Download Raw Diff

Details

Reviewers

NoQ
Szelethus
Charusso

Commits

rG1a27d63a8891: [Analyzer] Only add container note tags to the operations of the affected…

Summary

If an error happens which is related to a container the Container Modeling checker adds note tags to all the container operations along the bug path. This may be disturbing if there are other containers beside the one which is affected by the bug. This patch restricts the note tags to only the affected container and adjust the debug checkers to be able to test this change.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

baloghadamsoftware created this revision.Mar 3 2020, 4:27 AM

Herald added subscribers: martong, steakhal, Charusso and 8 others. · View Herald TranscriptMar 3 2020, 4:27 AM

baloghadamsoftware added a parent revision: D73720: [Analyzer] Use note tags to track container begin and and changes.Mar 3 2020, 4:27 AM

I believe our path and context sensitive engine is more extensible and precise than checking the source file. Are you sure it scales? I would prefer to tie this information for MemRegions, rather than arbitrary places in the source code. My knowledge is very weak in this checker but I have changed from the Tidy world to the Analyzer to enjoy its benefits. Please enjoy these benefits in your work as well.

Harbormaster failed remote builds in B47896: Diff 247857!Mar 3 2020, 5:02 AM

Alternative approach for debugging (instead of checking the source range): clang_analyzer_express() from ExprInspection marks its argument as interesting in the bug report. DebugContainerModeling propagates the interestingness from the symbol (begin or end symbol of the container) to the container itself.

Cool, that one a lucky one! I think the SymbolRef based world also working, just at some point it could not scale because other systems are region based... For now, it is a much better solution, and this pattern to overload the callback with all the interestingness seems like the standard way of using NoteTags. Thanks!

This revision is now accepted and ready to land.Mar 3 2020, 8:46 AM

I don't have any technical comments on this patch since I haven't used NoteTags yet, only a couple of readability ones.

clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp
97–103	Probably a flattened version would be more readable. auto *PSBR = dyn_cast<PathSensitiveBugReport>(&BR); if (PSBR && PSBR->isInteresting(Field)) PSBR->markInteresting(Cont); return "";
clang/test/Analysis/container-modeling.cpp
218	I'm not sure about the convention about using dashes, but I've seen multiple time comments like this: `no-warning` etc. Probably a simple `no-note` or something would be more conventional?
232–234	This line looks quite crowded, can't we use `expected-note@-1` here just like it was used previously? The `only once` comment could be in a separate line as well, just to fit nicely.

Updated according to the style comments.

baloghadamsoftware marked 3 inline comments as done.Mar 3 2020, 9:24 AM

In D75514#1903153, @baloghadamsoftware wrote:

Alternative approach for debugging (instead of checking the source range): clang_analyzer_express() from ExprInspection marks its argument as interesting in the bug report. DebugContainerModeling propagates the interestingness from the symbol (begin or end symbol of the container) to the container itself.

But why is this related to UndefinedVal?

In D75514#1905268, @Szelethus wrote:

But why is this related to UndefinedVal?

Because UndefinedVal seems to be the "null" value of SVal thus it is suitable for default value of the parameter.

In D75514#1907392, @baloghadamsoftware wrote:

In D75514#1905268, @Szelethus wrote:

But why is this related to UndefinedVal?

Because UndefinedVal seems to be the "null" value of SVal thus it is suitable for default value of the parameter.

Shouldn't we use Optional then? None means something completely different then UndefinedVal.

clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
55–61	I would also prefer to comment what happens when `ExprVal` has a special value, because its non-obvious from the declaration.

In D75514#1907392, @baloghadamsoftware wrote:

In D75514#1905268, @Szelethus wrote:

But why is this related to UndefinedVal?

Because UndefinedVal seems to be the "null" value of SVal

It is not. It is a very specific and exotic SVal that almost never appears in practice but plays a very important role in the analysis.
Let's remove the default constructor for SVal entirely because it seems to be a common source of confusion.

NoQ added inline comments.Mar 5 2020, 7:12 AM

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
723–724	Mmm, this is definitely impossible. We should change the `NoteTag` API to pass in a `PathSensitiveBugReport &`. My bad.

Updated according to the comments.

Typo fixed.

baloghadamsoftware marked 2 inline comments as done.Mar 5 2020, 9:01 AM

baloghadamsoftware added inline comments.

