This is an archive of the discontinued LLVM Phabricator instance.

Differential D69015

[analyzer] Make ExplodedNode identifiers truly stable.
ClosedPublic

Authored by NoQ on Oct 15 2019, 7:32 PM.

Details

Reviewers
dcoughlin
xazax.hun
a_sidorin
rnkovacs
Szelethus
baloghadamsoftware
Charusso
Summary

I need this for the demo at the dev meeting ^.^"

Instead of using an allocator-based stable identifier as in D51667, let's make truly stable identifiers. The nodes now identify themselves as 1.,2.,3.,..., etc., which is not only nice to read, but also allows reliably setting conditional breakpoints. Eg., in lldb:

(lldb) br s -n inlineCall -c 'Pred->Id == 12345'

lets you reliably debug the construction of the CallEnter node whose predecessor is node 12345.

You could do a similar trick with the current stable IDs but that worked in ~30% of the cases because of slight indeterminism in how immutable sets and maps are allocated in the bump pointer allocator. Now it's fully reliable.

The exploded-graph-rewriter is updated accordingly. Additionally, because in exploded graph dumps we collapse multiple real exploded nodes into a single dumped graph node when they have the same state and the respective sub-graph is linear, i changed it to dump *each* node's identifier near the program point. Additionally, the "sink node" and "bug report attached" messages are also passed one per point rather than once per visible node.

Notice the 1., 2., 3. things on the left:

That's how bug/sink notices now look:

In the worst case this patch may increase memory usage of the static analyzer by around 1MB per process (if all 225000 nodes are constructed, times 4 bytes per unsigned integer on most architectures; note that only one analysis is kept in memory at a time, so the overhead doesn't add up for multiple exploded graphs). So even though i could have hidden the new feature under #ifndef NDEBUG, like the whole graph dumping facility, i don't think it's really worth it; i'd much rather enable graph dumping in noassert builds.

Diff Detail

Event Timeline

NoQ created this revision.Oct 15 2019, 7:32 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 15 2019, 7:32 PM
Herald added subscribers: cfe-commits, dkrupp, donat.nagy and 3 others. · View Herald Transcript
Charusso accepted this revision.Oct 15 2019, 8:56 PM

I was not sure why this is not opaque in case of LLDB usage, but now it is perfect, thanks!

clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
3082

Missing space at the end ", \"is_sink\":" -> ", \"is_sink\": ", and also I like the booleans dumped as true/false, but it was a total arbitrary decision.

clang/test/Analysis/exploded-graph-rewriter/node_labels.dot
46

GREY typo.

This revision is now accepted and ready to land.Oct 15 2019, 8:56 PM
Charusso added a comment.Oct 15 2019, 11:07 PM

i'd much rather enable graph dumping in noassert builds.

Totally! When I am not an advanced developer I definitely would like to print the graph with the release pre-built binaries to measure my stuff when I analyze. Like after someone watch your tutorial and starts with the pre-built Clang.

NoQ updated this revision to Diff 225540.Oct 17 2019, 4:02 PM
NoQ marked an inline comment as done.

Fxd.

clang/test/Analysis/exploded-graph-rewriter/node_labels.dot
46

Whoops!!

NoQ closed this revision.Oct 17 2019, 4:08 PM

Closed by rC375186 but i forgot the phabricator link :)

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Core/
PathSensitive/
11 lines
lib/
StaticAnalyzer/
Core/
3 lines
14 lines
18 lines
test/
Analysis/
4 lines
exploded-graph-rewriter/
9 lines
44 lines
14 lines
42 lines
20 lines
11 lines
42 lines
43 lines
42 lines
15 lines
37 lines
14 lines
40 lines
utils/
analyzer/
43 lines

Diff 225540

clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h

Show First 20 LinesShow All 125 Lines▼ Show 20 Linesclass ExplodedNode : public llvm::FoldingSetNode {
ProgramStateRef State; ProgramStateRef State;
/// Preds - The predecessors of this node. /// Preds - The predecessors of this node.
NodeGroup Preds; NodeGroup Preds;
/// Succs - The successors of this node. /// Succs - The successors of this node.
NodeGroup Succs; NodeGroup Succs;
int64_t Id;
public: public:
explicit ExplodedNode(const ProgramPoint &loc, ProgramStateRef state, explicit ExplodedNode(const ProgramPoint &loc, ProgramStateRef state,
bool IsSink) int64_t Id, bool IsSink)
: Location(loc), State(std::move(state)), Succs(IsSink) { : Location(loc), State(std::move(state)), Succs(IsSink), Id(Id) {
assert(isSink() == IsSink); assert(isSink() == IsSink);
} }
/// getLocation - Returns the edge associated with the given node. /// getLocation - Returns the edge associated with the given node.
ProgramPoint getLocation() const { return Location; } ProgramPoint getLocation() const { return Location; }
const LocationContext *getLocationContext() const { const LocationContext *getLocationContext() const {
return getLocation().getLocationContext(); return getLocation().getLocationContext();
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Linespublic:
const_succ_iterator succ_begin() const { const_succ_iterator succ_begin() const {
return const_cast<ExplodedNode*>(this)->succ_begin(); return const_cast<ExplodedNode*>(this)->succ_begin();
} }
const_succ_iterator succ_end() const { const_succ_iterator succ_end() const {
return const_cast<ExplodedNode*>(this)->succ_end(); return const_cast<ExplodedNode*>(this)->succ_end();
} }
const_succ_range succs() const { return {Succs.begin(), Succs.end()}; } const_succ_range succs() const { return {Succs.begin(), Succs.end()}; }
int64_t getID(ExplodedGraph *G) const; int64_t getID() const { return Id; }
/// The node is trivial if it has only one successor, only one predecessor, /// The node is trivial if it has only one successor, only one predecessor,
/// it's predecessor has only one successor, /// it's predecessor has only one successor,
/// and its program state is the same as the program state of the previous /// and its program state is the same as the program state of the previous
/// node. /// node.
/// Trivial nodes may be skipped while printing exploded graph. /// Trivial nodes may be skipped while printing exploded graph.
bool isTrivial() const; bool isTrivial() const;
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Linesprotected:
/// Nodes - The nodes in the graph. /// Nodes - The nodes in the graph.
llvm::FoldingSet<ExplodedNode> Nodes; llvm::FoldingSet<ExplodedNode> Nodes;
/// BVC - Allocator and context for allocating nodes and their predecessor /// BVC - Allocator and context for allocating nodes and their predecessor
/// and successor groups. /// and successor groups.
BumpVectorContext BVC; BumpVectorContext BVC;
/// NumNodes - The number of nodes in the graph. /// NumNodes - The number of nodes in the graph.
unsigned NumNodes = 0; int64_t NumNodes = 0;
/// A list of recently allocated nodes that can potentially be recycled. /// A list of recently allocated nodes that can potentially be recycled.
NodeVector ChangedNodes; NodeVector ChangedNodes;
/// A list of nodes that can be reused. /// A list of nodes that can be reused.
NodeVector FreeNodes; NodeVector FreeNodes;
/// Determines how often nodes are reclaimed. /// Determines how often nodes are reclaimed.
Show All 17 Lines ExplodedNode *getNode(const ProgramPoint &L, ProgramStateRef State,
bool* IsNew = nullptr); bool* IsNew = nullptr);
/// Create a node for a (Location, State) pair, /// Create a node for a (Location, State) pair,
/// but don't store it for deduplication later. This /// but don't store it for deduplication later. This
/// is useful when copying an already completed /// is useful when copying an already completed
/// ExplodedGraph for further processing. /// ExplodedGraph for further processing.
ExplodedNode *createUncachedNode(const ProgramPoint &L, ExplodedNode *createUncachedNode(const ProgramPoint &L,
ProgramStateRef State, ProgramStateRef State,
int64_t Id,
bool IsSink = false); bool IsSink = false);
std::unique_ptr<ExplodedGraph> MakeEmptyGraph() const { std::unique_ptr<ExplodedGraph> MakeEmptyGraph() const {
return std::make_unique<ExplodedGraph>(); return std::make_unique<ExplodedGraph>();
} }
/// addRoot - Add an untyped node to the set of roots. /// addRoot - Add an untyped node to the set of roots.
ExplodedNode *addRoot(ExplodedNode *V) { ExplodedNode *addRoot(ExplodedNode *V) {
▲ Show 20 LinesShow All 175 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/BugReporter.cpp

