This is an archive of the discontinued LLVM Phabricator instance.

Differential D128401

[clang-tidy] Fixing a bug raising false alarms on static local variables in the Infinite Loop Checker
ClosedPublic

Authored by ziqingluo-90 on Jun 22 2022, 4:41 PM.

Details

Reviewers
aaron.ballman
alexfh
gribozavr
njames93
LegalizeAdulthood
gribozavr2
NoQ
Commits
rG7df0f0b41067: [clang-tidy] Fixing a bug in `InfiniteLoopCheck` that raises false alarms on…
Summary

The Infinite Loop Checker could report a false positive on the example below:

void f() {
  static int i = 0;
  i++;
  while (i < 10)
     f();
}

This patch adds checking for recursive calls in the Infinite Loop Checker when loop condition involves static local variables.

Diff Detail

Event Timeline

ziqingluo-90 created this revision.Jun 22 2022, 4:41 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 22 2022, 4:41 PM
Herald added subscribers: carlosgalvezp, kristof.beyls, xazax.hun. · View Herald Transcript
ziqingluo-90 requested review of this revision.Jun 22 2022, 4:41 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 22 2022, 4:41 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B171466: Diff 439204.Jun 22 2022, 4:41 PM
Eugene.Zelenko added a subscriber: Eugene.Zelenko.Jun 23 2022, 7:12 AM
Eugene.Zelenko added inline comments.
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
159 ↗(On Diff #439204)

auto could be used, because type is spelled in same statement.

166 ↗(On Diff #439204)

Ditto.

200 ↗(On Diff #439204)

Ditto.

201 ↗(On Diff #439204)

Ditto.

Eugene.Zelenko retitled this revision from [Clang-tidy] Fixing a bug raising false alarms on static local variables in the Infinite Loop Checker to [clang-tidy] Fixing a bug raising false alarms on static local variables in the Infinite Loop Checker .Jun 23 2022, 7:13 AM
Eugene.Zelenko removed reviewers: NoQ, t-rasmud, usama54321, rsundahl, yln, kubamracek, krispy1994, jkorous, delcypher, chrisdangelo, thetruestblue.
gribozavr2 accepted this revision.Jun 23 2022, 7:45 AM
gribozavr2 added a subscriber: gribozavr2.
gribozavr2 added inline comments.
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
159 ↗(On Diff #439204)

Please clang-format before submitting (it looks like this block is indented 4 instead of 2).

184–185 ↗(On Diff #439204)
188–191 ↗(On Diff #439204)

Canonical => Can is the usual abbreviation, if you want to use one (e.g., see CanQualType)

198–199 ↗(On Diff #439204)
210 ↗(On Diff #439204)

Cond is not the loop itself.

This revision is now accepted and ready to land.Jun 23 2022, 7:45 AM
LegalizeAdulthood requested changes to this revision.Jun 23 2022, 10:38 AM

Clang-Tidy tests and docs have moved to module subdirectories.

Please rebase this onto main:HEAD and:

  • fold your changes into the appropriate subdirs, stripping the module prefix from new files.
  • make the target check-clang-extra to validate your tests
  • make the target docs-clang-tools-html to validate any docs changes
This revision now requires changes to proceed.Jun 23 2022, 10:38 AM
ziqingluo-90 updated this revision to Diff 439573.Jun 23 2022, 5:28 PM

rebased with the latest main:HEAD where clang-tidy file structure has changed

Harbormaster completed remote builds in B171733: Diff 439573.Jun 23 2022, 5:34 PM
ziqingluo-90 updated this revision to Diff 439580.Jun 23 2022, 5:53 PM

Addressing Dmitri's comments.

gribozavr2 added inline comments.Jun 23 2022, 5:56 PM
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
184–185 ↗(On Diff #439204)

It seems like you missed this one.

Harbormaster completed remote builds in B171739: Diff 439580.Jun 23 2022, 6:25 PM
NoQ added a subscriber: NoQ.Jun 23 2022, 11:38 PM
NoQ added inline comments.
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
34 ↗(On Diff #439580)

Ok so this whole checker does this procedure involving ExprMutationAnalyzer trying to figure out if the variable can be changed from within the loop. I wonder if our problem of whether the static variable can be changed within the loop is a sub-problem of this problem and therefore could have a general solution inside ExprMutationAnalyzer. If so, other clang-tidy checks that use ExprMutationAnalyzer could immediately benefit from such solution. WDYT?