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
723–724	Good idea. For now I changed it to simple `cast<>()` without check.

baloghadamsoftware mentioned this in D75677: [Analyzer] Only add iterator note tags to the operations of the affected iterators.Mar 5 2020, 9:14 AM

Rebased.

Szelethus mentioned this in D74541: [Analyzer] Use note tags to track iterator increments and decrements.Mar 11 2020, 10:40 AM

The code from in ExprInspectionChecker.cpp is duplicated from D75677, isn't it?

clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
55–57	Please terminate this sentence.
clang/test/Analysis/container-modeling.cpp
99–100	Why did we unpack this? And the rest?

Updated according to the comments.

In D75514#1917450, @Szelethus wrote:

The code from in ExprInspectionChecker.cpp is duplicated from D75677, isn't it?

It is. The one accepted earlier will be committed earlier, then I will rebase the other one so this part disappears from that one.

clang/test/Analysis/container-modeling.cpp
99–100	We did not unpack this but forgot to pack it.

Updated according to the comments of D75677.

Wonderful, thank you!

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
726	I suspect you can remove the explicit conversion to `std::string` given that you've specified the return type explicitly.
clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp
32	`llvm::function_ref`?

Szelethus accepted this revision.Mar 16 2020, 3:23 AM

Szelethus added inline comments.

clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp
32	Is that a thing? Nice.

baloghadamsoftware marked an inline comment as done.Mar 16 2020, 12:56 PM

baloghadamsoftware added inline comments.

clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp
32	You mean a callback instead of a template?

baloghadamsoftware marked an inline comment as done.Mar 17 2020, 2:27 AM

baloghadamsoftware added inline comments.

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
726	Theoretically yes, because `llvm::StringRef` has a conversion operator for `std::string`. However, when compiling I get a compilation error: error: could not convert `Out.llvm::raw_svector_ostream::str()` from `llvm::StringRef` to `std::__cxx11::string {aka std::__cxx11::basic_string<char>}`

Closed by commit rG1a27d63a8891: [Analyzer] Only add container note tags to the operations of the affected… (authored by baloghadamsoftware). · Explain WhyMar 26 2020, 2:07 AM

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: ASDenysPetrov. · View Herald TranscriptMar 26 2020, 2:08 AM

Diff 252770

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp

Show First 20 Lines • Show All 714 Lines • ▼ Show 20 Lines	if (const auto *DR = dyn_cast<DeclRegion>(ContReg)) {
Name = DR->getDecl()->getName();		Name = DR->getDecl()->getName();
// If the region is not a `DeclRegion` then use the expression instead		// If the region is not a `DeclRegion` then use the expression instead
} else if (const auto *DRE =		} else if (const auto *DRE =
dyn_cast<DeclRefExpr>(ContE->IgnoreParenCasts())) {		dyn_cast<DeclRefExpr>(ContE->IgnoreParenCasts())) {
Name = DRE->getDecl()->getName();		Name = DRE->getDecl()->getName();
}		}

return C.getNoteTag(		return C.getNoteTag(
[Text, Name, ContReg](PathSensitiveBugReport &BR) -> std::string {		[Text, Name, ContReg](PathSensitiveBugReport &BR) -> std::string {
		if (!BR.isInteresting(ContReg))
		NoQUnsubmitted Done Reply Inline Actions Mmm, this is definitely impossible. We should change the `NoteTag` API to pass in a `PathSensitiveBugReport &`. My bad. NoQ: Mmm, this is definitely impossible. We should change the `NoteTag` API to pass in a…
		baloghadamsoftwareAuthorUnsubmitted Done Reply Inline Actions Good idea. For now I changed it to simple `cast<>()` without check. baloghadamsoftware: Good idea. For now I changed it to simple `cast<>()` without check.
		return "";

		NoQUnsubmitted Not Done Reply Inline Actions I suspect you can remove the explicit conversion to `std::string` given that you've specified the return type explicitly. NoQ: I suspect you can remove the explicit conversion to `std::string` given that you've specified…
		baloghadamsoftwareAuthorUnsubmitted Done Reply Inline Actions Theoretically yes, because `llvm::StringRef` has a conversion operator for `std::string`. However, when compiling I get a compilation error: error: could not convert `Out.llvm::raw_svector_ostream::str()` from `llvm::StringRef` to `std::__cxx11::string {aka std::__cxx11::basic_string<char>}` baloghadamsoftware: Theoretically yes, because `llvm::StringRef` has a conversion operator for `std::string`.
SmallString<256> Msg;		SmallString<256> Msg;
llvm::raw_svector_ostream Out(Msg);		llvm::raw_svector_ostream Out(Msg);
Out << "Container " << (!Name.empty() ? ("'" + Name.str() + "' ") : "" )		Out << "Container " << (!Name.empty() ? ("'" + Name.str() + "' ") : "" )
<< Text;		<< Text;
return std::string(Out.str());		return std::string(Out.str());
});		});
}		}

