This is an archive of the discontinued LLVM Phabricator instance.

Differential D69745

[analyzer] Checker: check::BeginAnalysis
AbandonedPublic

Authored by Charusso on Nov 1 2019, 7:24 PM.

Details

Reviewers
NoQ
Summary

This callback is called when the analysis starts. It could be used to
construct the checker's fields which are related to the Preprocessor.

void CoolFunctionChecker::checkBeginAnalysis(CheckerContext &C) const {
  Preprocessor &PP = C.getPreprocessor();
  UseMyCoolLib = PP.isMacroDefined("__MY_COOL_LIB__");
}

Diff Detail

Event Timeline

Charusso created this revision.Nov 1 2019, 7:24 PM
Herald added subscribers: cfe-commits, dkrupp, donat.nagy and 6 others. · View Herald TranscriptNov 1 2019, 7:24 PM
Charusso added a parent revision: D69731: [analyzer] CheckerContext: Make the Preprocessor available.Nov 1 2019, 7:25 PM
Charusso mentioned this in D69731: [analyzer] CheckerContext: Make the Preprocessor available.Nov 1 2019, 7:27 PM
Charusso marked an inline comment as done.

I felt that it will be easier, eh.

clang/lib/StaticAnalyzer/Core/CoreEngine.cpp
118

I think we need to merge the BeginFunction into the BeginWorklist.

Charusso added a child revision: D69746: [analyzer] FixItHint: Apply and test hints with the Clang-Tidy's script.Nov 1 2019, 8:24 PM
Szelethus added a comment.Nov 4 2019, 6:01 AM

YES PLEASE. Debug checkers that only dump from check::EndAnalysis won't rely on the analysis not actually crashing. Which is ironically exactly when we want to use them.

clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
199

Hmmm, what use case do you have in mind? Do we actually want this to happen? By the time checkers are constructed, the AST is already built, alongside all the other data structures that will be inspected by the analyzer. Since checkers are constructed once for each clang invocation (not for every BeginAnalysis -- EndAnalysis cycle), I would imagine that the checker registry functions are more appropriate for such initializations.

I'm only aware of one non-debug checker that uses EndAnalysis (maybe RetailCount?), that clears some sort of a locally stored map that it shouldn't really have anyways (since checkers are supposed to be stateless), and I struggle to think of a realistic, supported use case for this callback other than debug checkers.

199

Turns out deadcode.UnreachableCode uses EndAnalysis quite cleverly as well.

Charusso updated this revision to Diff 227710.Nov 4 2019, 7:51 AM
Charusso edited the summary of this revision. (Show Details)
  • Do not restrict what you supposed to do with the callback.
Charusso marked 3 inline comments as done.Nov 4 2019, 8:09 AM
In D69745#1732348, @Szelethus wrote:

YES PLEASE. Debug checkers that only dump from check::EndAnalysis won't rely on the analysis not actually crashing. Which is ironically exactly when we want to use them.

Thanks for the idea! I am not that cool with debug checkers and I think you are the first user who made a creative decision how to use this. My use case is the Preprocessor only if I do not touch the checker-registry based construction.

clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
199

Yes, good point. It is made for the Preprocessor mainly which is very path-sensitive, but that is not that good idea to construct e.g. the BugType multiple times. So that, I do not want to restrict creativity and I have removed that line.

NoQ added a comment.Nov 4 2019, 10:29 AM

I think we need to merge the BeginFunction into the BeginWorklist.

Basically this, but the other way round: your BeginAnalysis is BeginFunction with extra steps (namely, checking C.inTopFrame()).

Backstory: I wanted to add BeginAnalysis a few years ago because i wanted to mark argc and argv as tainted when analyzing main(). But then i noticed that we already have BeginFunction so i decided not to add it. No, i didn't mark them as tainted yet :/

YES PLEASE. Debug checkers that only dump from check::EndAnalysis won't rely on the analysis not actually crashing.

There are currently two such checkers: debug.ViewExplodedGraph and debug.Stats. It doesn't make sense to move them to BeginAnalysis though, because the data that they're dumping isn't available yet. If the checker dumps data that isn't collected during path sensitive analysis, it should subscribe to ASTCodeBody instead. This way activating the checker won't trigger path-sensitive analysis to occur.

