CallDecription can only handle function for the time being. If we want to match c++ method, we can only use method name to match and can't improve the matching accuracy through the qualifiers.
This patch add the support for QualifiedName matching to improve the matching accuracy.
The implementation is not complicated, the difficulty is that there is no good way to get the qualified name without template arguments. For std::basic_string::c_str(), its qualified name may be std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::c_str, it is almost impossible for users to provide such a name. So one possible implementation is to use std, basic_string and c_str to match in the std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::c_str sequentially.
Having C++ support would be awesome!
Thanks for working on this!
While I do agree matching is not trivial with qualified names, this problem is already solved with AST matchers.
I wonder if using matchers or reusing the HasNameMatcher class would make this easier. That code path is already well tested and optimized.
Thank you for pointing out the direction, xazax.hun!
I will looking into the matchers and try to give a better solution.
| lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
|---|---|---|
| 32 ↗ | (On Diff #151166) | I am not sure if this is the right solution in case of this check. We should track c_str calls regardless of what the template parameter is, so supporting any instantiation of basic_string is desired. This might not be the case, however, for other checks. If we think it is more likely we do not care about the template arguments, maybe a separate API could be used, where we pass the qualified name of the class separately without the template arguments. At this point I also wonder what isCalled API gives us compared to matchers? Maybe it is more convenient to use than calling a match. Also, isCalled API has an IdentifierInfo cached which could be used for relatively efficient checks. @NoQ what do you think? |
| 65 ↗ | (On Diff #151166) | If we check for fully qualified names, this check might be redundant. |
| lib/StaticAnalyzer/Core/CallEvent.cpp | ||
| 374 | Doesn't match also traverse the subtree of the AST? We only need to check if that particular node matches the qualified name. I wonder if we could, during the traversal, find another node that is a match unintentionally. | |
| lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
|---|---|---|
| 32 ↗ | (On Diff #151166) | I agree that it's better to match the chain of classes and namespaces (in as much detail as the user cares to provide) and discard template parameters. For example, i wish that a CallDescription that's defined as {"std", "basic_string", "c_str"} would be able to match both std::string::c_str() and std::__1::string::c_str(). |
| lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp | ||
|---|---|---|
| 32 ↗ | (On Diff #151166) | Yea, checker writers may can't provide all the template arguments, and it's not convenient to use! I will try to give a better solution! |
| 65 ↗ | (On Diff #151166) | Right, thanks! |
| lib/StaticAnalyzer/Core/CallEvent.cpp | ||
| 374 | Yea, this maybe a problem, I will test whether this is going to happen and give a fine-grained match. Thanks! | |
Sorry for the long long delay, I was on the Dragon Boat Festival a few days ago.
This update has two parts:
There are two remain issues:
| lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp | ||
|---|---|---|
| 68 ↗ | (On Diff #152702) | I wish the old syntax for simple C functions was preserved. This could be accidentally achieved by using ArrayRef<StringRef> instead of std::vector<StringRef> for your constructor's argument. |
| lib/StaticAnalyzer/Core/CallEvent.cpp | ||
| 374–381 | Uhm, i think we don't need to flatten the class name to a string and then regex to do this. We can just unwrap the declaration and see if the newly unwrapped layer matches the expected name on every step, until all expected names have been found. | |
Thanks for your review, NoQ!
| lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp | ||
|---|---|---|
| 68 ↗ | (On Diff #152702) | ArrayRef<StringRef> can't achieve this goal. The only way I can figure out is changing the declaration to the following form. CallDescription(StringRef FuncName, unsigned RequiredArgs = NoArgRequirement, ArrayRef<StringRef> QualifiedName = None) {} |
| lib/StaticAnalyzer/Core/CallEvent.cpp | ||
| 374–381 | Is the way you mentioned above is similar NamedDecl::printQualifiedName()? Get the full name through the DeclContext chain. See https://github.com/llvm-mirror/clang/blob/master/lib/AST/Decl.cpp#L1511. Or ignore namespace ,like std, just only consider the CXXRecordDecl? If so, dyn_cast<> might be enough. | |
Hmm, instead of using the match function which will traverse the ast, we could use the HasNameMatcher class which can be invoked on only one node. That class is in an internal namespace though, so I think the best would be to ask the maintainers whether it is ok to use that class externally, or were whe should put the functionality we need.
@xazax.hun Thanks for your tips! After some investigation, MatchFinder::match just traverse one ASTNode, that means match(namedDecl(HasNameMatcher())) and match(namedDecl(matchesName())) both not traverse children. So there are three ways to match the specified AST node.
In this update, I use the third way to match the specified AST node. This is simpler than I thought.
In addition, add a redundant constructor that is only used to construct a CallDescription with one name, this avoids the modification of the existing checker, like BlockInCriticalSectionChecker.cpp. Any suggestions?
Generally looks good, I only wonder if this works well with inline namespaces. Could you test? Probably it will.
Thank you for reminding me! Yea, this can handle inline namespaces.
However this approach has limit. Given the code below, we cannot distinguish whether the basic_string is user-defined struct or namespace. That's means when the user provide {"std", "basic_string", "append"}, we can only know the qualified name of the call sequentially contains std, basic_string, append. We don't know if these names come from RecordDecl or NamespaceDecl.
namespace std {
namespace basic_string {
struct A {
void append() {}
};
}
}
void foo() {
std::basic_string::A a;
a.append(); // Match
}@rnkovacs What do you think? Can this approach meet InnerPointerChecker's needs?
Sorry for the delay, I think this is OK to commit.
As a possible improvement, I can imagine making it slightly stricter, e.g. you could only skip QualifiedNames for inline namespaces and the beginning. Maybe add support for staring with "" or :: to even disable skipping namespaces at the beginning?
But these are just nice to have features, I am perfectly ok with not having them or doing it in a followup patch.
Oh, and thanks for working on this, this improvement was long overdue, but everybody was busy with something else :)
I guess it is highly unlikely for someone to write namespaces like that, and if they do, I think they deserve to have them treated as a std::string.
Thanks, Henry, this is great!
Thanks, Gábor!
I will land it first and do the improvement according to the mismatch case in the followup patch!
Yup. On the other hand, if we specify our method as {"basic_string", "c_str"} and they make a namespace basic_string { const char *c_str(); }, we are pretty likely to crash when we try to obtain this-value for the call that isn't a method. This is still not a big deal because it's still highly unlikely, but we've seen crash reports of this sort, and the easier our spec is, the more likely it becomes that somebody has a different thing with the same name. For example, if we want to model iterators and we specify {"begin"} without specifying the base class (so that all sorts of containers were covered), we still want to specify that we're looking for a method call and not for a global function call.
So i believe that one of the important remaining problems with CallDescription is to teach it to discriminate between global functions and methods. We can do it in a number of ways: