This is an archive of the discontinued LLVM Phabricator instance.

[analyzer] Add checker modeling gtest APIs.
ClosedPublic

Authored by dcoughlin on Dec 14 2016, 1:55 PM.

Download Raw Diff

Details

Reviewers

zaks.anna
NoQ

Commits

rG8beac28564e9: [analyzer] Add checker modeling gtest APIs.
rC290143: [analyzer] Add checker modeling gtest APIs.

Summary

gtest is a widely-used unit-testing API providing macros for unit test
assertions:

ASSERT_TRUE(p != nullptr);

that expand into an if statement that constructs an object representing
the result of the assertion and returns when the assertion is false:

if (AssertionResult gtest_ar_ = AssertionResult(p == nullptr))
    ;
else
  return ...;

Unfortunately, the analyzer does not model the effect of the constructor
precisely because (1) the copy constructor implementation is missing from the
the header (so it can't be inlined) and (2) the boolean-argument constructor
is constructed into a temporary (so the analyzer decides not to inline it since
it doesn't reliably call temporary destructors right now).

This results in false positives because the analyzer does not realize that the
the assertion must hold along the non-return path.

This patch addresses the false positives by explicitly modeling the effects
of the two un-inlined constructors on the AssertionResult state.

I've added a new package, "apiModeling", for these kinds of checkers that
model APIs but don't emit any diagnostics. I envision all the checkers in
this package always being on by default.

This addresses the false positives reported in PR30936.

Diff Detail

Event Timeline

dcoughlin updated this revision to Diff 81462.Dec 14 2016, 1:55 PM

dcoughlin retitled this revision from to [analyzer] Add checker modeling gtest APIs..

dcoughlin updated this object.

dcoughlin added reviewers: zaks.anna, NoQ.

dcoughlin added subscribers: cfe-commits, alexfh, sbenza.

Herald added a subscriber: mgorny. · View Herald TranscriptDec 14 2016, 1:55 PM

Thank you Devin!

lib/StaticAnalyzer/Checkers/GTestChecker.cpp
30	"that that"
105	Misalignment here and below
182	Shouldn't we just bind OtherSuccess to our field?

dcoughlin marked 2 inline comments as done.Dec 15 2016, 1:20 PM

dcoughlin added inline comments.

lib/StaticAnalyzer/Checkers/GTestChecker.cpp
30	Thanks!
182	Unfortunately since this is a PostCall, the result of the constructor has already entered value land. It is a LazyCompoundValue with a reference to a previous store. Even if we look through the lazy compound value to get at the memory region, binding it in the current store will have no effect on the returned value. We could perform the bind and load the result value again -- but then we'd have to replace the result value in the environment, which is not compositional with respect to other checkers' PostCalls, since they may have done their own thing with the old value.

Update to address Aleksei's comments.

Looks good for me, but I'm not a reviewer. Thank you Devin!

test/Driver/analyzer-target-enabled-checkers.cpp
7	A very minor nit/question. Do we have any convention on checker naming? Most checkers are starting with capital letters, but some not. As "API" is an abbreviation, I think we should at least start it with capital.

Looks great overall. I have minor comments below. Thanks for the awesome comments!!!

lib/StaticAnalyzer/Checkers/GTestChecker.cpp
153	This could be moved up as you are using the state on the previous line.
160	What happens when they are known not to be equal? I am guessing the transition is just not added, correct? Do you test for that (I did not check.)?
173	"getNumArgs() == 1" ?
210	It seems that the num of parameter checking logic here is less restrictive than it could be and that makes this a bit hard to read without looking into the 'model' methods. Ex: I think there are 2 cases: Constructor taking a bool can have either 1 or 2 arguments. Copy constructor taking exactly one argument.

I already committed this, but I'll address the feedback in a follow-on commit.

lib/StaticAnalyzer/Checkers/GTestChecker.cpp
173	You can have additional arguments to a copy constructor as long as they are defaulted. I was trying to be robust against future source-compatible changes, but this was probably too clever. If the copy constructor changes then maybe it would be better to just not model.
210	I'll make this more clear.
test/Driver/analyzer-target-enabled-checkers.cpp
7	We're not terribly consistent, but in general we start packages with lowercase letters and checkers with uppercase names. Checkers are generally UpperCamelCase. "apiModeling" is a package name, not a checker name. I think to be consistent with most of the other packages it should (?) probably be lowerCamelCase. This matches "coreFoundation" and "insecureAPI" but not "deadcode". I had "api" lowercase since it is an initialism for a thing (package) that starts with lower case and this is how we treat lower camel-case initialisms in Swift. It also matches "osx", which is similarly an initialism. Does knowing it is a package name (rather than a checker name) change your opinion of whether "API" should be upper case. I'm happy to change it, since it will not be user facing.

In D27773#629171, @dcoughlin wrote:

I already committed this, but I'll address the feedback in a follow-on commit.

I should have written "I already committed this, *so* I'll address the feedback in a follow-on commit."

I cleaned up the parameter detection and added more tests in r290352.

This is done.

This revision is now accepted and ready to land.Jan 12 2017, 9:56 AM

zaks.anna closed this revision.Jan 12 2017, 9:56 AM

Revision Contents

Path

Size

include/

clang/

StaticAnalyzer/

Checkers/

Checkers.td

18 lines

lib/

Driver/

Tools.cpp

1 line

StaticAnalyzer/

Checkers/

CMakeLists.txt

1 line

GTestChecker.cpp

287 lines

test/

Analysis/

gtest.cpp

142 lines

Driver/

analyzer-target-enabled-checkers.cpp

3 lines

Diff 81462

include/clang/StaticAnalyzer/Checkers/Checkers.td

	Show First 20 Lines • Show All 73 Lines • ▼ Show 20 Lines
	def Containers : Package<"containers">, InPackage<CoreFoundation>;			def Containers : Package<"containers">, InPackage<CoreFoundation>;

	def LocalizabilityAlpha : Package<"localizability">, InPackage<CocoaAlpha>;			def LocalizabilityAlpha : Package<"localizability">, InPackage<CocoaAlpha>;
	def LocalizabilityOptIn : Package<"localizability">, InPackage<CocoaOptIn>;			def LocalizabilityOptIn : Package<"localizability">, InPackage<CocoaOptIn>;

	def MPI : Package<"mpi">, InPackage<OptIn>;			def MPI : Package<"mpi">, InPackage<OptIn>;

	def LLVM : Package<"llvm">;			def LLVM : Package<"llvm">;

				// The APIModeling package is for checkers that model APIs and don't perform
				// any diagnostics. These checkers are always turned on; this package is
				// intended for API modeling that is not controlled by the the target triple.
				def APIModeling : Package<"apiModeling">, Hidden;
				def GoogleAPIModeling : Package<"google">, InPackage<APIModeling>;

	def Debug : Package<"debug">;			def Debug : Package<"debug">;

	def CloneDetectionAlpha : Package<"clone">, InPackage<Alpha>, Hidden;			def CloneDetectionAlpha : Package<"clone">, InPackage<Alpha>, Hidden;

	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Core Checkers.			// Core Checkers.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	▲ Show 20 Lines • Show All 548 Lines • ▼ Show 20 Lines
	// Checkers for LLVM development.			// Checkers for LLVM development.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	def LLVMConventionsChecker : Checker<"Conventions">,			def LLVMConventionsChecker : Checker<"Conventions">,
	InPackage<LLVM>,			InPackage<LLVM>,
	HelpText<"Check code for LLVM codebase conventions">,			HelpText<"Check code for LLVM codebase conventions">,
	DescFile<"LLVMConventionsChecker.cpp">;			DescFile<"LLVMConventionsChecker.cpp">;



				//===----------------------------------------------------------------------===//
				// Checkers modeling Google APIs.
				//===----------------------------------------------------------------------===//

				def GTestChecker : Checker<"GTest">,
				InPackage<GoogleAPIModeling>,
				HelpText<"Model gtest assertion APIs">,
				DescFile<"GTestChecker.cpp">;

	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Debugging checkers (for analyzer development).			// Debugging checkers (for analyzer development).
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	let ParentPackage = Debug in {			let ParentPackage = Debug in {

	def AnalysisOrderChecker : Checker<"AnalysisOrder">,			def AnalysisOrderChecker : Checker<"AnalysisOrder">,
	HelpText<"Print callbacks that are called during analysis in order">,			HelpText<"Print callbacks that are called during analysis in order">,
	▲ Show 20 Lines • Show All 73 Lines • Show Last 20 Lines

lib/Driver/Tools.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 4,226 Lines • ▼ Show 20 Lines	if (isa<AnalyzeJobAction>(JA)) {
// Treat blocks as analysis entry points.		// Treat blocks as analysis entry points.
CmdArgs.push_back("-analyzer-opt-analyze-nested-blocks");		CmdArgs.push_back("-analyzer-opt-analyze-nested-blocks");