Charusso abandoned this revision.Nov 4 2019, 10:34 AM
Charusso marked an inline comment as done.
In D69745#1732739, @NoQ wrote:

Basically this, but the other way round: your BeginAnalysis is BeginFunction with extra steps (namely, checking C.inTopFrame()).

Backstory: I wanted to add BeginAnalysis a few years ago because i wanted to mark argc and argv as tainted when analyzing main(). But then i noticed that we already have BeginFunction so i decided not to add it. No, i didn't mark them as tainted yet :/

Hm, that is a cool workaround. I think every UnknownSpaceRegion stuff is tainted, and that is a strong mark here.

NoQ added a comment.Nov 4 2019, 10:51 AM
In D69745#1732744, @Charusso wrote:

I think every UnknownSpaceRegion stuff is tainted, and that is a strong mark here.

Mmm, no, that's definitely not true. Basically, if you analyze a method of a class as your top frame, you have your whole class reside in UnknownSpaceRegion, being represented as SymRegion{reg_$0<this>}. It doesn't mean that there are no contracts that constrain possible values of fields within the class.

Charusso removed a child revision: D69746: [analyzer] FixItHint: Apply and test hints with the Clang-Tidy's script.Jan 30 2020, 11:19 AM

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Core/
14 lines
8 lines
PathSensitive/
2 lines
4 lines
7 lines
lib/
StaticAnalyzer/
Checkers/
6 lines
19 lines
Core/
39 lines
2 lines
7 lines
test/
Analysis/
22 lines

Diff 227710

clang/include/clang/StaticAnalyzer/Core/Checker.h

Show First 20 LinesShow All 217 Lines▼ Show 20 Lines
public: public:
template <typename CHECKER> template <typename CHECKER>
static void _register(CHECKER *checker, CheckerManager &mgr) { static void _register(CHECKER *checker, CheckerManager &mgr) {
mgr._registerForBind( mgr._registerForBind(
CheckerManager::CheckBindFunc(checker, _checkBind<CHECKER>)); CheckerManager::CheckBindFunc(checker, _checkBind<CHECKER>));
} }
}; };
class BeginAnalysis {
template <typename CHECKER>
static void _checkBeginAnalysis(void *checker, CheckerContext &C) {
((const CHECKER *)checker)->checkBeginAnalysis(C);
}
public:
template <typename CHECKER>
static void _register(CHECKER *checker, CheckerManager &mgr) {
mgr._registerForBeginAnalysis(CheckerManager::CheckBeginAnalysisFunc(
checker, _checkBeginAnalysis<CHECKER>));
}
};
class EndAnalysis { class EndAnalysis {
template <typename CHECKER> template <typename CHECKER>
static void _checkEndAnalysis(void *checker, ExplodedGraph &G, static void _checkEndAnalysis(void *checker, ExplodedGraph &G,
BugReporter &BR, ExprEngine &Eng) { BugReporter &BR, ExprEngine &Eng) {
((const CHECKER *)checker)->checkEndAnalysis(G, BR, Eng); ((const CHECKER *)checker)->checkEndAnalysis(G, BR, Eng);
} }
public: public:
▲ Show 20 LinesShow All 349 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Core/CheckerManager.h

