This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/clang/StaticAnalyzer/Checkers/
-
clang/
-
StaticAnalyzer/
-
Checkers/
-
Checkers.td
-
lib/StaticAnalyzer/Checkers/
-
StaticAnalyzer/
-
Checkers/
2
StdLibraryFunctionsChecker.cpp
-
test/Analysis/
-
Analysis/
-
Inputs/
-
system-header-simulator-cxx.h
-
diagnostics/
-
explicit-suppression.cpp
-
iterator-range.cpp
-
std-c-library-functions.cpp
1
std-cxx-library-functions.cpp

Differential D54149

[Analyzer] [WIP] Standard C++ library functions checker for the std::find() family
AbandonedPublic

Authored by baloghadamsoftware on Nov 6 2018, 6:00 AM.

Download Raw Diff

Details

Reviewers

NoQ

Summary

Simulate the std::find()-like functions based on function summaries similar to the standard C library functions checker. The summary is very simple here: the item(s) looked for can either be found in the container or not. In this latter case these functions return the iterator denoting the end of the range.

Without this checker the std::find()-like functions are either inlined or not but it does not help: their implementation is too complex for the Static Analyzer to track them successfully. This implies that based on their real implementations the iterator range checker cannot find cases where the programmer forgot to check whether the element was found in the container, the end of the range was the end() of the container and a dereference is made on the result.

This solution is still work in progress. The macro language describing summaries cannot deal with complex types yet. We need a way to describe parameters of template functions instead of using Irrelevant for all non-integer arguments. For example, SAME_AS(arg_num) could be used to describe that two arguments have the same type.

ComparesToArgument does not work for complex types so we needed a new constraint type BoundToArgument.

The stand-alone test does not work since the analyzer cannot handler the equality of variables with complex types. However the new tests in the iterator range checker pass if this checker is also enabled.

Diff Detail

Event Timeline

baloghadamsoftware created this revision.Nov 6 2018, 6:00 AM

Herald added a reviewer: george.karpenkov. · View Herald TranscriptNov 6 2018, 6:00 AM

Herald added subscribers: donat.nagy, Szelethus, mikhail.ramalho and 4 others. · View Herald Transcript

baloghadamsoftware edited the summary of this revision. (Show Details)Nov 6 2018, 6:14 AM

Such checker is useful. It'd be great to add a lot of "pure" functions into it, simply for the sake of pointing out that they have no side effects, i.e. avoid unnecessary invalidation.

The bound-to-argument constraint is useful. It avoids the alpha-renaming problem by assigning the correct value right away instead of stuffing an aliasing condition into the solver.

I still believe that the idea to split the state on std::find is questionable, no matter how exactly it's implemented. std::find does more than tells whether the element is in the container, so calling it just for its other effect (to obtain the iterator to the element) when you already know that the element is in the container is not an indication of a dead code, even if it is a bad code smell in most cases. I think it is very likely that people will come to us with false positives of that kind and we'll have to revert this behavior. Would you be OK to keep support for std::find() under an option, off by default but available when the user opts into lint checks? This could be implemented by making a new check kind (eg., CK_OptimisticStdCXXLibraryFunctionsChecker).

Random thought: i still think that implementing the "object value id" thing (a symbol-like id that is associated with the memory region of the object and gets invalidated when the object is logically mutated but gets copied as-is to the new object upon copy/move-constructors or assignments) is a good way to refactor all these things. But this work seems orthogonal to what you did here (i.e., we'll have to perform the copy of the "id" here, but that's just a separate task). So this patch shouldn't be blocked on that.

Another random thought: it'd be great to make a bug reporter visitor that highlights state splits produced by this checker. Eg., in your case it would produce an event note that says something like "Assuming object is not present in iterator range". Otherwise the user would be unable to understand why do you think that the iterator is bad. Or for, say, ispunct() it would say "Assuming character is punctuation symbol".

lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
159–161	I think it's important to document that bound-to-argument should always be used instead of compares-to-argument when the comparison operator is == and the constraint is applied to return values of fully evaluated functions.
375–376	Hmmmmmmmm. `std::find` is a function that returns a C++ object by value. For such functions it is not enough to bind the returned prvalue of the object. It is important to realize that while it is an equal iterator, it's not the same object. Which is why it is necessary to foresee the storage for the newly constructed iterator, so that destruction/materialization/copy elision worked correctly. See the respective logic in `ExprEngine::bindReturnValue()`: 611 if (auto RTC = getCurrentCFGElement().getAs<CFGCXXRecordTypedCall>()) { 612 // Conjure a temporary if the function returns an object by value. 613 SVal Target; 614 assert(RTC->getStmt() == Call.getOriginExpr()); 615 EvalCallOptions CallOpts; // FIXME: We won't really need those. 616 std::tie(State, Target) = 617 prepareForObjectConstruction(Call.getOriginExpr(), State, LCtx, 618 RTC->getConstructionContext(), CallOpts); // ... 627 } // ... It's bad that checkers currently need to do that manually when they implement `evalCall()` for C++ functions that return objects. We need to come up with a better API, eg. `State->BindReturnValue(same arguments)` that prepares for object construction (i.e., move the part of the functionality of `ExprEngine::bindReturnValue()` that's responsible for binding into a `ProgramState` method, and only keep the functionality that's responsible for conjuring the value).
test/Analysis/std-cxx-library-functions.cpp
7–11	I think that's a great standalone test.

Herald added a subscriber: gamesh411. · View Herald TranscriptNov 30 2018, 3:32 PM

NoQ mentioned this in D63915: [analyzer] ReturnValueChecker: Model the guaranteed boolean return value of function calls.Jun 28 2019, 3:13 PM

george.karpenkov removed a reviewer: george.karpenkov.Nov 20 2019, 6:33 PM

Herald added a subscriber: Charusso. · View Herald TranscriptNov 20 2019, 6:33 PM