CmdArgs.push_back("-analyzer-eagerly-assume");		CmdArgs.push_back("-analyzer-eagerly-assume");

// Add default argument set.		// Add default argument set.
if (!Args.hasArg(options::OPT__analyzer_no_default_checks)) {		if (!Args.hasArg(options::OPT__analyzer_no_default_checks)) {
CmdArgs.push_back("-analyzer-checker=core");		CmdArgs.push_back("-analyzer-checker=core");
		CmdArgs.push_back("-analyzer-checker=apiModeling");

if (!IsWindowsMSVC) {		if (!IsWindowsMSVC) {
CmdArgs.push_back("-analyzer-checker=unix");		CmdArgs.push_back("-analyzer-checker=unix");
} else {		} else {
// Enable "unix" checkers that also work on Windows.		// Enable "unix" checkers that also work on Windows.
CmdArgs.push_back("-analyzer-checker=unix.API");		CmdArgs.push_back("-analyzer-checker=unix.API");
CmdArgs.push_back("-analyzer-checker=unix.Malloc");		CmdArgs.push_back("-analyzer-checker=unix.Malloc");
CmdArgs.push_back("-analyzer-checker=unix.MallocSizeof");		CmdArgs.push_back("-analyzer-checker=unix.MallocSizeof");
▲ Show 20 Lines • Show All 7,882 Lines • Show Last 20 Lines

lib/StaticAnalyzer/Checkers/CMakeLists.txt

Show All 31 Lines	add_clang_library(clangStaticAnalyzerCheckers
DereferenceChecker.cpp		DereferenceChecker.cpp
DirectIvarAssignment.cpp		DirectIvarAssignment.cpp
DivZeroChecker.cpp		DivZeroChecker.cpp
DynamicTypePropagation.cpp		DynamicTypePropagation.cpp
DynamicTypeChecker.cpp		DynamicTypeChecker.cpp
ExprInspectionChecker.cpp		ExprInspectionChecker.cpp
FixedAddressChecker.cpp		FixedAddressChecker.cpp
GenericTaintChecker.cpp		GenericTaintChecker.cpp
		GTestChecker.cpp
IdenticalExprChecker.cpp		IdenticalExprChecker.cpp
IvarInvalidationChecker.cpp		IvarInvalidationChecker.cpp
LLVMConventionsChecker.cpp		LLVMConventionsChecker.cpp
LocalizationChecker.cpp		LocalizationChecker.cpp
MacOSKeychainAPIChecker.cpp		MacOSKeychainAPIChecker.cpp
MacOSXAPIChecker.cpp		MacOSXAPIChecker.cpp
MallocChecker.cpp		MallocChecker.cpp
MallocOverflowSecurityChecker.cpp		MallocOverflowSecurityChecker.cpp
▲ Show 20 Lines • Show All 55 Lines • Show Last 20 Lines

lib/StaticAnalyzer/Checkers/GTestChecker.cpp

This file was added.

				//==- GTestChecker.cpp - Model gtest API --- C++ --==//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				//
				// This checker models the behavior of un-inlined APIs from the the gtest
				// unit-testing library to avoid false positives when using assertions from
				// that library.
				//
				//===----------------------------------------------------------------------===//

				#include "ClangSACheckers.h"
				#include "clang/AST/Expr.h"
				#include "clang/Basic/LangOptions.h"
				#include "clang/StaticAnalyzer/Core/Checker.h"
				#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
				#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
				#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
				#include "llvm/Support/raw_ostream.h"

				using namespace clang;
				using namespace ento;

