This is an archive of the discontinued LLVM Phabricator instance.

Differential D73376

[analyzer] Add FuchsiaLockChecker and C11LockChecker
ClosedPublic

Authored by xazax.hun on Jan 24 2020, 12:11 PM.

Details

Reviewers
NoQ
haowei
Commits
rGf4c26d993bdc: [analyzer] Add FuchsiaLockChecker and C11LockChecker
Summary

Basically, the semantics of C11 and Fuchsia locks are very close to PThreads. Most of the work was boilerplate to make sure the correct check name appears in the diagnostics. If you have any idea how to reduce this boilerplate I'd like to know :)

I had to add a dummy check that can always be enabled. Otherwise, CheckerManager::getChecker would trigger an assertion fail due to attempting to get a checker that was potentially not enabled.

I plan to add more tests but wanted to share early to get some feedback about the approach.

Diff Detail

Event Timeline

xazax.hun created this revision.Jan 24 2020, 12:11 PM
Herald added subscribers: Charusso, gamesh411, dkrupp and 8 others. · View Herald TranscriptJan 24 2020, 12:11 PM
NoQ added a comment.Jan 24 2020, 3:35 PM

Yay, C11 as well!!

If you have any idea how to reduce this boilerplate I'd like to know :)

I don't see any immediate solutions to the boilerplate that don't consist in introducing better checker APIs. Eg., we could have introduced a LazyBugType - a wrapper around Optional<BugType> that'd take description immediately but create the actual bug type only once the checker name is known, or we could make a MultiCallDescriptionMap that'd prevent us from both splitting up the map and writing down an extra piece of information on every line. But these are big and very much non-K.I.S.S. endeavors.

I had to add a dummy check that can always be enabled. Otherwise, CheckerManager::getChecker would trigger an assertion fail due to attempting to get a checker that was potentially not enabled.

You mean PthreadLockBase? I think that's how @Szelethus intended to have such checker hierarchies to work.

I plan to add more tests

Yes please! :D

clang/test/Analysis/c11lock.c
2

I wouldn't mind alpha.core given that these functions belong to the standard library.

2

(i.e., i mean put the checker into alpha.core)
(but, yeah, also please add core to the run-line)

xazax.hun marked an inline comment as done.Jan 24 2020, 4:33 PM
xazax.hun added inline comments.
clang/test/Analysis/c11lock.c
2

You are reading my mind. Actually I wanted to ask where to put this but forgot to ask :)

xazax.hun updated this revision to Diff 240624.Jan 27 2020, 9:42 AM
xazax.hun marked 2 inline comments as done.
  • Add more tests.
  • Move the C11 checker to alpha.core
xazax.hun added a comment.Jan 27 2020, 9:44 AM
In D73376#1839818, @NoQ wrote:

I don't see any immediate solutions to the boilerplate that don't consist in introducing better checker APIs. Eg., we could have introduced a LazyBugType - a wrapper around Optional<BugType> that'd take description immediately but create the actual bug type only once the checker name is known, or we could make a MultiCallDescriptionMap that'd prevent us from both splitting up the map and writing down an extra piece of information on every line.

Those would be very welcome additions. Although these are more likely to be useful for advanced users and not help with writing one's first checker, so I guess this remains to be nice to have :)

You mean PthreadLockBase? I think that's how @Szelethus intended to have such checker hierarchies to work.

Yay!

xazax.hun marked 2 inline comments as done.Jan 27 2020, 9:47 AM
xazax.hun added inline comments.
clang/test/Analysis/c11lock.c
8

Strictly speaking, this is implementation defined. But the C11 implementations I am aware of are following this trend (thrd_success == 0). E.g. if the implementation is using pthreads as a backend it is unlikely for this to be any other value.

33

This is a TODO, and I did not solve in this patch for two reasons:

  • Having a mutex in stack scope is rare and prone to errors.
  • I did not want to add new functionality in this patch.

That being said I am not sure if I want to add this anytime soon (due to reason 1).

NoQ added inline comments.Jan 27 2020, 11:39 AM
clang/test/Analysis/c11lock.c
8

Yeah, this is most likely fine but we should add a FIXME just in case. We could most likely uncover the exact constant easily by simply matching the AST (and abort all checking if the constant isn't found in the AST).

xazax.hun updated this revision to Diff 240650.Jan 27 2020, 11:52 AM
  • Add a FIXME.
NoQ accepted this revision.Jan 27 2020, 12:02 PM

LGTM!~

This revision is now accepted and ready to land.Jan 27 2020, 12:02 PM
Closed by commit rGf4c26d993bdc: [analyzer] Add FuchsiaLockChecker and C11LockChecker (authored by xazax.hun). · Explain WhyJan 27 2020, 1:57 PM
This revision was automatically updated to reflect the committed changes.
Szelethus added a comment.Aug 25 2020, 3:29 AM

Documentation under clang/docs/analyzer/checkers.rst seems to be missing. Could we get that fixed before 11.0.0 releases?

Herald added subscribers: ASDenysPetrov, martong. · View Herald TranscriptAug 25 2020, 3:29 AM

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Checkers/
16 lines
lib/
StaticAnalyzer/
Checkers/
378 lines
test/
Analysis/
90 lines
104 lines