The modeling framework in its current state cannot be used for detailed modeling of complex functions. Even detailed modeling (including handling of GDM data for checkers) of standard C functions are done manually: see C string and stream checkers. Template functions of the C++ STL are more complex, creating a generic modeling framework would be huge multi-year project for which we currently lack the resources. So we decided to model these functions manually: Model STL Algoirthms to improve the iterator checkers

baloghadamsoftware abandoned this revision.Nov 29 2019, 2:18 AM

Revision Contents

Path

Size

include/

clang/

StaticAnalyzer/

Checkers/

Checkers.td

4 lines

lib/

StaticAnalyzer/

Checkers/

StdLibraryFunctionsChecker.cpp

293 lines

test/

Analysis/

Inputs/

system-header-simulator-cxx.h

29 lines

diagnostics/

explicit-suppression.cpp

2 lines

iterator-range.cpp

106 lines

std-c-library-functions.cpp

17 lines

std-cxx-library-functions.cpp

11 lines

Diff 172745

include/clang/StaticAnalyzer/Checkers/Checkers.td

	Show First 20 Lines • Show All 218 Lines • ▼ Show 20 Lines
	} // end "nullability"			} // end "nullability"

	let ParentPackage = APIModeling in {			let ParentPackage = APIModeling in {

	def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,			def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,
	HelpText<"Improve modeling of the C standard library functions">,			HelpText<"Improve modeling of the C standard library functions">,
	DescFile<"StdLibraryFunctionsChecker.cpp">;			DescFile<"StdLibraryFunctionsChecker.cpp">;

				def StdCXXLibraryFunctionsChecker : Checker<"StdCXXLibraryFunctions">,
				HelpText<"Improve modeling of the C++ standard library functions">,
				DescFile<"StdLibraryFunctionsChecker.cpp">;

	def TrustNonnullChecker : Checker<"TrustNonnull">,			def TrustNonnullChecker : Checker<"TrustNonnull">,
	HelpText<"Trust that returns from framework methods annotated with _Nonnull are not null">,			HelpText<"Trust that returns from framework methods annotated with _Nonnull are not null">,
	DescFile<"TrustNonnullChecker.cpp">;			DescFile<"TrustNonnullChecker.cpp">;

	} // end "apiModeling"			} // end "apiModeling"

	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Evaluate "builtin" functions.			// Evaluate "builtin" functions.
	▲ Show 20 Lines • Show All 601 Lines • Show Last 20 Lines

lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 Lines • Show All 71 Lines • ▼ Show 20 Lines	class StdLibraryFunctionsChecker : public Checker<check::PostCall, eval::Call> {
enum InvalidationKindTy { NoEvalCall, EvalCallAsPure };		enum InvalidationKindTy { NoEvalCall, EvalCallAsPure };

/// A pair of ValueRangeKindTy and IntRangeVectorTy would describe a range		/// A pair of ValueRangeKindTy and IntRangeVectorTy would describe a range
/// imposed on a particular argument or return value symbol.		/// imposed on a particular argument or return value symbol.
///		///
/// Given a range, should the argument stay inside or outside this range?		/// Given a range, should the argument stay inside or outside this range?
/// The special `ComparesToArgument' value indicates that we should		/// The special `ComparesToArgument' value indicates that we should
/// impose a constraint that involves other argument or return value symbols.		/// impose a constraint that involves other argument or return value symbols.
enum ValueRangeKindTy { OutOfRange, WithinRange, ComparesToArgument };		enum ValueRangeKindTy { OutOfRange, WithinRange, ComparesToArgument,
		BoundToArgument};

// The universal integral type to use in value range descriptions.		// The universal integral type to use in value range descriptions.
// Unsigned to make sure overflows are well-defined.		// Unsigned to make sure overflows are well-defined.
typedef uint64_t RangeIntTy;		typedef uint64_t RangeIntTy;

/// Normally, describes a single range constraint, eg. {{0, 1}, {3, 4}} is		/// Normally, describes a single range constraint, eg. {{0, 1}, {3, 4}} is
/// a non-negative integer, which less than 5 and not equal to 2. For		/// a non-negative integer, which less than 5 and not equal to 2. For
/// `ComparesToArgument', holds information about how exactly to compare to		/// `ComparesToArgument', holds information about how exactly to compare to
/// the argument.		/// the argument.
typedef std::vector<std::pair<RangeIntTy, RangeIntTy>> IntRangeVectorTy;		typedef std::vector<std::pair<RangeIntTy, RangeIntTy>> IntRangeVectorTy;

/// A reference to an argument or return value by its number.		/// A reference to an argument or return value by its number.
/// ArgNo in CallExpr and CallEvent is defined as Unsigned, but		/// ArgNo in CallExpr and CallEvent is defined as Unsigned, but
/// obviously uint32_t should be enough for all practical purposes.		/// obviously uint32_t should be enough for all practical purposes.
typedef uint32_t ArgNoTy;		typedef uint32_t ArgNoTy;
static const ArgNoTy Ret = std::numeric_limits<ArgNoTy>::max();		static const ArgNoTy Ret = std::numeric_limits<ArgNoTy>::max();

		public:
		/// A flag and a string to store which of the various checks are enabled
		/// and what is their name.
		enum CheckKindTy {
		CK_StdCLibraryFunctionsChecker,
		CK_StdCXXLibraryFunctionsChecker,
		CK_NumCheckKinds
		};

		DefaultBool ChecksEnabled[CK_NumCheckKinds];
		CheckName CheckNames[CK_NumCheckKinds];

		private:
/// Incapsulates a single range on a single symbol within a branch.		/// Incapsulates a single range on a single symbol within a branch.
class ValueRange {		class ValueRange {
ArgNoTy ArgNo; // Argument to which we apply the range.		ArgNoTy ArgNo; // Argument to which we apply the range.
ValueRangeKindTy Kind; // Kind of range definition.		ValueRangeKindTy Kind; // Kind of range definition.
IntRangeVectorTy Args; // Polymorphic arguments.		IntRangeVectorTy Args; // Polymorphic arguments.

public:		public:
ValueRange(ArgNoTy ArgNo, ValueRangeKindTy Kind,		ValueRange(ArgNoTy ArgNo, ValueRangeKindTy Kind,
Show All 9 Lines	BinaryOperator::Opcode getOpcode() const {
BinaryOperator::Opcode Op =		BinaryOperator::Opcode Op =
static_cast<BinaryOperator::Opcode>(Args[0].first);		static_cast<BinaryOperator::Opcode>(Args[0].first);
assert(BinaryOperator::isComparisonOp(Op) &&		assert(BinaryOperator::isComparisonOp(Op) &&
"Only comparison ops are supported for ComparesToArgument");		"Only comparison ops are supported for ComparesToArgument");
return Op;		return Op;
}		}

ArgNoTy getOtherArgNo() const {		ArgNoTy getOtherArgNo() const {
assert(Kind == ComparesToArgument);		assert(Kind == ComparesToArgument \|\| Kind == BoundToArgument);
assert(Args.size() == 1);		assert(Args.size() == 1);
return static_cast<ArgNoTy>(Args[0].second);		return static_cast<ArgNoTy>(Args[0].second);
}		}

const IntRangeVectorTy &getRanges() const {		const IntRangeVectorTy &getRanges() const {
assert(Kind != ComparesToArgument);		assert(Kind != ComparesToArgument);
return Args;		return Args;
}		}