Show First 20 LinesShow All 2,560 Lines▼ Show 20 LinesBugPathInfo *BugPathGetter::getNextBugPath() {
// Now walk from the error node up the BFS path, always taking the // Now walk from the error node up the BFS path, always taking the
// predeccessor with the lowest number. // predeccessor with the lowest number.
ExplodedNode *Succ = nullptr; ExplodedNode *Succ = nullptr;
while (true) { while (true) {
// Create the equivalent node in the new graph with the same state // Create the equivalent node in the new graph with the same state
// and location. // and location.
ExplodedNode *NewN = GNew->createUncachedNode( ExplodedNode *NewN = GNew->createUncachedNode(
OrigN->getLocation(), OrigN->getState(), OrigN->isSink()); OrigN->getLocation(), OrigN->getState(),
OrigN->getID(), OrigN->isSink());
// Link up the new node with the previous node. // Link up the new node with the previous node.
if (Succ) if (Succ)
Succ->addPredecessor(NewN, *GNew); Succ->addPredecessor(NewN, *GNew);
else else
CurrentBugPath.ErrorNode = NewN; CurrentBugPath.ErrorNode = NewN;
Succ = NewN; Succ = NewN;
▲ Show 20 LinesShow All 691 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/ExplodedGraph.cpp

Show First 20 LinesShow All 277 Lines▼ Show 20 LinesExplodedNode * const *ExplodedNode::NodeGroup::end() const {
const GroupStorage &Storage = reinterpret_cast<const GroupStorage &>(P); const GroupStorage &Storage = reinterpret_cast<const GroupStorage &>(P);
if (Storage.isNull()) if (Storage.isNull())
return nullptr; return nullptr;
if (ExplodedNodeVector *V = Storage.dyn_cast<ExplodedNodeVector *>()) if (ExplodedNodeVector *V = Storage.dyn_cast<ExplodedNodeVector *>())
return V->end(); return V->end();
return Storage.getAddrOfPtr1() + 1; return Storage.getAddrOfPtr1() + 1;
} }
int64_t ExplodedNode::getID(ExplodedGraph *G) const {
return G->getAllocator().identifyKnownAlignedObject<ExplodedNode>(this);
}
bool ExplodedNode::isTrivial() const { bool ExplodedNode::isTrivial() const {
return pred_size() == 1 && succ_size() == 1 && return pred_size() == 1 && succ_size() == 1 &&
getFirstPred()->getState()->getID() == getState()->getID() && getFirstPred()->getState()->getID() == getState()->getID() &&
getFirstPred()->succ_size() == 1; getFirstPred()->succ_size() == 1;
} }
const CFGBlock *ExplodedNode::getCFGBlock() const { const CFGBlock *ExplodedNode::getCFGBlock() const {
ProgramPoint P = getLocation(); ProgramPoint P = getLocation();
▲ Show 20 LinesShow All 114 Lines▼ Show 20 Lines if (!FreeNodes.empty()) {
V = FreeNodes.back(); V = FreeNodes.back();
FreeNodes.pop_back(); FreeNodes.pop_back();
} }
else { else {
// Allocate a new node. // Allocate a new node.
V = (NodeTy*) getAllocator().Allocate<NodeTy>(); V = (NodeTy*) getAllocator().Allocate<NodeTy>();
} }
new (V) NodeTy(L, State, IsSink); ++NumNodes;
new (V) NodeTy(L, State, NumNodes, IsSink);
if (ReclaimNodeInterval) if (ReclaimNodeInterval)
ChangedNodes.push_back(V); ChangedNodes.push_back(V);
// Insert the node into the node set and return it. // Insert the node into the node set and return it.
Nodes.InsertNode(V, InsertPos); Nodes.InsertNode(V, InsertPos);
++NumNodes;
if (IsNew) *IsNew = true; if (IsNew) *IsNew = true;
} }
else else
if (IsNew) *IsNew = false; if (IsNew) *IsNew = false;
return V; return V;
} }
ExplodedNode *ExplodedGraph::createUncachedNode(const ProgramPoint &L, ExplodedNode *ExplodedGraph::createUncachedNode(const ProgramPoint &L,
ProgramStateRef State, ProgramStateRef State,
int64_t Id,
bool IsSink) { bool IsSink) {
NodeTy *V = (NodeTy *) getAllocator().Allocate<NodeTy>(); NodeTy *V = (NodeTy *) getAllocator().Allocate<NodeTy>();
new (V) NodeTy(L, State, IsSink); new (V) NodeTy(L, State, Id, IsSink);
return V; return V;
} }
std::unique_ptr<ExplodedGraph> std::unique_ptr<ExplodedGraph>
ExplodedGraph::trim(ArrayRef<const NodeTy *> Sinks, ExplodedGraph::trim(ArrayRef<const NodeTy *> Sinks,
InterExplodedGraphMap *ForwardMap, InterExplodedGraphMap *ForwardMap,
InterExplodedGraphMap *InverseMap) const { InterExplodedGraphMap *InverseMap) const {
if (Nodes.empty()) if (Nodes.empty())
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines while (!WL2.empty()) {
const ExplodedNode *N = WL2.pop_back_val(); const ExplodedNode *N = WL2.pop_back_val();
// Skip this node if we have already processed it. // Skip this node if we have already processed it.
if (Pass2.find(N) != Pass2.end()) if (Pass2.find(N) != Pass2.end())
continue; continue;
// Create the corresponding node in the new graph and record the mapping // Create the corresponding node in the new graph and record the mapping
// from the old node to the new node. // from the old node to the new node.
ExplodedNode *NewN = G->createUncachedNode(N->getLocation(), N->State, N->isSink()); ExplodedNode *NewN = G->createUncachedNode(N->getLocation(), N->State,
N->getID(), N->isSink());
Pass2[N] = NewN; Pass2[N] = NewN;
// Also record the reverse mapping from the new node to the old node. // Also record the reverse mapping from the new node to the old node.
if (InverseMap) (*InverseMap)[NewN] = N; if (InverseMap) (*InverseMap)[NewN] = N;
// If this node is a root, designate it as such in the graph. // If this node is a root, designate it as such in the graph.
if (N->Preds.empty()) if (N->Preds.empty())
G->addRoot(NewN); G->addRoot(NewN);
Show All 35 Lines

clang/lib/StaticAnalyzer/Core/ExprEngine.cpp

Show First 20 LinesShow All 3,055 Lines▼ Show 20 Linesstruct DOTGraphTraits<ExplodedGraph*> : public DefaultDOTGraphTraits {
static std::string getNodeLabel(const ExplodedNode *N, ExplodedGraph *G){ static std::string getNodeLabel(const ExplodedNode *N, ExplodedGraph *G){
std::string Buf; std::string Buf;
llvm::raw_string_ostream Out(Buf); llvm::raw_string_ostream Out(Buf);
const bool IsDot = true; const bool IsDot = true;
const unsigned int Space = 1; const unsigned int Space = 1;
ProgramStateRef State = N->getState(); ProgramStateRef State = N->getState();
auto Noop = [](const ExplodedNode*){}; Out << "{ \"state_id\": " << State->getID()
bool HasReport = traverseHiddenNodes(
N, Noop, Noop, &nodeHasBugReport);
bool IsSink = traverseHiddenNodes(
N, Noop, Noop, [](const ExplodedNode *N) { return N->isSink(); });
Out << "{ \"node_id\": " << N->getID(G) << ", \"pointer\": \""
<< (const void *)N << "\", \"state_id\": " << State->getID()
<< ", \"has_report\": " << (HasReport ? "true" : "false")
<< ", \"is_sink\": " << (IsSink ? "true" : "false")
<< ",\\l"; << ",\\l";
Indent(Out, Space, IsDot) << "\"program_points\": [\\l"; Indent(Out, Space, IsDot) << "\"program_points\": [\\l";
// Dump program point for all the previously skipped nodes. // Dump program point for all the previously skipped nodes.
traverseHiddenNodes( traverseHiddenNodes(
N, N,
[&](const ExplodedNode *OtherNode) { [&](const ExplodedNode *OtherNode) {
Indent(Out, Space + 1, IsDot) << "{ "; Indent(Out, Space + 1, IsDot) << "{ ";
OtherNode->getLocation().printJson(Out, /*NL=*/"\\l"); OtherNode->getLocation().printJson(Out, /*NL=*/"\\l");
Out << ", \"tag\": "; Out << ", \"tag\": ";
if (const ProgramPointTag *Tag = OtherNode->getLocation().getTag()) if (const ProgramPointTag *Tag = OtherNode->getLocation().getTag())
Out << '\"' << Tag->getTagDescription() << "\" }"; Out << '\"' << Tag->getTagDescription() << "\"";
else else
Out << "null }"; Out << "null";
Out << ", \"node_id\": " << OtherNode->getID() <<
", \"is_sink\": " << OtherNode->isSink() <<
", \"has_report\": " << nodeHasBugReport(OtherNode) << " }";
CharussoUnsubmitted
Not Done
ReplyInline Actions

Missing space at the end ", \"is_sink\":" -> ", \"is_sink\": ", and also I like the booleans dumped as true/false, but it was a total arbitrary decision.

Charusso: Missing space at the end `", \"is_sink\":"` -> `", \"is_sink\": "`, and also I like the…
}, },
// Adds a comma and a new-line between each program point. // Adds a comma and a new-line between each program point.
[&](const ExplodedNode *) { Out << ",\\l"; }, [&](const ExplodedNode *) { Out << ",\\l"; },
[&](const ExplodedNode *) { return false; }); [&](const ExplodedNode *) { return false; });
Out << "\\l"; // Adds a new-line to the last program point. Out << "\\l"; // Adds a new-line to the last program point.
Indent(Out, Space, IsDot) << "],\\l"; Indent(Out, Space, IsDot) << "],\\l";
▲ Show 20 LinesShow All 83 LinesShow Last 20 Lines

clang/test/Analysis/dump_egraph.c

Show All 12 Lines
int foo() { int foo() {
int *x = 0, *y = 0; int *x = 0, *y = 0;
char c = '\x13'; char c = '\x13';
return *x + *y; return *x + *y;
} }
// CHECK: \"program_points\": [\l&nbsp;&nbsp;&nbsp;&nbsp;\{ \"kind\": \"Edge\", \"src_id\": 2, \"dst_id\": 1, \"terminator\": null, \"term_kind\": null, \"tag\": null \}\l&nbsp;&nbsp;],\l&nbsp;&nbsp;\"program_state\": null // CHECK: \"program_points\": [\l&nbsp;&nbsp;&nbsp;&nbsp;\{ \"kind\": \"Edge\", \"src_id\": 2, \"dst_id\": 1, \"terminator\": null, \"term_kind\": null, \"tag\": null, \"node_id\": 1, \"is_sink\":0, \"has_report\": 0 \}\l&nbsp;&nbsp;],\l&nbsp;&nbsp;\"program_state\": null
// CHECK: \"program_points\": [\l&nbsp;&nbsp;&nbsp;&nbsp;\{ \"kind\": \"BlockEntrance\", \"block_id\": 1 // CHECK: \"program_points\": [\l&nbsp;&nbsp;&nbsp;&nbsp;\{ \"kind\": \"BlockEntrance\", \"block_id\": 1
// CHECK: \"pretty\": \"*x\", \"location\": \{ \"line\": 18, \"column\": 10, \"file\": \"{{(.+)}}dump_egraph.c\" \} // CHECK: \"pretty\": \"*x\", \"location\": \{ \"line\": 18, \"column\": 10, \"file\": \"{{(.+)}}dump_egraph.c\" \}
// CHECK: \"pretty\": \"'\\\\x13'\" // CHECK: \"pretty\": \"'\\\\x13'\"
// CHECK: \"has_report\": true // CHECK: \"has_report\": 1

clang/test/Analysis/exploded-graph-rewriter/checker_messages.dot

// RUN: %exploded_graph_rewriter %s | FileCheck %s // RUN: %exploded_graph_rewriter %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
// CHECK: <b>Checker State: </b> // CHECK: <b>Checker State: </b>
// CHECK-SAME: <td align="left"><i>alpha.core.FooChecker</i>:</td> // CHECK-SAME: <td align="left"><i>alpha.core.FooChecker</i>:</td>
// CHECK-SAME: <td align="left">Foo stuff:</td> // CHECK-SAME: <td align="left">Foo stuff:</td>
// CHECK-SAME: <td align="left">Foo: Bar</td> // CHECK-SAME: <td align="left">Foo: Bar</td>
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, { "node_id": 1,
"pointer": "0x1", "pointer": "0x1",
"has_report": false, "has_report": false,
"is_sink": false, "is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"environment": null, "environment": null,
"checker_messages": [ "checker_messages": [
{ "checker": "alpha.core.FooChecker", "messages": [ { "checker": "alpha.core.FooChecker", "messages": [
"Foo stuff:", "Foo stuff:",
"Foo: Bar" "Foo: Bar"
]} ]}
] ]
} }
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/checker_messages_diff.dot

// RUN: %exploded_graph_rewriter -d %s | FileCheck %s // RUN: %exploded_graph_rewriter -d %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, { "state_id": 2,
"pointer": "0x1", "program_points": [
"has_report": false, {
"is_sink": false, "kind": "BlockEntrance", "block_id": 1,
"state_id": 2, "terminator": null, "term_kind": null,
"program_points": [], "tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"environment": null, "environment": null,
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": [ "checker_messages": [
{ "checker": "FooChecker", "messages": [ { "checker": "FooChecker", "messages": [
Show All 32 Lines
// CHECK-SAME: <td align="left"><i>DunnoWhateverSomeOtherChecker</i>:</td> // CHECK-SAME: <td align="left"><i>DunnoWhateverSomeOtherChecker</i>:</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td><font color="forestgreen">+</font></td> // CHECK-SAME: <td><font color="forestgreen">+</font></td>
// CHECK-SAME: <td align="left">Dunno, some other message.</td> // CHECK-SAME: <td align="left">Dunno, some other message.</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
Node0x4 [shape=record,label= Node0x4 [shape=record,label=
"{ "{
{ "node_id": 4, {
"pointer": "0x4",
"has_report": false,
"is_sink": false,
"state_id": 5, "state_id": 5,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"environment": null, "environment": null,
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": [ "checker_messages": [
{ "checker": "FooChecker", "messages": [ { "checker": "FooChecker", "messages": [
"Foo: Bar", "Foo: Bar",
"Bar: Foo" "Bar: Foo"
]}, ]},
{ "checker": "DunnoWhateverSomeOtherChecker", "messages": [ { "checker": "DunnoWhateverSomeOtherChecker", "messages": [
"Dunno, some other message." "Dunno, some other message."
]} ]}
] ]
} }
} }
\l}"]; \l}"];
Node0x4 -> Node0x6; Node0x4 -> Node0x6;
Node0x6 [shape=record,label= Node0x6 [shape=record,label=
"{ "{
{ "node_id": 6, { "state_id": 7,
"pointer": "0x6", "program_points": [
"has_report": false, {
"is_sink": false, "kind": "BlockEntrance", "block_id": 1,
"state_id": 7, "terminator": null, "term_kind": null,
"program_points": [], "tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": null "program_state": null
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/constraints.dot

// RUN: %exploded_graph_rewriter %s | FileCheck %s // RUN: %exploded_graph_rewriter %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
// CHECK: <tr><td align="left"><b>Ranges: </b></td></tr> // CHECK: <tr><td align="left"><b>Ranges: </b></td></tr>
// CHECK-SAME: <tr><td align="left"><table border="0"> // CHECK-SAME: <tr><td align="left"><table border="0">
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td align="left">reg_$0<x></td> // CHECK-SAME: <td align="left">reg_$0<x></td>
// CHECK-SAME: <td align="left">\{ [0, 0] \}</td> // CHECK-SAME: <td align="left">\{ [0, 0] \}</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: </table></td></tr> // CHECK-SAME: </table></td></tr>
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, {
"pointer": "0x1",
"has_report": false,
"is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"environment": null, "environment": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"constraints": [ "constraints": [
{ "symbol": "reg_$0<x>", "range": "{ [0, 0] }" } { "symbol": "reg_$0<x>", "range": "{ [0, 0] }" }
] ]
} }
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/constraints_diff.dot

// RUN: %exploded_graph_rewriter -d %s | FileCheck %s // RUN: %exploded_graph_rewriter -d %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, {
"pointer": "0x1",
"has_report": false,
"is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"environment": null, "environment": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"constraints": [ "constraints": [
{ "symbol": "reg_$0<x>", "range": "{ [0, 10] }" } { "symbol": "reg_$0<x>", "range": "{ [0, 10] }" }
Show All 12 Lines
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td><font color="forestgreen">+</font></td> // CHECK-SAME: <td><font color="forestgreen">+</font></td>
// CHECK-SAME: <td align="left">reg_$0<x></td> // CHECK-SAME: <td align="left">reg_$0<x></td>
// CHECK-SAME: <td align="left">\{ [0, 5] \}</td> // CHECK-SAME: <td align="left">\{ [0, 5] \}</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
Node0x3 [shape=record,label= Node0x3 [shape=record,label=
"{ "{
{ "node_id": 3, {
"pointer": "0x3",
"has_report": false,
"is_sink": false,
"state_id": 4, "state_id": 4,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"environment": null, "environment": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"constraints": [ "constraints": [
{ "symbol": "reg_$0<x>", "range": "{ [0, 5] }" } { "symbol": "reg_$0<x>", "range": "{ [0, 5] }" }
] ]
} }
} }
\l}"]; \l}"];
Node0x3 -> Node0x5; Node0x3 -> Node0x5;
Node0x5 [shape=record,label= Node0x5 [shape=record,label=
"{ "{
{ "node_id": 5, {
"pointer": "0x5",
"has_report": false,
"is_sink": false,
"state_id": 6, "state_id": 6,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"environment": null, "environment": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null "checker_messages": null
} }
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/edge.dot

// RUN: %exploded_graph_rewriter %s | FileCheck %s -check-prefix=LIGHT // RUN: %exploded_graph_rewriter %s | FileCheck %s -check-prefix=LIGHT
// RUN: %exploded_graph_rewriter --dark %s | FileCheck %s -check-prefixes=DARK // RUN: %exploded_graph_rewriter --dark %s | FileCheck %s -check-prefixes=DARK
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{{ "node_id": 1, "pointer": "0x1", "has_report": false, "is_sink": false, "{{ "program_state": null, "program_points": [
"program_state": null, "program_points": []}\l}"]; {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
]}\l}"];
// LIGHT: Node0x1 -> Node0x2; // LIGHT: Node0x1 -> Node0x2;
// DARK: Node0x1 -> Node0x2 [color="white"]; // DARK: Node0x1 -> Node0x2 [color="white"];
Node0x1 -> Node0x2; Node0x1 -> Node0x2;
Node0x2 [shape=record,label= Node0x2 [shape=record,label=
"{{ "node_id": 2, "pointer": "0x2", "has_report": false, "is_sink": false, "{{ "program_state": null, "program_points": [
"program_state": null, "program_points": []}\l}"]; {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
]}\l}"];

clang/test/Analysis/exploded-graph-rewriter/environment.dot

// RUN: %exploded_graph_rewriter %s | FileCheck %s // RUN: %exploded_graph_rewriter %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
// CHECK: <b>Environment: </b> // CHECK: <b>Environment: </b>
// CHECK-SAME: <table border="0"> // CHECK-SAME: <table border="0">
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td align="left"> // CHECK-SAME: <td align="left">
// CHECK-SAME: <b>#0 Call</b> // CHECK-SAME: <b>#0 Call</b>
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td align="left" colspan="2"> // CHECK-SAME: <td align="left" colspan="2">
// CHECK-SAME: <font color="gray60">foo </font> // CHECK-SAME: <font color="gray60">foo </font>
// CHECK-SAME: (environment.cpp:<b>4</b>:<b>6</b> // CHECK-SAME: (environment.cpp:<b>4</b>:<b>6</b>
// CHECK-SAME: <font color="royalblue1"> // CHECK-SAME: <font color="royalblue1">
// CHECK-SAME: (<i>spelling at </i> environment.h:<b>7</b>:<b>8</b>) // CHECK-SAME: (<i>spelling at </i> environment.h:<b>7</b>:<b>8</b>)
// CHECK-SAME: </font>) // CHECK-SAME: </font>)
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td align="left"> // CHECK-SAME: <td align="left">
// CHECK-SAME: <i>S5</i> // CHECK-SAME: <i>S5</i>
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td align="left"> // CHECK-SAME: <td align="left">
// CHECK-SAME: bar() // CHECK-SAME: bar()
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td align="left"> // CHECK-SAME: <td align="left">
// CHECK-SAME: Unknown // CHECK-SAME: Unknown
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: </table> // CHECK-SAME: </table>
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, { "node_id": 1,
"pointer": "0x1", "pointer": "0x1",
"has_report": false, "has_report": false,
"is_sink": false, "is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"environment": { "environment": {
"pointer": "0x2", "pointer": "0x2",
Show All 28 Lines

