This is an archive of the discontinued LLVM Phabricator instance.

Differential D141338

[-Wunsafe-buffer-usage] Filter out conflicting fix-its
ClosedPublic

Authored by ziqingluo-90 on Jan 9 2023, 5:37 PM.

Details

Reviewers
NoQ
jkorous
t-rasmud
malavikasamak
aaron.ballman
xazax.hun
gribozavr
sgatev
Commits
rG692da6245d71: [-Wunsafe-buffer-usage] Filter out conflicting fix-its
Summary

Two fix-its conflict if they have overlapping source ranges. We shall not emit conflicting fix-its.
This patch adds a class to find all conflicting fix-its (as well as their associated gadgets or declarations).

Diff Detail

Event Timeline

ziqingluo-90 created this revision.Jan 9 2023, 5:37 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 9 2023, 5:37 PM
Herald added a subscriber: mgrang. · View Herald Transcript
ziqingluo-90 requested review of this revision.Jan 9 2023, 5:37 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 9 2023, 5:38 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
ziqingluo-90 retitled this revision from [-Wunsafe-buffer-usage] Filter out conflicting fix-its to [WIP][-Wunsafe-buffer-usage] Filter out conflicting fix-its.Jan 9 2023, 5:38 PM
Harbormaster completed remote builds in B206660: Diff 487614.Jan 9 2023, 5:38 PM
ziqingluo-90 added a parent revision: D139737: [-Wunsafe-buffer-usage] Initiate Fix-it generation for local variable declarations.Jan 9 2023, 5:38 PM
NoQ added a comment.Jan 10 2023, 5:43 PM

Looks awesome!

I'm worried that the test is going to rapidly become stale as you develop fixits for DeclStmt further. It might make sense to write some unittests for this class directly, to put into clang/unittest/Analysis/.... Then you can create some fixits defined by hand, without invoking UnsafeBufferUsage analysis, and feed them to this class directly and verify the results.

Also let's explain motivation a bit more. Normally compiler warnings don't need such machine because the fixits they come with are very simple and hand-crafted. However, unsafe buffer usage analysis is a large emergent behavior machine that may fix different parts of user code, and different parts of the machine that can produce parts of such fixits aren't necessarily aware of each other. In some cases no progress can be made without making sure these parts of the machine talk to each other. However, every time the machine does emit individual fixits, they're actually correct; conflicts between such fixits are entirely a representation problem (we're unable to present overlapping fixits to the user because this requires us to resolve the merge conflict), not an underlying correctness problem. So @ziqingluo-90 is implementing a bailout for the situation when the fixits were perfectly correct in isolation but can't be properly displayed to the user due to merge conflicts between them. This makes it possible for such "merge conflicts" detection to be purely SourceRange-based, so it doesn't need to take the details of the underlying AST into account.

clang/lib/Analysis/UnsafeBufferUsage.cpp
488

Result is unused here!

ziqingluo-90 updated this revision to Diff 488429.Jan 11 2023, 5:00 PM
Harbormaster completed remote builds in B207246: Diff 488429.Jan 11 2023, 5:01 PM
ziqingluo-90 added a comment.Jan 11 2023, 5:09 PM
In D141338#4042050, @NoQ wrote:

Looks awesome!

I'm worried that the test is going to rapidly become stale as you develop fixits for DeclStmt further. It might make sense to write some unittests for this class directly, to put into clang/unittest/Analysis/.... Then you can create some fixits defined by hand, without invoking UnsafeBufferUsage analysis, and feed them to this class directly and verify the results.

Also let's explain motivation a bit more. Normally compiler warnings don't need such machine because the fixits they come with are very simple and hand-crafted. However, unsafe buffer usage analysis is a large emergent behavior machine that may fix different parts of user code, and different parts of the machine that can produce parts of such fixits aren't necessarily aware of each other. In some cases no progress can be made without making sure these parts of the machine talk to each other. However, every time the machine does emit individual fixits, they're actually correct; conflicts between such fixits are entirely a representation problem (we're unable to present overlapping fixits to the user because this requires us to resolve the merge conflict), not an underlying correctness problem. So @ziqingluo-90 is implementing a bailout for the situation when the fixits were perfectly correct in isolation but can't be properly displayed to the user due to merge conflicts between them. This makes it possible for such "merge conflicts" detection to be purely SourceRange-based, so it doesn't need to take the details of the underlying AST into account.