LegalizeAdulthood added inline comments.Jun 24 2022, 9:53 AM
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
190 ↗(On Diff #439580)

Personally I'm not a fan of using bitwise operators with booleans. It involves implicit casts of bool to int and int to bool and doesn't use the usual short-circuiting logic of || and &&. It also means this code won't be analyzed by clang-tidy as "performing operations on booleans" for things like readability-simplify-boolean-expr.

ziqingluo-90 updated this revision to Diff 439882.Jun 24 2022, 1:49 PM

addressing more comments

ziqingluo-90 updated this revision to Diff 439883.Jun 24 2022, 1:56 PM
ziqingluo-90 updated this revision to Diff 439884.Jun 24 2022, 2:04 PM

trying to be consistent in that auto is used wherever possible

Eugene.Zelenko added inline comments.Jun 24 2022, 2:06 PM
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
160 ↗(On Diff #439884)

Please don't use auto when type is not spelled explicitly or iterator.

187 ↗(On Diff #439884)

Ditto.

Harbormaster completed remote builds in B171945: Diff 439884.Jun 24 2022, 2:25 PM
ziqingluo-90 updated this revision to Diff 439903.Jun 24 2022, 3:11 PM

I missed the part of coding standard about the usage of auto. Now change to conform to it.

ziqingluo-90 added inline comments.Jun 24 2022, 3:22 PM
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
34 ↗(On Diff #439580)

I think this is a good point. I can do it after this patch.

Harbormaster completed remote builds in B171962: Diff 439903.Jun 24 2022, 3:28 PM
ziqingluo-90 added a comment.Jul 5 2022, 11:29 AM

Hi @LegalizeAdulthood, @NoQ, @gribozavr2, @Eugene.Zelenko,

Is there any further issue I should address for this patch?

ziqingluo-90 added a reviewer: NoQ.Jul 15 2022, 3:10 PM
NoQ accepted this revision.Jul 15 2022, 3:14 PM

Looks great, thanks!

Yes, I think refactoring can be done in a follow-up patch.

ziqingluo-90 added a comment.Jul 15 2022, 4:54 PM
In D128401#3656559, @NoQ wrote:

Looks great, thanks!

Yes, I think refactoring can be done in a follow-up patch.

Thank you, @NoQ!

Let me politely ping the rest of the commenters: @LegalizeAdulthood, @gribozavr2, @Eugene.Zelenko. Is this patch looking good to you?

NoQ added a comment.Aug 24 2022, 6:33 PM

I think let's commit. @ziqingluo-90 addressed all existing concerns and promises follow-up patches where he'll have a chance to address future concerns as well.

njames93 accepted this revision.Aug 24 2022, 10:54 PM
njames93 added inline comments.
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
166 ↗(On Diff #439903)
194 ↗(On Diff #439903)

This will always be false as if it's true, the loop would return.

ziqingluo-90 added inline comments.Aug 25 2022, 12:03 PM
clang-tools-extra/clang-tidy/bugprone/InfiniteLoopCheck.cpp
194 ↗(On Diff #439903)

Thanks for pointing this out. I will make the change before commit!

This revision was not accepted when it landed; it landed in state Needs Review.Aug 29 2022, 11:21 AM
Closed by commit rG7df0f0b41067: [clang-tidy] Fixing a bug in `InfiniteLoopCheck` that raises false alarms on… (authored by ziqingluo-90). · Explain Why
This revision was automatically updated to reflect the committed changes.
ziqingluo-90 added a commit: rG7df0f0b41067: [clang-tidy] Fixing a bug in `InfiniteLoopCheck` that raises false alarms on….

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
bugprone/
111 lines
test/
clang-tidy/
checkers/
bugprone/
26 lines
21 lines