clang/test/Analysis/exploded-graph-rewriter/environment_diff.dot

// RUN: %exploded_graph_rewriter -d %s | FileCheck %s // RUN: %exploded_graph_rewriter -d %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
// No diffs on the first node, nothing to check. // No diffs on the first node, nothing to check.
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, {
"pointer": "0x1",
"has_report": false,
"is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"environment": { "environment": {
"pointer": "0x2", "pointer": "0x2",
Show All 29 Lines
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td><font color="forestgreen">+</font></td> // CHECK-SAME: <td><font color="forestgreen">+</font></td>
// CHECK-SAME: <td align="left"><i>S9</i></td> // CHECK-SAME: <td align="left"><i>S9</i></td>
// CHECK-SAME: <td align="left">baz()</td> // CHECK-SAME: <td align="left">baz()</td>
// CHECK-SAME: <td align="left">Undefined</td> // CHECK-SAME: <td align="left">Undefined</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
Node0x6 [shape=record,label= Node0x6 [shape=record,label=
"{ "{
{ "node_id": 6, {
"pointer": "0x6",
"has_report": false,
"is_sink": false,
"state_id": 7, "state_id": 7,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"environment": { "environment": {
"pointer": "0x2", "pointer": "0x2",
Show All 23 Lines
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td></td> // CHECK-SAME: <td></td>
// CHECK-SAME: <td align="left"><i>S9</i></td> // CHECK-SAME: <td align="left"><i>S9</i></td>
// CHECK-SAME: <td align="left">baz()</td> // CHECK-SAME: <td align="left">baz()</td>
// CHECK-SAME: <td align="left">Undefined</td> // CHECK-SAME: <td align="left">Undefined</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
Node0x9 [shape=record,label= Node0x9 [shape=record,label=
"{ "{
{ "node_id": 9, {
"pointer": "0x9",
"has_report": false,
"is_sink": false,
"state_id": 7, "state_id": 7,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"store": null, "store": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"environment": { "environment": {
"pointer": "0x2", "pointer": "0x2",
Show All 19 Lines

clang/test/Analysis/exploded-graph-rewriter/node_labels.dot

Show All 9 Lines
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
// LIGHT: Node0x1 [shape=record,label=< // LIGHT: Node0x1 [shape=record,label=<
// DARK: Node0x1 [shape=record,color="white",fontcolor="gray80",label=< // DARK: Node0x1 [shape=record,color="white",fontcolor="gray80",label=<
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// LIGHT-SAME: <td bgcolor="gray70"> // LIGHT-SAME: <td bgcolor="gray70">
// DARK-SAME: <td bgcolor="gray20"> // DARK-SAME: <td bgcolor="gray20">
// CHECK-SAME: <b>Node 1 (0x1) - State Unspecified</b> // CHECK-SAME: <b>State Unspecified</b>
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, "pointer": "0x1", "has_report": false, "is_sink": false, { "node_id": 1, "pointer": "0x1", "has_report": false, "is_sink": false,
"program_state": null, "program_state": null,
"program_points": [] "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
]
} }
\l}"]; \l}"];
// CHECK: Node0x2 [ // CHECK: Node0x2 [
// CHECK-SAME: <tr><td> // CHECK-SAME: <tr>
// CHECK-SAME: <td colspan="3" align="left">
// COLOR-SAME: <font color="red"><b>Bug Report Attached</b></font> // COLOR-SAME: <font color="red"><b>Bug Report Attached</b></font>
// GRAY-SAME: <b>Bug Report Attached</b> // GRAY-SAME: <b>Bug Report Attached</b>
// CHECK-SAME: </td></tr> // CHECK-SAME: </td>
// CHECK-SAME: <tr><td> // CHECK-SAME: </tr>
// CHECK-SAME: <tr>
// CHECK-SAME: <td colspan="3" align="left">
// COLOR-SAME: <font color="cornflowerblue"><b>Sink Node</b></font> // COLOR-SAME: <font color="cornflowerblue"><b>Sink Node</b></font>
// GRAY-SAME: <b>Sink Node</b> // GRAY-SAME: <b>Sink Node</b>
CharussoUnsubmitted
Not Done
ReplyInline Actions

GREY typo.

Charusso: `GREY` typo.
NoQAuthorUnsubmitted
Done
ReplyInline Actions

Whoops!!

NoQ: Whoops!!
// CHECK-SAME: </td></tr> // CHECK-SAME: </td>
// CHECK-SAME: </tr>
Node0x2 [shape=record,label= Node0x2 [shape=record,label=
"{ "{
{ "node_id": 2, "pointer": "0x2", "has_report": true, "is_sink": true, { "program_state": null,
"program_state": null, "program_points": [
"program_points": [] {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 2,
"has_report": 1, "is_sink": 1
}
]
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/program_points.dot

