This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
cfe/trunk/
-
trunk/
-
lib/StaticAnalyzer/
-
StaticAnalyzer/
-
Checkers/
-
AnalysisOrderChecker.cpp
-
Core/
-
ExprEngine.cpp
-
test/Analysis/
-
Analysis/
-
Inputs/
-
system-header-simulator.h
-
offsetofexpr-callback.c

Differential D42300

[Analyzer] Add PreStmt and PostStmt callbacks for OffsetOfExpr
ClosedPublic

Authored by MTC on Jan 19 2018, 7:01 AM.

Download Raw Diff

Details

Reviewers

NoQ
a.sidorin
dcoughlin
george.karpenkov

Commits

rG4b0d160a09d8: [analyzer] Add missing pre-post-statement callbacks for OffsetOfExpr.
rC324790: [analyzer] Add missing pre-post-statement callbacks for OffsetOfExpr.
rL324790: [analyzer] Add missing pre-post-statement callbacks for OffsetOfExpr.

Summary

PreStmt and PostStmt callbacks for OffsetOfExpr are necessary to implement Cert ARR39-C: Do not add or subtract a scaled integer to a pointer. And should I define the offsetof macro in clang/test/Analysis/Inputs/system-header-simulator.h? Or, like clang/test/Analysis/malloc-sizeof.c, use #include <stddef.h>?

Diff Detail

Repository: rL LLVM

Event Timeline

MTC created this revision.Jan 19 2018, 7:01 AM

Herald added subscribers: cfe-commits, szepet, xazax.hun. · View Herald TranscriptJan 19 2018, 7:01 AM

Harbormaster completed remote builds in B14025: Diff 130615.Jan 19 2018, 7:02 AM

Hello Henry,

The patch looks reasonable. I think it can be landed after comments are resolved.

lib/StaticAnalyzer/Core/ExprEngine.cpp
1497 ↗	(On Diff #130615)	Could you C++11-fy this loop?
test/Analysis/offsetofexpr-callback.c
3 ↗	(On Diff #130615)	Answering your question, we should put the declaration into system-header-simulator.h.
7 ↗	(On Diff #130615)	This decl seems unused. Should we remove it?

The patch seems correct, but i suspect that your overall approach to the checker you're trying to make is not ideal. offsetof returns a concrete value (because, well, symbolic offsetofs are not yet supported in the analyzer), and even if you see the concrete value, you'd be unable to track it, because when you get another concrete value with the same integer inside, you won't be able to easily figure out if its the same value or a different value. My intuition suggests that this checker shouldn't be path-sensitive; our path-sensitive analysis does very little to help you with this particular checker, and you might end up with a much easier and more reliable checker if you turn it into a simple AST visitor or an AST matcher. Just a heads up.

Use C++11 range-based for loop to traverse ExplodedNodeSet.
Define the macro offsetof in system-header-simulator.h.

MTC marked 3 inline comments as done.Jan 20 2018, 1:22 AM

In D42300#982187, @NoQ wrote:

My intuition suggests that this checker shouldn't be path-sensitive; our path-sensitive analysis does very little to help you with this particular checker, and you might end up with a much easier and more reliable checker if you turn it into a simple AST visitor or an AST matcher. Just a heads up.

This is a very useful suggestion, many thanks, Noq! Path-sensitive is really a bit too heavy for this checker.

rebase

Herald added a reviewer: george.karpenkov. · View Herald TranscriptFeb 8 2018, 7:29 AM

@NoQ Sorry to bother you again. It seems that this patch is useless to analyzer temporarily, if you think so, I will abandon it : ).

All right, i guess we already do have a pair of callbacks for IntegerLiteral and it doesn't hurt, especially because here they'd eventually be actually useful. I think it should land, just to make it easier to add the actual support later.

This revision is now accepted and ready to land.Feb 8 2018, 12:57 PM

Closed by commit rL324790: [analyzer] Add missing pre-post-statement callbacks for OffsetOfExpr. (authored by NoQ). · Explain WhyFeb 9 2018, 4:57 PM

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: llvm-commits. · View Herald TranscriptFeb 9 2018, 4:57 PM

Revision Contents

Path

Size

cfe/

trunk/

lib/

StaticAnalyzer/

Checkers/

AnalysisOrderChecker.cpp

12 lines

Core/

ExprEngine.cpp

13 lines

test/

Analysis/

Inputs/

system-header-simulator.h

4 lines

offsetofexpr-callback.c

13 lines

Diff 133721

cfe/trunk/lib/StaticAnalyzer/Checkers/AnalysisOrderChecker.cpp

Show All 27 Lines

class AnalysisOrderChecker		class AnalysisOrderChecker
: public Checker<check::PreStmt<CastExpr>,		: public Checker<check::PreStmt<CastExpr>,
check::PostStmt<CastExpr>,		check::PostStmt<CastExpr>,
check::PreStmt<ArraySubscriptExpr>,		check::PreStmt<ArraySubscriptExpr>,
check::PostStmt<ArraySubscriptExpr>,		check::PostStmt<ArraySubscriptExpr>,
check::PreStmt<CXXNewExpr>,		check::PreStmt<CXXNewExpr>,
check::PostStmt<CXXNewExpr>,		check::PostStmt<CXXNewExpr>,
		check::PreStmt<OffsetOfExpr>,
		check::PostStmt<OffsetOfExpr>,
check::PreCall,		check::PreCall,
check::PostCall,		check::PostCall,
check::NewAllocator,		check::NewAllocator,
check::Bind,		check::Bind,
check::RegionChanges,		check::RegionChanges,
check::LiveSymbols> {		check::LiveSymbols> {