				// Modeling of un-inlined AssertionResult constructors
				//
				// The gtest unit testing API provides macros for assertions that that expand
				a.sidorinUnsubmitted Done Reply Inline Actions "that that" a.sidorin: "that that"
				dcoughlinAuthorUnsubmitted Not Done Reply Inline Actions Thanks! dcoughlin: Thanks!
				// into an if statement that calls a series of constructors and returns
				// when the "assertion" is false.
				//
				// For example,
				//
				// ASSERT_TRUE(a == b)
				//
				// expands into:
				//
				// switch (0)
				// case 0:
				// default:
				// if (const ::testing::AssertionResult gtest_ar_ =
				// ::testing::AssertionResult((a == b)))
				// ;
				// else
				// return ::testing::internal::AssertHelper(
				// ::testing::TestPartResult::kFatalFailure,
				// "<path to project>",
				// <line number>,
				// ::testing::internal::GetBoolAssertionFailureMessage(
				// gtest_ar_, "a == b", "false", "true")
				// .c_str()) = ::testing::Message();
				//
				// where AssertionResult is defined similarly to
				//
				// class AssertionResult {
				// public:
				// AssertionResult(const AssertionResult& other);
				// explicit AssertionResult(bool success) : success_(success) {}
				// operator bool() const { return success_; }
				// ...
				// private:
				// bool success_;
				// };
				//
				// In order for the analyzer to correctly handle this assertion, it needs to
				// know that the boolean value of the expression "a == b" is stored the
				// 'success_' field of the original AssertionResult temporary and propagated
				// (via the copy constructor) into the 'success_' field of the object stored
				// in 'gtest_ar_'. That boolean value will then be returned from the bool
				// conversion method in the if statement. This guarantees that the assertion
				// holds when the return path is not taken.
				//
				// If the success value is not properly propagated, then the eager case split
				// on evaluating the expression can cause pernicious false positives
				// on the non-return path:
				//
				// ASSERT(ptr != NULL)
				// *ptr = 7; // False positive null pointer dereference here
				//
				// Unfortunately, the bool constructor cannot be inlined (because its
				// implementation is not present in the headers) and the copy constructor is
				// not inlined (because it is constructed into a temporary and the analyzer
				// does not inline these since it does not yet reliably call temporary
				// destructors).
				//
				// This checker compensates for the missing inlining by propgagating the
				// _success value across the bool and copy constructors so the assertion behaves
				// as expected.

				namespace {
				class GTestChecker : public Checker<check::PostCall> {

				mutable IdentifierInfo *AssertionResultII;
				mutable IdentifierInfo *SuccessII;

				public:
				GTestChecker();

				void checkPostCall(const CallEvent &Call, CheckerContext &C) const;

				private:
				void modelAssertionResultBoolConstructor(const CXXConstructorCall *Call,
				CheckerContext &C) const;
				a.sidorinUnsubmitted Done Reply Inline Actions Misalignment here and below a.sidorin: Misalignment here and below

				void modelAssertionResultCopyConstructor(const CXXConstructorCall *Call,
				CheckerContext &C) const;

				void initIdentifierInfo(ASTContext &Ctx) const;

				SVal
				getAssertionResultSuccessFieldValue(const CXXRecordDecl *AssertionResultDecl,
				SVal Instance,
				ProgramStateRef State) const;

				static ProgramStateRef assumeValuesEqual(SVal Val1, SVal Val2,
				ProgramStateRef State,
				CheckerContext &C);
				};
				} // End anonymous namespace.

				GTestChecker::GTestChecker() : AssertionResultII(nullptr), SuccessII(nullptr) {}

				/// Model a call to an un-inlined AssertionResult(boolean expression).
				/// To do so, constrain the value of the newly-constructed instance's 'success_'
				/// field to be equal to the passed-in boolean value.
				void GTestChecker::modelAssertionResultBoolConstructor(
				const CXXConstructorCall *Call, CheckerContext &C) const {
				assert(Call->getNumArgs() > 0);

				// Depending on the version of gtest the constructor can be either of:
				//
				// v1.7 and earlier:
				// AssertionResult(bool success)
				//
				// v1.8 and greater:
				// template <typename T>
				// AssertionResult(const T& success,
				// typename internal::EnableIf<
				// !internal::ImplicitlyConvertible<T,
				// AssertionResult>::value>::type*)

				SVal BooleanArgVal = Call->getArgSVal(0);
				if (Call->getDecl()->getParamDecl(0)->getType()->getAs<ReferenceType>()) {
				// We have v1.8+, so load the value from the reference.
				if (!BooleanArgVal.getAs<Loc>())
				return;
				BooleanArgVal = C.getState()->getSVal(BooleanArgVal.castAs<Loc>());
				}

				ProgramStateRef State = C.getState();

				zaks.annaUnsubmitted Not Done Reply Inline Actions This could be moved up as you are using the state on the previous line. zaks.anna: This could be moved up as you are using the state on the previous line.
				SVal ThisVal = Call->getCXXThisVal();

				SVal ThisSuccess = getAssertionResultSuccessFieldValue(
				Call->getDecl()->getParent(), ThisVal, State);

				State = assumeValuesEqual(ThisSuccess, BooleanArgVal, State, C);
				C.addTransition(State);
				zaks.annaUnsubmitted Not Done Reply Inline Actions What happens when they are known not to be equal? I am guessing the transition is just not added, correct? Do you test for that (I did not check.)? zaks.anna: What happens when they are known not to be equal? I am guessing the transition is just not…
				}

