This is an archive of the discontinued LLVM Phabricator instance.

Differential D150744

[NFC][CLANG] Fix uninitialized scalar field issues
ClosedPublic

Authored by Manna on May 16 2023, 6:23 PM.

Details

Reviewers
NoQ
erichkeane
steakhal
tahonermann
Commits
rG5e12f5ab2df1: [CLANG] Fix uninitialized scalar field issues

Diff Detail

Event Timeline

Manna created this revision.May 16 2023, 6:23 PM
Herald added a reviewer: NoQ. · View Herald TranscriptMay 16 2023, 6:23 PM
Herald added a project: Restricted Project. · View Herald Transcript
Manna requested review of this revision.May 16 2023, 6:23 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 16 2023, 6:23 PM
Manna updated this revision to Diff 522877.May 16 2023, 7:00 PM
Herald added subscribers: steakhal, martong. · View Herald TranscriptMay 16 2023, 7:00 PM
Harbormaster completed remote builds in B232486: Diff 522877.May 16 2023, 8:47 PM
Manna abandoned this revision.May 17 2023, 4:11 AM
Manna updated this revision to Diff 523025.May 17 2023, 6:19 AM
Manna updated this revision to Diff 523030.May 17 2023, 6:24 AM
Manna retitled this revision from [NFC][CLANG] Fix uninitialized scalar field issues with Coverity to [NFC][CLANG] Fix uninitialized scalar field issues found by Coverity.May 17 2023, 7:06 AM
Manna added a reviewer: erichkeane.
steakhal added a comment.May 17 2023, 8:22 AM

Speaking of the StaticAnalyzer, I think setting some default value is a fair point, and I think it's a good practice.
In our case, we initialized that field from the registration function, like this:

void ento::registerMoveChecker(CheckerManager &mgr) {
  MoveChecker *chk = mgr.registerChecker<MoveChecker>();
  chk->setAggressiveness(
      mgr.getAnalyzerOptions().getCheckerStringOption(chk, "WarnOn"), mgr); // <--- initialized here
}
clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
187

By looking at the default value of the Move.WarnOn checker option here, we should probably initialize this field to the default value matching the default value of the config.

Manna updated this revision to Diff 523071.May 17 2023, 8:57 AM

Thank you @steakhal for reviews. I have addressed review comment.

erichkeane accepted this revision.May 17 2023, 8:59 AM

CFE changes look fine to me!

This revision is now accepted and ready to land.May 17 2023, 8:59 AM
Manna added a comment.May 17 2023, 9:00 AM
In D150744#4350048, @steakhal wrote:

In our case, we initialized that field from the registration function, like this:

void ento::registerMoveChecker(CheckerManager &mgr) {
  MoveChecker *chk = mgr.registerChecker<MoveChecker>();
  chk->setAggressiveness(
      mgr.getAnalyzerOptions().getCheckerStringOption(chk, "WarnOn"), mgr); // <--- initialized here
}

Yes, While investigating other Coverity bugs about uninitialized scaler fields in StaticAnalyzer, i noticed about the registration function.

Manna added a comment.May 17 2023, 9:01 AM
In D150744#4350198, @erichkeane wrote:

CFE changes look fine to me!

Thank you @erichkeane for reviews!

Manna marked an inline comment as done.May 17 2023, 9:05 AM
Manna added inline comments.
clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
187
void setAggressiveness(StringRef Str, CheckerManager &Mgr) {
    Aggressiveness =
        llvm::StringSwitch<AggressivenessKind>(Str)
            .Case("KnownsOnly", AK_KnownsOnly)
            .Case("KnownsAndLocals", AK_KnownsAndLocals)
            .Case("All", AK_All)
            .Default(AK_Invalid);

    if (Aggressiveness == AK_Invalid)
      Mgr.reportInvalidCheckerOptionValue(this, "WarnOn",
          "either \"KnownsOnly\", \"KnownsAndLocals\" or \"All\" string value");

By looking at the codes above, my understanding was that default value is AK_Invalid. Thank you @steakhal for the pointer and the explanation.