Show First 20 LinesShow All 293 Lines▼ Show 20 Lines//===----------------------------------------------------------------------===//
/// Run checkers for binding of a value to a location. /// Run checkers for binding of a value to a location.
void runCheckersForBind(ExplodedNodeSet &Dst, void runCheckersForBind(ExplodedNodeSet &Dst,
const ExplodedNodeSet &Src, const ExplodedNodeSet &Src,
SVal location, SVal val, SVal location, SVal val,
const Stmt *S, ExprEngine &Eng, const Stmt *S, ExprEngine &Eng,
const ProgramPoint &PP); const ProgramPoint &PP);
/// Run checkers for begin of analysis.
void runCheckersForBeginAnalysis(ExplodedNodeSet &Dst, const BlockEdge &L,
ExplodedNode *Pred, ExprEngine &Eng);
/// Run checkers for end of analysis. /// Run checkers for end of analysis.
void runCheckersForEndAnalysis(ExplodedGraph &G, BugReporter &BR, void runCheckersForEndAnalysis(ExplodedGraph &G, BugReporter &BR,
ExprEngine &Eng); ExprEngine &Eng);
/// Run checkers on beginning of function. /// Run checkers on beginning of function.
void runCheckersForBeginFunction(ExplodedNodeSet &Dst, void runCheckersForBeginFunction(ExplodedNodeSet &Dst,
const BlockEdge &L, const BlockEdge &L,
ExplodedNode *Pred, ExplodedNode *Pred,
▲ Show 20 LinesShow All 140 Lines▼ Show 20 Lines//===----------------------------------------------------------------------===//
using CheckLocationFunc = using CheckLocationFunc =
CheckerFn<void (const SVal &location, bool isLoad, const Stmt *S, CheckerFn<void (const SVal &location, bool isLoad, const Stmt *S,
CheckerContext &)>; CheckerContext &)>;
using CheckBindFunc = using CheckBindFunc =
CheckerFn<void (const SVal &location, const SVal &val, const Stmt *S, CheckerFn<void (const SVal &location, const SVal &val, const Stmt *S,
CheckerContext &)>; CheckerContext &)>;
using CheckBeginAnalysisFunc = CheckerFn<void(CheckerContext &)>;
using CheckEndAnalysisFunc = using CheckEndAnalysisFunc =
CheckerFn<void (ExplodedGraph &, BugReporter &, ExprEngine &)>; CheckerFn<void (ExplodedGraph &, BugReporter &, ExprEngine &)>;
using CheckBeginFunctionFunc = CheckerFn<void (CheckerContext &)>; using CheckBeginFunctionFunc = CheckerFn<void (CheckerContext &)>;
using CheckEndFunctionFunc = using CheckEndFunctionFunc =
CheckerFn<void (const ReturnStmt *, CheckerContext &)>; CheckerFn<void (const ReturnStmt *, CheckerContext &)>;
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines//===----------------------------------------------------------------------===//
void _registerForPreCall(CheckCallFunc checkfn); void _registerForPreCall(CheckCallFunc checkfn);
void _registerForPostCall(CheckCallFunc checkfn); void _registerForPostCall(CheckCallFunc checkfn);
void _registerForLocation(CheckLocationFunc checkfn); void _registerForLocation(CheckLocationFunc checkfn);
void _registerForBind(CheckBindFunc checkfn); void _registerForBind(CheckBindFunc checkfn);
void _registerForBeginAnalysis(CheckBeginAnalysisFunc checkfn);
void _registerForEndAnalysis(CheckEndAnalysisFunc checkfn); void _registerForEndAnalysis(CheckEndAnalysisFunc checkfn);
void _registerForBeginFunction(CheckBeginFunctionFunc checkfn); void _registerForBeginFunction(CheckBeginFunctionFunc checkfn);
void _registerForEndFunction(CheckEndFunctionFunc checkfn); void _registerForEndFunction(CheckEndFunctionFunc checkfn);
void _registerForBranchCondition(CheckBranchConditionFunc checkfn); void _registerForBranchCondition(CheckBranchConditionFunc checkfn);
void _registerForNewAllocator(CheckNewAllocatorFunc checkfn); void _registerForNewAllocator(CheckNewAllocatorFunc checkfn);
▲ Show 20 LinesShow All 95 Lines▼ Show 20 Linesprivate:
std::vector<CheckCallFunc> PreCallCheckers; std::vector<CheckCallFunc> PreCallCheckers;
std::vector<CheckCallFunc> PostCallCheckers; std::vector<CheckCallFunc> PostCallCheckers;
std::vector<CheckLocationFunc> LocationCheckers; std::vector<CheckLocationFunc> LocationCheckers;
std::vector<CheckBindFunc> BindCheckers; std::vector<CheckBindFunc> BindCheckers;
std::vector<CheckBeginAnalysisFunc> BeginAnalysisCheckers;
std::vector<CheckEndAnalysisFunc> EndAnalysisCheckers; std::vector<CheckEndAnalysisFunc> EndAnalysisCheckers;
std::vector<CheckBeginFunctionFunc> BeginFunctionCheckers; std::vector<CheckBeginFunctionFunc> BeginFunctionCheckers;
std::vector<CheckEndFunctionFunc> EndFunctionCheckers; std::vector<CheckEndFunctionFunc> EndFunctionCheckers;
std::vector<CheckBranchConditionFunc> BranchConditionCheckers; std::vector<CheckBranchConditionFunc> BranchConditionCheckers;
std::vector<CheckNewAllocatorFunc> NewAllocatorCheckers; std::vector<CheckNewAllocatorFunc> NewAllocatorCheckers;
Show All 31 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h