				/// Model a call to an un-inlined AssertionResult copy constructor:
				///
				/// AssertionResult(const &AssertionResult other)
				///
				/// To do so, constrain the value of the newly-constructed instance's
				/// 'success_' field to be equal to the value of the pass-in instance's
				/// 'success_' field.
				void GTestChecker::modelAssertionResultCopyConstructor(
				const CXXConstructorCall *Call, CheckerContext &C) const {
				assert(Call->getNumArgs() > 0);

				zaks.annaUnsubmitted Not Done Reply Inline Actions "getNumArgs() == 1" ? zaks.anna: "getNumArgs() == 1" ?
				dcoughlinAuthorUnsubmitted Not Done Reply Inline Actions You can have additional arguments to a copy constructor as long as they are defaulted. I was trying to be robust against future source-compatible changes, but this was probably too clever. If the copy constructor changes then maybe it would be better to just not model. dcoughlin: You can have additional arguments to a copy constructor as long as they are defaulted. I was…
				// The first parameter of the the copy constructor must be the other
				// instance to initialize this instances fields from.
				SVal OtherVal = Call->getArgSVal(0);
				SVal ThisVal = Call->getCXXThisVal();

				const CXXRecordDecl *AssertResultClassDecl = Call->getDecl()->getParent();
				ProgramStateRef State = C.getState();

				SVal ThisSuccess = getAssertionResultSuccessFieldValue(AssertResultClassDecl,
				a.sidorinUnsubmitted Not Done Reply Inline Actions Shouldn't we just bind OtherSuccess to our field? a.sidorin: Shouldn't we just bind OtherSuccess to our field?
				dcoughlinAuthorUnsubmitted Not Done Reply Inline Actions Unfortunately since this is a PostCall, the result of the constructor has already entered value land. It is a LazyCompoundValue with a reference to a previous store. Even if we look through the lazy compound value to get at the memory region, binding it in the current store will have no effect on the returned value. We could perform the bind and load the result value again -- but then we'd have to replace the result value in the environment, which is not compositional with respect to other checkers' PostCalls, since they may have done their own thing with the old value. dcoughlin: Unfortunately since this is a PostCall, the result of the constructor has already entered value…
				ThisVal, State);
				SVal OtherSuccess = getAssertionResultSuccessFieldValue(AssertResultClassDecl,
				OtherVal, State);

				State = assumeValuesEqual(ThisSuccess, OtherSuccess, State, C);
				C.addTransition(State);
				}

				/// Model calls to AssertionResult constructors that are not inlined.
				void GTestChecker::checkPostCall(const CallEvent &Call,
				CheckerContext &C) const {
				/// If the constructor was inlined, there is no need model it.
				if (C.wasInlined)
				return;

				initIdentifierInfo(C.getASTContext());

				auto *CtorCall = dyn_cast<CXXConstructorCall>(&Call);
				if (!CtorCall)
				return;

				const CXXConstructorDecl *CtorDecl = CtorCall->getDecl();
				const CXXRecordDecl *CtorParent = CtorDecl->getParent();
				if (CtorParent->getIdentifier() != AssertionResultII)
				return;

				if (CtorDecl->getNumParams() == 0)
				return;
				zaks.annaUnsubmitted Not Done Reply Inline Actions It seems that the num of parameter checking logic here is less restrictive than it could be and that makes this a bit hard to read without looking into the 'model' methods. Ex: I think there are 2 cases: Constructor taking a bool can have either 1 or 2 arguments. Copy constructor taking exactly one argument. zaks.anna: It seems that the num of parameter checking logic here is less restrictive than it could be and…
				dcoughlinAuthorUnsubmitted Not Done Reply Inline Actions I'll make this more clear. dcoughlin: I'll make this more clear.


