This is an archive of the discontinued LLVM Phabricator instance.

Differential D63533

[analyzer] Fix clang-tidy crash on GCCAsmStmt
ClosedPublic

Authored by Nathan-Huckleberry on Jun 18 2019, 5:06 PM.

Details

Reviewers
nickdesaulniers
george.karpenkov
NoQ
Commits
rG13fde7a89a53: [analyzer] Fix clang-tidy crash on GCCAsmStmt
rL364605: [analyzer] Fix clang-tidy crash on GCCAsmStmt
rC364605: [analyzer] Fix clang-tidy crash on GCCAsmStmt
Summary

Added entry in switch statement to recognize GCCAsmStmt
as a possible block terminator.

Handling to build CFG using GCCAsmStmt was already implemented.

Diff Detail

Event Timeline

Nathan-Huckleberry created this revision.Jun 18 2019, 5:06 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 18 2019, 5:06 PM
Herald added subscribers: cfe-commits, Charusso, dkrupp and 7 others. · View Herald Transcript
Harbormaster completed remote builds in B33598: Diff 205478.Jun 18 2019, 5:07 PM
Nathan-Huckleberry added reviewers: nickdesaulniers, dergachev.a, george.karpenkov.Jun 18 2019, 5:10 PM
Nathan-Huckleberry added a subscriber: tmroeder.
Szelethus edited reviewers, added: NoQ; removed: dergachev.a.Jun 18 2019, 5:15 PM
NoQ added a comment.Jun 18 2019, 5:54 PM

Hey, thanks! That's a nice catch.

The code looks fine, but i don't think your test actually tests it - see inline comments. Also i think we should put the test into the clang repo (i.e., test/Analysis), because that's where the change is. I'd like to know it if i break your test even if i don't enable clang-tools-extra at all. Because clang-tidy isn't available from within the clang sub-project, this would have to be implemented as a static analyzer test.

clang-tools-extra/test/clang-tidy/asm-goto.cpp
2 ↗(On Diff #205478)

I suspect that the code you modified doesn't get covered by this test unless you enable analyzer-... checkers.

3–4 ↗(On Diff #205478)

This is scary because the behavior may depend on the implementation details of the standard library that's installed on the current machine. In the Static Analyzer we use test/Analysis/Inputs/system-header-simulator*.h as a mocked-up standard library for testing purposes.

clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
401

Please add a TODO to actually implement this functionality.

nickdesaulniers added inline comments.Jun 19 2019, 10:47 AM
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
401

And an assert that this Stmt::isAsmGoto() == true. (We should not hit this for any inline assembly, just asm goto statements)

Nathan-Huckleberry updated this revision to Diff 205642.Jun 19 2019, 11:06 AM
  • [analyzer] Revise test case and add TODO
Harbormaster completed remote builds in B33638: Diff 205642.Jun 19 2019, 11:06 AM
NoQ added inline comments.Jun 19 2019, 1:50 PM
clang/test/Analysis/egraph-asm-goto-no-crash.cpp
2

Ugh, you picked an exotic test as an example.

Let's try the following:

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s

// expected-no-diagnostics

void clang_analyzer_warnIfReached();

void testAsmGoto() {
  asm goto("xor %0, %0\n je %l[label1]\n jl %l[label2]"
           : /* no outputs */
           : /* inputs */
           : /* clobbers */
           : label1, label2 /* any labels used */);

  label1:
  // FIXME: Should be reachable.
  clang_analyzer_warnIfReached();
  return;

  label2:
  // FIXME: Should be reachable.
  clang_analyzer_warnIfReached();
  return;
}

(and the egraph part in the main file is also out of place)

NoQ added inline comments.Jun 19 2019, 1:54 PM
clang/test/Analysis/egraph-asm-goto-no-crash.cpp
2

(wait, one of these shouldn't be reachable, right?)