Thanks for adding the motivation here!

I updated the revision by getting rid of things we don't need for now.
At this point, we just need to tell if there is any conflict in the fix-its generated for one variable (including variable declaration fix-its and variable usage fix-its). If there is any, we do NOT emit any fix-it for that variable.

At some point later, we may want to know the exact conflicting subsets. That will be another patch.

NoQ added a comment.Jan 12 2023, 9:32 PM

Looks awesome!

clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h
55–58

Maybe we should put it into some namespace, so that it didn't look like it's part of our public interface?

clang/lib/Analysis/UnsafeBufferUsage.cpp
939–940

Nitpicks.

clang/unittests/Analysis/UnsafeBufferUsageTest.cpp
18

Oh my, you constructed it just like that and it worked? This is awesome!

ziqingluo-90 retitled this revision from [WIP][-Wunsafe-buffer-usage] Filter out conflicting fix-its to [-Wunsafe-buffer-usage] Filter out conflicting fix-its.Jan 19 2023, 2:24 PM
ziqingluo-90 added reviewers: aaron.ballman, xazax.hun, gribozavr, sgatev.
Herald added a subscriber: rnkovacs. · View Herald TranscriptJan 19 2023, 2:24 PM
ziqingluo-90 updated this revision to Diff 492914.Jan 27 2023, 3:06 PM

Rebase the change

Harbormaster completed remote builds in B210478: Diff 492914.Jan 27 2023, 3:07 PM
ziqingluo-90 updated this revision to Diff 492918.Jan 27 2023, 3:09 PM
Harbormaster completed remote builds in B210481: Diff 492918.Jan 27 2023, 3:10 PM
NoQ accepted this revision.Feb 3 2023, 1:45 PM

Looks great!

clang/lib/Analysis/UnsafeBufferUsage.cpp
984
This revision is now accepted and ready to land.Feb 3 2023, 1:45 PM
This revision was landed with ongoing or failed builds.Feb 7 2023, 4:15 PM
Closed by commit rG692da6245d71: [-Wunsafe-buffer-usage] Filter out conflicting fix-its (authored by ziqingluo-90). · Explain Why
This revision was automatically updated to reflect the committed changes.
ziqingluo-90 added a commit: rG692da6245d71: [-Wunsafe-buffer-usage] Filter out conflicting fix-its.
NoQ removed a parent revision: D139737: [-Wunsafe-buffer-usage] Initiate Fix-it generation for local variable declarations.Apr 7 2023, 2:57 PM

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
Analyses/
6 lines
lib/
Analysis/
39 lines
unittests/
Analysis/
1 line
60 lines

Diff 495676

clang/include/clang/Analysis/Analyses/UnsafeBufferUsage.h

Show First 20 LinesShow All 46 Lines▼ Show 20 Lines getUserFillPlaceHolder(StringRef HintTextToUser = "placeholder") {
return s; return s;
} }
}; };
// This function invokes the analysis and allows the caller to react to it // This function invokes the analysis and allows the caller to react to it
// through the handler class. // through the handler class.
void checkUnsafeBufferUsage(const Decl *D, UnsafeBufferUsageHandler &Handler); void checkUnsafeBufferUsage(const Decl *D, UnsafeBufferUsageHandler &Handler);
namespace internal {
// Tests if any two `FixItHint`s in `FixIts` conflict. Two `FixItHint`s
// conflict if they have overlapping source ranges.
bool anyConflict(const llvm::SmallVectorImpl<FixItHint> &FixIts,
NoQUnsubmitted
Not Done
ReplyInline Actions
void checkUnsafeBufferUsage(const Decl *D, UnsafeBufferUsageHandler &Handler);
+ namespace internal {
// Tests if any two `FixItHint`s in `FixIts` conflict. Two `FixItHint`s
// conflict if they have overlapping source ranges.
bool anyConflict(const SourceManager &SM, const llvm::SmallVectorImpl<FixItHint> &FixIts);
-
+ }
/// The text indicating that the user needs to provide input there:

Maybe we should put it into some namespace, so that it didn't look like it's part of our public interface?

