This is an archive of the discontinued LLVM Phabricator instance.

Differential D77150

[Analyzer] New Option for ContainerModeling: AggressiveEraseModeling
Needs ReviewPublic

Authored by baloghadamsoftware on Mar 31 2020, 9:19 AM.

Details

Reviewers
NoQ
Szelethus
dkrupp
gamesh411
Summary

A typical (bad) algorithm for erasing elements of a list is the following:

for(auto i = L.begin(); i != L.end(); ++i) {
   if (condition(*i))
     i = L.erase(i);
}

If condition() returns true for the last element, then erase() returns the past-the-end iterator which the loop tries to increment which leads to undefined behavior. However, the iterator range checker does not find this bug because the "loop iteration before that last iteration" cannot be recognized by the analyzer. Instead we added an option in this patch to ContainerModeling which enables the modeling checker to assume after every erase that the result is the past-the-end iterator (if this case is possible).

Diff Detail

Event Timeline

baloghadamsoftware created this revision.Mar 31 2020, 9:19 AM
Herald added subscribers: ASDenysPetrov, martong, steakhal and 10 others. · View Herald TranscriptMar 31 2020, 9:19 AM
Harbormaster failed remote builds in B51146: Diff 253873!Mar 31 2020, 9:24 AM
martong added a comment.Mar 31 2020, 10:26 AM

Do you have a lit test as well? It would be useful to have one that is similar to the one you mention in the review's summary.

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
801

This seems to be very similar to the hunk we have in handleErase, so this suggests some unnecessary code duplication. I presume we could create a function which is called from both callers.

baloghadamsoftware marked an inline comment as done.Apr 1 2020, 10:25 AM
baloghadamsoftware added inline comments.
clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
801

Yes, I was thinking about that as well. Many parameters have to be passed so it will be not so much shorter.

Szelethus added a comment.Apr 2 2020, 4:31 AM

Some tests would be appreciated, It really helps me understand whats going on.

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
702–706

Hmm. The description isn't really user-friendly, imo, but the option doesn't sound too user-facing either. I don't think this is an option to be tinkered with. I think we should make this hidden.

Also, even for developers, I find this a bitconfusing at first. Do we not enable that by default? Why not? What do we have to gain/lose?

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
701–708

Right, so the const is a state split. That doesn't sound like something regular users should fine-tune.

701–708

cost* :^)

baloghadamsoftware marked an inline comment as done.Apr 3 2020, 12:04 AM
baloghadamsoftware added inline comments.
clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
701–708

We made something like this (upon suggestion from @NoQ) in STLAlgorithmModeling. There is an option which is disabled by default, but if the user enables it, then std::find() and the like will aggressively assume that the element may not be found thus they return their second iterator parameter. This option is very similar to that one.

Szelethus added inline comments.Apr 3 2020, 12:55 PM
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
730–736

Ah, okay, I see which one you refer to. We should totally make this non-user facing as well.

baloghadamsoftware marked an inline comment as done.Apr 4 2020, 2:04 AM
baloghadamsoftware added inline comments.
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
730–736

The option is not about state split! It is for choosing between the (default) conservative approach and a more aggressive one. It is absolutely for the user to set. Some users prefer less false positive for the price of losing true positives. However, some other users prefer more true positives for the price of additional false positives. This is why we have checker options to be able to serve both groups.

This feature was explicitly requested by our users who first disabled iterator checkers because of the too many false positives but later re-enabled them because they run into a bug in a production system which could have been prevented by enabling them. However, they run into another bug that our checker did not find because of its conservative behavior. They requested a more aggressive one but we must not do it for everyone. The concept of the Analyzer is that we apply the conservative approach by default and the aggressive can be enabled by analyzer and checker options.

NoQ added inline comments.Apr 6 2020, 11:48 AM
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
702–706

What is the rule that the user needs to follow in order to avoid the warning? "Always check the return value of erase() before use"? If so, a good description would be along the lines of "Warn when the return value of erase() is not checked before use; compare that value to end() in order to suppress the warning" (or something more specific).