Show All 22 Lines
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td align="left"> // CHECK-SAME: <td align="left">
// CHECK-SAME: [B1] // CHECK-SAME: [B1]
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: </table> // CHECK-SAME: </table>
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, "pointer": "0x1", "has_report": false, "is_sink": false, {
"program_state": null, "program_points": [ "program_state": null, "program_points": [
{ {
"kind": "Edge", "kind": "Edge",
"src_id": 0, "src_id": 0,
"dst_id": 1, "dst_id": 1,
"terminator": null, "terminator": null,
"term_kind": null, "term_kind": null,
"tag": null "tag": null,
"node_id": 1,
"has_report": 0,
"is_sink": 0
}, },
{ {
"kind": "BlockEntrance", "kind": "BlockEntrance",
"block_id": 1, "block_id": 1,
"terminator": null, "terminator": null,
"term_kind": null, "term_kind": null,
"tag": null "tag": null,
"node_id": 2,
"has_report": 0,
"is_sink": 0
} }
]} ]}
\l}"]; \l}"];
// CHECK-NEXT: <b>Program point:</b> // CHECK-NEXT: <b>Program point:</b>
// CHECK-SAME: <table border="0" align="left" width="0"> // CHECK-SAME: <table border="0" align="left" width="0">
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td align="left" width="0"> // CHECK-SAME: <td align="left" width="0">
Show All 12 Lines
// CHECK-SAME: <td width="0"> // CHECK-SAME: <td width="0">
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td colspan="3" align="left"> // CHECK-SAME: <td colspan="3" align="left">
// CHECK-SAME: <b>Tag: </b> // CHECK-SAME: <b>Tag: </b>
// CHECK-SAME: <font color="crimson">ExprEngine : Clean Node</font> // CHECK-SAME: <font color="crimson">ExprEngine : Clean Node</font>
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: </table> // CHECK-SAME: </table>
Node0x2 [shape=record,label= Node0x3 [shape=record,label=
"{ "{
{ "node_id": 2, "pointer": "0x2", "has_report": false, "is_sink": false, { "program_state": null, "program_points": [
"program_state": null, "program_points": [
{ {
"kind": "Statement", "kind": "Statement",
"stmt_kind": "DeclRefExpr", "stmt_kind": "DeclRefExpr",
"stmt_point_kind": "PreStmt", "stmt_point_kind": "PreStmt",
"stmt_id": 3, "stmt_id": 3,
"pointer": "0x3", "pointer": "0x3",
"pretty": "x", "pretty": "x",
"location": { "location": {
"file": "main.cpp", "file": "main.cpp",
"line": 4, "line": 4,
"column": 5 "column": 5
}, },
"tag": "ExprEngine : Clean Node" "tag": "ExprEngine : Clean Node",
"node_id": 3,
"pointer": "0x3",
"has_report": 0,
"is_sink": 0
} }
]} ]}
\l}"]; \l}"];
// Test collapsing large pretty prints with braces. // Test collapsing large pretty prints with braces.
// CHECK-NEXT: <b>Program point:</b> // CHECK-NEXT: <b>Program point:</b>
// CHECK-SAME: <td align="left">\{ ... \}</td> // CHECK-SAME: <td align="left">\{ ... \}</td>
Node0x3 [shape=record,label= Node0x4 [shape=record,label=
"{ "{
{ "node_id": 3, "pointer": "0x3", "has_report": false, "is_sink": false, {
"program_state": null, "program_points": [ "program_state": null, "program_points": [
{ {
"kind": "Statement", "kind": "Statement",
"stmt_kind": "CompoundStmt", "stmt_kind": "CompoundStmt",
"stmt_point_kind": "PostStmt", "stmt_point_kind": "PostStmt",
"stmt_id": 6, "stmt_id": 6,
"pointer": "0x6", "pointer": "0x6",
"pretty": "{ very very very very very very long pretty print }", "pretty": "{ very very very very very very long pretty print }",
"location": { "location": {
"line": 7, "line": 7,
"column": 8 "column": 8
}, },
"tag": "ExprEngine : Clean Node" "tag": "ExprEngine : Clean Node",
"node_id": 4,
"has_report": 0,
"is_sink": 0
} }
]} ]}
\l}"]; \l}"];
// CHECK-NEXT: <b>Program point:</b> // CHECK-NEXT: <b>Program point:</b>
// CHECK-SAME: <table border="0" align="left" width="0"> // CHECK-SAME: <table border="0" align="left" width="0">
// CHECK-SAME: <tr> // CHECK-SAME: <tr>
// CHECK-SAME: <td align="left" width="0"> // CHECK-SAME: <td align="left" width="0">
Show All 14 Lines
// CHECK-SAME: <td width="0"> // CHECK-SAME: <td width="0">
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td colspan="3" align="left"> // CHECK-SAME: <td colspan="3" align="left">
// CHECK-SAME: <b>Tag: </b> // CHECK-SAME: <b>Tag: </b>
// CHECK-SAME: <font color="crimson">ExprEngine : Clean Node</font> // CHECK-SAME: <font color="crimson">ExprEngine : Clean Node</font>
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: </table> // CHECK-SAME: </table>
Node0x4 [shape=record,label= Node0x5 [shape=record,label=
"{ "{
{ "node_id": 4, "pointer": "0x4", "has_report": false, "is_sink": false, { "program_state": null, "program_points": [
"program_state": null, "program_points": [
{ {
"kind": "Statement", "kind": "Statement",
"stmt_kind": "ImplicitCastExpr", "stmt_kind": "ImplicitCastExpr",
"cast_kind": "LValueToRValue", "cast_kind": "LValueToRValue",
"stmt_point_kind": "PreStmt", "stmt_point_kind": "PreStmt",
"stmt_id": 5, "stmt_id": 5,
"pointer": "0x6", "pointer": "0x6",
"pretty": "y", "pretty": "y",
"location": { "location": {
"file": "main.cpp", "file": "main.cpp",
"line": 8, "line": 8,
"column": 9 "column": 9
}, },
"tag": "ExprEngine : Clean Node" "tag": "ExprEngine : Clean Node",
"node_id": 5,
"has_report": 0,
"is_sink": 0
} }
]} ]}
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/store.dot

Show All 17 Lines
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: <td align="left"> // CHECK-SAME: <td align="left">
// CHECK-SAME: Undefined // CHECK-SAME: Undefined
// CHECK-SAME: </td> // CHECK-SAME: </td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
// CHECK-SAME: </table> // CHECK-SAME: </table>
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, { "state_id": 2,
"pointer": "0x1", "program_points": [
"has_report": false, {
"is_sink": false, "kind": "BlockEntrance", "block_id": 1,
"state_id": 2, "terminator": null, "term_kind": null,
"program_points": [], "tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"environment": null, "environment": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"store": { "store": {
"pointer": "0x2", "pointer": "0x2",
Show All 17 Lines

clang/test/Analysis/exploded-graph-rewriter/store_diff.dot

// RUN: %exploded_graph_rewriter -d %s | FileCheck %s // RUN: %exploded_graph_rewriter -d %s | FileCheck %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, { "node_id": 1,
"pointer": "0x1", "pointer": "0x1",
"has_report": false, "has_report": false,
"is_sink": false, "is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"environment": null, "environment": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"store": { "store": {
"pointer": "0x2", "pointer": "0x2",
Show All 28 Lines
// CHECK-SAME: <td><font color="forestgreen">+</font></td> // CHECK-SAME: <td><font color="forestgreen">+</font></td>
// CHECK-SAME: <td align="left">x</td> // CHECK-SAME: <td align="left">x</td>
// CHECK-SAME: <td align="left">0</td> // CHECK-SAME: <td align="left">0</td>
// CHECK-SAME: <td align="left">(<i>Default</i>)</td> // CHECK-SAME: <td align="left">(<i>Default</i>)</td>
// CHECK-SAME: <td align="left">Unknown</td> // CHECK-SAME: <td align="left">Unknown</td>
// CHECK-SAME: </tr> // CHECK-SAME: </tr>
Node0x4 [shape=record,label= Node0x4 [shape=record,label=
"{ "{
{ "node_id": 4, {
"pointer": "0x4",
"has_report": false,
"is_sink": false,
"state_id": 5, "state_id": 5,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"environment": null, "environment": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": null, "checker_messages": null,
"store": { "store": {
"pointer": "0x5", "pointer": "0x5",
Show All 14 Lines "{
} }
} }
\l}"]; \l}"];
Node0x4 -> Node0x6; Node0x4 -> Node0x6;
Node0x6 [shape=record,label= Node0x6 [shape=record,label=
"{ "{
{ "node_id": 6, {
"pointer": "0x6",
"has_report": false,
"is_sink": false,
"state_id": 7, "state_id": 7,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": null "program_state": null
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/topology.dot