NoQ: Maybe we should put it into some namespace, so that it didn't look like it's part of our public…
const SourceManager &SM);
} // namespace internal
} // end namespace clang } // end namespace clang
#endif /* LLVM_CLANG_ANALYSIS_ANALYSES_UNSAFEBUFFERUSAGE_H */ #endif /* LLVM_CLANG_ANALYSIS_ANALYSES_UNSAFEBUFFERUSAGE_H */

clang/lib/Analysis/UnsafeBufferUsage.cpp

Show First 20 LinesShow All 479 Lines▼ Show 20 Linespublic:
} }
// A variable is unclaimed if at least one use is unclaimed. // A variable is unclaimed if at least one use is unclaimed.
bool hasUnclaimedUses(const VarDecl *VD) const { bool hasUnclaimedUses(const VarDecl *VD) const {
// FIXME: Can this be less linear? Maybe maintain a map from VDs to DREs? // FIXME: Can this be less linear? Maybe maintain a map from VDs to DREs?
return any_of(*Uses, [VD](const DeclRefExpr *DRE) { return any_of(*Uses, [VD](const DeclRefExpr *DRE) {
return DRE->getDecl()->getCanonicalDecl() == VD->getCanonicalDecl(); return DRE->getDecl()->getCanonicalDecl() == VD->getCanonicalDecl();
}); });
} }
NoQUnsubmitted
Not Done
ReplyInline Actions

Result is unused here!

NoQ: `Result` is unused here!
void discoverDecl(const DeclStmt *DS) { void discoverDecl(const DeclStmt *DS) {
for (const Decl *D : DS->decls()) { for (const Decl *D : DS->decls()) {
if (const auto *VD = dyn_cast<VarDecl>(D)) { if (const auto *VD = dyn_cast<VarDecl>(D)) {
// FIXME: Assertion temporarily disabled due to a bug in // FIXME: Assertion temporarily disabled due to a bug in
// ASTMatcher internal behavior in presence of GNU // ASTMatcher internal behavior in presence of GNU
// statement-expressions. We need to properly investigate this // statement-expressions. We need to properly investigate this
// because it can screw up our algorithm in other ways. // because it can screw up our algorithm in other ways.
▲ Show 20 LinesShow All 192 Lines▼ Show 20 Lines for (const DeclRefExpr *DRE : DREs) {
if (const auto *VD = dyn_cast<VarDecl>(DRE->getDecl())) { if (const auto *VD = dyn_cast<VarDecl>(DRE->getDecl())) {
FixablesForUnsafeVars.byVar[VD].emplace(std::move(F)); FixablesForUnsafeVars.byVar[VD].emplace(std::move(F));
} }
} }
} }
return FixablesForUnsafeVars; return FixablesForUnsafeVars;
} }
bool clang::internal::anyConflict(
const SmallVectorImpl<FixItHint> &FixIts, const SourceManager &SM) {
// A simple interval overlap detection algorithm. Sorts all ranges by their
// begin location then finds the first overlap in one pass.
std::vector<const FixItHint *> All; // a copy of `FixIts`
for (const FixItHint &H : FixIts)
All.push_back(&H);
std::sort(All.begin(), All.end(),
[&SM](const FixItHint *H1, const FixItHint *H2) {
return SM.isBeforeInTranslationUnit(H1->RemoveRange.getBegin(),
H2->RemoveRange.getBegin());
});
const FixItHint *CurrHint = nullptr;
for (const FixItHint *Hint : All) {
if (!CurrHint ||
SM.isBeforeInTranslationUnit(CurrHint->RemoveRange.getEnd(),
Hint->RemoveRange.getBegin())) {
// Either to initialize `CurrHint` or `CurrHint` does not
// overlap with `Hint`:
CurrHint = Hint;
} else
// In case `Hint` overlaps the `CurrHint`, we found at least one
// conflict:
return true;
}
return false;
}
std::optional<FixItList> std::optional<FixItList>
ULCArraySubscriptGadget::getFixits(const Strategy &S) const { ULCArraySubscriptGadget::getFixits(const Strategy &S) const {
if (const auto *DRE = dyn_cast<DeclRefExpr>(Node->getBase()->IgnoreImpCasts())) if (const auto *DRE = dyn_cast<DeclRefExpr>(Node->getBase()->IgnoreImpCasts()))
if (const auto *VD = dyn_cast<VarDecl>(DRE->getDecl())) { if (const auto *VD = dyn_cast<VarDecl>(DRE->getDecl())) {
switch (S.lookup(VD)) { switch (S.lookup(VD)) {
case Strategy::Kind::Span: { case Strategy::Kind::Span: {
// If the index has a negative constant value, we give up as no valid // If the index has a negative constant value, we give up as no valid
// fix-it can be generated: // fix-it can be generated:
▲ Show 20 LinesShow All 195 Lines▼ Show 20 Linesstatic FixItList fixVariable(const VarDecl *VD, Strategy::Kind K,
case Strategy::Kind::Wontfix: case Strategy::Kind::Wontfix:
llvm_unreachable("Invalid strategy!"); llvm_unreachable("Invalid strategy!");
} }
llvm_unreachable("Unknown strategy!"); llvm_unreachable("Unknown strategy!");
} }
// Returns true iff there exists a `FixItHint` 'h' in `FixIts` such that the // Returns true iff there exists a `FixItHint` 'h' in `FixIts` such that the
// `RemoveRange` of 'h' overlaps with a macro use. // `RemoveRange` of 'h' overlaps with a macro use.
static bool overlapWithMacro(const FixItList &FixIts) { static bool overlapWithMacro(const FixItList &FixIts) {
// FIXME: For now we only check if the range (or the first token) is (part of) // FIXME: For now we only check if the range (or the first token) is (part of)
NoQUnsubmitted
Not Done
ReplyInline Actions
const llvm::SmallVectorImpl<FixItHint> &FixIts) {
- // A simple interval overlap detecting algorithm. Sorts all ranges by their
- // begin location then find any overlap in one pass.
+ // A simple interval overlap detection algorithm. Sorts all ranges by their
+ // begin location then finds the first overlap in one pass.
std::vector<const FixItHint *> All; // a copy of `FixIts`