▲ Show 20 Lines • Show All 338 Lines • Show Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp

Show All 23 Lines

namespace {		namespace {

class DebugContainerModeling		class DebugContainerModeling
: public Checker<eval::Call> {		: public Checker<eval::Call> {

std::unique_ptr<BugType> DebugMsgBugType;		std::unique_ptr<BugType> DebugMsgBugType;

template <typename Getter>		template <typename Getter>
		NoQUnsubmitted Not Done Reply Inline Actions `llvm::function_ref`? NoQ: `llvm::function_ref`?
		SzelethusUnsubmitted Not Done Reply Inline Actions Is that a thing? Nice. Szelethus: Is that a thing? Nice.
		baloghadamsoftwareAuthorUnsubmitted Done Reply Inline Actions You mean a callback instead of a template? baloghadamsoftware: You mean a callback instead of a template?
void analyzerContainerDataField(const CallExpr *CE, CheckerContext &C,		void analyzerContainerDataField(const CallExpr *CE, CheckerContext &C,
Getter get) const;		Getter get) const;
void analyzerContainerBegin(const CallExpr *CE, CheckerContext &C) const;		void analyzerContainerBegin(const CallExpr *CE, CheckerContext &C) const;
void analyzerContainerEnd(const CallExpr *CE, CheckerContext &C) const;		void analyzerContainerEnd(const CallExpr *CE, CheckerContext &C) const;
ExplodedNode *reportDebugMsg(llvm::StringRef Msg, CheckerContext &C) const;		ExplodedNode *reportDebugMsg(llvm::StringRef Msg, CheckerContext &C) const;

typedef void (DebugContainerModeling::FnCheck)(const CallExpr ,		typedef void (DebugContainerModeling::FnCheck)(const CallExpr ,
CheckerContext &) const;		CheckerContext &) const;
▲ Show 20 Lines • Show All 46 Lines • ▼ Show 20 Lines	void DebugContainerModeling::analyzerContainerDataField(const CallExpr *CE,
const MemRegion *Cont = C.getSVal(CE->getArg(0)).getAsRegion();		const MemRegion *Cont = C.getSVal(CE->getArg(0)).getAsRegion();
if (Cont) {		if (Cont) {
const auto *Data = getContainerData(State, Cont);		const auto *Data = getContainerData(State, Cont);
if (Data) {		if (Data) {
SymbolRef Field = get(Data);		SymbolRef Field = get(Data);
if (Field) {		if (Field) {
State = State->BindExpr(CE, C.getLocationContext(),		State = State->BindExpr(CE, C.getLocationContext(),
nonloc::SymbolVal(Field));		nonloc::SymbolVal(Field));
C.addTransition(State);
		// Progpagate interestingness from the container's data (marked
		// interesting by an `ExprInspection` debug call to the container
		// itself.
		const NoteTag *InterestingTag =
		C.getNoteTag(
		[Cont, Field](PathSensitiveBugReport &BR) -> std::string {
		if (BR.isInteresting(Field)) {
		BR.markInteresting(Cont);
		steakhalUnsubmitted Done Reply Inline Actions Probably a flattened version would be more readable. auto PSBR = dyn_cast<PathSensitiveBugReport>(&BR); if (PSBR && PSBR->isInteresting(Field)) PSBR->markInteresting(Cont); return ""; steakhal:* Probably a flattened version would be more readable. ```lang=c++ auto *PSBR =…
		}
		return "";
		});
		C.addTransition(State, InterestingTag);
return;		return;
}		}
}		}
}		}

auto &BVF = C.getSValBuilder().getBasicValueFactory();		auto &BVF = C.getSValBuilder().getBasicValueFactory();
State = State->BindExpr(CE, C.getLocationContext(),		State = State->BindExpr(CE, C.getLocationContext(),
nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0))));		nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0))));
Show All 35 Lines

clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp

Show First 20 Lines • Show All 46 Lines • ▼ Show 20 Lines	class ExprInspectionChecker : public Checker<eval::Call, check::DeadSymbols,
void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const;		void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const;
void analyzerDenote(const CallExpr *CE, CheckerContext &C) const;		void analyzerDenote(const CallExpr *CE, CheckerContext &C) const;
void analyzerExpress(const CallExpr *CE, CheckerContext &C) const;		void analyzerExpress(const CallExpr *CE, CheckerContext &C) const;
void analyzerIsTainted(const CallExpr *CE, CheckerContext &C) const;		void analyzerIsTainted(const CallExpr *CE, CheckerContext &C) const;

typedef void (ExprInspectionChecker::FnCheck)(const CallExpr ,		typedef void (ExprInspectionChecker::FnCheck)(const CallExpr ,
CheckerContext &C) const;		CheckerContext &C) const;

ExplodedNode *reportBug(llvm::StringRef Msg, CheckerContext &C) const;		// Optional parameter `ExprVal` for expression value to be marked interesting.
		ExplodedNode *reportBug(llvm::StringRef Msg, CheckerContext &C,
		Optional<SVal> ExprVal = None) const;
		SzelethusUnsubmitted Done Reply Inline Actions Please terminate this sentence. Szelethus: Please terminate this sentence.
ExplodedNode *reportBug(llvm::StringRef Msg, BugReporter &BR,		ExplodedNode *reportBug(llvm::StringRef Msg, BugReporter &BR,
ExplodedNode *N) const;		ExplodedNode *N,
		Optional<SVal> ExprVal = None) const;

		SzelethusUnsubmitted Done Reply Inline Actions I would also prefer to comment what happens when `ExprVal` has a special value, because its non-obvious from the declaration. Szelethus: I would also prefer to comment what happens when `ExprVal` has a special value, because its non…
public:		public:
bool evalCall(const CallEvent &Call, CheckerContext &C) const;		bool evalCall(const CallEvent &Call, CheckerContext &C) const;
void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;		void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;
void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,		void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR,
ExprEngine &Eng) const;		ExprEngine &Eng) const;
};		};
}		}

▲ Show 20 Lines • Show All 72 Lines • ▼ Show 20 Lines	if (StTrue) {
if (StFalse)		if (StFalse)
return "FALSE";		return "FALSE";
else		else
llvm_unreachable("Invalid constraint; neither true or false.");		llvm_unreachable("Invalid constraint; neither true or false.");
}		}
}		}

ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg,		ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg,
CheckerContext &C) const {		CheckerContext &C,
		Optional<SVal> ExprVal) const {
ExplodedNode *N = C.generateNonFatalErrorNode();		ExplodedNode *N = C.generateNonFatalErrorNode();
reportBug(Msg, C.getBugReporter(), N);		reportBug(Msg, C.getBugReporter(), N, ExprVal);
return N;		return N;
}		}

ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg,		ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg,
BugReporter &BR,		BugReporter &BR,
ExplodedNode *N) const {		ExplodedNode *N,
		Optional<SVal> ExprVal) const {
if (!N)		if (!N)
return nullptr;		return nullptr;

if (!BT)		if (!BT)
BT.reset(new BugType(this, "Checking analyzer assumptions", "debug"));		BT.reset(new BugType(this, "Checking analyzer assumptions", "debug"));

BR.emitReport(std::make_unique<PathSensitiveBugReport>(*BT, Msg, N));		auto R = std::make_unique<PathSensitiveBugReport>(*BT, Msg, N);
		if (ExprVal) {
		R->markInteresting(*ExprVal);
		}
		BR.emitReport(std::move(R));
return N;		return N;
}		}

void ExprInspectionChecker::analyzerEval(const CallExpr *CE,		void ExprInspectionChecker::analyzerEval(const CallExpr *CE,
CheckerContext &C) const {		CheckerContext &C) const {
const LocationContext *LC = C.getPredecessor()->getLocationContext();		const LocationContext *LC = C.getPredecessor()->getLocationContext();

// A specific instantiation of an inlined function may have more constrained		// A specific instantiation of an inlined function may have more constrained
▲ Show 20 Lines • Show All 230 Lines • ▼ Show 20 Lines

void ExprInspectionChecker::analyzerExpress(const CallExpr *CE,		void ExprInspectionChecker::analyzerExpress(const CallExpr *CE,
CheckerContext &C) const {		CheckerContext &C) const {
if (CE->getNumArgs() == 0) {		if (CE->getNumArgs() == 0) {
reportBug("clang_analyzer_express() requires a symbol", C);		reportBug("clang_analyzer_express() requires a symbol", C);
return;		return;
}		}

