This is an archive of the discontinued LLVM Phabricator instance.

[analyzer] Litter the SVal/SymExpr/MemRegion class hierarchy with asserts.
ClosedPublic

Authored by NoQ on Nov 17 2016, 11:29 PM.

Details

Summary

Put a lot of run-time checks on how our SVals are constructed, in order to maintain the existing status quo.
This should make understanding the hierarchy easier, and probably help us catch some bugs.

Clean up vtable anchors (remove anchors for regions that have regular out-of-line virtual methods, add anchors for regions that don't have those).

Fix private/public methods (all constructors should now be private for leaf classes, protected for abstract classes).

Remove an unused method.

A couple of subtle bugs were exposed in the process, which were not addressed:

  • SymbolConjured for invalidations caused by automatic destructors may possibly be reincarnated.
  • GenericTaintChecker may produce symbolic expressions of void type.

Diff Detail

Event Timeline

NoQ updated this revision to Diff 78474.Nov 17 2016, 11:29 PM
NoQ retitled this revision from to [analyzer] Litter the SVal/SymExpr/MemRegion class hierarchy with asserts..
NoQ updated this object.
NoQ added a subscriber: cfe-commits.
seaneveson added inline comments.
lib/StaticAnalyzer/Core/MemRegion.cpp
334

Was this meant to be an assert?

NoQ updated this revision to Diff 78489.Nov 18 2016, 1:58 AM
NoQ marked an inline comment as done.

Remove unused expression.

lib/StaticAnalyzer/Core/MemRegion.cpp
334

Whoops thanks :) No, it's misplaced code, the similar assert is in the constructor.

NoQ updated this object.Nov 18 2016, 2:01 AM
a.sidorin edited edge metadata.Nov 18 2016, 6:15 AM

Personally, I like this change because it makes our assumptions clearer. My comments are below.

include/clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h
54

Could you extract r->getValueType() to a separate variable?

include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
319

I cannot completely agree with this change. For example, some STL container methods require their type to be default constructible. Yes, it is a very limited usage case but I don't see strong reason to do it because there also may be some another usage scenarios.

478

By the way, why does this ctor accept a non-constant pointer?

include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h
46

s/wether/whether

NoQ updated this revision to Diff 79538.Nov 29 2016, 4:30 AM
NoQ edited edge metadata.
NoQ marked 3 inline comments as done.

Thanks for the comments!
Addressed.

include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
319

Hmm. I'd definitely suggest a container of SymbolRefs or SVals for this use case.

Compare to memory region classes, which aren't constructible at all.

478

Ouch. I think it's because AddrLabelExpr::getLabel() returns a non-constant pointer. Worth fixing, i guess.

zaks.anna added inline comments.Nov 30 2016, 6:50 PM
include/clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h
23

It's a bit sad to see a header added to another header just for the sake of the asserts.. Maybe we could move the constructors into a cpp file...

include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
737

This comment states that SymbolicRegions do not need to be typed and the assert states that it has to be a pointer type.

Also, what about nullPointerType, isMemberPointerType? I am afraid that our test coverage is not very good and might not catch all cases.

I guess isArrayType() and void types are not expected here?

include/clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h
48

This function seems to promise more than it does. Maybe it should be renamed into something like isNotNullNorVoidType?

lib/StaticAnalyzer/Core/SVals.cpp
32

This dead code should be removed in a separate patch.

zaks.anna added inline comments.Nov 30 2016, 10:15 PM
include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
737

Ah, right, we would not create a SymbolicRegion for nullPointerType.

This assertion feels a bit a bit superficial as if we are adding the known existing uses here, instead of asserting the capabilities/assumptions of the data structure itself. (But I can be convinced otherwise.)

baloghadamsoftware added inline comments.
include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
282

Could you please move this function into a separate patch? If I am right, D27202 depends only on this function which could be accepted earlier than this whole patch.

This revision was automatically updated to reflect the committed changes.