Nitpicks.

NoQ: Nitpicks.
// a macro expansion. Ideally, we want to check for all tokens in the range. // a macro expansion. Ideally, we want to check for all tokens in the range.
return llvm::any_of(FixIts, [](const FixItHint &Hint) { return llvm::any_of(FixIts, [](const FixItHint &Hint) {
auto BeginLoc = Hint.RemoveRange.getBegin(); auto BeginLoc = Hint.RemoveRange.getBegin();
if (BeginLoc.isMacroID()) if (BeginLoc.isMacroID())
// If the range (or the first token) is (part of) a macro expansion: // If the range (or the first token) is (part of) a macro expansion:
return true; return true;
return false; return false;
}); });
Show All 25 Lines for (const auto &F : Fixables) {
CorrectFixes.end()); CorrectFixes.end());
} }
} }
if (ImpossibleToFix) if (ImpossibleToFix)
FixItsForVariable.erase(VD); FixItsForVariable.erase(VD);
else else
FixItsForVariable[VD].insert(FixItsForVariable[VD].end(), FixItsForVariable[VD].insert(FixItsForVariable[VD].end(),
FixItsForVD.begin(), FixItsForVD.end()); FixItsForVD.begin(), FixItsForVD.end());
// Fix-it shall not overlap with macros or/and templates: // We conservatively discard fix-its of a variable if
if (overlapWithMacro(FixItsForVariable[VD])) { // a fix-it overlaps with macros; or
// a fix-it conflicts with another one
NoQUnsubmitted
Not Done
ReplyInline Actions
// a fix-it overlaps with macros; or
- // a fix-it conflicts with another one
+ // a fix-it conflicts with another fixit.
if (overlapWithMacro(FixItsForVariable[VD]) ||
NoQ:
if (overlapWithMacro(FixItsForVariable[VD]) ||
clang::internal::anyConflict(FixItsForVariable[VD],
Ctx.getSourceManager())) {
FixItsForVariable.erase(VD); FixItsForVariable.erase(VD);
} }
} }
return FixItsForVariable; return FixItsForVariable;
} }
static Strategy static Strategy
getNaiveStrategy(const llvm::SmallVectorImpl<const VarDecl *> &UnsafeVars) { getNaiveStrategy(const llvm::SmallVectorImpl<const VarDecl *> &UnsafeVars) {
▲ Show 20 LinesShow All 58 LinesShow Last 20 Lines