Diff 240678

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 LinesShow All 221 Lines▼ Show 20 Lines HelpText<"Check for cases where the dynamic and the static type of an object "
"are unrelated.">, "are unrelated.">,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">, def StackAddrAsyncEscapeChecker : Checker<"StackAddressAsyncEscape">,
HelpText<"Check that addresses to stack memory do not escape the function">, HelpText<"Check that addresses to stack memory do not escape the function">,
Dependencies<[StackAddrEscapeBase]>, Dependencies<[StackAddrEscapeBase]>,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def PthreadLockBase : Checker<"PthreadLockBase">,
HelpText<"Helper registering multiple checks.">,
Documentation<NotDocumented>,
Hidden;
def C11LockChecker : Checker<"C11Lock">,
HelpText<"Simple lock -> unlock checker">,
Dependencies<[PthreadLockBase]>,
Documentation<HasAlphaDocumentation>;
} // end "alpha.core" } // end "alpha.core"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Nullability checkers. // Nullability checkers.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let ParentPackage = Nullability in { let ParentPackage = Nullability in {
▲ Show 20 LinesShow All 188 Lines▼ Show 20 Lines
let ParentPackage = UnixAlpha in { let ParentPackage = UnixAlpha in {
def ChrootChecker : Checker<"Chroot">, def ChrootChecker : Checker<"Chroot">,
HelpText<"Check improper use of chroot">, HelpText<"Check improper use of chroot">,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def PthreadLockChecker : Checker<"PthreadLock">, def PthreadLockChecker : Checker<"PthreadLock">,
HelpText<"Simple lock -> unlock checker">, HelpText<"Simple lock -> unlock checker">,
Dependencies<[PthreadLockBase]>,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def StreamChecker : Checker<"Stream">, def StreamChecker : Checker<"Stream">,
HelpText<"Check stream handling functions">, HelpText<"Check stream handling functions">,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def SimpleStreamChecker : Checker<"SimpleStream">, def SimpleStreamChecker : Checker<"SimpleStream">,
HelpText<"Check for misuses of stream APIs">, HelpText<"Check for misuses of stream APIs">,
▲ Show 20 LinesShow All 995 Lines▼ Show 20 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let ParentPackage = Fuchsia in { let ParentPackage = Fuchsia in {
def FuchsiaHandleChecker : Checker<"HandleChecker">, def FuchsiaHandleChecker : Checker<"HandleChecker">,
HelpText<"A Checker that detect leaks related to Fuchsia handles">, HelpText<"A Checker that detect leaks related to Fuchsia handles">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def FuchsiaLockChecker : Checker<"Lock">,
HelpText<"Check for the correct usage of locking APIs.">,
Dependencies<[PthreadLockBase]>,
Documentation<HasDocumentation>;
} // end fuchsia } // end fuchsia

clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp

//===--- PthreadLockChecker.cpp - Check for locking problems ---*- C++ -*--===// //===--- PthreadLockChecker.cpp - Check for locking problems ---*- C++ -*--===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This defines PthreadLockChecker, a simple lock -> unlock checker. // This file defines:
// Also handles XNU locks, which behave similarly enough to share code. // * PthreadLockChecker, a simple lock -> unlock checker.
// Which also checks for XNU locks, which behave similarly enough to share
// code.
// * FuchsiaLocksChecker, which is also rather similar.
// * C11LockChecker which also closely follows Pthread semantics.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
namespace { namespace {
struct LockState { struct LockState {
enum Kind { enum Kind {
Show All 13 Linespublic:
static LockState getDestroyed() { return LockState(Destroyed); } static LockState getDestroyed() { return LockState(Destroyed); }
static LockState getUntouchedAndPossiblyDestroyed() { static LockState getUntouchedAndPossiblyDestroyed() {
return LockState(UntouchedAndPossiblyDestroyed); return LockState(UntouchedAndPossiblyDestroyed);
} }
static LockState getUnlockedAndPossiblyDestroyed() { static LockState getUnlockedAndPossiblyDestroyed() {
return LockState(UnlockedAndPossiblyDestroyed); return LockState(UnlockedAndPossiblyDestroyed);
} }
bool operator==(const LockState &X) const { bool operator==(const LockState &X) const { return K == X.K; }
return K == X.K;
}
bool isLocked() const { return K == Locked; } bool isLocked() const { return K == Locked; }
bool isUnlocked() const { return K == Unlocked; } bool isUnlocked() const { return K == Unlocked; }
bool isDestroyed() const { return K == Destroyed; } bool isDestroyed() const { return K == Destroyed; }
bool isUntouchedAndPossiblyDestroyed() const { bool isUntouchedAndPossiblyDestroyed() const {
return K == UntouchedAndPossiblyDestroyed; return K == UntouchedAndPossiblyDestroyed;
} }
bool isUnlockedAndPossiblyDestroyed() const { bool isUnlockedAndPossiblyDestroyed() const {
return K == UnlockedAndPossiblyDestroyed; return K == UnlockedAndPossiblyDestroyed;
} }
void Profile(llvm::FoldingSetNodeID &ID) const { void Profile(llvm::FoldingSetNodeID &ID) const { ID.AddInteger(K); }
ID.AddInteger(K);
}
}; };
class PthreadLockChecker class PthreadLockChecker : public Checker<check::PostCall, check::DeadSymbols,
: public Checker<check::PostCall, check::DeadSymbols,
check::RegionChanges> { check::RegionChanges> {
BugType BT_doublelock{this, "Double locking", "Lock checker"}, public:
BT_doubleunlock{this, "Double unlocking", "Lock checker"}, enum LockingSemantics { NotApplicable = 0, PthreadSemantics, XNUSemantics };
BT_destroylock{this, "Use destroyed lock", "Lock checker"}, enum CheckerKind {
BT_initlock{this, "Init invalid lock", "Lock checker"}, CK_PthreadLockChecker,
BT_lor{this, "Lock order reversal", "Lock checker"}; CK_FuchsiaLockChecker,
CK_C11LockChecker,
enum LockingSemantics { CK_NumCheckKinds
NotApplicable = 0,
PthreadSemantics,
XNUSemantics
}; };
DefaultBool ChecksEnabled[CK_NumCheckKinds];
CheckerNameRef CheckNames[CK_NumCheckKinds];
private:
typedef void (PthreadLockChecker::*FnCheck)(const CallEvent &Call, typedef void (PthreadLockChecker::*FnCheck)(const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C,
CallDescriptionMap<FnCheck> Callbacks = { CheckerKind checkkind) const;
CallDescriptionMap<FnCheck> PThreadCallbacks = {
// Init. // Init.
{{"pthread_mutex_init", 2}, &PthreadLockChecker::InitAnyLock}, {{"pthread_mutex_init", 2}, &PthreadLockChecker::InitAnyLock},
// TODO: pthread_rwlock_init(2 arguments). // TODO: pthread_rwlock_init(2 arguments).
// TODO: lck_mtx_init(3 arguments). // TODO: lck_mtx_init(3 arguments).
// TODO: lck_mtx_alloc_init(2 arguments) => returns the mutex. // TODO: lck_mtx_alloc_init(2 arguments) => returns the mutex.
// TODO: lck_rw_init(3 arguments). // TODO: lck_rw_init(3 arguments).
// TODO: lck_rw_alloc_init(2 arguments) => returns the mutex. // TODO: lck_rw_alloc_init(2 arguments) => returns the mutex.
// Acquire. // Acquire.
{{"pthread_mutex_lock", 1}, &PthreadLockChecker::AcquirePthreadLock}, {{"pthread_mutex_lock", 1}, &PthreadLockChecker::AcquirePthreadLock},
{{"pthread_rwlock_rdlock", 1}, &PthreadLockChecker::AcquirePthreadLock}, {{"pthread_rwlock_rdlock", 1}, &PthreadLockChecker::AcquirePthreadLock},
{{"pthread_rwlock_wrlock", 1}, &PthreadLockChecker::AcquirePthreadLock}, {{"pthread_rwlock_wrlock", 1}, &PthreadLockChecker::AcquirePthreadLock},
{{"lck_mtx_lock", 1}, &PthreadLockChecker::AcquireXNULock}, {{"lck_mtx_lock", 1}, &PthreadLockChecker::AcquireXNULock},
{{"lck_rw_lock_exclusive", 1}, &PthreadLockChecker::AcquireXNULock}, {{"lck_rw_lock_exclusive", 1}, &PthreadLockChecker::AcquireXNULock},
{{"lck_rw_lock_shared", 1}, &PthreadLockChecker::AcquireXNULock}, {{"lck_rw_lock_shared", 1}, &PthreadLockChecker::AcquireXNULock},
// Try. // Try.
{{"pthread_mutex_trylock", 1}, &PthreadLockChecker::TryPthreadLock}, {{"pthread_mutex_trylock", 1}, &PthreadLockChecker::TryPthreadLock},
{{"pthread_rwlock_tryrdlock", 1}, &PthreadLockChecker::TryPthreadLock}, {{"pthread_rwlock_tryrdlock", 1}, &PthreadLockChecker::TryPthreadLock},
{{"pthread_rwlock_trywrlock", 1}, &PthreadLockChecker::TryPthreadLock}, {{"pthread_rwlock_trywrlock", 1}, &PthreadLockChecker::TryPthreadLock},
{{"lck_mtx_try_lock", 1}, &PthreadLockChecker::TryXNULock}, {{"lck_mtx_try_lock", 1}, &PthreadLockChecker::TryXNULock},
{{"lck_rw_try_lock_exclusive", 1}, &PthreadLockChecker::TryXNULock}, {{"lck_rw_try_lock_exclusive", 1}, &PthreadLockChecker::TryXNULock},
{{"lck_rw_try_lock_shared", 1}, &PthreadLockChecker::TryXNULock}, {{"lck_rw_try_lock_shared", 1}, &PthreadLockChecker::TryXNULock},
// Release. // Release.
{{"pthread_mutex_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock}, {{"pthread_mutex_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock},
{{"pthread_rwlock_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock}, {{"pthread_rwlock_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock},
{{"lck_mtx_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock}, {{"lck_mtx_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock},
{{"lck_rw_unlock_exclusive", 1}, &PthreadLockChecker::ReleaseAnyLock}, {{"lck_rw_unlock_exclusive", 1}, &PthreadLockChecker::ReleaseAnyLock},
{{"lck_rw_unlock_shared", 1}, &PthreadLockChecker::ReleaseAnyLock}, {{"lck_rw_unlock_shared", 1}, &PthreadLockChecker::ReleaseAnyLock},
{{"lck_rw_done", 1}, &PthreadLockChecker::ReleaseAnyLock}, {{"lck_rw_done", 1}, &PthreadLockChecker::ReleaseAnyLock},
// Destroy. // Destroy.
{{"pthread_mutex_destroy", 1}, &PthreadLockChecker::DestroyPthreadLock}, {{"pthread_mutex_destroy", 1}, &PthreadLockChecker::DestroyPthreadLock},
{{"lck_mtx_destroy", 2}, &PthreadLockChecker::DestroyXNULock}, {{"lck_mtx_destroy", 2}, &PthreadLockChecker::DestroyXNULock},
// TODO: pthread_rwlock_destroy(1 argument). // TODO: pthread_rwlock_destroy(1 argument).
// TODO: lck_rw_destroy(2 arguments). // TODO: lck_rw_destroy(2 arguments).
}; };
CallDescriptionMap<FnCheck> FuchsiaCallbacks = {
// Init.
{{"spin_lock_init", 1}, &PthreadLockChecker::InitAnyLock},
// Acquire.
{{"spin_lock", 1}, &PthreadLockChecker::AcquirePthreadLock},
{{"spin_lock_save", 3}, &PthreadLockChecker::AcquirePthreadLock},
{{"sync_mutex_lock", 1}, &PthreadLockChecker::AcquirePthreadLock},
{{"sync_mutex_lock_with_waiter", 1},
&PthreadLockChecker::AcquirePthreadLock},
// Try.
{{"spin_trylock", 1}, &PthreadLockChecker::TryFuchsiaLock},
{{"sync_mutex_trylock", 1}, &PthreadLockChecker::TryFuchsiaLock},
{{"sync_mutex_timedlock", 2}, &PthreadLockChecker::TryFuchsiaLock},
// Release.
{{"spin_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock},