NoQ added inline comments.Jun 19 2019, 1:56 PM
clang/test/Analysis/egraph-asm-goto-no-crash.cpp
2

(i mean, let's do something similar, just with the correct amount of FIXMEs)

nickdesaulniers added inline comments.Jun 19 2019, 1:59 PM
clang/test/Analysis/egraph-asm-goto-no-crash.cpp
2

You'd have to "peak" into the assembly to tell. Essentially asm goto is treated as a "black box" throughout Clang and LLVM, similar to vanilla inline assembly. Basically, the explicit list of labels are valid branch targets from the inline assembly, as is fallthrough. It's undefined behavior if the assembly jumps to a label not explicitly listed in the asm statement (but would likely fail to link, in the best case).

nickdesaulniers added inline comments.Jun 19 2019, 2:01 PM
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
401

Take a look at other asserts in the codebase. They usually are in the form: assert(some_expr_should_be_true && "helpful error message when false");

Nathan-Huckleberry marked an inline comment as done.Jun 19 2019, 2:41 PM
Nathan-Huckleberry added inline comments.
clang/test/Analysis/egraph-asm-goto-no-crash.cpp
2

To answer the original question both labels and the 'fallthrough' case should all be technically reachable in this test case, but will not actually be reached during analysis since handling for asm goto branching doesn't exist.

tmroeder added a comment.Jun 19 2019, 3:45 PM

I can confirm that this fixes the clang-tidy crash I observed in trying to analyze the kernel.

xbolva00 added a subscriber: xbolva00.Jun 19 2019, 3:55 PM
xbolva00 added inline comments.
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
401

or llvm_unreachable :)

Nathan-Huckleberry marked an inline comment as not done.Jun 20 2019, 9:48 AM
Nathan-Huckleberry updated this revision to Diff 206919.Jun 27 2019, 1:25 PM
  • Add assertion message and simplify test case
Harbormaster completed remote builds in B34020: Diff 206919.Jun 27 2019, 1:26 PM
NoQ accepted this revision.Jun 27 2019, 1:38 PM

Looks great now, thanks!

This revision is now accepted and ready to land.Jun 27 2019, 1:38 PM
nickdesaulniers added inline comments.Jun 27 2019, 2:18 PM
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
401

prefer: assert(shouldBeTrue() && "asdfasdf") to assert(shouldBeTrue() == true && "asfas").

Nathan-Huckleberry updated this revision to Diff 206954.Jun 27 2019, 3:32 PM
  • Minor style change on assert
Harbormaster completed remote builds in B34033: Diff 206954.Jun 27 2019, 3:35 PM
nickdesaulniers accepted this revision.Jun 27 2019, 3:43 PM
Closed by commit rL364605: [analyzer] Fix clang-tidy crash on GCCAsmStmt (authored by Nathan-Huckleberry). · Explain WhyJun 27 2019, 3:52 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptJun 27 2019, 3:52 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Core/
5 lines
test/
Analysis/
26 lines

Diff 206919

clang/lib/StaticAnalyzer/Core/CoreEngine.cpp

Show First 20 LinesShow All 390 Lines▼ Show 20 Lines switch (Term->getStmtClass()) {
SubEng.processSwitch(builder); SubEng.processSwitch(builder);
return; return;
} }
case Stmt::WhileStmtClass: case Stmt::WhileStmtClass:
HandleBranch(cast<WhileStmt>(Term)->getCond(), Term, B, Pred); HandleBranch(cast<WhileStmt>(Term)->getCond(), Term, B, Pred);
return; return;
case Stmt::GCCAsmStmtClass:
assert(cast<GCCAsmStmt>(Term)->isAsmGoto() == true && "Encountered GCCAsmStmt without labels");
NoQUnsubmitted
Not Done
ReplyInline Actions

Please add a TODO to actually implement this functionality.