Manna marked an inline comment as done.May 17 2023, 11:27 AM

@steakhal, do you have any more concerns with StaticAnalyzer changes?

steakhal accepted this revision.May 17 2023, 11:37 AM
tahonermann added a subscriber: tahonermann.May 17 2023, 1:00 PM

I'm not opposed to these changes, but please note that these changes mean is will no longer be possible to use ubsan to discover when these data members are used before having been assigned an appropriate value. That is only a concern when an appropriate value would differ from the member initializers added via this change. I haven't reviewed the changes in depth, so I don't know if there are any such cases for which such a concern is applicable.

Harbormaster completed remote builds in B232628: Diff 523071.May 17 2023, 3:44 PM
shafik added a subscriber: shafik.May 18 2023, 9:16 AM
shafik added inline comments.
clang/include/clang/Parse/Parser.h
1190

@tahonermann I feel like we should have a default member initializer for any member that by default is not initialized. I realize in this case there currently should be no way for this to be bot initialized but that may not stay true and I don't believe there will be a penalty for doing this since it is initialized in the mem-initializer-list and therefore the default init should be omitted when calling the constructor.

tahonermann added inline comments.May 18 2023, 11:01 AM
clang/include/clang/Parse/Parser.h
1190

I think that is very reasonable and I'm not opposed to such a policy. Per my other comment, the trade off to always initializing is that a default initializer can prevent use of tools like ubsan to discover when an appropriate (presumably non-default) value has not been assigned. I suspect (but have no data to draw on) that adding a default member initializer prevents more bugs than would be found by tools like ubsan detecting use of an uninitialized data member that should have a (non-default) assigned value.

I'm definitely in favor of using default member initializers over mem-initializer-list!

Manna added inline comments.May 19 2023, 12:06 PM
clang/include/clang/Parse/Parser.h
1190

since it is initialized in the mem-initializer-list and therefore the default init should be omitted when calling the constructor.

Agreed. That is motivated me to add default initialization.

he trade off to always initializing is that a default initializer can prevent use of tools like ubsan to discover when an appropriate (presumably non-default) value has not been assigned. I suspect (but have no data to draw on) that adding a default member initializer prevents more bugs than would be found by tools like ubsan detecting use of an uninitialized data member that should have a (non-default) assigned value.

Thanks @tahonermann for the information! i was not aware of this ubsan tool.

@shafik and @tahonermann, thank you for your comments. Do you think we should hold off these changes for merging?

Manna retitled this revision from [NFC][CLANG] Fix uninitialized scalar field issues found by Coverity to [NFC][CLANG] Fix uninitialized scalar field issues.May 25 2023, 12:01 PM
schittir added a subscriber: schittir.Jun 21 2023, 4:14 PM
schittir added a comment.Jun 21 2023, 4:16 PM

@tahonermann @shafik - is it ok to land this patch?

tahonermann accepted this revision.Jun 22 2023, 10:37 AM

is it ok to land this patch?

No objection from me!

Closed by commit rG5e12f5ab2df1: [CLANG] Fix uninitialized scalar field issues (authored by Manna). · Explain WhyJun 22 2023, 12:10 PM
This revision was automatically updated to reflect the committed changes.
Manna added a commit: rG5e12f5ab2df1: [CLANG] Fix uninitialized scalar field issues.
Manna added a comment.Jun 22 2023, 12:10 PM

Thank you everyone for reviews!

Revision Contents

PathSize
clang/
include/
clang/
Analysis/
Analyses/
2 lines
Parse/
2 lines
lib/
AST/
2 lines
CodeGen/
2 lines
2 lines
Serialization/
2 lines
StaticAnalyzer/
Checkers/
2 lines
2 lines

Diff 533719

clang/include/clang/Analysis/Analyses/Consumed.h

Show First 20 LinesShow All 238 Lines▼ Show 20 Lines public:
bool isBackEdgeTarget(const CFGBlock *Block); bool isBackEdgeTarget(const CFGBlock *Block);
}; };
/// A class that handles the analysis of uniqueness violations. /// A class that handles the analysis of uniqueness violations.
class ConsumedAnalyzer { class ConsumedAnalyzer {
ConsumedBlockInfo BlockInfo; ConsumedBlockInfo BlockInfo;
std::unique_ptr<ConsumedStateMap> CurrStates; std::unique_ptr<ConsumedStateMap> CurrStates;
ConsumedState ExpectedReturnState; ConsumedState ExpectedReturnState = CS_None;
void determineExpectedReturnState(AnalysisDeclContext &AC, void determineExpectedReturnState(AnalysisDeclContext &AC,
const FunctionDecl *D); const FunctionDecl *D);
bool splitState(const CFGBlock *CurrBlock, bool splitState(const CFGBlock *CurrBlock,
const ConsumedStmtVisitor &Visitor); const ConsumedStmtVisitor &Visitor);
public: public:
ConsumedWarningsHandlerBase &WarningsHandler; ConsumedWarningsHandlerBase &WarningsHandler;
Show All 20 Lines