// RUN: %exploded_graph_rewriter %s \ // RUN: %exploded_graph_rewriter %s \
// RUN: | FileCheck -check-prefixes=NORMAL %s // RUN: | FileCheck -check-prefixes=NORMAL %s
// RUN: %exploded_graph_rewriter -t %s \ // RUN: %exploded_graph_rewriter -t %s \
// RUN: | FileCheck -check-prefixes=TOPOLOGY %s // RUN: | FileCheck -check-prefixes=TOPOLOGY %s
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
// NORMAL: Program point // NORMAL: Program point
// TOPOLOGY-NOT: Program point // TOPOLOGY-NOT: Program point
// NORMAL: Checker State // NORMAL: Checker State
// TOPOLOGY-NOT: Checker State // TOPOLOGY-NOT: Checker State
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{ "{
{ "node_id": 1, {
"pointer": "0x1",
"has_report": false,
"is_sink": false,
"state_id": 2, "state_id": 2,
"program_points": [], "program_points": [
{
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
],
"program_state": { "program_state": {
"environment": null, "environment": null,
"constraints": null, "constraints": null,
"dynamic_types": null, "dynamic_types": null,
"constructing_objects": null, "constructing_objects": null,
"checker_messages": [ "checker_messages": [
{ "checker": "foo", "messages": ["bar"] } { "checker": "foo", "messages": ["bar"] }
], ],
"store": null "store": null
} }
} }
\l}"]; \l}"];

clang/test/Analysis/exploded-graph-rewriter/trimmers.dot

Show All 11 Lines
// RUN: | FileCheck %s -check-prefixes=ONE,TWO,THREE,FOUR // RUN: | FileCheck %s -check-prefixes=ONE,TWO,THREE,FOUR
// RUN: %exploded_graph_rewriter --to 4 -s %s \ // RUN: %exploded_graph_rewriter --to 4 -s %s \
// RUN: | FileCheck %s -check-prefixes=ONE,TWO,NOTHREE,FOUR // RUN: | FileCheck %s -check-prefixes=ONE,TWO,NOTHREE,FOUR
// FIXME: Substitution doesn't seem to work on Windows. // FIXME: Substitution doesn't seem to work on Windows.
// UNSUPPORTED: system-windows // UNSUPPORTED: system-windows
Node0x1 [shape=record,label= Node0x1 [shape=record,label=
"{{ "node_id": 1, "pointer": "0x1", "has_report": false, "is_sink": false, "{{ "program_state": null, "program_points": [
"program_state": null, "program_points": []}\l}"]; {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 1,
"has_report": 0, "is_sink": 0
}
]}\l}"];
Node0x2 [shape=record,label= Node0x2 [shape=record,label=
"{{ "node_id": 2, "pointer": "0x2", "has_report": false, "is_sink": false, "{{ "program_state": null, "program_points": [
"program_state": null, "program_points": []}\l}"]; {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 2,
"has_report": 0, "is_sink": 0
}
]}\l}"];
Node0x3 [shape=record,label= Node0x3 [shape=record,label=
"{{ "node_id": 3, "pointer": "0x3", "has_report": false, "is_sink": false, "{{ "program_state": null, "program_points": [
"program_state": null, "program_points": []}\l}"]; {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 3,
"has_report": 0, "is_sink": 0
}
]}\l}"];
Node0x4 [shape=record,label= Node0x4 [shape=record,label=
"{{ "node_id": 4, "pointer": "0x4", "has_report": false, "is_sink": false, "{{ "program_state": null, "program_points": [
"program_state": null, "program_points": []}\l}"]; {
"kind": "BlockEntrance", "block_id": 1,
"terminator": null, "term_kind": null,
"tag": null, "node_id": 4,
"has_report": 0, "is_sink": 0
}
]}\l}"];
Node0x1 -> Node0x2; Node0x1 -> Node0x2;
Node0x1 -> Node0x3; Node0x1 -> Node0x3;
Node0x2 -> Node0x4; Node0x2 -> Node0x4;
Node0x3 -> Node0x4; Node0x3 -> Node0x4;
// ONE: Node0x1 // ONE: Node0x1
// NOTONE-NOT: Node0x1 // NOTONE-NOT: Node0x1
// TWO: Node0x2 // TWO: Node0x2
// NOTTWO-NOT: Node0x2 // NOTTWO-NOT: Node0x2
// THREE: Node0x3 // THREE: Node0x3
// NOTTHREE-NOT: Node0x3 // NOTTHREE-NOT: Node0x3
// FOUR: Node0x4 // FOUR: Node0x4
// NOTFOUR-NOT: Node0x4 // NOTFOUR-NOT: Node0x4