Show First 20 LinesShow All 50 Lines▼ Show 20 Lines CheckerContext(NodeBuilder &builder,
assert(Pred->getState() && assert(Pred->getState() &&
"We should not call the checkers on an empty state."); "We should not call the checkers on an empty state.");
} }
AnalysisManager &getAnalysisManager() { AnalysisManager &getAnalysisManager() {
return Eng.getAnalysisManager(); return Eng.getAnalysisManager();
} }
CheckerManager &getCheckerManager() { return Eng.getCheckerManager(); }
ConstraintManager &getConstraintManager() { ConstraintManager &getConstraintManager() {
return Eng.getConstraintManager(); return Eng.getConstraintManager();
} }
StoreManager &getStoreManager() { StoreManager &getStoreManager() {
return Eng.getStoreManager(); return Eng.getStoreManager();
} }
▲ Show 20 LinesShow All 297 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h

Show First 20 LinesShow All 352 Lines▼ Show 20 Linespublic:
/// Generate the entry node of the callee. /// Generate the entry node of the callee.
void processCallEnter(NodeBuilderContext& BC, CallEnter CE, void processCallEnter(NodeBuilderContext& BC, CallEnter CE,
ExplodedNode *Pred) override; ExplodedNode *Pred) override;
/// Generate the sequence of nodes that simulate the call exit and the post /// Generate the sequence of nodes that simulate the call exit and the post
/// visit for CallExpr. /// visit for CallExpr.
void processCallExit(ExplodedNode *Pred) override; void processCallExit(ExplodedNode *Pred) override;
/// Called by CoreEngine when the analysis worklist starts.
void processBeginWorklist(NodeBuilderContext &NBC, ExplodedNode *Pred,
ExplodedNodeSet &Dst, const BlockEdge &L) override;
/// Called by CoreEngine when the analysis worklist has terminated. /// Called by CoreEngine when the analysis worklist has terminated.
void processEndWorklist() override; void processEndWorklist() override;
/// evalAssume - Callback function invoked by the ConstraintManager when /// evalAssume - Callback function invoked by the ConstraintManager when
/// making assumptions about state values. /// making assumptions about state values.
ProgramStateRef processAssume(ProgramStateRef state, SVal cond, ProgramStateRef processAssume(ProgramStateRef state, SVal cond,
bool assumption) override; bool assumption) override;
▲ Show 20 LinesShow All 502 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Core/PathSensitive/SubEngine.h

Show First 20 LinesShow All 157 Lines▼ Show 20 Lines notifyCheckersOfPointerEscape(ProgramStateRef State,
const CallEvent *Call, const CallEvent *Call,
RegionAndSymbolInvalidationTraits &HTraits) = 0; RegionAndSymbolInvalidationTraits &HTraits) = 0;
/// printJson - Called by ProgramStateManager to print checker-specific data. /// printJson - Called by ProgramStateManager to print checker-specific data.
virtual void printJson(raw_ostream &Out, ProgramStateRef State, virtual void printJson(raw_ostream &Out, ProgramStateRef State,
const LocationContext *LCtx, const char *NL, const LocationContext *LCtx, const char *NL,
unsigned int Space, bool IsDot) const = 0; unsigned int Space, bool IsDot) const = 0;
/// Called by CoreEngine when the analysis worklist starts.
virtual void processBeginWorklist(NodeBuilderContext &NBC, ExplodedNode *Pred,
ExplodedNodeSet &Dst,
const BlockEdge &L) = 0;
/// Called by CoreEngine when the analysis worklist is either empty or the /// Called by CoreEngine when the analysis worklist is either empty or the
// maximum number of analysis steps have been reached. /// maximum number of analysis steps have been reached.
virtual void processEndWorklist() = 0; virtual void processEndWorklist() = 0;
}; };
} // end GR namespace } // end GR namespace
} // end clang namespace } // end clang namespace
#endif #endif

clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp

Show First 20 LinesShow All 41 Lines▼ Show 20 Linesclass CheckerDocumentation : public Checker< check::PreStmt<ReturnStmt>,
check::PostCall, check::PostCall,
check::BranchCondition, check::BranchCondition,
check::NewAllocator, check::NewAllocator,
check::Location, check::Location,
check::Bind, check::Bind,
check::DeadSymbols, check::DeadSymbols,
check::BeginFunction, check::BeginFunction,
check::EndFunction, check::EndFunction,
check::BeginAnalysis,
check::EndAnalysis, check::EndAnalysis,
check::EndOfTranslationUnit, check::EndOfTranslationUnit,
eval::Call, eval::Call,
eval::Assume, eval::Assume,
check::LiveSymbols, check::LiveSymbols,
check::RegionChanges, check::RegionChanges,
check::PointerEscape, check::PointerEscape,
check::ConstPointerEscape, check::ConstPointerEscape,
▲ Show 20 LinesShow All 130 Lines▼ Show 20 Linespublic:
/// Called when the analyzer core reaches the end of a /// Called when the analyzer core reaches the end of a
/// function being analyzed regardless of whether it is analyzed at the top /// function being analyzed regardless of whether it is analyzed at the top
/// level or is inlined. /// level or is inlined.
/// ///
/// check::EndFunction /// check::EndFunction
void checkEndFunction(const ReturnStmt *RS, CheckerContext &Ctx) const {} void checkEndFunction(const ReturnStmt *RS, CheckerContext &Ctx) const {}
/// Called when the analysis starts.
///
/// check::BeginAnalysis
SzelethusUnsubmitted
Done
ReplyInline Actions

Hmmm, what use case do you have in mind? Do we actually want this to happen? By the time checkers are constructed, the AST is already built, alongside all the other data structures that will be inspected by the analyzer. Since checkers are constructed once for each clang invocation (not for every BeginAnalysis -- EndAnalysis cycle), I would imagine that the checker registry functions are more appropriate for such initializations.

I'm only aware of one non-debug checker that uses EndAnalysis (maybe RetailCount?), that clears some sort of a locally stored map that it shouldn't really have anyways (since checkers are supposed to be stateless), and I struggle to think of a realistic, supported use case for this callback other than debug checkers.

Szelethus: Hmmm, what use case do you have in mind? Do we actually want this to happen? By the time…
SzelethusUnsubmitted
Done
ReplyInline Actions

Turns out deadcode.UnreachableCode uses EndAnalysis quite cleverly as well.

Szelethus: Turns out `deadcode.UnreachableCode` uses `EndAnalysis` quite cleverly as well.
CharussoAuthorUnsubmitted
Done
ReplyInline Actions

Yes, good point. It is made for the Preprocessor mainly which is very path-sensitive, but that is not that good idea to construct e.g. the BugType multiple times. So that, I do not want to restrict creativity and I have removed that line.

Charusso: Yes, good point. It is made for the `Preprocessor` mainly which is very path-sensitive, but…
void checkBeginAnalysis(const Decl *D, BugReporter &BR);
/// Called after all the paths in the ExplodedGraph reach end of path /// Called after all the paths in the ExplodedGraph reach end of path
/// - the symbolic execution graph is fully explored. /// - the symbolic execution graph is fully explored.
/// ///
/// This callback should be used in cases when a checker needs to have a /// This callback should be used in cases when a checker needs to have a
/// global view of the information generated on all paths. For example, to /// global view of the information generated on all paths. For example, to
/// compare execution summary/result several paths. /// compare execution summary/result several paths.
/// See IdempotentOperationChecker for a usage example. /// See IdempotentOperationChecker for a usage example.
/// ///
▲ Show 20 LinesShow All 131 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/TraversalChecker.cpp