NoQ: Please add a TODO to actually implement this functionality.
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

And an assert that this Stmt::isAsmGoto() == true. (We should not hit this for any inline assembly, just asm goto statements)

nickdesaulniers: And an `assert` that this `Stmt::isAsmGoto() == true`. (We should not hit this for any inline…
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

Take a look at other asserts in the codebase. They usually are in the form: assert(some_expr_should_be_true && "helpful error message when false");

nickdesaulniers: Take a look at other `assert`s in the codebase. They usually are in the form: `assert…
xbolva00Unsubmitted
Not Done
ReplyInline Actions

or llvm_unreachable :)

xbolva00: or llvm_unreachable :)
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

prefer: assert(shouldBeTrue() && "asdfasdf") to assert(shouldBeTrue() == true && "asfas").

nickdesaulniers: prefer: `assert(shouldBeTrue() && "asdfasdf")` to `assert(shouldBeTrue() == true && "asfas")`.
// TODO: Handle jumping to labels
return;
} }
} }
if (B->getTerminator().isVirtualBaseBranch()) { if (B->getTerminator().isVirtualBaseBranch()) {
HandleVirtualBaseBranch(B, Pred); HandleVirtualBaseBranch(B, Pred);
return; return;
} }
▲ Show 20 LinesShow All 295 LinesShow Last 20 Lines

clang/test/Analysis/egraph-asm-goto-no-crash.cpp

  • This file was added.
// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
NoQUnsubmitted
Not Done
ReplyInline Actions

Ugh, you picked an exotic test as an example.

Let's try the following:

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s

// expected-no-diagnostics

void clang_analyzer_warnIfReached();

void testAsmGoto() {
  asm goto("xor %0, %0\n je %l[label1]\n jl %l[label2]"
           : /* no outputs */
           : /* inputs */
           : /* clobbers */
           : label1, label2 /* any labels used */);

  label1:
  // FIXME: Should be reachable.
  clang_analyzer_warnIfReached();
  return;

  label2:
  // FIXME: Should be reachable.
  clang_analyzer_warnIfReached();
  return;
}

(and the egraph part in the main file is also out of place)

NoQ: Ugh, you picked an exotic test as an example. Let's try the following: ```lang=c++ // RUN…
NoQUnsubmitted
Not Done
ReplyInline Actions

(wait, one of these shouldn't be reachable, right?)

NoQ: (wait, one of these shouldn't be reachable, right?)
NoQUnsubmitted
Not Done
ReplyInline Actions

(i mean, let's do something similar, just with the correct amount of FIXMEs)

NoQ: (i mean, let's do something similar, just with the correct amount of FIXMEs)
nickdesaulniersUnsubmitted
Not Done
ReplyInline Actions

You'd have to "peak" into the assembly to tell. Essentially asm goto is treated as a "black box" throughout Clang and LLVM, similar to vanilla inline assembly. Basically, the explicit list of labels are valid branch targets from the inline assembly, as is fallthrough. It's undefined behavior if the assembly jumps to a label not explicitly listed in the asm statement (but would likely fail to link, in the best case).

nickdesaulniers: You'd have to "peak" into the assembly to tell. Essentially `asm goto` is treated as a "black…
Nathan-HuckleberryAuthorUnsubmitted
Not Done
ReplyInline Actions

To answer the original question both labels and the 'fallthrough' case should all be technically reachable in this test case, but will not actually be reached during analysis since handling for asm goto branching doesn't exist.

Nathan-Huckleberry: To answer the original question both labels and the 'fallthrough' case should all be…
// expected-no-diagnostics
void clang_analyzer_warnIfReached();
void testAsmGoto() {
asm goto("xor %0, %0\n je %l[label1]\n jl %l[label2]"
: /* no outputs */
: /* inputs */
: /* clobbers */
: label1, label2 /* any labels used */);
// FIXME: Should be reachable.
clang_analyzer_warnIfReached();
label1:
// FIXME: Should be reachable.
clang_analyzer_warnIfReached();
return;
label2:
// FIXME: Should be reachable.
clang_analyzer_warnIfReached();
return;
}