clang/include/clang/Parse/Parser.h

Show First 20 LinesShow All 1,181 Lines▼ Show 20 Linespublic:
void ExitScope(); void ExitScope();
/// Re-enter the template scopes for a declaration that might be a template. /// Re-enter the template scopes for a declaration that might be a template.
unsigned ReenterTemplateScopes(MultiParseScope &S, Decl *D); unsigned ReenterTemplateScopes(MultiParseScope &S, Decl *D);
private: private:
/// RAII object used to modify the scope flags for the current scope. /// RAII object used to modify the scope flags for the current scope.
class ParseScopeFlags { class ParseScopeFlags {
Scope *CurScope; Scope *CurScope;
shafikUnsubmitted
Not Done
ReplyInline Actions

@tahonermann I feel like we should have a default member initializer for any member that by default is not initialized. I realize in this case there currently should be no way for this to be bot initialized but that may not stay true and I don't believe there will be a penalty for doing this since it is initialized in the mem-initializer-list and therefore the default init should be omitted when calling the constructor.

shafik: @tahonermann I feel like we should have a default member initializer for any member that by…
tahonermannUnsubmitted
Not Done
ReplyInline Actions

I think that is very reasonable and I'm not opposed to such a policy. Per my other comment, the trade off to always initializing is that a default initializer can prevent use of tools like ubsan to discover when an appropriate (presumably non-default) value has not been assigned. I suspect (but have no data to draw on) that adding a default member initializer prevents more bugs than would be found by tools like ubsan detecting use of an uninitialized data member that should have a (non-default) assigned value.

I'm definitely in favor of using default member initializers over mem-initializer-list!

tahonermann: I think that is very reasonable and I'm not opposed to such a policy. Per my other comment, the…
MannaAuthorUnsubmitted
Done
ReplyInline Actions

since it is initialized in the mem-initializer-list and therefore the default init should be omitted when calling the constructor.

Agreed. That is motivated me to add default initialization.

he trade off to always initializing is that a default initializer can prevent use of tools like ubsan to discover when an appropriate (presumably non-default) value has not been assigned. I suspect (but have no data to draw on) that adding a default member initializer prevents more bugs than would be found by tools like ubsan detecting use of an uninitialized data member that should have a (non-default) assigned value.

Thanks @tahonermann for the information! i was not aware of this ubsan tool.

@shafik and @tahonermann, thank you for your comments. Do you think we should hold off these changes for merging?

Manna: >>since it is initialized in the mem-initializer-list and therefore the default init should be…
unsigned OldFlags; unsigned OldFlags = 0;
ParseScopeFlags(const ParseScopeFlags &) = delete; ParseScopeFlags(const ParseScopeFlags &) = delete;
void operator=(const ParseScopeFlags &) = delete; void operator=(const ParseScopeFlags &) = delete;
public: public:
ParseScopeFlags(Parser *Self, unsigned ScopeFlags, bool ManageFlags = true); ParseScopeFlags(Parser *Self, unsigned ScopeFlags, bool ManageFlags = true);
~ParseScopeFlags(); ~ParseScopeFlags();
}; };
▲ Show 20 LinesShow All 2,459 LinesShow Last 20 Lines