Show All 17 Lines
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
namespace { namespace {
class TraversalDumper : public Checker< check::BranchCondition, class TraversalDumper
check::BeginFunction, : public Checker<check::BeginAnalysis, check::EndAnalysis,
check::BranchCondition, check::BeginFunction,
check::EndFunction > { check::EndFunction> {
public: public:
void checkBeginAnalysis(CheckerContext &C) const;
void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
ExprEngine &Eng) const;
void checkBranchCondition(const Stmt *Condition, CheckerContext &C) const; void checkBranchCondition(const Stmt *Condition, CheckerContext &C) const;
void checkBeginFunction(CheckerContext &C) const; void checkBeginFunction(CheckerContext &C) const;
void checkEndFunction(const ReturnStmt *RS, CheckerContext &C) const; void checkEndFunction(const ReturnStmt *RS, CheckerContext &C) const;
}; };
} }
void TraversalDumper::checkBranchCondition(const Stmt *Condition, void TraversalDumper::checkBranchCondition(const Stmt *Condition,
CheckerContext &C) const { CheckerContext &C) const {
// Special-case Objective-C's for-in loop, which uses the entire loop as its // Special-case Objective-C's for-in loop, which uses the entire loop as its
// condition. We just print the collection expression. // condition. We just print the collection expression.
const Stmt *Parent = dyn_cast<ObjCForCollectionStmt>(Condition); const Stmt *Parent = dyn_cast<ObjCForCollectionStmt>(Condition);
if (!Parent) { if (!Parent) {
const ParentMap &Parents = C.getLocationContext()->getParentMap(); const ParentMap &Parents = C.getLocationContext()->getParentMap();
Parent = Parents.getParent(Condition); Parent = Parents.getParent(Condition);
} }
// It is mildly evil to print directly to llvm::outs() rather than emitting // It is mildly evil to print directly to llvm::outs() rather than emitting
// warnings, but this ensures things do not get filtered out by the rest of // warnings, but this ensures things do not get filtered out by the rest of
// the static analyzer machinery. // the static analyzer machinery.
SourceLocation Loc = Parent->getBeginLoc(); SourceLocation Loc = Parent->getBeginLoc();
llvm::outs() << C.getSourceManager().getSpellingLineNumber(Loc) << " " llvm::outs() << C.getSourceManager().getSpellingLineNumber(Loc) << " "
<< Parent->getStmtClassName() << "\n"; << Parent->getStmtClassName() << "\n";
} }
void TraversalDumper::checkBeginAnalysis(CheckerContext &) const {
llvm::outs() << "--BEGIN ANALYSIS--\n";
}
void TraversalDumper::checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
ExprEngine &Eng) const {
llvm::outs() << "--END ANALYSIS--\n";
}
void TraversalDumper::checkBeginFunction(CheckerContext &C) const { void TraversalDumper::checkBeginFunction(CheckerContext &C) const {
llvm::outs() << "--BEGIN FUNCTION--\n"; llvm::outs() << "--BEGIN FUNCTION--\n";
} }
void TraversalDumper::checkEndFunction(const ReturnStmt *RS, void TraversalDumper::checkEndFunction(const ReturnStmt *RS,
CheckerContext &C) const { CheckerContext &C) const {
llvm::outs() << "--END FUNCTION--\n"; llvm::outs() << "--END FUNCTION--\n";
} }
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/CheckerManager.cpp