{{"spin_unlock_restore", 3}, &PthreadLockChecker::ReleaseAnyLock},
{{"sync_mutex_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock},
};
CallDescriptionMap<FnCheck> C11Callbacks = {
// Init.
{{"mtx_init", 2}, &PthreadLockChecker::InitAnyLock},
// Acquire.
{{"mtx_lock", 1}, &PthreadLockChecker::AcquirePthreadLock},
// Try.
{{"mtx_trylock", 1}, &PthreadLockChecker::TryC11Lock},
{{"mtx_timedlock", 2}, &PthreadLockChecker::TryC11Lock},
// Release.
{{"mtx_unlock", 1}, &PthreadLockChecker::ReleaseAnyLock},
// Destroy
{{"mtx_destroy", 1}, &PthreadLockChecker::DestroyPthreadLock},
};
ProgramStateRef resolvePossiblyDestroyedMutex(ProgramStateRef state, ProgramStateRef resolvePossiblyDestroyedMutex(ProgramStateRef state,
const MemRegion *lockR, const MemRegion *lockR,
const SymbolRef *sym) const; const SymbolRef *sym) const;
void reportUseDestroyedBug(const CallEvent &Call, CheckerContext &C, void reportUseDestroyedBug(const CallEvent &Call, CheckerContext &C,
unsigned ArgNo) const; unsigned ArgNo, CheckerKind checkKind) const;
// Init. // Init.
void InitAnyLock(const CallEvent &Call, CheckerContext &C) const; void InitAnyLock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void InitLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo, void InitLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo,
SVal Lock) const; SVal Lock, CheckerKind checkkind) const;
// Lock, Try-lock. // Lock, Try-lock.
void AcquirePthreadLock(const CallEvent &Call, CheckerContext &C) const; void AcquirePthreadLock(const CallEvent &Call, CheckerContext &C,
void AcquireXNULock(const CallEvent &Call, CheckerContext &C) const; CheckerKind checkkind) const;
void TryPthreadLock(const CallEvent &Call, CheckerContext &C) const; void AcquireXNULock(const CallEvent &Call, CheckerContext &C,
void TryXNULock(const CallEvent &Call, CheckerContext &C) const; CheckerKind checkkind) const;
void TryPthreadLock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void TryXNULock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void TryFuchsiaLock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void TryC11Lock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void AcquireLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo, void AcquireLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo,
SVal lock, bool isTryLock, SVal lock, bool isTryLock, LockingSemantics semantics,
enum LockingSemantics semantics) const; CheckerKind checkkind) const;
// Release. // Release.
void ReleaseAnyLock(const CallEvent &Call, CheckerContext &C) const; void ReleaseAnyLock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void ReleaseLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo, void ReleaseLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo,
SVal lock) const; SVal lock, CheckerKind checkkind) const;
// Destroy. // Destroy.
void DestroyPthreadLock(const CallEvent &Call, CheckerContext &C) const; void DestroyPthreadLock(const CallEvent &Call, CheckerContext &C,
void DestroyXNULock(const CallEvent &Call, CheckerContext &C) const; CheckerKind checkkind) const;
void DestroyXNULock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkkind) const;
void DestroyLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo, void DestroyLockAux(const CallEvent &Call, CheckerContext &C, unsigned ArgNo,
SVal Lock, enum LockingSemantics semantics) const; SVal Lock, LockingSemantics semantics,
CheckerKind checkkind) const;
public: public:
void checkPostCall(const CallEvent &Call, CheckerContext &C) const; void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;
ProgramStateRef ProgramStateRef
checkRegionChanges(ProgramStateRef State, const InvalidatedSymbols *Symbols, checkRegionChanges(ProgramStateRef State, const InvalidatedSymbols *Symbols,
ArrayRef<const MemRegion *> ExplicitRegions, ArrayRef<const MemRegion *> ExplicitRegions,
ArrayRef<const MemRegion *> Regions, ArrayRef<const MemRegion *> Regions,
const LocationContext *LCtx, const CallEvent *Call) const; const LocationContext *LCtx, const CallEvent *Call) const;
void printState(raw_ostream &Out, ProgramStateRef State, void printState(raw_ostream &Out, ProgramStateRef State, const char *NL,
const char *NL, const char *Sep) const override; const char *Sep) const override;
private:
mutable std::unique_ptr<BugType> BT_doublelock[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_doubleunlock[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_destroylock[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_initlock[CK_NumCheckKinds];
mutable std::unique_ptr<BugType> BT_lor[CK_NumCheckKinds];
void initBugType(CheckerKind checkKind) const {
if (BT_doublelock[checkKind])
return;
BT_doublelock[checkKind].reset(
new BugType{CheckNames[checkKind], "Double locking", "Lock checker"});
BT_doubleunlock[checkKind].reset(
new BugType{CheckNames[checkKind], "Double unlocking", "Lock checker"});
BT_destroylock[checkKind].reset(new BugType{
CheckNames[checkKind], "Use destroyed lock", "Lock checker"});
BT_initlock[checkKind].reset(new BugType{
CheckNames[checkKind], "Init invalid lock", "Lock checker"});
BT_lor[checkKind].reset(new BugType{CheckNames[checkKind],
"Lock order reversal", "Lock checker"});
}
}; };
} // end anonymous namespace } // end anonymous namespace
// A stack of locks for tracking lock-unlock order. // A stack of locks for tracking lock-unlock order.
REGISTER_LIST_WITH_PROGRAMSTATE(LockSet, const MemRegion *) REGISTER_LIST_WITH_PROGRAMSTATE(LockSet, const MemRegion *)
// An entry for tracking lock states. // An entry for tracking lock states.
REGISTER_MAP_WITH_PROGRAMSTATE(LockMap, const MemRegion *, LockState) REGISTER_MAP_WITH_PROGRAMSTATE(LockMap, const MemRegion *, LockState)
// Return values for unresolved calls to pthread_mutex_destroy(). // Return values for unresolved calls to pthread_mutex_destroy().
REGISTER_MAP_WITH_PROGRAMSTATE(DestroyRetVal, const MemRegion *, SymbolRef) REGISTER_MAP_WITH_PROGRAMSTATE(DestroyRetVal, const MemRegion *, SymbolRef)
void PthreadLockChecker::checkPostCall(const CallEvent &Call, void PthreadLockChecker::checkPostCall(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
// An additional umbrella check that all functions modeled by this checker // An additional umbrella check that all functions modeled by this checker
// are global C functions. // are global C functions.
// TODO: Maybe make this the default behavior of CallDescription // TODO: Maybe make this the default behavior of CallDescription
// with exactly one identifier? // with exactly one identifier?
if (!Call.isGlobalCFunction()) if (!Call.isGlobalCFunction())
return; return;
if (const FnCheck *Callback = Callbacks.lookup(Call)) if (const FnCheck *Callback = PThreadCallbacks.lookup(Call))
(this->**Callback)(Call, C); (this->**Callback)(Call, C, CK_PthreadLockChecker);
else if (const FnCheck *Callback = FuchsiaCallbacks.lookup(Call))
(this->**Callback)(Call, C, CK_FuchsiaLockChecker);
else if (const FnCheck *Callback = C11Callbacks.lookup(Call))
(this->**Callback)(Call, C, CK_C11LockChecker);
} }
// When a lock is destroyed, in some semantics(like PthreadSemantics) we are not // When a lock is destroyed, in some semantics(like PthreadSemantics) we are not
// sure if the destroy call has succeeded or failed, and the lock enters one of // sure if the destroy call has succeeded or failed, and the lock enters one of
// the 'possibly destroyed' state. There is a short time frame for the // the 'possibly destroyed' state. There is a short time frame for the
// programmer to check the return value to see if the lock was successfully // programmer to check the return value to see if the lock was successfully
// destroyed. Before we model the next operation over that lock, we call this // destroyed. Before we model the next operation over that lock, we call this