clang/lib/AST/ExprConstant.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,288 Lines▼ Show 20 Lines struct IgnoreSideEffectsRAII {
~IgnoreSideEffectsRAII() { Info.EvalMode = OldMode; } ~IgnoreSideEffectsRAII() { Info.EvalMode = OldMode; }
}; };
/// RAII object used to optionally suppress diagnostics and side-effects from /// RAII object used to optionally suppress diagnostics and side-effects from
/// a speculative evaluation. /// a speculative evaluation.
class SpeculativeEvaluationRAII { class SpeculativeEvaluationRAII {
EvalInfo *Info = nullptr; EvalInfo *Info = nullptr;
Expr::EvalStatus OldStatus; Expr::EvalStatus OldStatus;
unsigned OldSpeculativeEvaluationDepth; unsigned OldSpeculativeEvaluationDepth = 0;
void moveFromAndCancel(SpeculativeEvaluationRAII &&Other) { void moveFromAndCancel(SpeculativeEvaluationRAII &&Other) {
Info = Other.Info; Info = Other.Info;
OldStatus = Other.OldStatus; OldStatus = Other.OldStatus;
OldSpeculativeEvaluationDepth = Other.OldSpeculativeEvaluationDepth; OldSpeculativeEvaluationDepth = Other.OldSpeculativeEvaluationDepth;
Other.Info = nullptr; Other.Info = nullptr;
} }
▲ Show 20 LinesShow All 15,042 LinesShow Last 20 Lines

clang/lib/CodeGen/CGOpenMPRuntime.h

Show First 20 LinesShow All 226 Lines▼ Show 20 Lines
}; };
class CGOpenMPRuntime { class CGOpenMPRuntime {
public: public:
/// Allows to disable automatic handling of functions used in target regions /// Allows to disable automatic handling of functions used in target regions
/// as those marked as `omp declare target`. /// as those marked as `omp declare target`.
class DisableAutoDeclareTargetRAII { class DisableAutoDeclareTargetRAII {
CodeGenModule &CGM; CodeGenModule &CGM;
bool SavedShouldMarkAsGlobal; bool SavedShouldMarkAsGlobal = false;
public: public:
DisableAutoDeclareTargetRAII(CodeGenModule &CGM); DisableAutoDeclareTargetRAII(CodeGenModule &CGM);
~DisableAutoDeclareTargetRAII(); ~DisableAutoDeclareTargetRAII();
}; };
/// Manages list of nontemporal decls for the specified directive. /// Manages list of nontemporal decls for the specified directive.
class NontemporalDeclsRAII { class NontemporalDeclsRAII {
▲ Show 20 LinesShow All 2,024 LinesShow Last 20 Lines

clang/lib/CodeGen/ConstantEmitter.h

Show All 36 Linesprivate:
/// Whether the constant-emission failed. /// Whether the constant-emission failed.
bool Failed = false; bool Failed = false;
/// Whether we're in a constant context. /// Whether we're in a constant context.
bool InConstantContext = false; bool InConstantContext = false;
/// The AST address space where this (non-abstract) initializer is going. /// The AST address space where this (non-abstract) initializer is going.
/// Used for generating appropriate placeholders. /// Used for generating appropriate placeholders.
LangAS DestAddressSpace; LangAS DestAddressSpace = LangAS::Default;
llvm::SmallVector<std::pair<llvm::Constant *, llvm::GlobalVariable*>, 4> llvm::SmallVector<std::pair<llvm::Constant *, llvm::GlobalVariable*>, 4>
PlaceholderAddresses; PlaceholderAddresses;
public: public:
ConstantEmitter(CodeGenModule &CGM, CodeGenFunction *CGF = nullptr) ConstantEmitter(CodeGenModule &CGM, CodeGenFunction *CGF = nullptr)
: CGM(CGM), CGF(CGF) {} : CGM(CGM), CGF(CGF) {}
▲ Show 20 LinesShow All 132 LinesShow Last 20 Lines

clang/lib/Serialization/ASTReaderDecl.cpp

Show First 20 LinesShow All 83 Lines▼ Show 20 Lines class ASTDeclReader : public DeclVisitor<ASTDeclReader, void> {
ASTRecordReader &Record; ASTRecordReader &Record;
ASTReader::RecordLocation Loc; ASTReader::RecordLocation Loc;
const DeclID ThisDeclID; const DeclID ThisDeclID;
const SourceLocation ThisDeclLoc; const SourceLocation ThisDeclLoc;
using RecordData = ASTReader::RecordData; using RecordData = ASTReader::RecordData;
TypeID DeferredTypeID = 0; TypeID DeferredTypeID = 0;
unsigned AnonymousDeclNumber; unsigned AnonymousDeclNumber = 0;
GlobalDeclID NamedDeclForTagDecl = 0; GlobalDeclID NamedDeclForTagDecl = 0;
IdentifierInfo *TypedefNameForLinkage = nullptr; IdentifierInfo *TypedefNameForLinkage = nullptr;
bool HasPendingBody = false; bool HasPendingBody = false;
///A flag to carry the information for a decl from the entity is ///A flag to carry the information for a decl from the entity is
/// used. We use it to delay the marking of the canonical decl as used until /// used. We use it to delay the marking of the canonical decl as used until
/// the entire declaration is deserialized and merged. /// the entire declaration is deserialized and merged.
▲ Show 20 LinesShow All 4,576 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp

Show First 20 LinesShow All 178 Lines▼ Show 20 Lines private:
const MemRegion *Region; const MemRegion *Region;
// The class of the tracked object. // The class of the tracked object.
const CXXRecordDecl *RD; const CXXRecordDecl *RD;
// How exactly the object was misused. // How exactly the object was misused.
const MisuseKind MK; const MisuseKind MK;
bool Found; bool Found;
}; };
AggressivenessKind Aggressiveness; AggressivenessKind Aggressiveness = AK_KnownsAndLocals;
steakhalUnsubmitted
Done
ReplyInline Actions
bool Found;
};
- AggressivenessKind Aggressiveness = AK_Invalid;
+ AggressivenessKind Aggressiveness = AK_KnownsAndLocals;
public:

By looking at the default value of the Move.WarnOn checker option here, we should probably initialize this field to the default value matching the default value of the config.

steakhal: By looking at the default value of the `Move.WarnOn` checker option [[ https://github.
MannaAuthorUnsubmitted
Done
ReplyInline Actions
void setAggressiveness(StringRef Str, CheckerManager &Mgr) {
    Aggressiveness =
        llvm::StringSwitch<AggressivenessKind>(Str)
            .Case("KnownsOnly", AK_KnownsOnly)
            .Case("KnownsAndLocals", AK_KnownsAndLocals)
            .Case("All", AK_All)
            .Default(AK_Invalid);

    if (Aggressiveness == AK_Invalid)
      Mgr.reportInvalidCheckerOptionValue(this, "WarnOn",
          "either \"KnownsOnly\", \"KnownsAndLocals\" or \"All\" string value");

By looking at the codes above, my understanding was that default value is AK_Invalid. Thank you @steakhal for the pointer and the explanation.

Manna: ``` void setAggressiveness(StringRef Str, CheckerManager &Mgr) { Aggressiveness =…
public: public:
void setAggressiveness(StringRef Str, CheckerManager &Mgr) { void setAggressiveness(StringRef Str, CheckerManager &Mgr) {
Aggressiveness = Aggressiveness =
llvm::StringSwitch<AggressivenessKind>(Str) llvm::StringSwitch<AggressivenessKind>(Str)
.Case("KnownsOnly", AK_KnownsOnly) .Case("KnownsOnly", AK_KnownsOnly)
.Case("KnownsAndLocals", AK_KnownsAndLocals) .Case("KnownsAndLocals", AK_KnownsAndLocals)
.Case("All", AK_All) .Case("All", AK_All)
▲ Show 20 LinesShow All 558 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/STLAlgorithmModeling.cpp

Show First 20 LinesShow All 55 Lines▼ Show 20 Lines const CallDescriptionMap<FnCheck> Callbacks = {
{{{"std", "search_n"}, 4}, &STLAlgorithmModeling::evalFind}, {{{"std", "search_n"}, 4}, &STLAlgorithmModeling::evalFind},
{{{"std", "search_n"}, 5}, &STLAlgorithmModeling::evalFind}, {{{"std", "search_n"}, 5}, &STLAlgorithmModeling::evalFind},
{{{"std", "search_n"}, 6}, &STLAlgorithmModeling::evalFind}, {{{"std", "search_n"}, 6}, &STLAlgorithmModeling::evalFind},
}; };
public: public:
STLAlgorithmModeling() = default; STLAlgorithmModeling() = default;
bool AggressiveStdFindModeling; bool AggressiveStdFindModeling = false;
bool evalCall(const CallEvent &Call, CheckerContext &C) const; bool evalCall(const CallEvent &Call, CheckerContext &C) const;
}; // }; //
bool STLAlgorithmModeling::evalCall(const CallEvent &Call, bool STLAlgorithmModeling::evalCall(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
if (!CE) if (!CE)
▲ Show 20 LinesShow All 109 LinesShow Last 20 Lines