Show First 20 LinesShow All 393 Lines▼ Show 20 Linesvoid CheckerManager::runCheckersForBind(ExplodedNodeSet &Dst,
const ExplodedNodeSet &Src, const ExplodedNodeSet &Src,
SVal location, SVal val, SVal location, SVal val,
const Stmt *S, ExprEngine &Eng, const Stmt *S, ExprEngine &Eng,
const ProgramPoint &PP) { const ProgramPoint &PP) {
CheckBindContext C(BindCheckers, location, val, S, Eng, PP); CheckBindContext C(BindCheckers, location, val, S, Eng, PP);
expandGraphWithCheckers(C, Dst, Src); expandGraphWithCheckers(C, Dst, Src);
} }
namespace {
struct CheckBeginAnalysisContext {
using CheckersTy = std::vector<CheckerManager::CheckBeginAnalysisFunc>;
const CheckersTy &Checkers;
ExprEngine &Eng;
const ProgramPoint &PP;
CheckBeginAnalysisContext(const CheckersTy &Checkers, ExprEngine &Eng,
const ProgramPoint &PP)
: Checkers(Checkers), Eng(Eng), PP(PP) {}
CheckersTy::const_iterator checkers_begin() { return Checkers.begin(); }
CheckersTy::const_iterator checkers_end() { return Checkers.end(); }
void runChecker(CheckerManager::CheckBeginAnalysisFunc checkFn,
NodeBuilder &Bldr, ExplodedNode *Pred) {
const ProgramPoint &L = PP.withTag(checkFn.Checker);
CheckerContext C(Bldr, Eng, Pred, L);
checkFn(C);
}
};
} // namespace
void CheckerManager::runCheckersForBeginAnalysis(ExplodedNodeSet &Dst,
const BlockEdge &L,
ExplodedNode *Pred,
ExprEngine &Eng) {
ExplodedNodeSet Src;
Src.insert(Pred);
CheckBeginAnalysisContext C(BeginAnalysisCheckers, Eng, L);
expandGraphWithCheckers(C, Dst, Src);
}
void CheckerManager::runCheckersForEndAnalysis(ExplodedGraph &G, void CheckerManager::runCheckersForEndAnalysis(ExplodedGraph &G,
BugReporter &BR, BugReporter &BR,
ExprEngine &Eng) { ExprEngine &Eng) {
for (const auto EndAnalysisChecker : EndAnalysisCheckers) for (const auto EndAnalysisChecker : EndAnalysisCheckers)
EndAnalysisChecker(G, BR, Eng); EndAnalysisChecker(G, BR, Eng);
} }
namespace { namespace {
▲ Show 20 LinesShow All 412 Lines▼ Show 20 Lines
void CheckerManager::_registerForLocation(CheckLocationFunc checkfn) { void CheckerManager::_registerForLocation(CheckLocationFunc checkfn) {
LocationCheckers.push_back(checkfn); LocationCheckers.push_back(checkfn);
} }
void CheckerManager::_registerForBind(CheckBindFunc checkfn) { void CheckerManager::_registerForBind(CheckBindFunc checkfn) {
BindCheckers.push_back(checkfn); BindCheckers.push_back(checkfn);
} }
void CheckerManager::_registerForBeginAnalysis(CheckBeginAnalysisFunc checkfn) {
BeginAnalysisCheckers.push_back(checkfn);
}
void CheckerManager::_registerForEndAnalysis(CheckEndAnalysisFunc checkfn) { void CheckerManager::_registerForEndAnalysis(CheckEndAnalysisFunc checkfn) {
EndAnalysisCheckers.push_back(checkfn); EndAnalysisCheckers.push_back(checkfn);
} }
void CheckerManager::_registerForBeginFunction(CheckBeginFunctionFunc checkfn) { void CheckerManager::_registerForBeginFunction(CheckBeginFunctionFunc checkfn) {
BeginFunctionCheckers.push_back(checkfn); BeginFunctionCheckers.push_back(checkfn);
} }
▲ Show 20 LinesShow All 72 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/CoreEngine.cpp

Show First 20 LinesShow All 107 Lines▼ Show 20 Lines if (G.num_roots() == 0) { // Initialize the analysis by constructing
bool IsNew; bool IsNew;
ExplodedNode *Node = G.getNode(StartLoc, InitState, false, &IsNew); ExplodedNode *Node = G.getNode(StartLoc, InitState, false, &IsNew);
assert(IsNew); assert(IsNew);
G.addRoot(Node); G.addRoot(Node);
NodeBuilderContext BuilderCtx(*this, StartLoc.getDst(), Node); NodeBuilderContext BuilderCtx(*this, StartLoc.getDst(), Node);
ExplodedNodeSet DstBegin; ExplodedNodeSet DstBegin;
SubEng.processBeginWorklist(BuilderCtx, Node, DstBegin, StartLoc);
SubEng.processBeginOfFunction(BuilderCtx, Node, DstBegin, StartLoc); SubEng.processBeginOfFunction(BuilderCtx, Node, DstBegin, StartLoc);
CharussoAuthorUnsubmitted
Done
ReplyInline Actions

I think we need to merge the BeginFunction into the BeginWorklist.