SymbolRef Sym = C.getSVal(CE->getArg(0)).getAsSymbol();		SVal ArgVal = C.getSVal(CE->getArg(0));
		SymbolRef Sym = ArgVal.getAsSymbol();
if (!Sym) {		if (!Sym) {
reportBug("Not a symbol", C);		reportBug("Not a symbol", C);
return;		return;
}		}

SymbolExpressor V(C.getState());		SymbolExpressor V(C.getState());
auto Str = V.Visit(Sym);		auto Str = V.Visit(Sym);
if (!Str) {		if (!Str) {
reportBug("Unable to express", C);		reportBug("Unable to express", C);
return;		return;
}		}

reportBug(*Str, C);		reportBug(*Str, C, ArgVal);
}		}

void ExprInspectionChecker::analyzerIsTainted(const CallExpr *CE,		void ExprInspectionChecker::analyzerIsTainted(const CallExpr *CE,
CheckerContext &C) const {		CheckerContext &C) const {
if (CE->getNumArgs() != 1) {		if (CE->getNumArgs() != 1) {
reportBug("clang_analyzer_isTainted() requires exactly one argument", C);		reportBug("clang_analyzer_isTainted() requires exactly one argument", C);
return;		return;
}		}
Show All 12 Lines

clang/test/Analysis/container-modeling.cpp

	Show First 20 Lines • Show All 70 Lines • ▼ Show 20 Lines

	void push_back(std::vector<int> &V, int n) {			void push_back(std::vector<int> &V, int n) {
	V.cbegin();			V.cbegin();
	V.cend();			V.cend();

	clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");			clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
	clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");			clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");

	V.push_back(n); // expected-note{{Container 'V' extended to the back by 1 position}}			V.push_back(n); // expected-note 2{{Container 'V' extended to the back by 1 position}}
	// expected-note@-1{{Container 'V' extended to the back by 1 position}}

	clang_analyzer_express(clang_analyzer_container_begin(V)); // expected-warning{{$V.begin()}}			clang_analyzer_express(clang_analyzer_container_begin(V)); // expected-warning{{$V.begin()}}
	// expected-note@-1{{$V.begin()}}			// expected-note@-1{{$V.begin()}}
	clang_analyzer_express(clang_analyzer_container_end(V)); // expected-warning{{$V.end() + 1}}			clang_analyzer_express(clang_analyzer_container_end(V)); // expected-warning{{$V.end() + 1}}
	// expected-note@-1{{$V.end() + 1}}			// expected-note@-1{{$V.end() + 1}}
	}			}

	/// emplace_back()			/// emplace_back()
	///			///
	/// Design decision: extends containers to the ->BACK-> (i.e. the			/// Design decision: extends containers to the ->BACK-> (i.e. the
	/// past-the-end position of the container is incremented).			/// past-the-end position of the container is incremented).

	void emplace_back(std::vector<int> &V, int n) {			void emplace_back(std::vector<int> &V, int n) {
	V.cbegin();			V.cbegin();
	V.cend();			V.cend();

	clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");			clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
	clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");			clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");

	V.emplace_back(n); // expected-note 2{{Container 'V' extended to the back by 1 position}}			V.emplace_back(n); // expected-note 2{{Container 'V' extended to the back by 1 position}}

				SzelethusUnsubmitted Done Reply Inline Actions Why did we unpack this? And the rest? Szelethus: Why did we unpack this? And the rest?
				baloghadamsoftwareAuthorUnsubmitted Done Reply Inline Actions We did not unpack this but forgot to pack it. baloghadamsoftware: We did not unpack this but forgot to pack it.

	clang_analyzer_express(clang_analyzer_container_begin(V)); // expected-warning{{$V.begin()}}			clang_analyzer_express(clang_analyzer_container_begin(V)); // expected-warning{{$V.begin()}}
	// expected-note@-1{{$V.begin()}}			// expected-note@-1{{$V.begin()}}
	clang_analyzer_express(clang_analyzer_container_end(V)); // expected-warning{{$V.end() + 1}}			clang_analyzer_express(clang_analyzer_container_end(V)); // expected-warning{{$V.end() + 1}}
	// expected-note@-1{{$V.end() + 1}}			// expected-note@-1{{$V.end() + 1}}
	}			}