				// Call the appropriate modeling method based on the type of the first
				// constructor parameter.
				const ParmVarDecl *ParamDecl = CtorDecl->getParamDecl(0);
				QualType ParamType = ParamDecl->getType();
				if (CtorDecl->getNumParams() <= 2 &&
				ParamType.getNonReferenceType()->getCanonicalTypeUnqualified() ==
				C.getASTContext().BoolTy) {
				// The first parameter is either a boolean or reference to a boolean
				modelAssertionResultBoolConstructor(CtorCall, C);

				} else if (CtorDecl->isCopyConstructor()) {
				modelAssertionResultCopyConstructor(CtorCall, C);
				}
				}

				void GTestChecker::initIdentifierInfo(ASTContext &Ctx) const {
				if (AssertionResultII)
				return;

				AssertionResultII = &Ctx.Idents.get("AssertionResult");
				SuccessII = &Ctx.Idents.get("success_");
				}

				/// Returns the value stored in the 'success_' field of the passed-in
				/// AssertionResult instance.
				SVal GTestChecker::getAssertionResultSuccessFieldValue(
				const CXXRecordDecl *AssertionResultDecl, SVal Instance,
				ProgramStateRef State) const {

				DeclContext::lookup_result Result = AssertionResultDecl->lookup(SuccessII);
				if (Result.empty())
				return UnknownVal();

				auto *SuccessField = dyn_cast<FieldDecl>(Result.front());
				if (!SuccessField)
				return UnknownVal();

				Optional<Loc> FieldLoc =
				State->getLValue(SuccessField, Instance).getAs<Loc>();
				if (!FieldLoc.hasValue())
				return UnknownVal();

				return State->getSVal(*FieldLoc);
				}

				/// Constrain the passed-in state to assume two values are equal.
				ProgramStateRef GTestChecker::assumeValuesEqual(SVal Val1, SVal Val2,
				ProgramStateRef State,
				CheckerContext &C) {
				if (!Val1.getAs<DefinedOrUnknownSVal>() \|\|
				!Val2.getAs<DefinedOrUnknownSVal>())
				return State;

				auto ValuesEqual =
				C.getSValBuilder().evalEQ(State, Val1.castAs<DefinedOrUnknownSVal>(),
				Val2.castAs<DefinedOrUnknownSVal>());

				if (!ValuesEqual.getAs<DefinedSVal>())
				return State;

				State = C.getConstraintManager().assume(
				State, ValuesEqual.castAs<DefinedSVal>(), true);

				return State;
				}

				void ento::registerGTestChecker(CheckerManager &Mgr) {
				const LangOptions &LangOpts = Mgr.getLangOpts();
				// gtest is a C++ API so there is no sense running the checker
				// if not compiling for C++.
				if (!LangOpts.CPlusPlus)
				return;

				Mgr.registerChecker<GTestChecker>();
				}

test/Analysis/gtest.cpp

This file was added.

				//RUN: %clang_cc1 -cc1 -std=c++11 -analyze -analyzer-checker=core,apiModeling.google.GTest -analyzer-eagerly-assume %s -verify
				//RUN: %clang_cc1 -cc1 -std=c++11 -analyze -analyzer-checker=core,apiModeling.google.GTest -analyzer-eagerly-assume -DGTEST_VERSION_1_8_AND_LATER=1 %s -verify

				// expected-no-diagnostics

				namespace std {
				class string {
				public:
				~string();
				const char *c_str();
				};
				}

				namespace testing {

				class Message { };
				class TestPartResult {
				public:
				enum Type {
				kSuccess,
				kNonFatalFailure,
				kFatalFailure
				};
				};

				namespace internal {

				class AssertHelper {
				public:
				AssertHelper(TestPartResult::Type type, const char* file, int line,
				const char* message);
				~AssertHelper();
				void operator=(const Message& message) const;
				};


				template <typename T>
				struct AddReference { typedef T& type; };
				template <typename T>
				struct AddReference<T&> { typedef T& type; };
				template <typename From, typename To>
				class ImplicitlyConvertible {
				private:
				static typename AddReference<From>::type MakeFrom();
				static char Helper(To);
				static char (&Helper(...))[2];
				public:
				static const bool value =
				sizeof(Helper(ImplicitlyConvertible::MakeFrom())) == 1;
				};
				template <typename From, typename To>
				const bool ImplicitlyConvertible<From, To>::value;
				template<bool> struct EnableIf;
				template<> struct EnableIf<true> { typedef void type; };

				} // end internal


				class AssertionResult {
				public:

				// The implementation for the copy constructor is not exposed in the
				// interface.
				AssertionResult(const AssertionResult& other);