// We avoid creating a virtual apply() method because		// We avoid creating a virtual apply() method because
// it makes initializer lists harder to write.		// it makes initializer lists harder to write.
private:		private:
ProgramStateRef		ProgramStateRef
applyAsOutOfRange(ProgramStateRef State, const CallEvent &Call,		applyAsOutOfRange(ProgramStateRef State, const CallEvent &Call,
const FunctionSummaryTy &Summary) const;		const FunctionSummaryTy &Summary) const;
ProgramStateRef		ProgramStateRef
applyAsWithinRange(ProgramStateRef State, const CallEvent &Call,		applyAsWithinRange(ProgramStateRef State, const CallEvent &Call,
const FunctionSummaryTy &Summary) const;		const FunctionSummaryTy &Summary) const;
ProgramStateRef		ProgramStateRef
applyAsComparesToArgument(ProgramStateRef State, const CallEvent &Call,		applyAsComparesToArgument(ProgramStateRef State, const CallEvent &Call,
const FunctionSummaryTy &Summary) const;		const FunctionSummaryTy &Summary) const;
		ProgramStateRef
		applyAsBoundToArgument(ProgramStateRef State, const CallEvent &Call,
		const FunctionSummaryTy &Summary) const;
		NoQUnsubmitted Not Done Reply Inline Actions I think it's important to document that bound-to-argument should always be used instead of compares-to-argument when the comparison operator is == and the constraint is applied to return values of fully evaluated functions. NoQ: I think it's important to document that bound-to-argument should always be used instead of…

public:		public:
ProgramStateRef apply(ProgramStateRef State, const CallEvent &Call,		ProgramStateRef apply(ProgramStateRef State, const CallEvent &Call,
const FunctionSummaryTy &Summary) const {		const FunctionSummaryTy &Summary) const {
switch (Kind) {		switch (Kind) {
case OutOfRange:		case OutOfRange:
return applyAsOutOfRange(State, Call, Summary);		return applyAsOutOfRange(State, Call, Summary);
case WithinRange:		case WithinRange:
return applyAsWithinRange(State, Call, Summary);		return applyAsWithinRange(State, Call, Summary);
case ComparesToArgument:		case ComparesToArgument:
return applyAsComparesToArgument(State, Call, Summary);		return applyAsComparesToArgument(State, Call, Summary);
		case BoundToArgument:
		return applyAsBoundToArgument(State, Call, Summary);
}		}
llvm_unreachable("Unknown ValueRange kind!");		llvm_unreachable("Unknown ValueRange kind!");
}		}
};		};

/// The complete list of ranges that defines a single branch.		/// The complete list of ranges that defines a single branch.
typedef std::vector<ValueRange> ValueRangeSet;		typedef std::vector<ValueRange> ValueRangeSet;

/// Includes information about function prototype (which is necessary to		/// Includes information about function prototype (which is necessary to
/// ensure we're modeling the right function and casting values properly),		/// ensure we're modeling the right function and casting values properly),
/// approach to invalidation, and a list of branches - essentially, a list		/// approach to invalidation, and a list of branches - essentially, a list
/// of list of ranges - essentially, a list of lists of lists of segments.		/// of list of ranges - essentially, a list of lists of lists of segments.
struct FunctionSummaryTy {		struct FunctionSummaryTy {
		const CheckKindTy CheckKind;
const std::vector<QualType> ArgTypes;		const std::vector<QualType> ArgTypes;
const QualType RetType;		const QualType RetType;
const InvalidationKindTy InvalidationKind;		const InvalidationKindTy InvalidationKind;
const std::vector<ValueRangeSet> Ranges;		const std::vector<ValueRangeSet> Ranges;

private:		private:
static void assertTypeSuitableForSummary(QualType T) {		static void assertTypeSuitableForSummary(QualType T) {
assert(!T->isVoidType() &&		assert(!T->isVoidType() &&
▲ Show 20 Lines • Show All 140 Lines • ▼ Show 20 Lines
ProgramStateRef		ProgramStateRef
StdLibraryFunctionsChecker::ValueRange::applyAsComparesToArgument(		StdLibraryFunctionsChecker::ValueRange::applyAsComparesToArgument(
ProgramStateRef State, const CallEvent &Call,		ProgramStateRef State, const CallEvent &Call,
const FunctionSummaryTy &Summary) const {		const FunctionSummaryTy &Summary) const {

ProgramStateManager &Mgr = State->getStateManager();		ProgramStateManager &Mgr = State->getStateManager();
SValBuilder &SVB = Mgr.getSValBuilder();		SValBuilder &SVB = Mgr.getSValBuilder();
QualType CondT = SVB.getConditionType();		QualType CondT = SVB.getConditionType();
QualType T = getArgType(Summary, getArgNo());		QualType T = getArgType(Call, getArgNo());
SVal V = getArgSVal(Call, getArgNo());		SVal V = getArgSVal(Call, getArgNo());

BinaryOperator::Opcode Op = getOpcode();		BinaryOperator::Opcode Op = getOpcode();
ArgNoTy OtherArg = getOtherArgNo();		ArgNoTy OtherArg = getOtherArgNo();
SVal OtherV = getArgSVal(Call, OtherArg);		SVal OtherV = getArgSVal(Call, OtherArg);
QualType OtherT = getArgType(Call, OtherArg);		QualType OtherT = getArgType(Call, OtherArg);
// Note: we avoid integral promotion for comparison.		// Note: we avoid integral promotion for comparison.
OtherV = SVB.evalCast(OtherV, T, OtherT);		OtherV = SVB.evalCast(OtherV, T, OtherT);
if (auto CompV = SVB.evalBinOp(State, Op, V, OtherV, CondT)		if (auto CompV = SVB.evalBinOp(State, Op, V, OtherV, CondT)
.getAs<DefinedOrUnknownSVal>())		.getAs<DefinedOrUnknownSVal>())
State = State->assume(*CompV, true);		State = State->assume(*CompV, true);
return State;		return State;
}		}

		ProgramStateRef
		StdLibraryFunctionsChecker::ValueRange::applyAsBoundToArgument(
		ProgramStateRef State, const CallEvent &Call,
		const FunctionSummaryTy &Summary) const {
		assert(getArgNo() == Ret && "Cannot bind argument to another argument");