// function to see if the return value was checked by now and set the lock state // function to see if the return value was checked by now and set the lock state
// - either to destroyed state or back to its previous state. // - either to destroyed state or back to its previous state.
▲ Show 20 LinesShow All 43 Lines▼ Show 20 Lines for (auto I : LM) {
Out << ": unlocked, possibly destroyed"; Out << ": unlocked, possibly destroyed";
Out << NL; Out << NL;
} }
} }
LockSetTy LS = State->get<LockSet>(); LockSetTy LS = State->get<LockSet>();
if (!LS.isEmpty()) { if (!LS.isEmpty()) {
Out << Sep << "Mutex lock order:" << NL; Out << Sep << "Mutex lock order:" << NL;
for (auto I: LS) { for (auto I : LS) {
I->dumpToStream(Out); I->dumpToStream(Out);
Out << NL; Out << NL;
} }
} }
// TODO: Dump destroyed mutex symbols? // TODO: Dump destroyed mutex symbols?
} }
void PthreadLockChecker::AcquirePthreadLock(const CallEvent &Call, void PthreadLockChecker::AcquirePthreadLock(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C,
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), false, PthreadSemantics); CheckerKind checkKind) const {
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), false, PthreadSemantics,
checkKind);
} }
void PthreadLockChecker::AcquireXNULock(const CallEvent &Call, void PthreadLockChecker::AcquireXNULock(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C,
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), false, XNUSemantics); CheckerKind checkKind) const {
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), false, XNUSemantics,
checkKind);
} }
void PthreadLockChecker::TryPthreadLock(const CallEvent &Call, void PthreadLockChecker::TryPthreadLock(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C,
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), true, PthreadSemantics); CheckerKind checkKind) const {
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), true, PthreadSemantics,
checkKind);
} }
void PthreadLockChecker::TryXNULock(const CallEvent &Call, void PthreadLockChecker::TryXNULock(const CallEvent &Call, CheckerContext &C,
CheckerContext &C) const { CheckerKind checkKind) const {
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), true, PthreadSemantics); AcquireLockAux(Call, C, 0, Call.getArgSVal(0), true, PthreadSemantics,
checkKind);
}
void PthreadLockChecker::TryFuchsiaLock(const CallEvent &Call,
CheckerContext &C,
CheckerKind checkKind) const {
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), true, PthreadSemantics,
checkKind);
}
void PthreadLockChecker::TryC11Lock(const CallEvent &Call, CheckerContext &C,
CheckerKind checkKind) const {
AcquireLockAux(Call, C, 0, Call.getArgSVal(0), true, PthreadSemantics,
checkKind);
} }
void PthreadLockChecker::AcquireLockAux(const CallEvent &Call, void PthreadLockChecker::AcquireLockAux(const CallEvent &Call,
CheckerContext &C, unsigned ArgNo, CheckerContext &C, unsigned ArgNo,
SVal lock, bool isTryLock, SVal lock, bool isTryLock,
enum LockingSemantics semantics) const { enum LockingSemantics semantics,
CheckerKind checkKind) const {
if (!ChecksEnabled[checkKind])
return;
const MemRegion *lockR = lock.getAsRegion(); const MemRegion *lockR = lock.getAsRegion();
if (!lockR) if (!lockR)
return; return;
ProgramStateRef state = C.getState(); ProgramStateRef state = C.getState();
const SymbolRef *sym = state->get<DestroyRetVal>(lockR); const SymbolRef *sym = state->get<DestroyRetVal>(lockR);
if (sym) if (sym)
state = resolvePossiblyDestroyedMutex(state, lockR, sym); state = resolvePossiblyDestroyedMutex(state, lockR, sym);
if (const LockState *LState = state->get<LockMap>(lockR)) { if (const LockState *LState = state->get<LockMap>(lockR)) {
if (LState->isLocked()) { if (LState->isLocked()) {
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
initBugType(checkKind);
auto report = std::make_unique<PathSensitiveBugReport>( auto report = std::make_unique<PathSensitiveBugReport>(
BT_doublelock, "This lock has already been acquired", N); *BT_doublelock[checkKind], "This lock has already been acquired", N);
report->addRange(Call.getArgExpr(ArgNo)->getSourceRange()); report->addRange(Call.getArgExpr(ArgNo)->getSourceRange());
C.emitReport(std::move(report)); C.emitReport(std::move(report));
return; return;
} else if (LState->isDestroyed()) { } else if (LState->isDestroyed()) {
reportUseDestroyedBug(Call, C, ArgNo); reportUseDestroyedBug(Call, C, ArgNo, checkKind);
return; return;
} }
} }
ProgramStateRef lockSucc = state; ProgramStateRef lockSucc = state;
if (isTryLock) { if (isTryLock) {
// Bifurcate the state, and allow a mode where the lock acquisition fails. // Bifurcate the state, and allow a mode where the lock acquisition fails.
SVal RetVal = Call.getReturnValue(); SVal RetVal = Call.getReturnValue();
Show All 33 Linesvoid PthreadLockChecker::AcquireLockAux(const CallEvent &Call,
// Record that the lock was acquired. // Record that the lock was acquired.
lockSucc = lockSucc->add<LockSet>(lockR); lockSucc = lockSucc->add<LockSet>(lockR);
lockSucc = lockSucc->set<LockMap>(lockR, LockState::getLocked()); lockSucc = lockSucc->set<LockMap>(lockR, LockState::getLocked());
C.addTransition(lockSucc); C.addTransition(lockSucc);
} }
void PthreadLockChecker::ReleaseAnyLock(const CallEvent &Call, void PthreadLockChecker::ReleaseAnyLock(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C,
ReleaseLockAux(Call, C, 0, Call.getArgSVal(0)); CheckerKind checkKind) const {
ReleaseLockAux(Call, C, 0, Call.getArgSVal(0), checkKind);
} }
void PthreadLockChecker::ReleaseLockAux(const CallEvent &Call, void PthreadLockChecker::ReleaseLockAux(const CallEvent &Call,
CheckerContext &C, unsigned ArgNo, CheckerContext &C, unsigned ArgNo,
SVal lock) const { SVal lock,
CheckerKind checkKind) const {
if (!ChecksEnabled[checkKind])
return;
const MemRegion *lockR = lock.getAsRegion(); const MemRegion *lockR = lock.getAsRegion();
if (!lockR) if (!lockR)
return; return;
ProgramStateRef state = C.getState(); ProgramStateRef state = C.getState();
const SymbolRef *sym = state->get<DestroyRetVal>(lockR); const SymbolRef *sym = state->get<DestroyRetVal>(lockR);
if (sym) if (sym)
state = resolvePossiblyDestroyedMutex(state, lockR, sym); state = resolvePossiblyDestroyedMutex(state, lockR, sym);
if (const LockState *LState = state->get<LockMap>(lockR)) { if (const LockState *LState = state->get<LockMap>(lockR)) {
if (LState->isUnlocked()) { if (LState->isUnlocked()) {
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
initBugType(checkKind);
auto Report = std::make_unique<PathSensitiveBugReport>( auto Report = std::make_unique<PathSensitiveBugReport>(
BT_doubleunlock, "This lock has already been unlocked", N); *BT_doubleunlock[checkKind], "This lock has already been unlocked",
N);
Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange()); Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange());
C.emitReport(std::move(Report)); C.emitReport(std::move(Report));
return; return;
} else if (LState->isDestroyed()) { } else if (LState->isDestroyed()) {
reportUseDestroyedBug(Call, C, ArgNo); reportUseDestroyedBug(Call, C, ArgNo, checkKind);
return; return;
} }
} }
LockSetTy LS = state->get<LockSet>(); LockSetTy LS = state->get<LockSet>();
if (!LS.isEmpty()) { if (!LS.isEmpty()) {
const MemRegion *firstLockR = LS.getHead(); const MemRegion *firstLockR = LS.getHead();
if (firstLockR != lockR) { if (firstLockR != lockR) {
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
initBugType(checkKind);
auto report = std::make_unique<PathSensitiveBugReport>( auto report = std::make_unique<PathSensitiveBugReport>(
BT_lor, "This was not the most recently acquired lock. Possible " *BT_lor[checkKind],
"lock order reversal", N); "This was not the most recently acquired lock. Possible "
"lock order reversal",