				#if defined(GTEST_VERSION_1_8_AND_LATER)
				template <typename T>
				explicit AssertionResult(
				const T& success,
				typename internal::EnableIf<
				!internal::ImplicitlyConvertible<T, AssertionResult>::value>::type*
				/enabler/ = 0)
				: success_(success) {}
				#else
				explicit AssertionResult(bool success) : success_(success) {}
				#endif

				operator bool() const { return success_; }

				// The actual AssertionResult does not have an explicit destructor, but
				// it does have a non-trivial member veriable, so we add a destructor here
				// to force temporary cleanups.
				~AssertionResult();
				private:

				bool success_;
				};

				namespace internal {
				std::string GetBoolAssertionFailureMessage(
				const AssertionResult& assertion_result,
				const char* expression_text,
				const char* actual_predicate_value,
				const char* expected_predicate_value);
				} // end internal

				} // end testing

				#define GTEST_MESSAGE_AT_(file, line, message, result_type) \
				::testing::internal::AssertHelper(result_type, file, line, message) \
				= ::testing::Message()

				#define GTEST_MESSAGE_(message, result_type) \
				GTEST_MESSAGE_AT_(__FILE__, __LINE__, message, result_type)

				#define GTEST_FATAL_FAILURE_(message) \
				return GTEST_MESSAGE_(message, ::testing::TestPartResult::kFatalFailure)

				#define GTEST_NONFATAL_FAILURE_(message) \
				GTEST_MESSAGE_(message, ::testing::TestPartResult::kNonFatalFailure)

				# define GTEST_AMBIGUOUS_ELSE_BLOCKER_ switch (0) case 0: default:

				#define GTEST_TEST_BOOLEAN_(expression, text, actual, expected, fail) \
				GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
				if (const ::testing::AssertionResult gtest_ar_ = \
				::testing::AssertionResult(expression)) \
				; \
				else \
				fail(::testing::internal::GetBoolAssertionFailureMessage(\
				gtest_ar_, text, #actual, #expected).c_str())

				#define EXPECT_TRUE(condition) \
				GTEST_TEST_BOOLEAN_((condition), #condition, false, true, \
				GTEST_NONFATAL_FAILURE_)
				#define ASSERT_TRUE(condition) \
				GTEST_TEST_BOOLEAN_((condition), #condition, false, true, \
				GTEST_FATAL_FAILURE_)

				#define ASSERT_FALSE(condition) \
				GTEST_TEST_BOOLEAN_(!(condition), #condition, true, false, \
				GTEST_FATAL_FAILURE_)

				void testAssertTrue(int *p) {
				ASSERT_TRUE(p != nullptr);
				EXPECT_TRUE(1 == *p); // no-warning
				}

				void testAssertFalse(int *p) {
				ASSERT_FALSE(p == nullptr);
				EXPECT_TRUE(1 == *p); // no-warning
				}

test/Driver/analyzer-target-enabled-checkers.cpp

	// Tests for static analyzer checkers that the driver enables by default based			// Tests for static analyzer checkers that the driver enables by default based
	// on the target triple.			// on the target triple.

	// RUN: %clang -### -target x86_64-apple-darwin10 --analyze %s 2>&1 \| FileCheck --check-prefix=CHECK-DARWIN %s			// RUN: %clang -### -target x86_64-apple-darwin10 --analyze %s 2>&1 \| FileCheck --check-prefix=CHECK-DARWIN %s

	// CHECK-DARWIN: "-analyzer-checker=core"			// CHECK-DARWIN: "-analyzer-checker=core"
				// CHECK-DARWIN-SAME: "-analyzer-checker=apiModeling"
				a.sidorinUnsubmitted Not Done Reply Inline Actions A very minor nit/question. Do we have any convention on checker naming? Most checkers are starting with capital letters, but some not. As "API" is an abbreviation, I think we should at least start it with capital. a.sidorin: A very minor nit/question. Do we have any convention on checker naming? Most checkers are…
				dcoughlinAuthorUnsubmitted Not Done Reply Inline Actions We're not terribly consistent, but in general we start packages with lowercase letters and checkers with uppercase names. Checkers are generally UpperCamelCase. "apiModeling" is a package name, not a checker name. I think to be consistent with most of the other packages it should (?) probably be lowerCamelCase. This matches "coreFoundation" and "insecureAPI" but not "deadcode". I had "api" lowercase since it is an initialism for a thing (package) that starts with lower case and this is how we treat lower camel-case initialisms in Swift. It also matches "osx", which is similarly an initialism. Does knowing it is a package name (rather than a checker name) change your opinion of whether "API" should be upper case. I'm happy to change it, since it will not be user facing. dcoughlin: We're not terribly consistent, but in general we start packages with lowercase letters and…
	// CHECK-DARWIN-SAME: "-analyzer-checker=unix"			// CHECK-DARWIN-SAME: "-analyzer-checker=unix"
	// CHECK-DARWIN-SAME: "-analyzer-checker=osx"			// CHECK-DARWIN-SAME: "-analyzer-checker=osx"
	// CHECK-DARWIN-SAME: "-analyzer-checker=deadcode"			// CHECK-DARWIN-SAME: "-analyzer-checker=deadcode"
	// CHECK-DARWIN-SAME: "-analyzer-checker=cplusplus"			// CHECK-DARWIN-SAME: "-analyzer-checker=cplusplus"
	// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.UncheckedReturn"			// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.UncheckedReturn"
	// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.getpw"			// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.getpw"
	// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.gets"			// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.gets"
	// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.mktemp"			// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.mktemp"
	// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.mkstemp"			// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.mkstemp"
	// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.vfork"			// CHECK-DARWIN-SAME: "-analyzer-checker=security.insecureAPI.vfork"
	// CHECK-DARWIN-SAME: "-analyzer-checker=nullability.NullPassedToNonnull"			// CHECK-DARWIN-SAME: "-analyzer-checker=nullability.NullPassedToNonnull"
	// CHECK-DARWIN-SAME: "-analyzer-checker=nullability.NullReturnedFromNonnull"			// CHECK-DARWIN-SAME: "-analyzer-checker=nullability.NullReturnedFromNonnull"