clang/unittests/Analysis/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
FrontendOpenMP FrontendOpenMP
Support Support
) )
add_clang_unittest(ClangAnalysisTests add_clang_unittest(ClangAnalysisTests
CFGDominatorTree.cpp CFGDominatorTree.cpp
CFGTest.cpp CFGTest.cpp
CloneDetectionTest.cpp CloneDetectionTest.cpp
ExprMutationAnalyzerTest.cpp ExprMutationAnalyzerTest.cpp
MacroExpansionContextTest.cpp MacroExpansionContextTest.cpp
UnsafeBufferUsageTest.cpp
) )
clang_target_link_libraries(ClangAnalysisTests clang_target_link_libraries(ClangAnalysisTests
PRIVATE PRIVATE
clangAnalysis clangAnalysis
clangAST clangAST
clangASTMatchers clangASTMatchers
clangBasic clangBasic
Show All 13 Lines

clang/unittests/Analysis/UnsafeBufferUsageTest.cpp

  • This file was added.
#include "gtest/gtest.h"
#include "clang/Basic/SourceLocation.h"
#include "clang/Basic/SourceManager.h"
#include "clang/Basic/Diagnostic.h"
#include "clang/Basic/FileManager.h"
#include "clang/Analysis/Analyses/UnsafeBufferUsage.h"
using namespace clang;
namespace {
// The test fixture.
class UnsafeBufferUsageTest : public ::testing::Test {
protected:
UnsafeBufferUsageTest()
: FileMgr(FileMgrOpts), DiagID(new DiagnosticIDs()),
Diags(DiagID, new DiagnosticOptions, new IgnoringDiagConsumer()),
SourceMgr(Diags, FileMgr) {}
NoQUnsubmitted
Not Done
ReplyInline Actions

Oh my, you constructed it just like that and it worked? This is awesome!

NoQ: Oh my, you constructed it just like that and it worked? This is awesome!
FileSystemOptions FileMgrOpts;
FileManager FileMgr;
IntrusiveRefCntPtr<DiagnosticIDs> DiagID;
DiagnosticsEngine Diags;
SourceManager SourceMgr;
};
} // namespace
TEST_F(UnsafeBufferUsageTest, FixItHintsConflict) {
const FileEntry *DummyFile = FileMgr.getVirtualFile("<virtual>", 100, 0);
FileID DummyFileID = SourceMgr.getOrCreateFileID(DummyFile, SrcMgr::C_User);
SourceLocation StartLoc = SourceMgr.getLocForStartOfFile(DummyFileID);
#define MkDummyHint(Begin, End) \
FixItHint::CreateReplacement(SourceRange(StartLoc.getLocWithOffset((Begin)), \
StartLoc.getLocWithOffset((End))), \
"dummy")
FixItHint H1 = MkDummyHint(0, 5);
FixItHint H2 = MkDummyHint(6, 10);
FixItHint H3 = MkDummyHint(20, 25);
llvm::SmallVector<FixItHint> Fixes;
// Test non-overlapping fix-its:
Fixes = {H1, H2, H3};
EXPECT_FALSE(internal::anyConflict(Fixes, SourceMgr));
Fixes = {H3, H2, H1}; // re-order
EXPECT_FALSE(internal::anyConflict(Fixes, SourceMgr));
// Test overlapping fix-its:
Fixes = {H1, H2, H3, MkDummyHint(0, 4) /* included in H1 */};
EXPECT_TRUE(internal::anyConflict(Fixes, SourceMgr));
Fixes = {H1, H2, H3, MkDummyHint(10, 15) /* overlaps H2 */};
EXPECT_TRUE(internal::anyConflict(Fixes, SourceMgr));
Fixes = {H1, H2, H3, MkDummyHint(7, 23) /* overlaps H2, H3 */};
EXPECT_TRUE(internal::anyConflict(Fixes, SourceMgr));
Fixes = {H1, H2, H3, MkDummyHint(2, 23) /* overlaps H1, H2, and H3 */};
EXPECT_TRUE(internal::anyConflict(Fixes, SourceMgr));
}
No newline at end of file