested. We use an optional field because its easy

// to use in a test, but the type of the field shouldn't matter.

TEST_P(UncheckedOptionalAccessTest, OptionalValueStruct) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

struct Foo {

$ns::$optional<std::string> opt;

};

void target($ns::$optional<Foo> foo) {

if (foo && foo->opt) {

foo->opt.value();

/*[[access]]*/

}

)",

)");

UnorderedElementsAre(Pair("access", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, OptionalValueInitialization) {

// FIXME: Fix when to initialize `value`. All unwrapping should be safe in

// this example, but `value` initialization is done multiple times during the

// fixpoint iterations and joining the environment won't correctly merge them.

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

using Foo = $ns::$optional<std::string>;

void target($ns::$optional<Foo> foo, bool b) {

if (!foo.has_value()) return;

if (b) {

if (!foo->has_value()) return;

// We have created `foo.value()`.

foo->value();

} else {

if (!foo->has_value()) return;

// We have created `foo.value()` again, in a different environment.

foo->value();

}

// Now we merge the two values. UncheckedOptionalAccessModel::merge() will

// throw away the "value" property.

foo->value();

foo->value(); // [[unsafe]]

/*[[merge]]*/

}

)",

)");

UnorderedElementsAre(Pair("merge", "unsafe: input.cc:19:7")));

}

TEST_P(UncheckedOptionalAccessTest, AssignThroughLvalueReferencePtr) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

template <typename T>

struct smart_ptr {

typename std::add_lvalue_reference<T>::type operator*() &;

};

void target() {

smart_ptr<$ns::$optional<float>> x;

*x = $ns::nullopt;

(*x).value();

(*x).value(); // [[unsafe]]

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "unsafe: input.cc:12:7")));

}

TEST_P(UncheckedOptionalAccessTest, CorrelatedBranches) {

ExpectLatticeChecksFor(R"code(

ExpectDiagnosticsFor(R"code(

#include "unchecked_optional_access_test.h"

void target(bool b, $ns::$optional<int> opt) {

if (b || opt.has_value()) {

if (!b) {

opt.value();

/*[[check-1]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-1", "safe")));

ExpectLatticeChecksFor(R"code(

ExpectDiagnosticsFor(R"code(

#include "unchecked_optional_access_test.h"

void target(bool b, $ns::$optional<int> opt) {

if (b && !opt.has_value()) return;

if (b) {

opt.value();

/*[[check-2]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-2", "safe")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target(bool b, $ns::$optional<int> opt) {

if (opt.has_value()) b = true;

if (b) {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-3]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-3", "unsafe: input.cc:7:9")));

ExpectLatticeChecksFor(R"code(

ExpectDiagnosticsFor(R"code(

#include "unchecked_optional_access_test.h"

void target(bool b, $ns::$optional<int> opt) {

if (b) return;

if (opt.has_value()) b = true;

if (b) {

opt.value();

/*[[check-4]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-4", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target(bool b, $ns::$optional<int> opt) {

if (opt.has_value() == b) {

if (b) {

opt.value();

/*[[check-5]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-5", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target(bool b, $ns::$optional<int> opt) {

if (opt.has_value() != b) {

if (!b) {

opt.value();

/*[[check-6]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-6", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target(bool b) {

$ns::$optional<int> opt1 = $ns::nullopt;

$ns::$optional<int> opt2;

if (b) {

opt2 = $ns::nullopt;

} else {

opt2 = $ns::nullopt;

}

if (opt2.has_value()) {

opt1.value();

/*[[check]]*/

}

)",

)");

UnorderedElementsAre(Pair("check", "safe")));

// FIXME: Add support for operator==.

// ExpectLatticeChecksFor(R"(

// ExpectDiagnosticsFor(R"(

// #include "unchecked_optional_access_test.h"

// void target($ns::$optional<int> opt1, $ns::$optional<int> opt2) {

// if (opt1 == opt2) {

// if (opt1.has_value()) {

// opt2.value();

// /*[[check-7]]*/

// }

gribozavr2Unsubmitted

Not Done

// if (opt1.has_value()) {

- // opt2.value();

+ // opt2.value(); // [[unsafe]]

// }

gribozavr2:

samestepAuthorUnsubmitted

Done

I don't think this is correct, is it?

samestep: I don't think this is correct, is it?