Charusso: I think we need to merge the `BeginFunction` into the `BeginWorklist`.
enqueue(DstBegin); enqueue(DstBegin);
} }
// Check if we have a steps limit // Check if we have a steps limit
bool UnlimitedSteps = Steps == 0; bool UnlimitedSteps = Steps == 0;
// Cap our pre-reservation in the event that the user specifies // Cap our pre-reservation in the event that the user specifies
// a very large number of maximum steps. // a very large number of maximum steps.
▲ Show 20 LinesShow All 582 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Core/ExprEngine.cpp

Show First 20 LinesShow All 614 Lines▼ Show 20 Linesvoid ExprEngine::printJson(raw_ostream &Out, ProgramStateRef State,
} else { } else {
Out << "null," << NL; Out << "null," << NL;
} }
getCheckerManager().runCheckersForPrintStateJson(Out, State, NL, Space, getCheckerManager().runCheckersForPrintStateJson(Out, State, NL, Space,
IsDot); IsDot);
} }
void ExprEngine::processBeginWorklist(NodeBuilderContext &NBC,
ExplodedNode *Pred, ExplodedNodeSet &Dst,
const BlockEdge &L) {
SaveAndRestore<const NodeBuilderContext *> NodeContextRAII(currBldrCtx, &NBC);
getCheckerManager().runCheckersForBeginAnalysis(Dst, L, Pred, *this);
}
void ExprEngine::processEndWorklist() { void ExprEngine::processEndWorklist() {
getCheckerManager().runCheckersForEndAnalysis(G, BR, *this); getCheckerManager().runCheckersForEndAnalysis(G, BR, *this);
} }
void ExprEngine::processCFGElement(const CFGElement E, ExplodedNode *Pred, void ExprEngine::processCFGElement(const CFGElement E, ExplodedNode *Pred,
unsigned StmtIdx, NodeBuilderContext *Ctx) { unsigned StmtIdx, NodeBuilderContext *Ctx) {
PrettyStackTraceLocationContext CrashInfo(Pred->getLocationContext()); PrettyStackTraceLocationContext CrashInfo(Pred->getLocationContext());
currStmtIdx = StmtIdx; currStmtIdx = StmtIdx;
▲ Show 20 LinesShow All 2,530 LinesShow Last 20 Lines

clang/test/Analysis/traversal-begin-end-function.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.DumpTraversal %s | FileCheck %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.DumpTraversal %s | FileCheck %s
void inline_callee(int i); void inline_callee(int i);
// CHECK: --BEGIN FUNCTION--
void inline_caller() { void inline_caller() {
// CHECK: --BEGIN FUNCTION--
// CHECK: --BEGIN FUNCTION--
// CHECK: --BEGIN FUNCTION--
inline_callee(3); inline_callee(3);
// CHECK: --END FUNCTION--
// CHECK: --END FUNCTION--
// CHECK: --END FUNCTION--
} }
// CHECK: --END FUNCTION--
void inline_callee(int i) { void inline_callee(int i) {
if (i <= 1) if (i <= 1)
return; return;
inline_callee(i - 1); inline_callee(i - 1);
} }
// CHECK: --BEGIN ANALYSIS--
// CHECK-NEXT: --BEGIN FUNCTION--
// CHECK-NEXT: --BEGIN FUNCTION--
// CHECK-NEXT: IfStmt
// CHECK-NEXT: --BEGIN FUNCTION--
// CHECK-NEXT: IfStmt
// CHECK-NEXT: --BEGIN FUNCTION--
// CHECK-NEXT: IfStmt
// CHECK-NEXT: --END FUNCTION--
// CHECK-NEXT: --END FUNCTION--
// CHECK-NEXT: --END FUNCTION--
// CHECK-NEXT: --END FUNCTION--
// CHECK-NEXT: --END ANALYSIS--