Diff 439573

clang-tidy/bugprone/InfiniteLoopCheck.cpp

//===--- InfiniteLoopCheck.cpp - clang-tidy -------------------------------===// //===--- InfiniteLoopCheck.cpp - clang-tidy -------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "InfiniteLoopCheck.h" #include "InfiniteLoopCheck.h"
#include "../utils/Aliasing.h" #include "../utils/Aliasing.h"
#include "clang/AST/ASTContext.h" #include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h" #include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/Analysis/Analyses/ExprMutationAnalyzer.h" #include "clang/Analysis/Analyses/ExprMutationAnalyzer.h"
#include "clang/Analysis/CallGraph.h"
#include "llvm/ADT/SCCIterator.h"
#include "llvm/ADT/SmallVector.h"
using namespace clang::ast_matchers; using namespace clang::ast_matchers;
using clang::tidy::utils::hasPtrOrReferenceInFunc; using clang::tidy::utils::hasPtrOrReferenceInFunc;
namespace clang { namespace clang {
namespace tidy { namespace tidy {
namespace bugprone { namespace bugprone {
▲ Show 20 LinesShow All 119 Lines▼ Show 20 Lines if (Cond.isValueDependent()) {
return false; return false;
} }
bool Result = false; bool Result = false;
if (Cond.EvaluateAsBooleanCondition(Result, Ctx)) if (Cond.EvaluateAsBooleanCondition(Result, Ctx))
return Result == ExpectedValue; return Result == ExpectedValue;
return false; return false;
} }
/// populates the set `Callees` with all function (and objc method) declarations
/// called in `StmtNode` if all visited call sites have resolved call targets.
///
/// \return true iff all `CallExprs` visited have callees; false otherwise
/// indicating there is an unresolved indirect call.
static bool populateCallees(const Stmt *StmtNode,
llvm::SmallSet<const Decl *, 16> &Callees) {
if (const CallExpr *Call = dyn_cast<CallExpr>(StmtNode)) {
const Decl *Callee = Call->getDirectCallee();
if (!Callee)
return false; // unresolved call
Callees.insert(Callee->getCanonicalDecl());
}
if (const ObjCMessageExpr *Call = dyn_cast<ObjCMessageExpr>(StmtNode)) {
const ObjCMethodDecl *Callee = Call->getMethodDecl();
if (!Callee)
return false; // unresolved call
Callees.insert(Callee->getCanonicalDecl());
}
for (const Stmt *Child : StmtNode->children())
if (Child && !populateCallees(Child, Callees))
return false;
return true;
}
/// returns true iff `SCC` contains `Func` and its' function set overlaps with
/// `Callees`
static bool overlap(ArrayRef<CallGraphNode *> SCC,
const llvm::SmallSet<const Decl *, 16> &Callees,
const Decl *Func) {
bool containsFunc = false;
bool overlap = false;
for (CallGraphNode *GNode : SCC) {
const Decl *CanoDecl = GNode->getDecl()->getCanonicalDecl();
containsFunc |= (CanoDecl == Func);
overlap |= Callees.contains(CanoDecl);
if (containsFunc && overlap)
return true;
}
return containsFunc && overlap;
}
/// returns true iff `Cond` involves at least one static local variable.
static bool hasStaticLocalVariable(const Stmt *Cond) {
if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Cond))
if (const VarDecl *VD = dyn_cast<VarDecl>(DRE->getDecl()))
if (VD->isStaticLocal())
return true;
for (const Stmt *Child : Cond->children())
if (Child && hasStaticLocalVariable(Child))
return true;
return false;
}
/// Tests if the loop `Cond` involves static local variables and
/// the enclosing function `Func` is recursive.
///
/// \code
/// void f() {
/// static int i = 10;
/// i--;
/// while (i >= 0) f();
/// }
/// \endcode
/// The example above is NOT an infinite loop.
static bool hasRecursionOverStaticLoopCondVariables(const Expr *Cond,
const Stmt *LoopStmt,
const Decl *Func,
const ASTContext *Ctx) {
if (!hasStaticLocalVariable(Cond))
return false;
llvm::SmallSet<const Decl *, 16> CalleesInLoop;
if (!populateCallees(LoopStmt, CalleesInLoop)) {
// If there are unresolved indirect calls, we assume there could
// be recursion so to avoid false alarm.
return true;
}
if (CalleesInLoop.empty())
return false;
TranslationUnitDecl *TUDecl = Ctx->getTranslationUnitDecl();
CallGraph CG;
CG.addToCallGraph(TUDecl);
// For each `SCC` containing `Func`, if functions in the `SCC`
// overlap with `CalleesInLoop`, there is a recursive call in `LoopStmt`.
for (llvm::scc_iterator<CallGraph *> SCCI = llvm::scc_begin(&CG),
SCCE = llvm::scc_end(&CG);
SCCI != SCCE; ++SCCI) {
if (!SCCI.hasCycle()) // We only care about cycles, not standalone nodes.
continue;
// `SCC`s are mutually disjoint, so there will be no redundancy in
// comparing `SCC` with the callee set one by one.
if (overlap(*SCCI, CalleesInLoop, Func->getCanonicalDecl()))
return true;
}
return false;
}
void InfiniteLoopCheck::registerMatchers(MatchFinder *Finder) { void InfiniteLoopCheck::registerMatchers(MatchFinder *Finder) {
const auto LoopCondition = allOf( const auto LoopCondition = allOf(
hasCondition( hasCondition(
expr(forCallable(decl().bind("func"))).bind("condition")), expr(forCallable(decl().bind("func"))).bind("condition")),
unless(hasBody(hasDescendant( unless(hasBody(hasDescendant(
loopEndingStmt(forCallable(equalsBoundNode("func"))))))); loopEndingStmt(forCallable(equalsBoundNode("func")))))));
Finder->addMatcher(mapAnyOf(whileStmt, doStmt, forStmt) Finder->addMatcher(mapAnyOf(whileStmt, doStmt, forStmt)
Show All 20 Lines if (const auto *While = dyn_cast<WhileStmt>(LoopStmt)) {
} }
} }
if (ExprMutationAnalyzer::isUnevaluated(LoopStmt, *LoopStmt, *Result.Context)) if (ExprMutationAnalyzer::isUnevaluated(LoopStmt, *LoopStmt, *Result.Context))
return; return;
if (isAtLeastOneCondVarChanged(Func, LoopStmt, Cond, Result.Context)) if (isAtLeastOneCondVarChanged(Func, LoopStmt, Cond, Result.Context))
return; return;
if (hasRecursionOverStaticLoopCondVariables(Cond, LoopStmt, Func,
Result.Context))
return;
std::string CondVarNames = getCondVarNames(Cond); std::string CondVarNames = getCondVarNames(Cond);
if (ShouldHaveConditionVariables && CondVarNames.empty()) if (ShouldHaveConditionVariables && CondVarNames.empty())
return; return;
if (CondVarNames.empty()) { if (CondVarNames.empty()) {
diag(LoopStmt->getBeginLoc(), diag(LoopStmt->getBeginLoc(),
"this loop is infinite; it does not check any variables in the" "this loop is infinite; it does not check any variables in the"
Show All 12 Lines