N);
report->addRange(Call.getArgExpr(ArgNo)->getSourceRange()); report->addRange(Call.getArgExpr(ArgNo)->getSourceRange());
C.emitReport(std::move(report)); C.emitReport(std::move(report));
return; return;
} }
// Record that the lock was released. // Record that the lock was released.
state = state->set<LockSet>(LS.getTail()); state = state->set<LockSet>(LS.getTail());
} }
state = state->set<LockMap>(lockR, LockState::getUnlocked()); state = state->set<LockMap>(lockR, LockState::getUnlocked());
C.addTransition(state); C.addTransition(state);
} }
void PthreadLockChecker::DestroyPthreadLock(const CallEvent &Call, void PthreadLockChecker::DestroyPthreadLock(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C,
DestroyLockAux(Call, C, 0, Call.getArgSVal(0), PthreadSemantics); CheckerKind checkKind) const {
DestroyLockAux(Call, C, 0, Call.getArgSVal(0), PthreadSemantics, checkKind);
} }
void PthreadLockChecker::DestroyXNULock(const CallEvent &Call, void PthreadLockChecker::DestroyXNULock(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C,
DestroyLockAux(Call, C, 0, Call.getArgSVal(0), XNUSemantics); CheckerKind checkKind) const {
DestroyLockAux(Call, C, 0, Call.getArgSVal(0), XNUSemantics, checkKind);
} }
void PthreadLockChecker::DestroyLockAux(const CallEvent &Call, void PthreadLockChecker::DestroyLockAux(const CallEvent &Call,
CheckerContext &C, unsigned ArgNo, CheckerContext &C, unsigned ArgNo,
SVal Lock, SVal Lock,
enum LockingSemantics semantics) const { enum LockingSemantics semantics,
CheckerKind checkKind) const {
if (!ChecksEnabled[checkKind])
return;
const MemRegion *LockR = Lock.getAsRegion(); const MemRegion *LockR = Lock.getAsRegion();
if (!LockR) if (!LockR)
return; return;
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
const SymbolRef *sym = State->get<DestroyRetVal>(LockR); const SymbolRef *sym = State->get<DestroyRetVal>(LockR);
Show All 34 Lines if (LState->isLocked()) {
Message = "This lock is still locked"; Message = "This lock is still locked";
} else { } else {
Message = "This lock has already been destroyed"; Message = "This lock has already been destroyed";
} }
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
auto Report = initBugType(checkKind);
std::make_unique<PathSensitiveBugReport>(BT_destroylock, Message, N); auto Report = std::make_unique<PathSensitiveBugReport>(
*BT_destroylock[checkKind], Message, N);
Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange()); Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange());
C.emitReport(std::move(Report)); C.emitReport(std::move(Report));
} }
void PthreadLockChecker::InitAnyLock(const CallEvent &Call, void PthreadLockChecker::InitAnyLock(const CallEvent &Call, CheckerContext &C,
CheckerContext &C) const { CheckerKind checkKind) const {
InitLockAux(Call, C, 0, Call.getArgSVal(0)); InitLockAux(Call, C, 0, Call.getArgSVal(0), checkKind);
} }
void PthreadLockChecker::InitLockAux(const CallEvent &Call, CheckerContext &C, void PthreadLockChecker::InitLockAux(const CallEvent &Call, CheckerContext &C,
unsigned ArgNo, SVal Lock) const { unsigned ArgNo, SVal Lock,
CheckerKind checkKind) const {
if (!ChecksEnabled[checkKind])
return;
const MemRegion *LockR = Lock.getAsRegion(); const MemRegion *LockR = Lock.getAsRegion();
if (!LockR) if (!LockR)
return; return;
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
const SymbolRef *sym = State->get<DestroyRetVal>(LockR); const SymbolRef *sym = State->get<DestroyRetVal>(LockR);
Show All 13 Lines if (LState->isLocked()) {
Message = "This lock is still being held"; Message = "This lock is still being held";
} else { } else {
Message = "This lock has already been initialized"; Message = "This lock has already been initialized";
} }
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
auto Report = initBugType(checkKind);
std::make_unique<PathSensitiveBugReport>(BT_initlock, Message, N); auto Report = std::make_unique<PathSensitiveBugReport>(
*BT_initlock[checkKind], Message, N);
Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange()); Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange());
C.emitReport(std::move(Report)); C.emitReport(std::move(Report));
} }
void PthreadLockChecker::reportUseDestroyedBug(const CallEvent &Call, void PthreadLockChecker::reportUseDestroyedBug(const CallEvent &Call,
CheckerContext &C, CheckerContext &C,
unsigned ArgNo) const { unsigned ArgNo,
CheckerKind checkKind) const {
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
initBugType(checkKind);
auto Report = std::make_unique<PathSensitiveBugReport>( auto Report = std::make_unique<PathSensitiveBugReport>(
BT_destroylock, "This lock has already been destroyed", N); *BT_destroylock[checkKind], "This lock has already been destroyed", N);
Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange()); Report->addRange(Call.getArgExpr(ArgNo)->getSourceRange());
C.emitReport(std::move(Report)); C.emitReport(std::move(Report));
} }
void PthreadLockChecker::checkDeadSymbols(SymbolReaper &SymReaper, void PthreadLockChecker::checkDeadSymbols(SymbolReaper &SymReaper,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
Show All 22 LinesProgramStateRef PthreadLockChecker::checkRegionChanges(
ProgramStateRef State, const InvalidatedSymbols *Symbols, ProgramStateRef State, const InvalidatedSymbols *Symbols,
ArrayRef<const MemRegion *> ExplicitRegions, ArrayRef<const MemRegion *> ExplicitRegions,
ArrayRef<const MemRegion *> Regions, const LocationContext *LCtx, ArrayRef<const MemRegion *> Regions, const LocationContext *LCtx,
const CallEvent *Call) const { const CallEvent *Call) const {
bool IsLibraryFunction = false; bool IsLibraryFunction = false;
if (Call && Call->isGlobalCFunction()) { if (Call && Call->isGlobalCFunction()) {
// Avoid invalidating mutex state when a known supported function is called. // Avoid invalidating mutex state when a known supported function is called.
if (Callbacks.lookup(*Call)) if (PThreadCallbacks.lookup(*Call) || FuchsiaCallbacks.lookup(*Call) ||
C11Callbacks.lookup(*Call))
return State; return State;
if (Call->isInSystemHeader()) if (Call->isInSystemHeader())
IsLibraryFunction = true; IsLibraryFunction = true;
} }
for (auto R : Regions) { for (auto R : Regions) {
// We assume that system library function wouldn't touch the mutex unless // We assume that system library function wouldn't touch the mutex unless
// it takes the mutex explicitly as an argument. // it takes the mutex explicitly as an argument.
Show All 9 Lines for (auto R : Regions) {
// TODO: We need to invalidate the lock stack as well. This is tricky // TODO: We need to invalidate the lock stack as well. This is tricky
// to implement correctly and efficiently though, because the effects // to implement correctly and efficiently though, because the effects
// of mutex escapes on lock order may be fairly varied. // of mutex escapes on lock order may be fairly varied.
} }
return State; return State;
} }
void ento::registerPthreadLockChecker(CheckerManager &mgr) { void ento::registerPthreadLockBase(CheckerManager &mgr) {
mgr.registerChecker<PthreadLockChecker>(); mgr.registerChecker<PthreadLockChecker>();
} }
bool ento::shouldRegisterPthreadLockChecker(const LangOptions &LO) { bool ento::shouldRegisterPthreadLockBase(const LangOptions &LO) { return true; }
return true;
} #define REGISTER_CHECKER(name) \
void ento::register##name(CheckerManager &mgr) { \
PthreadLockChecker *checker = mgr.getChecker<PthreadLockChecker>(); \
checker->ChecksEnabled[PthreadLockChecker::CK_##name] = true; \
checker->CheckNames[PthreadLockChecker::CK_##name] = \
mgr.getCurrentCheckerName(); \
} \
\
bool ento::shouldRegister##name(const LangOptions &LO) { return true; }
REGISTER_CHECKER(PthreadLockChecker)
REGISTER_CHECKER(FuchsiaLockChecker)
REGISTER_CHECKER(C11LockChecker)