		ProgramStateManager &Mgr = State->getStateManager();
		SValBuilder &SVB = Mgr.getSValBuilder();
		QualType T = getArgType(Call, getArgNo());

		ArgNoTy OtherArg = getOtherArgNo();
		SVal OtherV = getArgSVal(Call, OtherArg);
		QualType OtherT = getArgType(Call, OtherArg);
		// Note: we avoid integral promotion for comparison.
		OtherV = SVB.evalCast(OtherV, T, OtherT);
		State = State->BindExpr(Call.getOriginExpr(), Call.getLocationContext(),
		OtherV);
		NoQUnsubmitted Not Done Reply Inline Actions Hmmmmmmmm. `std::find` is a function that returns a C++ object by value. For such functions it is not enough to bind the returned prvalue of the object. It is important to realize that while it is an equal iterator, it's not the same object. Which is why it is necessary to foresee the storage for the newly constructed iterator, so that destruction/materialization/copy elision worked correctly. See the respective logic in `ExprEngine::bindReturnValue()`: 611 if (auto RTC = getCurrentCFGElement().getAs<CFGCXXRecordTypedCall>()) { 612 // Conjure a temporary if the function returns an object by value. 613 SVal Target; 614 assert(RTC->getStmt() == Call.getOriginExpr()); 615 EvalCallOptions CallOpts; // FIXME: We won't really need those. 616 std::tie(State, Target) = 617 prepareForObjectConstruction(Call.getOriginExpr(), State, LCtx, 618 RTC->getConstructionContext(), CallOpts); // ... 627 } // ... It's bad that checkers currently need to do that manually when they implement `evalCall()` for C++ functions that return objects. We need to come up with a better API, eg. `State->BindReturnValue(same arguments)` that prepares for object construction (i.e., move the part of the functionality of `ExprEngine::bindReturnValue()` that's responsible for binding into a `ProgramState` method, and only keep the functionality that's responsible for conjuring the value). NoQ: Hmmmmmmmm. `std::find` is a function that returns a C++ object by value. For such functions…
		return State;
		}

void StdLibraryFunctionsChecker::checkPostCall(const CallEvent &Call,		void StdLibraryFunctionsChecker::checkPostCall(const CallEvent &Call,
CheckerContext &C) const {		CheckerContext &C) const {
const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(Call.getDecl());		const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(Call.getDecl());
if (!FD)		if (!FD)
return;		return;

const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());		const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
if (!CE)		if (!CE)
Show All 22 Lines

bool StdLibraryFunctionsChecker::evalCall(const CallExpr *CE,		bool StdLibraryFunctionsChecker::evalCall(const CallExpr *CE,
CheckerContext &C) const {		CheckerContext &C) const {
const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(CE->getCalleeDecl());		const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(CE->getCalleeDecl());
if (!FD)		if (!FD)
return false;		return false;

Optional<FunctionSummaryTy> FoundSummary = findFunctionSummary(FD, CE, C);		Optional<FunctionSummaryTy> FoundSummary = findFunctionSummary(FD, CE, C);
if (!FoundSummary)		if (!FoundSummary \|\| !ChecksEnabled[FoundSummary->CheckKind])
return false;		return false;

const FunctionSummaryTy &Summary = *FoundSummary;		const FunctionSummaryTy &Summary = *FoundSummary;
switch (Summary.InvalidationKind) {		switch (Summary.InvalidationKind) {
case EvalCallAsPure: {		case EvalCallAsPure: {
ProgramStateRef State = C.getState();		ProgramStateRef State = C.getState();
const LocationContext *LC = C.getLocationContext();		const LocationContext *LC = C.getLocationContext();
SVal V = C.getSValBuilder().conjureSymbolVal(		SVal V = C.getSValBuilder().conjureSymbolVal(
▲ Show 20 Lines • Show All 52 Lines • ▼ Show 20 Lines	StdLibraryFunctionsChecker::findFunctionSummary(const FunctionDecl *FD,
SValBuilder &SVB = C.getSValBuilder();		SValBuilder &SVB = C.getSValBuilder();
BasicValueFactory &BVF = SVB.getBasicValueFactory();		BasicValueFactory &BVF = SVB.getBasicValueFactory();
initFunctionSummaries(BVF);		initFunctionSummaries(BVF);

IdentifierInfo *II = FD->getIdentifier();		IdentifierInfo *II = FD->getIdentifier();
if (!II)		if (!II)
return None;		return None;
StringRef Name = II->getName();		StringRef Name = II->getName();
if (Name.empty() \|\| !C.isCLibraryFunction(FD, Name))
		if (Name.empty() \|\|
		!(C.isCLibraryFunction(FD, Name) \|\| FD->isInStdNamespace()))
return None;		return None;

auto FSMI = FunctionSummaryMap.find(Name);		auto FSMI = FunctionSummaryMap.find(Name);
if (FSMI == FunctionSummaryMap.end())		if (FSMI == FunctionSummaryMap.end())
return None;		return None;

// Verify that function signature matches the spec in advance.		// Verify that function signature matches the spec in advance.
// Otherwise we might be modeling the wrong function.		// Otherwise we might be modeling the wrong function.
▲ Show 20 Lines • Show All 70 Lines • ▼ Show 20 Lines	void StdLibraryFunctionsChecker::initFunctionSummaries(
// ...		// ...
// }		// }
// }		// }
// }		// }
//}		//}