bool isCallbackEnabled(AnalyzerOptions &Opts, StringRef CallbackName) const {		bool isCallbackEnabled(AnalyzerOptions &Opts, StringRef CallbackName) const {
▲ Show 20 Lines • Show All 42 Lines • ▼ Show 20 Lines	if (isCallbackEnabled(C, "PreStmtCXXNewExpr"))
llvm::errs() << "PreStmt<CXXNewExpr>\n";		llvm::errs() << "PreStmt<CXXNewExpr>\n";
}		}

void checkPostStmt(const CXXNewExpr *NE, CheckerContext &C) const {		void checkPostStmt(const CXXNewExpr *NE, CheckerContext &C) const {
if (isCallbackEnabled(C, "PostStmtCXXNewExpr"))		if (isCallbackEnabled(C, "PostStmtCXXNewExpr"))
llvm::errs() << "PostStmt<CXXNewExpr>\n";		llvm::errs() << "PostStmt<CXXNewExpr>\n";
}		}

		void checkPreStmt(const OffsetOfExpr *OOE, CheckerContext &C) const {
		if (isCallbackEnabled(C, "PreStmtOffsetOfExpr"))
		llvm::errs() << "PreStmt<OffsetOfExpr>\n";
		}

		void checkPostStmt(const OffsetOfExpr *OOE, CheckerContext &C) const {
		if (isCallbackEnabled(C, "PostStmtOffsetOfExpr"))
		llvm::errs() << "PostStmt<OffsetOfExpr>\n";
		}

void checkPreCall(const CallEvent &Call, CheckerContext &C) const {		void checkPreCall(const CallEvent &Call, CheckerContext &C) const {
if (isCallbackEnabled(C, "PreCall")) {		if (isCallbackEnabled(C, "PreCall")) {
llvm::errs() << "PreCall";		llvm::errs() << "PreCall";
if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(Call.getDecl()))		if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(Call.getDecl()))
llvm::errs() << " (" << ND->getQualifiedNameAsString() << ')';		llvm::errs() << " (" << ND->getQualifiedNameAsString() << ')';
llvm::errs() << '\n';		llvm::errs() << '\n';
}		}
}		}
▲ Show 20 Lines • Show All 46 Lines • Show Last 20 Lines

cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp

Show First 20 Lines • Show All 1,537 Lines • ▼ Show 20 Lines	case Stmt::CXXThrowExprClass:
break;		break;

case Stmt::ReturnStmtClass:		case Stmt::ReturnStmtClass:
Bldr.takeNodes(Pred);		Bldr.takeNodes(Pred);
VisitReturnStmt(cast<ReturnStmt>(S), Pred, Dst);		VisitReturnStmt(cast<ReturnStmt>(S), Pred, Dst);
Bldr.addNodes(Dst);		Bldr.addNodes(Dst);
break;		break;

case Stmt::OffsetOfExprClass:		case Stmt::OffsetOfExprClass: {
Bldr.takeNodes(Pred);		Bldr.takeNodes(Pred);
VisitOffsetOfExpr(cast<OffsetOfExpr>(S), Pred, Dst);		ExplodedNodeSet PreVisit;
		getCheckerManager().runCheckersForPreStmt(PreVisit, Pred, S, *this);

		ExplodedNodeSet PostVisit;
		for (ExplodedNode *Node : PreVisit)
		VisitOffsetOfExpr(cast<OffsetOfExpr>(S), Node, PostVisit);

		getCheckerManager().runCheckersForPostStmt(Dst, PostVisit, S, *this);
Bldr.addNodes(Dst);		Bldr.addNodes(Dst);
break;		break;
		}
case Stmt::UnaryExprOrTypeTraitExprClass:		case Stmt::UnaryExprOrTypeTraitExprClass:
Bldr.takeNodes(Pred);		Bldr.takeNodes(Pred);
VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S),		VisitUnaryExprOrTypeTraitExpr(cast<UnaryExprOrTypeTraitExpr>(S),
Pred, Dst);		Pred, Dst);
Bldr.addNodes(Dst);		Bldr.addNodes(Dst);
break;		break;

case Stmt::StmtExprClass: {		case Stmt::StmtExprClass: {
▲ Show 20 Lines • Show All 1,501 Lines • Show Last 20 Lines

cfe/trunk/test/Analysis/Inputs/system-header-simulator.h

	Show First 20 Lines • Show All 104 Lines • ▼ Show 20 Lines

	#define UINT32_MAX 4294967295U			#define UINT32_MAX 4294967295U
	#define INT64_MIN (-INT64_MAX-1)			#define INT64_MIN (-INT64_MAX-1)
	#define __DBL_MAX__ 1.7976931348623157e+308			#define __DBL_MAX__ 1.7976931348623157e+308
	#define DBL_MAX __DBL_MAX__			#define DBL_MAX __DBL_MAX__
	#ifndef NULL			#ifndef NULL
	#define __DARWIN_NULL 0			#define __DARWIN_NULL 0
	#define NULL __DARWIN_NULL			#define NULL __DARWIN_NULL
	#endif			#endif
	No newline at end of file
				#define offsetof(t, d) __builtin_offsetof(t, d)
				No newline at end of file

cfe/trunk/test/Analysis/offsetofexpr-callback.c

				// RUN: %clang_analyze_cc1 -analyzer-checker=debug.AnalysisOrder -analyzer-config debug.AnalysisOrder:PreStmtOffsetOfExpr=true,debug.AnalysisOrder:PostStmtOffsetOfExpr=true %s 2>&1 \| FileCheck %s
				#include "Inputs/system-header-simulator.h"

				struct S {
				char c;
				};

				void test() {
				offsetof(struct S, c);
				}

				// CHECK: PreStmt<OffsetOfExpr>
				// CHECK-NEXT: PostStmt<OffsetOfExpr>
				No newline at end of file