clang/utils/analyzer/exploded-graph-rewriter.py

Show First 20 LinesShow All 61 Lines▼ Show 20 Lines
# A deserialized program point. # A deserialized program point.
class ProgramPoint(object): class ProgramPoint(object):
def __init__(self, json_pp): def __init__(self, json_pp):
super(ProgramPoint, self).__init__() super(ProgramPoint, self).__init__()
self.kind = json_pp['kind'] self.kind = json_pp['kind']
self.tag = json_pp['tag'] self.tag = json_pp['tag']
self.node_id = json_pp['node_id']
self.is_sink = bool(json_pp['is_sink'])
self.has_report = bool(json_pp['has_report'])
if self.kind == 'Edge': if self.kind == 'Edge':
self.src_id = json_pp['src_id'] self.src_id = json_pp['src_id']
self.dst_id = json_pp['dst_id'] self.dst_id = json_pp['dst_id']
elif self.kind == 'Statement': elif self.kind == 'Statement':
logging.debug(json_pp) logging.debug(json_pp)
self.stmt_kind = json_pp['stmt_kind'] self.stmt_kind = json_pp['stmt_kind']
self.cast_kind = json_pp['cast_kind'] \ self.cast_kind = json_pp['cast_kind'] \
if 'cast_kind' in json_pp else None if 'cast_kind' in json_pp else None
▲ Show 20 LinesShow All 226 Lines▼ Show 20 Lines
class ExplodedNode(object): class ExplodedNode(object):
def __init__(self): def __init__(self):
super(ExplodedNode, self).__init__() super(ExplodedNode, self).__init__()
self.predecessors = [] self.predecessors = []
self.successors = [] self.successors = []
def construct(self, node_id, json_node): def construct(self, node_id, json_node):
logging.debug('Adding ' + node_id) logging.debug('Adding ' + node_id)
self.node_id = json_node['node_id'] self.ptr = node_id[4:]
self.ptr = json_node['pointer']
self.has_report = json_node['has_report']
self.is_sink = json_node['is_sink']
self.points = [ProgramPoint(p) for p in json_node['program_points']] self.points = [ProgramPoint(p) for p in json_node['program_points']]
self.node_id = self.points[-1].node_id
self.state = ProgramState(json_node['state_id'], self.state = ProgramState(json_node['state_id'],
json_node['program_state']) \ json_node['program_state']) \
if json_node['program_state'] is not None else None if json_node['program_state'] is not None else None
assert self.node_name() == node_id assert self.node_name() == node_id
def node_name(self): def node_name(self):
return 'Node' + self.ptr return 'Node' + self.ptr
▲ Show 20 LinesShow All 158 Lines▼ Show 20 Lines def visit_program_point(self, p):
color = 'red' color = 'red'
elif p.kind in ['CallEnter', 'CallExitBegin', 'CallExitEnd']: elif p.kind in ['CallEnter', 'CallExitBegin', 'CallExitEnd']:
color = 'dodgerblue' if self._dark_mode else 'blue' color = 'dodgerblue' if self._dark_mode else 'blue'
elif p.kind in ['Statement']: elif p.kind in ['Statement']:
color = 'cyan4' color = 'cyan4'
else: else:
color = 'forestgreen' color = 'forestgreen'
self._dump('<tr><td align="left">%s.</td>' % p.node_id)
if p.kind == 'Statement': if p.kind == 'Statement':
# This avoids pretty-printing huge statements such as CompoundStmt. # This avoids pretty-printing huge statements such as CompoundStmt.
# Such statements show up only at [Pre|Post]StmtPurgeDeadSymbols # Such statements show up only at [Pre|Post]StmtPurgeDeadSymbols
skip_pretty = 'PurgeDeadSymbols' in p.stmt_point_kind skip_pretty = 'PurgeDeadSymbols' in p.stmt_point_kind
stmt_color = 'cyan3' stmt_color = 'cyan3'
self._dump('<tr><td align="left" width="0">%s:</td>' self._dump('<td align="left" width="0">%s:</td>'
'<td align="left" width="0"><font color="%s">' '<td align="left" width="0"><font color="%s">'
'%s</font> </td>' '%s</font> </td>'
'<td align="left"><i>S%s</i></td>' '<td align="left"><i>S%s</i></td>'
'<td align="left"><font color="%s">%s</font></td>' '<td align="left"><font color="%s">%s</font></td>'
'<td align="left">%s</td></tr>' '<td align="left">%s</td></tr>'
% (self._make_sloc(p.loc), color, % (self._make_sloc(p.loc), color,
'%s (%s)' % (p.stmt_kind, p.cast_kind) '%s (%s)' % (p.stmt_kind, p.cast_kind)
if p.cast_kind is not None else p.stmt_kind, if p.cast_kind is not None else p.stmt_kind,
p.stmt_id, stmt_color, p.stmt_point_kind, p.stmt_id, stmt_color, p.stmt_point_kind,
self._short_pretty(p.pretty) self._short_pretty(p.pretty)
if not skip_pretty else '')) if not skip_pretty else ''))
elif p.kind == 'Edge': elif p.kind == 'Edge':
self._dump('<tr><td width="0"></td>' self._dump('<td width="0"></td>'
'<td align="left" width="0">' '<td align="left" width="0">'
'<font color="%s">%s</font></td><td align="left">' '<font color="%s">%s</font></td><td align="left">'
'[B%d] -\\> [B%d]</td></tr>' '[B%d] -\\> [B%d]</td></tr>'
% (color, 'BlockEdge', p.src_id, p.dst_id)) % (color, 'BlockEdge', p.src_id, p.dst_id))
elif p.kind == 'BlockEntrance': elif p.kind == 'BlockEntrance':
self._dump('<tr><td width="0"></td>' self._dump('<td width="0"></td>'
'<td align="left" width="0">' '<td align="left" width="0">'
'<font color="%s">%s</font></td>' '<font color="%s">%s</font></td>'
'<td align="left">[B%d]</td></tr>' '<td align="left">[B%d]</td></tr>'
% (color, p.kind, p.block_id)) % (color, p.kind, p.block_id))
else: else:
# TODO: Print more stuff for other kinds of points. # TODO: Print more stuff for other kinds of points.
self._dump('<tr><td width="0"></td>' self._dump('<td width="0"></td>'
'<td align="left" width="0" colspan="2">' '<td align="left" width="0" colspan="2">'
'<font color="%s">%s</font></td></tr>' '<font color="%s">%s</font></td></tr>'
% (color, p.kind)) % (color, p.kind))
if p.tag is not None: if p.tag is not None:
self._dump('<tr><td width="0"></td>' self._dump('<tr><td width="0"></td><td width="0"></td>'
'<td colspan="3" align="left">' '<td colspan="3" align="left">'
'<b>Tag: </b> <font color="crimson">' '<b>Tag: </b> <font color="crimson">'
'%s</font></td></tr>' % p.tag) '%s</font></td></tr>' % p.tag)
if p.has_report:
self._dump('<tr><td width="0"></td><td width="0"></td>'
'<td colspan="3" align="left">'
'<font color="red"><b>Bug Report Attached'
'</b></font></td></tr>')
if p.is_sink:
self._dump('<tr><td width="0"></td><td width="0"></td>'
'<td colspan="3" align="left">'
'<font color="cornflowerblue"><b>Sink Node'
'</b></font></td></tr>')
def visit_environment(self, e, prev_e=None): def visit_environment(self, e, prev_e=None):
self._dump('<table border="0">') self._dump('<table border="0">')
def dump_location_context(lc, is_added=None): def dump_location_context(lc, is_added=None):
self._dump('<tr><td>%s</td>' self._dump('<tr><td>%s</td>'
'<td align="left"><b>%s</b></td>' '<td align="left"><b>%s</b></td>'
'<td align="left" colspan="2">' '<td align="left" colspan="2">'
'<font color="gray60">%s </font>' '<font color="gray60">%s </font>'
▲ Show 20 LinesShow All 240 Lines▼ Show 20 Linesclass DotDumpVisitor(object):
def visit_node(self, node): def visit_node(self, node):
self._dump('%s [shape=record,' self._dump('%s [shape=record,'
% (node.node_name())) % (node.node_name()))
if self._dark_mode: if self._dark_mode:
self._dump('color="white",fontcolor="gray80",') self._dump('color="white",fontcolor="gray80",')
self._dump('label=<<table border="0">') self._dump('label=<<table border="0">')
self._dump('<tr><td bgcolor="%s"><b>Node %d (%s) - ' self._dump('<tr><td bgcolor="%s"><b>State %s</b></td></tr>'
'State %s</b></td></tr>'
% ("gray20" if self._dark_mode else "gray70", % ("gray20" if self._dark_mode else "gray70",
node.node_id, node.ptr, node.state.state_id node.state.state_id
if node.state is not None else 'Unspecified')) if node.state is not None else 'Unspecified'))
if node.has_report:
self._dump('<tr><td><font color="red"><b>Bug Report Attached'
'</b></font></td></tr>')
if node.is_sink:
self._dump('<tr><td><font color="cornflowerblue"><b>Sink Node'
'</b></font></td></tr>')
if not self._topo_mode: if not self._topo_mode:
self._dump('<tr><td align="left" width="0">') self._dump('<tr><td align="left" width="0">')
if len(node.points) > 1: if len(node.points) > 1:
self._dump('<b>Program points:</b></td></tr>') self._dump('<b>Program points:</b></td></tr>')
else: else:
self._dump('<b>Program point:</b></td></tr>') self._dump('<b>Program point:</b></td></tr>')
self._dump('<tr><td align="left" width="0">' self._dump('<tr><td align="left" width="0">'
'<table border="0" align="left" width="0">') '<table border="0" align="left" width="0">')
▲ Show 20 LinesShow All 233 LinesShow Last 20 Lines