#define SUMMARY_WITH_VARIANTS(identifier) {#identifier, {		#define SUMMARY_WITH_VARIANTS(identifier) {#identifier, {
#define END_SUMMARY_WITH_VARIANTS }},		#define END_SUMMARY_WITH_VARIANTS }},
#define VARIANT(argument_types, return_type, invalidation_approach) \		#define VARIANT(lang, argument_types, return_type, invalidation_approach) \
{ argument_types, return_type, invalidation_approach, {		{ lang, argument_types, return_type, invalidation_approach, {
#define END_VARIANT } },		#define END_VARIANT } },
#define SUMMARY(identifier, argument_types, return_type, \		#define SUMMARY(identifier, lang, argument_types, return_type, \
invalidation_approach) \		invalidation_approach) \
{ #identifier, { { argument_types, return_type, invalidation_approach, {		{ #identifier, { { lang, argument_types, return_type, invalidation_approach, {
#define END_SUMMARY } } } },		#define END_SUMMARY } } } },
#define ARGUMENT_TYPES(...) { __VA_ARGS__ }		#define ARGUMENT_TYPES(...) { __VA_ARGS__ }
#define RETURN_TYPE(x) x		#define RETURN_TYPE(x) x
#define INVALIDATION_APPROACH(x) x		#define INVALIDATION_APPROACH(x) x
#define CASE {		#define CASE {
#define END_CASE },		#define END_CASE },
#define ARGUMENT_CONDITION(argument_number, condition_kind) \		#define ARGUMENT_CONDITION(argument_number, condition_kind) \
{ argument_number, condition_kind, {		{ argument_number, condition_kind, {
#define END_ARGUMENT_CONDITION }},		#define END_ARGUMENT_CONDITION }},
#define RETURN_VALUE_CONDITION(condition_kind) \		#define RETURN_VALUE_CONDITION(condition_kind) \
{ Ret, condition_kind, {		{ Ret, condition_kind, {
#define END_RETURN_VALUE_CONDITION }},		#define END_RETURN_VALUE_CONDITION }},
#define ARG_NO(x) x##U		#define ARG_NO(x) x##U
#define RANGE(x, y) { x, y },		#define RANGE(x, y) { x, y },
#define SINGLE_VALUE(x) RANGE(x, x)		#define SINGLE_VALUE(x) RANGE(x, x)
#define IS_LESS_THAN(arg) { BO_LE, arg }		#define IS_EQUAL_TO(arg) { BO_EQ, arg }
		#define IS_NOT_EQUAL_TO(arg) { BO_NE, arg }
		#define IS_LESS_THAN_OR_EQUAL_TO(arg) { BO_LE, arg }
		#define LANG_C CK_StdCLibraryFunctionsChecker
		#define LANG_CXX CK_StdCXXLibraryFunctionsChecker

FunctionSummaryMap = {		FunctionSummaryMap = {
// The isascii() family of functions.		// The isascii() family of functions.
SUMMARY(isalnum, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isalnum, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // Boils down to isupper() or islower() or isdigit()		CASE // Boils down to isupper() or islower() or isdigit()
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('0', '9')		RANGE('0', '9')
RANGE('A', 'Z')		RANGE('A', 'Z')
RANGE('a', 'z')		RANGE('a', 'z')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
Show All 14 Lines	SUMMARY(isalnum, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
RANGE('a', 'z')		RANGE('a', 'z')
RANGE(128, 255)		RANGE(128, 255)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isalpha, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isalpha, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // isupper() or islower(). Note that 'Z' is less than 'a'.		CASE // isupper() or islower(). Note that 'Z' is less than 'a'.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('A', 'Z')		RANGE('A', 'Z')
RANGE('a', 'z')		RANGE('a', 'z')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
Show All 10 Lines	SUMMARY(isalpha, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
RANGE('a', 'z')		RANGE('a', 'z')
RANGE(128, 255)		RANGE(128, 255)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isascii, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isascii, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // Is ASCII.		CASE // Is ASCII.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE(0, 127)		RANGE(0, 127)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE(0, 127)		RANGE(0, 127)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isblank, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isblank, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
SINGLE_VALUE('\t')		SINGLE_VALUE('\t')
SINGLE_VALUE(' ')		SINGLE_VALUE(' ')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
SINGLE_VALUE('\t')		SINGLE_VALUE('\t')
SINGLE_VALUE(' ')		SINGLE_VALUE(' ')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(iscntrl, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(iscntrl, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // 0..31 or 127		CASE // 0..31 or 127
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE(0, 32)		RANGE(0, 32)
SINGLE_VALUE(127)		SINGLE_VALUE(127)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE(0, 32)		RANGE(0, 32)
SINGLE_VALUE(127)		SINGLE_VALUE(127)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isdigit, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isdigit, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // Is a digit.		CASE // Is a digit.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('0', '9')		RANGE('0', '9')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE('0', '9')		RANGE('0', '9')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isgraph, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isgraph, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE(33, 126)		RANGE(33, 126)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE(33, 126)		RANGE(33, 126)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(islower, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(islower, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // Is certainly lowercase.		CASE // Is certainly lowercase.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('a', 'z')		RANGE('a', 'z')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
Show All 18 Lines	SUMMARY(islower, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE(0, 255)		RANGE(0, 255)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isprint, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isprint, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE(32, 126)		RANGE(32, 126)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE(32, 126)		RANGE(32, 126)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(ispunct, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(ispunct, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('!', '/')		RANGE('!', '/')
RANGE(':', '@')		RANGE(':', '@')
RANGE('[', '`')		RANGE('[', '`')
RANGE('{', '~')		RANGE('{', '~')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE('!', '/')		RANGE('!', '/')
RANGE(':', '@')		RANGE(':', '@')
RANGE('[', '`')		RANGE('[', '`')
RANGE('{', '~')		RANGE('{', '~')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isspace, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isspace, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // Space, '\f', '\n', '\r', '\t', '\v'.		CASE // Space, '\f', '\n', '\r', '\t', '\v'.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE(9, 13)		RANGE(9, 13)
SINGLE_VALUE(' ')		SINGLE_VALUE(' ')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
Show All 10 Lines	SUMMARY(isspace, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
SINGLE_VALUE(' ')		SINGLE_VALUE(' ')
RANGE(128, 255)		RANGE(128, 255)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isupper, ARGUMENT_TYPES(IntTy), RETURN_TYPE (IntTy),		SUMMARY(isupper, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE (IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE // Is certainly uppercase.		CASE // Is certainly uppercase.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('A', 'Z')		RANGE('A', 'Z')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE // The locale-specific range.		CASE // The locale-specific range.
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE(128, 255)		RANGE(128, 255)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
END_CASE		END_CASE
CASE // Other.		CASE // Other.
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE('A', 'Z') RANGE(128, 255)		RANGE('A', 'Z') RANGE(128, 255)
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(isxdigit, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),		SUMMARY(isxdigit, LANG_C, ARGUMENT_TYPES(IntTy), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(EvalCallAsPure))		INVALIDATION_APPROACH(EvalCallAsPure))
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), WithinRange)		ARGUMENT_CONDITION(ARG_NO(0), WithinRange)
RANGE('0', '9')		RANGE('0', '9')
RANGE('A', 'F')		RANGE('A', 'F')
RANGE('a', 'f')		RANGE('a', 'f')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(OutOfRange)		RETURN_VALUE_CONDITION(OutOfRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
CASE		CASE
ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)		ARGUMENT_CONDITION(ARG_NO(0), OutOfRange)
RANGE('0', '9')		RANGE('0', '9')
RANGE('A', 'F')		RANGE('A', 'F')
RANGE('a', 'f')		RANGE('a', 'f')
END_ARGUMENT_CONDITION		END_ARGUMENT_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(0)		SINGLE_VALUE(0)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY

// The getc() family of functions that returns either a char or an EOF.		// The getc() family of functions that returns either a char or an EOF.
SUMMARY(getc, ARGUMENT_TYPES(Irrelevant), RETURN_TYPE(IntTy),		SUMMARY(getc, LANG_C, ARGUMENT_TYPES(Irrelevant), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(NoEvalCall))		INVALIDATION_APPROACH(NoEvalCall))
CASE // FIXME: EOF is assumed to be defined as -1.		CASE // FIXME: EOF is assumed to be defined as -1.
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, 255)		RANGE(-1, 255)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(fgetc, ARGUMENT_TYPES(Irrelevant), RETURN_TYPE(IntTy),		SUMMARY(fgetc, LANG_C, ARGUMENT_TYPES(Irrelevant), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(NoEvalCall))		INVALIDATION_APPROACH(NoEvalCall))
CASE // FIXME: EOF is assumed to be defined as -1.		CASE // FIXME: EOF is assumed to be defined as -1.
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, 255)		RANGE(-1, 255)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(getchar, ARGUMENT_TYPES(), RETURN_TYPE(IntTy),		SUMMARY(getchar, LANG_C, ARGUMENT_TYPES(), RETURN_TYPE(IntTy),
INVALIDATION_APPROACH(NoEvalCall))		INVALIDATION_APPROACH(NoEvalCall))
CASE // FIXME: EOF is assumed to be defined as -1.		CASE // FIXME: EOF is assumed to be defined as -1.
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, 255)		RANGE(-1, 255)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY

// read()-like functions that never return more than buffer size.		// read()-like functions that never return more than buffer size.
// We are not sure how ssize_t is defined on every platform, so we provide		// We are not sure how ssize_t is defined on every platform, so we provide
// three variants that should cover common cases.		// three variants that should cover common cases.
SUMMARY_WITH_VARIANTS(read)		SUMMARY_WITH_VARIANTS(read)
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),
RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, IntMax)		RANGE(-1, IntMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),
RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, LongMax)		RANGE(-1, LongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),
RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, LongLongMax)		RANGE(-1, LongLongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
END_SUMMARY_WITH_VARIANTS		END_SUMMARY_WITH_VARIANTS
SUMMARY_WITH_VARIANTS(write)		SUMMARY_WITH_VARIANTS(write)
// Again, due to elusive nature of ssize_t, we have duplicate		// Again, due to elusive nature of ssize_t, we have duplicate
// our summaries to cover different variants.		// our summaries to cover different variants.
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),
RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, IntMax)		RANGE(-1, IntMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),
RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, LongMax)		RANGE(-1, LongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy),
RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
RANGE(-1, LongLongMax)		RANGE(-1, LongLongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
END_SUMMARY_WITH_VARIANTS		END_SUMMARY_WITH_VARIANTS
SUMMARY(fread,		SUMMARY(fread, LANG_C,
ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy, Irrelevant),		ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy, Irrelevant),
RETURN_TYPE(SizeTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(SizeTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY
SUMMARY(fwrite,		SUMMARY(fwrite, LANG_C,
ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy, Irrelevant),		ARGUMENT_TYPES(Irrelevant, Irrelevant, SizeTy, Irrelevant),
RETURN_TYPE(SizeTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(SizeTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(ComparesToArgument)		RETURN_VALUE_CONDITION(ComparesToArgument)
IS_LESS_THAN(ARG_NO(2))		IS_LESS_THAN_OR_EQUAL_TO(ARG_NO(2))
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_SUMMARY		END_SUMMARY

// getline()-like functions either fail or read at least the delimiter.		// getline()-like functions either fail or read at least the delimiter.
SUMMARY_WITH_VARIANTS(getline)		SUMMARY_WITH_VARIANTS(getline)
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(-1)		SINGLE_VALUE(-1)
RANGE(1, IntMax)		RANGE(1, IntMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(-1)		SINGLE_VALUE(-1)
RANGE(1, LongMax)		RANGE(1, LongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),		VARIANT(LANG_C, ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(-1)		SINGLE_VALUE(-1)
RANGE(1, LongLongMax)		RANGE(1, LongLongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
END_SUMMARY_WITH_VARIANTS		END_SUMMARY_WITH_VARIANTS
SUMMARY_WITH_VARIANTS(getdelim)		SUMMARY_WITH_VARIANTS(getdelim)
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),		VARIANT(LANG_C,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(IntTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(-1)		SINGLE_VALUE(-1)
RANGE(1, IntMax)		RANGE(1, IntMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),		VARIANT(LANG_C,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(-1)		SINGLE_VALUE(-1)
RANGE(1, LongMax)		RANGE(1, LongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
VARIANT(ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),		VARIANT(LANG_C,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))		RETURN_TYPE(LongLongTy), INVALIDATION_APPROACH(NoEvalCall))
CASE		CASE
RETURN_VALUE_CONDITION(WithinRange)		RETURN_VALUE_CONDITION(WithinRange)
SINGLE_VALUE(-1)		SINGLE_VALUE(-1)
RANGE(1, LongLongMax)		RANGE(1, LongLongMax)
END_RETURN_VALUE_CONDITION		END_RETURN_VALUE_CONDITION
END_CASE		END_CASE
END_VARIANT		END_VARIANT
END_SUMMARY_WITH_VARIANTS		END_SUMMARY_WITH_VARIANTS

		// C++ STL

		// STL algorithms

		// std::find() at el.
		SUMMARY(find, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(find_end, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(find_first_of, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(find_if, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(find_if_not, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(lower_bound, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(upper_bound, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(search, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY
		SUMMARY(search_n, LANG_CXX,
		ARGUMENT_TYPES(Irrelevant, Irrelevant, Irrelevant, Irrelevant),
		RETURN_TYPE(Irrelevant), INVALIDATION_APPROACH(EvalCallAsPure))
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(ARG_NO(1))
		END_RETURN_VALUE_CONDITION
		END_CASE
		CASE
		RETURN_VALUE_CONDITION(BoundToArgument)
		IS_EQUAL_TO(Ret)
		END_RETURN_VALUE_CONDITION
		END_CASE
		END_SUMMARY

