This is an archive of the discontinued LLVM Phabricator instance.

Differential D57890

[analyzer] Fix in self assignment checker
Needs RevisionPublic

Authored by bruntib on Feb 7 2019, 6:07 AM.

Details

Reviewers
NoQ
george.karpenkov
Szelethus
xazax.hun
baloghadamsoftware
Summary

For self assignment checker it was necessary to force checking of assignment operators even if those are not called. The reason of this is to check whether "this" is equal to the address of the assignee object.

The buffer overlap checker checks if the intervals of the arguments of a memcpy() call are disjoint. If a class has an array member then the compiler generated assignment operator copies it with memcpy() function without checking self assignment at the beginning. Since the analyzer forces the check of assignment operators, the buffer overflow checker reported a false positive on classes with compiler generated assignment operator and array member.

This commit prevents the forced check of compiler generated assignment operators.

Diff Detail

Event Timeline

bruntib created this revision.Feb 7 2019, 6:07 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 7 2019, 6:07 AM
Herald added subscribers: cfe-commits, dkrupp, donat.nagy and 4 others. · View Herald Transcript
xazax.hun accepted this revision.Feb 11 2019, 3:20 AM

LG!

Just wanted to make sure I get it right. You did not add a test since it is only reproducible with an internal (non-upstreamed) checker. Since the change is trivial, I think it is ok to commit this without a test.

This revision is now accepted and ready to land.Feb 11 2019, 3:20 AM
NoQ added a comment.Feb 11 2019, 2:02 PM

Sounds reasonable, but it also sounds like something that should be reproducible on the upstream clang. Do you have a code snippet that causes the problematic AST to appear? Even if we don't have the false positive up here in upstream, Is it something we can test via -analyzer-display-progress | FileCheck or with the help of the analysis order checker or something like that?

Szelethus requested changes to this revision.Mar 12 2019, 2:59 AM

Yup, I agree.

This revision now requires changes to proceed.Mar 12 2019, 2:59 AM
Herald added subscribers: Charusso, jdoerfert, whisperity. · View Herald TranscriptMar 12 2019, 2:59 AM
baloghadamsoftware added a comment.May 21 2020, 12:04 AM

I think you can create a unit test for this: create a pre-call checker that checks for the assignment operator and asserts that we are not in top level. Create a test code with a simple class without user provided copy operator and a function that uses the auto-generated copy operator. Run the checker on this sample code.

Herald added subscribers: ASDenysPetrov, martong, steakhal. · View Herald TranscriptMay 21 2020, 12:05 AM

Revision Contents

PathSize
lib/
StaticAnalyzer/
Frontend/
2 lines

Diff 185754

lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp

Show First 20 LinesShow All 444 Lines▼ Show 20 Linesstatic bool shouldSkipFunction(const Decl *D,
// Count naming convention errors more aggressively. // Count naming convention errors more aggressively.
if (isa<ObjCMethodDecl>(D)) if (isa<ObjCMethodDecl>(D))
return false; return false;
// We also want to reanalyze all C++ copy and move assignment operators to // We also want to reanalyze all C++ copy and move assignment operators to
// separately check the two cases where 'this' aliases with the parameter and // separately check the two cases where 'this' aliases with the parameter and
// where it may not. (cplusplus.SelfAssignmentChecker) // where it may not. (cplusplus.SelfAssignmentChecker)
if (const auto *MD = dyn_cast<CXXMethodDecl>(D)) { if (const auto *MD = dyn_cast<CXXMethodDecl>(D)) {
if (MD->isCopyAssignmentOperator() || MD->isMoveAssignmentOperator()) if (MD->isCopyAssignmentOperator() || MD->isMoveAssignmentOperator())
return false; return !MD->isUserProvided();
} }
// Otherwise, if we visited the function before, do not reanalyze it. // Otherwise, if we visited the function before, do not reanalyze it.
return Visited.count(D); return Visited.count(D);
} }
ExprEngine::InliningModes ExprEngine::InliningModes
AnalysisConsumer::getInliningModeForFunction(const Decl *D, AnalysisConsumer::getInliningModeForFunction(const Decl *D,
▲ Show 20 LinesShow All 440 LinesShow Last 20 Lines