// }

// )",

// )");

// UnorderedElementsAre(Pair("check-7", "safe")));

}

TEST_P(UncheckedOptionalAccessTest, JoinDistinctValues) {

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target(bool b) {

$ns::$optional<int> opt;

if (b) {

opt = Make<$ns::$optional<int>>();

} else {

opt = Make<$ns::$optional<int>>();

}

if (opt.has_value()) {

opt.value();

/*[[check-1]]*/

} else {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-2]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-1", "safe"),

Pair("check-2", "unsafe: input.cc:15:9")));

ExpectLatticeChecksFor(R"code(

ExpectDiagnosticsFor(R"code(

#include "unchecked_optional_access_test.h"

void target(bool b) {

$ns::$optional<int> opt;

if (b) {

opt = Make<$ns::$optional<int>>();

if (!opt.has_value()) return;

} else {

opt = Make<$ns::$optional<int>>();

if (!opt.has_value()) return;

}

opt.value();

/*[[check-3]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-3", "safe")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target(bool b) {

$ns::$optional<int> opt;

if (b) {

opt = Make<$ns::$optional<int>>();

if (!opt.has_value()) return;

} else {

opt = Make<$ns::$optional<int>>();

}

opt.value();

opt.value(); // [[unsafe]]

/*[[check-4]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-4", "unsafe: input.cc:12:7")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target(bool b) {

$ns::$optional<int> opt;

if (b) {

opt = 1;

} else {

opt = 2;

}

opt.value();

/*[[check-5]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-5", "safe")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"code(

#include "unchecked_optional_access_test.h"

void target(bool b) {

$ns::$optional<int> opt;

if (b) {

opt = 1;

} else {

opt = Make<$ns::$optional<int>>();

}

opt.value();

opt.value(); // [[unsafe]]

/*[[check-6]]*/

}

)code",

)code");

UnorderedElementsAre(Pair("check-6", "unsafe: input.cc:11:7")));

}

TEST_P(UncheckedOptionalAccessTest, ReassignValueInLoop) {

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = 3;

while (Make<bool>()) {

opt.value();

/*[[check-1]]*/

}

)",

)");

UnorderedElementsAre(Pair("check-1", "safe")));

ExpectLatticeChecksFor(R"(

ExpectDiagnosticsFor(R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = 3;

while (Make<bool>()) {

opt.value();

/*[[check-2]]*/

opt = Make<$ns::$optional<int>>();

if (!opt.has_value()) return;

}

)",

)");

UnorderedElementsAre(Pair("check-2", "safe")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = 3;

while (Make<bool>()) {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-3]]*/

opt = Make<$ns::$optional<int>>();

}

)",

)");

UnorderedElementsAre(Pair("check-3", "unsafe: input.cc:7:9")));

ExpectLatticeChecksFor(

ExpectDiagnosticsFor(

R"(

#include "unchecked_optional_access_test.h"

void target() {

$ns::$optional<int> opt = 3;

while (Make<bool>()) {

opt.value();

opt.value(); // [[unsafe]]

/*[[check-4]]*/

opt = Make<$ns::$optional<int>>();

if (!opt.has_value()) continue;

}

)",

)");

UnorderedElementsAre(Pair("check-4", "unsafe: input.cc:7:9")));

}

// FIXME: Add support for:

// - constructors (copy, move)

// - assignment operators (default, copy, move)

// - invalidation (passing optional by non-const reference/pointer)

This is an archive of the discontinued LLVM Phabricator instance.

[clang][dataflow] Add API to separate analysis from diagnosisClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 441122

clang/include/clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h

clang/include/clang/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.h

clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp

clang/lib/Analysis/FlowSensitive/TypeErasedDataflowAnalysis.cpp

clang/unittests/Analysis/FlowSensitive/TestingSupport.h

clang/unittests/Analysis/FlowSensitive/UncheckedOptionalAccessModelTest.cpp

[clang][dataflow] Add API to separate analysis from diagnosis
ClosedPublic