clang/test/Analysis/c11lock.c

  • This file was added.
// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.C11Lock -verify %s
NoQUnsubmitted
Done
ReplyInline Actions

I wouldn't mind alpha.core given that these functions belong to the standard library.

NoQ: I wouldn't mind `alpha.core` given that these functions belong to the standard library.
NoQUnsubmitted
Done
ReplyInline Actions

(i.e., i mean put the checker into alpha.core)
(but, yeah, also please add core to the run-line)

NoQ: (i.e., i mean put the checker into `alpha.core`) (but, yeah, also please add `core` to the run…
xazax.hunAuthorUnsubmitted
Done
ReplyInline Actions

You are reading my mind. Actually I wanted to ask where to put this but forgot to ask :)

xazax.hun: You are reading my mind. Actually I wanted to ask where to put this but forgot to ask :)
typedef int mtx_t;
struct timespec;
enum {
// FIXME: The value if this enum is implementation defined. While all the
// implementations I am aware of using 0, the right solution would be to
xazax.hunAuthorUnsubmitted
Done
ReplyInline Actions

Strictly speaking, this is implementation defined. But the C11 implementations I am aware of are following this trend (thrd_success == 0). E.g. if the implementation is using pthreads as a backend it is unlikely for this to be any other value.

xazax.hun: Strictly speaking, this is implementation defined. But the C11 implementations I am aware of…
NoQUnsubmitted
Not Done
ReplyInline Actions

Yeah, this is most likely fine but we should add a FIXME just in case. We could most likely uncover the exact constant easily by simply matching the AST (and abort all checking if the constant isn't found in the AST).