test/clang-tidy/checkers/bugprone/infinite-loop.cpp

Show First 20 LinesShow All 679 Lines▼ Show 20 Linesvoid test_typeof_dowhile_infinite() {
__typeof__({ __typeof__({
int i = 0; int i = 0;
do { do {
} while (i < 10); } while (i < 10);
0; 0;
}) x; }) x;
} }
void test_local_static_recursion() {
static int i = 10;
int j = 0;
i--;
while (i >= 0)
test_local_static_recursion(); // no warning, recursively decrement i
for (; i >= 0;)
test_local_static_recursion(); // no warning, recursively decrement i
for (; i + j >= 0;)
test_local_static_recursion(); // no warning, recursively decrement i
for (; i >= 0; i--)
; // no warning, i decrements
while (j >= 0)
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: this loop is infinite; none of its condition variables (j) are updated in the loop body [bugprone-infinite-loop]
test_local_static_recursion();
int (*p)(int) = 0;
while (i >= 0)
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: this loop is infinite; none of its condition variables (i) are updated in the loop body [bugprone-infinite-loop]
p = 0;
while (i >= 0)
p(0); // we don't know what p points to so no warning
}

test/clang-tidy/checkers/bugprone/infinite-loop.mm

Show All 38 Lines
+ (void)classMethod { + (void)classMethod {
int i = 0; int i = 0;
int j = 0; int j = 0;
while (i < 10) { while (i < 10) {
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: this loop is infinite; none of its condition variables (i) are updated in the loop body [bugprone-infinite-loop] // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: this loop is infinite; none of its condition variables (i) are updated in the loop body [bugprone-infinite-loop]
j++; j++;
} }
} }
+ (void)recursiveMethod {
static int i = 0;
i++;
while (i < 10) {
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: this loop is infinite; none of its condition variables (i) are updated in the loop body [bugprone-infinite-loop]
[I classMethod];
}
id x = [[I alloc] init];
while (i < 10) {
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: this loop is infinite; none of its condition variables (i) are updated in the loop body [bugprone-infinite-loop]
[x instanceMethod];
}
while (i < 10) {
// no warning, there is a recursive call that can mutate the static local variable
[I recursiveMethod];
}
}
@end @end
void testArrayCount() { void testArrayCount() {
NSArray *arr = [[NSArray alloc] init]; NSArray *arr = [[NSArray alloc] init];
NSUInteger max_count = 10; NSUInteger max_count = 10;
while ([arr count] < max_count) { while ([arr count] < max_count) {
// No warning. Array count is updated on every iteration. // No warning. Array count is updated on every iteration.
[arr addObject: [[I alloc] init]]; [arr addObject: [[I alloc] init]];
▲ Show 20 LinesShow All 71 LinesShow Last 20 Lines