};		};
}		}

void ento::registerStdCLibraryFunctionsChecker(CheckerManager &mgr) {		#define REGISTER_CHECKER(name) \
// If this checker grows large enough to support C++, Objective-C, or other		void ento::register##name(CheckerManager &Mgr) { \
// standard libraries, we could use multiple register...Checker() functions,		auto *checker = Mgr.registerChecker<StdLibraryFunctionsChecker>(); \
// which would register various checkers with the help of the same Checker		checker->ChecksEnabled[StdLibraryFunctionsChecker::CK_##name] = true; \
// class, turning on different function summaries.		checker->CheckNames[StdLibraryFunctionsChecker::CK_##name] = \
mgr.registerChecker<StdLibraryFunctionsChecker>();		Mgr.getCurrentCheckName(); \
}		}

		REGISTER_CHECKER(StdCLibraryFunctionsChecker)
		REGISTER_CHECKER(StdCXXLibraryFunctionsChecker)

test/Analysis/Inputs/system-header-simulator-cxx.h

Show First 20 Lines • Show All 226 Lines • ▼ Show 20 Lines	namespace std {
template<class T>		template<class T>
typename remove_reference<T>::type&& move(T&& a) {		typename remove_reference<T>::type&& move(T&& a) {
typedef typename remove_reference<T>::type&& RvalRef;		typedef typename remove_reference<T>::type&& RvalRef;
return static_cast<RvalRef>(a);		return static_cast<RvalRef>(a);
}		}

template<typename T>		template<typename T>
class vector {		class vector {
		public:
typedef T value_type;		typedef T value_type;
typedef size_t size_type;		typedef size_t size_type;
typedef __vector_iterator<T, T *, T &> iterator;		typedef __vector_iterator<T, T *, T &> iterator;
typedef __vector_iterator<T, const T *, const T &> const_iterator;		typedef __vector_iterator<T, const T *, const T &> const_iterator;

		private:
T *_start;		T *_start;
T *_finish;		T *_finish;
T *_end_of_storage;		T *_end_of_storage;

public:		public:
vector() : _start(0), _finish(0), _end_of_storage(0) {}		vector() : _start(0), _finish(0), _end_of_storage(0) {}
template <typename InputIterator>		template <typename InputIterator>
vector(InputIterator first, InputIterator last);		vector(InputIterator first, InputIterator last);
vector(const vector &other);		vector(const vector &other);
vector(vector &&other);		vector(vector &&other);
~vector();		~vector();

▲ Show 20 Lines • Show All 458 Lines • ▼ Show 20 Lines	prev (BidirectionalIterator it,
typename iterator_traits<BidirectionalIterator>::difference_type n =		typename iterator_traits<BidirectionalIterator>::difference_type n =
1) {		1) {
advance(it, -n);		advance(it, -n);
return it;		return it;
}		}

template <class InputIterator, class T>		template <class InputIterator, class T>
InputIterator find(InputIterator first, InputIterator last, const T &val);		InputIterator find(InputIterator first, InputIterator last, const T &val);
		template <class ForwardIterator1, class ForwardIterator2>
		ForwardIterator1 find_end(ForwardIterator1 first1, ForwardIterator1 last1,
		ForwardIterator2 first2, ForwardIterator2 last2);
		template <class ForwardIterator1, class ForwardIterator2>
		ForwardIterator1 find_first_of(ForwardIterator1 first1,
		ForwardIterator1 last1,
		ForwardIterator2 first2,
		ForwardIterator2 last2);
		template <class InputIterator, class UnaryPredicate>
		InputIterator find_if(InputIterator first, InputIterator last,
		UnaryPredicate pred);
		template <class InputIterator, class UnaryPredicate>
		InputIterator find_if_not(InputIterator first, InputIterator last,
		UnaryPredicate pred);
		template <class InputIterator, class T>
		InputIterator lower_bound(InputIterator first, InputIterator last,
		const T &val);
		template <class InputIterator, class T>
		InputIterator upper_bound(InputIterator first, InputIterator last,
		const T &val);
		template <class ForwardIterator1, class ForwardIterator2>
		ForwardIterator1 search(ForwardIterator1 first1, ForwardIterator1 last1,
		ForwardIterator2 first2, ForwardIterator2 last2);
		template <class ForwardIterator1, class ForwardIterator2>
		ForwardIterator1 search_n(ForwardIterator1 first1, ForwardIterator1 last1,
		ForwardIterator2 first2, ForwardIterator2 last2);

template <class ForwardIterator1, class ForwardIterator2>		template <class ForwardIterator1, class ForwardIterator2>
ForwardIterator1 find_first_of(ForwardIterator1 first1,		ForwardIterator1 find_first_of(ForwardIterator1 first1,
ForwardIterator1 last1,		ForwardIterator1 last1,
ForwardIterator2 first2,		ForwardIterator2 first2,
ForwardIterator2 last2);		ForwardIterator2 last2);

template <class InputIterator, class OutputIterator>		template <class InputIterator, class OutputIterator>
Show All 34 Lines

test/Analysis/diagnostics/explicit-suppression.cpp

Show All 13 Lines	class C {
// The virtual function is to make C not trivially copy assignable so that we call the		// The virtual function is to make C not trivially copy assignable so that we call the
// variant of std::copy() that does not defer to memmove().		// variant of std::copy() that does not defer to memmove().
virtual int f();		virtual int f();
};		};

void testCopyNull(C I, C E) {		void testCopyNull(C I, C E) {
std::copy(I, E, (C *)0);		std::copy(I, E, (C *)0);
#ifndef SUPPRESSED		#ifndef SUPPRESSED
// expected-warning@../Inputs/system-header-simulator-cxx.h:627 {{Called C++ object pointer is null}}		// expected-warning@../Inputs/system-header-simulator-cxx.h:630 {{Called C++ object pointer is null}}
#endif		#endif
}		}

test/Analysis/iterator-range.cpp

	// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.IteratorRange -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=false %s -verify			// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,apiModeling.StdCXXLibraryFunctions,cplusplus,alpha.cplusplus.IteratorRange -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=false %s -verify
	// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.IteratorRange -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify			// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,apiModeling.StdCXXLibraryFunctions,cplusplus,alpha.cplusplus.IteratorRange -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify

	#include "Inputs/system-header-simulator-cxx.h"			#include "Inputs/system-header-simulator-cxx.h"

	void clang_analyzer_warnIfReached();			void clang_analyzer_warnIfReached();

	void simple_good_end(const std::vector<int> &v) {			void simple_good_end(const std::vector<int> &v) {
	auto i = v.end();			auto i = v.end();
	if (i != v.end()) {			if (i != v.end()) {
	▲ Show 20 Lines • Show All 81 Lines • ▼ Show 20 Lines
	void copy_and_increase3(const std::vector<int> &v) {			void copy_and_increase3(const std::vector<int> &v) {
	auto i1 = v.begin();			auto i1 = v.begin();
	auto i2 = i1;			auto i2 = i1;
	++i1;			++i1;
	if (v.end() == i2)			if (v.end() == i2)
	*i2; // expected-warning{{Iterator accessed outside of its range}}			*i2; // expected-warning{{Iterator accessed outside of its range}}
	}			}

				void good_find(std::vector<int> &V, int e) {
				auto first = std::find(V.begin(), V.end(), e);
				if (V.end() != first)
				*first; // no-warning
				}

				void bad_find(std::vector<int> &V, int e) {
				auto first = std::find(V.begin(), V.end(), e);
				*first; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_find_end(std::vector<int> &V, std::vector<int> &seq) {
				auto last = std::find_end(V.begin(), V.end(), seq.begin(), seq.end());
				if (V.end() != last)
				*last; // no-warning
				}

				void bad_find_end(std::vector<int> &V, std::vector<int> &seq) {
				auto last = std::find_end(V.begin(), V.end(), seq.begin(), seq.end());
				*last; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_find_first_of(std::vector<int> &V, std::vector<int> &seq) {
				auto first =
				std::find_first_of(V.begin(), V.end(), seq.begin(), seq.end());
				if (V.end() != first)
				*first; // no-warning
				}

				void bad_find_first_of(std::vector<int> &V, std::vector<int> &seq) {
				auto first = std::find_end(V.begin(), V.end(), seq.begin(), seq.end());
				*first; // expected-warning{{Iterator accessed outside of its range}}
				}

				bool odd(int i) { return i % 2; }

				void good_find_if(std::vector<int> &V) {
				auto first = std::find_if(V.begin(), V.end(), odd);
				if (V.end() != first)
				*first; // no-warning
				}

				void bad_find_if(std::vector<int> &V, int e) {
				auto first = std::find_if(V.begin(), V.end(), odd);
				*first; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_find_if_not(std::vector<int> &V) {
				auto first = std::find_if_not(V.begin(), V.end(), odd);
				if (V.end() != first)
				*first; // no-warning
				}

				void bad_find_if_not(std::vector<int> &V, int e) {
				auto first = std::find_if_not(V.begin(), V.end(), odd);
				*first; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_lower_bound(std::vector<int> &V, int e) {
				auto first = std::lower_bound(V.begin(), V.end(), e);
				if (V.end() != first)
				*first; // no-warning
				}

				void bad_lower_bound(std::vector<int> &V, int e) {
				auto first = std::lower_bound(V.begin(), V.end(), e);
				*first; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_upper_bound(std::vector<int> &V, int e) {
				auto last = std::lower_bound(V.begin(), V.end(), e);
				if (V.end() != last)
				*last; // no-warning
				}

				void bad_upper_bound(std::vector<int> &V, int e) {
				auto last = std::lower_bound(V.begin(), V.end(), e);
				*last; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_search(std::vector<int> &V, std::vector<int> &seq) {
				auto first = std::search(V.begin(), V.end(), seq.begin(), seq.end());
				if (V.end() != first)
				*first; // no-warning
				}

				void bad_search(std::vector<int> &V, std::vector<int> &seq) {
				auto first = std::search(V.begin(), V.end(), seq.begin(), seq.end());
				*first; // expected-warning{{Iterator accessed outside of its range}}
				}

				void good_search_n(std::vector<int> &V, std::vector<int> &seq) {
				auto nth = std::search_n(V.begin(), V.end(), seq.begin(), seq.end());
				if (V.end() != nth)
				*nth; // no-warning
				}

				void bad_search_n(std::vector<int> &V, std::vector<int> &seq) {
				auto nth = std::search_n(V.begin(), V.end(), seq.begin(), seq.end());
				*nth; // expected-warning{{Iterator accessed outside of its range}}
				}

	template <class InputIterator, class T>			template <class InputIterator, class T>
	InputIterator nonStdFind(InputIterator first, InputIterator last,			InputIterator nonStdFind(InputIterator first, InputIterator last,
	const T &val) {			const T &val) {
	for (auto i = first; i != last; ++i) {			for (auto i = first; i != last; ++i) {
	if (*i == val) {			if (*i == val) {
	return i;			return i;
	}			}
	}			}
	▲ Show 20 Lines • Show All 95 Lines • Show Last 20 Lines

test/Analysis/std-c-library-functions.cpp

	// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=apiModeling.StdCLibraryFunctions,debug.ExprInspection -verify %s			// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=apiModeling.StdCLibraryFunctions,debug.ExprInspection -verify %s

	// Test that we don't model functions with broken prototypes.			// Test that we don't model functions with broken prototypes.
	// Because they probably work differently as well.			// Because they probably work differently as well.
	//			//
	// This test lives in a separate file because we wanted to test all functions			// This test lives in a separate file because we wanted to test all functions
	// in the .c file, however in C there are no overloads.			// in the .c file, however in C there are no overloads.

	void clang_analyzer_eval(bool);			void clang_analyzer_eval(bool);
	bool isalpha(char);			bool isalpha(char);

	void test() {			void test() {
	clang_analyzer_eval(isalpha('A')); // no-crash // expected-warning{{UNKNOWN}}			clang_analyzer_eval(isalpha('A')); // no-crash // expected-warning{{UNKNOWN}}
	}			}

				namespace std {
				int isalnum(int);
				}

				namespace {
				// Non std!!!

				int isalnum(int) {
				return 0;
				}
				}

				void test_non_std() {
				clang_analyzer_eval(std::isalnum('A')); // expected-warning{{TRUE}}
				clang_analyzer_eval(isalnum('A')); // expected-warning{{FALSE}}
				}

test/Analysis/std-cxx-library-functions.cpp

This file was added.

				// RUN: %clang_analyze_cc1 -analyzer-checker=apiModeling.StdCXXLibraryFunctions,debug.ExprInspection -verify %s

				#include "Inputs/system-header-simulator-cxx.h"

				void clang_analyzer_eval(bool);

				void test_find(std::vector<int> V, int n) {
				const std::vector<int>::iterator b = V.begin(), e = V.end();
				clang_analyzer_eval(std::find(b, e, n) == e); // expected-warning{{TRUE}}
				// expected-warning@-1{{FALSE}}
				}
				NoQUnsubmitted Not Done Reply Inline Actions I think that's a great standalone test. NoQ: I think that's a great standalone test.