	/// pop_back()			/// pop_back()
	///			///
	▲ Show 20 Lines • Show All 101 Lines • ▼ Show 20 Lines
	void push_back1(std::vector<int> &V1, std::vector<int> &V2, int n) {			void push_back1(std::vector<int> &V1, std::vector<int> &V2, int n) {
	V1.cbegin();			V1.cbegin();
	V1.cend();			V1.cend();
	V2.cbegin();			V2.cbegin();
	V2.cend();			V2.cend();

	clang_analyzer_denote(clang_analyzer_container_begin(V1), "$V1.begin()");			clang_analyzer_denote(clang_analyzer_container_begin(V1), "$V1.begin()");

	V2.push_back(n); // expected-note{{Container 'V2' extended to the back by 1 position}} FIXME: This note should not appear since `V2` is not affected in the "bug"			V2.push_back(n); // no-note
				steakhalUnsubmitted Done Reply Inline Actions I'm not sure about the convention about using dashes, but I've seen multiple time comments like this: `no-warning` etc. Probably a simple `no-note` or something would be more conventional? steakhal: I'm not sure about the convention about using //dashes//, but I've seen multiple time comments…

	clang_analyzer_express(clang_analyzer_container_begin(V1)); // expected-warning{{$V1.begin()}}			clang_analyzer_express(clang_analyzer_container_begin(V1)); // expected-warning{{$V1.begin()}}
	// expected-note@-1{{$V1.begin()}}			// expected-note@-1{{$V1.begin()}}
	}			}

	void push_back2(std::vector<int> &V1, std::vector<int> &V2, int n) {			void push_back2(std::vector<int> &V1, std::vector<int> &V2, int n) {
	V1.cbegin();			V1.cbegin();
	V1.cend();			V1.cend();
	V2.cbegin();			V2.cbegin();
	V2.cend();			V2.cend();

	clang_analyzer_denote(clang_analyzer_container_begin(V1), "$V1.begin()");			clang_analyzer_denote(clang_analyzer_container_begin(V1), "$V1.begin()");
	clang_analyzer_denote(clang_analyzer_container_begin(V2), "$V2.begin()");			clang_analyzer_denote(clang_analyzer_container_begin(V2), "$V2.begin()");

	V1.push_back(n); // expected-note 2{{Container 'V1' extended to the back by 1 position}}			V1.push_back(n); // expected-note{{Container 'V1' extended to the back by 1 position}}
	// FIXME: This should appear only once since there is only			// Only once!
				steakhalUnsubmitted Done Reply Inline Actions This line looks quite crowded, can't we use `expected-note@-1` here just like it was used previously? The `only once` comment could be in a separate line as well, just to fit nicely. steakhal: This line looks quite crowded, can't we use `expected-note@-1` here just like it was used…
	// one "bug" where `V1` is affected

	clang_analyzer_express(clang_analyzer_container_begin(V1)); // expected-warning{{$V1.begin()}}			clang_analyzer_express(clang_analyzer_container_begin(V1)); // expected-warning{{$V1.begin()}}
	// expected-note@-1{{$V1.begin()}}			// expected-note@-1{{$V1.begin()}}

	clang_analyzer_express(clang_analyzer_container_begin(V2)); // expected-warning{{$V2.begin()}}			clang_analyzer_express(clang_analyzer_container_begin(V2)); // expected-warning{{$V2.begin()}}
	// expected-note@-1{{$V2.begin()}}			// expected-note@-1{{$V2.begin()}}
	}			}

	/// Print Container Data as Part of the Program State			/// Print Container Data as Part of the Program State

	void clang_analyzer_printState();			void clang_analyzer_printState();

	void print_state(std::vector<int> &V) {			void print_state(std::vector<int> &V) {
	V.cbegin();			V.cbegin();
	Show All 17 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[Analyzer] Only add container note tags to the operations of the affected container
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 252770

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp

clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp

clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp

clang/test/Analysis/container-modeling.cpp

This is an archive of the discontinued LLVM Phabricator instance.

[Analyzer] Only add container note tags to the operations of the affected containerClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 252770

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp

clang/lib/StaticAnalyzer/Checkers/DebugContainerModeling.cpp

clang/lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp

clang/test/Analysis/container-modeling.cpp

[Analyzer] Only add container note tags to the operations of the affected container
ClosedPublic