NoQ: Yeah, this is most likely fine but we should add a FIXME just in case. We could most likely…
// look this value up in the AST (and disable the check if it is not found).
thrd_success = 0,
thrd_error = 2
};
int mtx_init(mtx_t *mutex, int type);
int mtx_lock(mtx_t *mutex);
int mtx_timedlock(mtx_t *mutex,
const struct timespec *time_point);
int mtx_trylock(mtx_t *mutex);
int mtx_unlock(mtx_t *mutex);
int mtx_destroy(mtx_t *mutex);
mtx_t mtx1;
mtx_t mtx2;
void bad1(void)
{
mtx_lock(&mtx1); // no-warning
mtx_lock(&mtx1); // expected-warning{{This lock has already been acquired}}
}
void bad2(void) {
mtx_t mtx;
mtx_init(&mtx, 0);
xazax.hunAuthorUnsubmitted
Done
ReplyInline Actions

This is a TODO, and I did not solve in this patch for two reasons:

  • Having a mutex in stack scope is rare and prone to errors.
  • I did not want to add new functionality in this patch.

That being said I am not sure if I want to add this anytime soon (due to reason 1).

xazax.hun: This is a TODO, and I did not solve in this patch for two reasons: * Having a mutex in stack…
mtx_lock(&mtx);
} // TODO: Warn for missing unlock?
void bad3(void) {
mtx_t mtx;
mtx_init(&mtx, 0);
} // TODO: Warn for missing destroy?
void bad4(void) {
mtx_t mtx;
mtx_init(&mtx, 0);
mtx_lock(&mtx);
mtx_unlock(&mtx);
} // TODO: warn for missing destroy?
void bad5(void) {
mtx_lock(&mtx1);
mtx_unlock(&mtx1);
mtx_unlock(&mtx1); // expected-warning {{This lock has already been unlocked}}
}
void bad6() {
mtx_init(&mtx1, 0);
if (mtx_trylock(&mtx1) != thrd_success)
mtx_unlock(&mtx1); // expected-warning {{This lock has already been unlocked}}
}
void bad7(void) {
mtx_lock(&mtx1);
mtx_lock(&mtx2);
mtx_unlock(&mtx1); // expected-warning {{This was not the most recently acquired lock. Possible lock order reversal}}
mtx_unlock(&mtx2);
}
void good() {
mtx_t mtx;
mtx_init(&mtx, 0);
mtx_lock(&mtx);
mtx_unlock(&mtx);
mtx_destroy(&mtx);
}
void good2() {
mtx_t mtx;
mtx_init(&mtx, 0);
if (mtx_trylock(&mtx) == thrd_success)
mtx_unlock(&mtx);
mtx_destroy(&mtx);
}
void good3() {
mtx_t mtx;
mtx_init(&mtx, 0);
if (mtx_timedlock(&mtx, 0) == thrd_success)
mtx_unlock(&mtx);
mtx_destroy(&mtx);
}

clang/test/Analysis/fuchsia_lock.c

  • This file was added.
// RUN: %clang_analyze_cc1 -analyzer-checker=fuchsia.Lock -verify %s
typedef int spin_lock_t;
typedef int zx_status_t;
typedef int zx_time_t;
void spin_lock(spin_lock_t *lock);
int spin_trylock(spin_lock_t *lock);
void spin_unlock(spin_lock_t *lock);
void spin_lock_init(spin_lock_t *lock);
void spin_lock_save(spin_lock_t *lock, void *statep,
int flags);
void spin_unlock_restore(spin_lock_t *lock, void *old_state,
int flags);
spin_lock_t mtx1;
spin_lock_t mtx2;
void bad1(void)
{
spin_lock(&mtx1); // no-warning
spin_lock(&mtx1); // expected-warning{{This lock has already been acquired}}
}
void bad2(void) {
spin_lock(&mtx1);
spin_unlock(&mtx1);
spin_unlock(&mtx1); // expected-warning {{This lock has already been unlocked}}
}
void bad3() {
spin_lock_init(&mtx1);
if (spin_trylock(&mtx1) != 0)
spin_unlock(&mtx1); // expected-warning {{This lock has already been unlocked}}
}
void bad4(void) {
spin_lock(&mtx1);
spin_lock(&mtx2);
spin_unlock(&mtx1); // expected-warning {{This was not the most recently acquired lock. Possible lock order reversal}}
spin_unlock(&mtx2);
}
void good() {
spin_lock_t mtx;
spin_lock_init(&mtx);
spin_lock_save(&mtx, 0, 0);
spin_unlock_restore(&mtx, 0, 0);
}
void good2() {
spin_lock_t mtx;
spin_lock_init(&mtx);
if (spin_trylock(&mtx) == 0)
spin_unlock(&mtx);
}
typedef int sync_mutex_t;
void sync_mutex_lock(sync_mutex_t* mutex);
void sync_mutex_lock_with_waiter(sync_mutex_t* mutex);
zx_status_t sync_mutex_timedlock(sync_mutex_t* mutex, zx_time_t deadline);
zx_status_t sync_mutex_trylock(sync_mutex_t* mutex);
void sync_mutex_unlock(sync_mutex_t* mutex);
sync_mutex_t smtx1;
sync_mutex_t smtx2;
void bad11(void)
{
sync_mutex_lock(&smtx1); // no-warning
sync_mutex_lock(&smtx1); // expected-warning{{This lock has already been acquired}}
}
void bad12(void) {
sync_mutex_lock_with_waiter(&smtx1);
sync_mutex_unlock(&smtx1);
sync_mutex_unlock(&smtx1); // expected-warning {{This lock has already been unlocked}}
}
void bad13() {
sync_mutex_unlock(&smtx1);
if (sync_mutex_trylock(&smtx1) != 0)
sync_mutex_unlock(&smtx1); // expected-warning {{This lock has already been unlocked}}
}
void bad14(void) {
sync_mutex_lock(&smtx1);
sync_mutex_lock(&smtx2);
sync_mutex_unlock(&smtx1); // expected-warning {{This was not the most recently acquired lock. Possible lock order reversal}}
sync_mutex_unlock(&smtx2);
}
void good11() {
sync_mutex_t mtx;
if (sync_mutex_trylock(&mtx) == 0)
sync_mutex_unlock(&mtx);
}
void good12() {
sync_mutex_t mtx;
if (sync_mutex_timedlock(&mtx, 0) == 0)
sync_mutex_unlock(&mtx);
}