	// RUN: %clang -### -target x86_64-unknown-linux --analyze %s 2>&1 \| FileCheck --check-prefix=CHECK-LINUX %s			// RUN: %clang -### -target x86_64-unknown-linux --analyze %s 2>&1 \| FileCheck --check-prefix=CHECK-LINUX %s

	// CHECK-LINUX: "-analyzer-checker=core"			// CHECK-LINUX: "-analyzer-checker=core"
				// CHECK-LINUX-SAME: "-analyzer-checker=apiModeling"
	// CHECK-LINUX-SAME: "-analyzer-checker=unix"			// CHECK-LINUX-SAME: "-analyzer-checker=unix"
	// CHECK-LINUX-NOT: "-analyzer-checker=osx"			// CHECK-LINUX-NOT: "-analyzer-checker=osx"
	// CHECK-LINUX-SAME: "-analyzer-checker=deadcode"			// CHECK-LINUX-SAME: "-analyzer-checker=deadcode"
	// CHECK-LINUX-SAME: "-analyzer-checker=cplusplus"			// CHECK-LINUX-SAME: "-analyzer-checker=cplusplus"
	// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.UncheckedReturn"			// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.UncheckedReturn"
	// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.getpw"			// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.getpw"
	// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.gets"			// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.gets"
	// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.mktemp"			// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.mktemp"
	// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.mkstemp"			// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.mkstemp"
	// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.vfork"			// CHECK-LINUX-SAME: "-analyzer-checker=security.insecureAPI.vfork"
	// CHECK-LINUX-SAME: "-analyzer-checker=nullability.NullPassedToNonnull"			// CHECK-LINUX-SAME: "-analyzer-checker=nullability.NullPassedToNonnull"
	// CHECK-LINUX-SAME: "-analyzer-checker=nullability.NullReturnedFromNonnull"			// CHECK-LINUX-SAME: "-analyzer-checker=nullability.NullReturnedFromNonnull"


	// RUN: %clang -### -target x86_64-windows --analyze %s 2>&1 \| FileCheck --check-prefix=CHECK-WINDOWS %s			// RUN: %clang -### -target x86_64-windows --analyze %s 2>&1 \| FileCheck --check-prefix=CHECK-WINDOWS %s

	// CHECK-WINDOWS: "-analyzer-checker=core"			// CHECK-WINDOWS: "-analyzer-checker=core"
				// CHECK-WINDOWS-SAME: "-analyzer-checker=apiModeling"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.API"			// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.API"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.Malloc"			// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.Malloc"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.MallocSizeof"			// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.MallocSizeof"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.MismatchedDeallocator"			// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.MismatchedDeallocator"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.cstring.BadSizeArg"			// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.cstring.BadSizeArg"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.cstring.NullArg"			// CHECK-WINDOWS-SAME: "-analyzer-checker=unix.cstring.NullArg"
	// CHECK-WINDOWS-NOT: "-analyzer-checker=osx"			// CHECK-WINDOWS-NOT: "-analyzer-checker=osx"
	// CHECK-WINDOWS-SAME: "-analyzer-checker=deadcode"			// CHECK-WINDOWS-SAME: "-analyzer-checker=deadcode"
	Show All 9 Lines