730–736

These options are unlikely to be on-by-default in vanilla clang because of having a fundamentally unfixable class of false positives associated with them. Honestly, i've never seen users who are actually ok with false positives. I've regularly seen users say that they are ok with false positives when they wanted their false negatives fixed, but it always turned out that they don't understand what they're asking for and they quickly changed their mind when they saw the result. But you guys basically vend your own tool to your own customers and bear your own responsibility and i therefore can't tell you what to do in your realm, and i'm ok with having options that allow you to disagree with my choices.

inb4, "-analyzer-config is not user-facing!!!11"

Szelethus added a comment.Apr 6 2020, 12:46 PM

Please mind that my inline is NOT an objection to this patch.

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
730–736

inb4, "-analyzer-config is not user-facing!!!11"

I was starting to breath really heavy and type really fast :D

Jokes aside, I'll spill the beans, we don't have a really convenient way to tweak these options through CodeChecker just yet, so for the time being, they really aren't, but maybe one day.

With that said, I also agree with you regarding options that overapproximate the analysis (greater code coverage with more false and true positives). User facing options should be the ones where the nature of the bug itself if subjective, like whether we want to check the initializedness of pointees. We sure can regard them as unwanted, or we could regard them as totally fine, so an option is a great compromise.

[...] it always turned out that they don't understand what they're asking for [...]

This is why I think this shouldn't be user-facing. You need to be quite knowledgeable about the analyzer, and IteratorChecker in particular to make good judgement about enabling the option added in this patch. That doesn't mean you shouldn't experiment with it, but I'd prefer to not expose it too much.

I just don't see this feature being that desired by many if they knew the costs, even if one user really wants it. We could however, in that case, say
"Hey, there is this option you can enable that might help you hunt down more bugs. It does change the actual analysis itself, and experience showed that it might result in more false positives and could impact performance, so we opted not to make it user-facing, but it is there, if you feel adventurous."

Szelethus added inline comments.Apr 6 2020, 12:49 PM
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
730–736

Granted, I might be demonizing the cons of these options too much, but the description doesn't help on understanding it that much either O:)

baloghadamsoftware marked an inline comment as done.Jul 1 2020, 4:06 AM
baloghadamsoftware added inline comments.
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
730–736

So you both are saying that I should tell the user that we cannot help, the community does not support that he catches this bug in early phase with the analyzer. He must catch it in the testing phase for higher costs. This is not the best way to build confidence in the analyzer.

In my perception options are used to serve one users need without harming others. I never understand why there is so much resistance against introducing an option that does not change the default behavior at all.

baloghadamsoftware updated this revision to Diff 275406.Jul 3 2020, 8:39 AM

Rebased. Tests added. Fixed to work on std::vector-like and std::deque-like containers as well.

baloghadamsoftware added a parent revision: D77125: [Analyzer] Model return values of container insert and delete operations.Jul 7 2020, 5:29 AM
NoQ added inline comments.Jul 7 2020, 9:34 AM
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
730–736
  1. That's right, implementing every single suggestion users have is a terrible idea. Not everything is possible, not everything is feasible. Populism should not be put ahead of common sense. As an extreme example, imagine you're in the 80's and a user complained that they need a voice recognition feature in their computer ("Why do I have to type all this text, it's so slow???"). Would you be ready to inform them that it'll take 30 years and a few revolutionary breakthroughs in computer science to implement? Would you be ready to tell them that learning how to touch-type will make their typing faster than anything they could ever achieve with dictation? Because that's your job as a programmer to be assertive and to be able to say "no" or "maybe later" or "you're not using the program correctly" when user demands don't make sense or are impossible to implement or if the user doesn't know what they're asking for. Developers of every single program that has any users at all constantly struggle with this.
  1. Supporting multiple configurations is much harder than supporting a single configuration. I wish I could say that it will be entirely up to you to maintain these configurations, including the situations when it doesn't cause problems yet but obstructs future development. However, I can't say that, due to 3.
  1. You can't control who uses your option once it's landed in open-source. By committing the option to the upstream LLVM, you're not shipping this option to just one user, you're shipping it to the entire world.
  1. You can't simply say "I know it may sometimes work incorrectly but I tested it and it works for me". The option may behave fine on codebases in your company but completely ruin reputation of the static analyzer by producing a lot of false positives on a famous open-source project that you didn't test it on. This is why we care a lot about correctness and not introducing new sources of false positives.
  1. You may say that the users know what they're doing when they turn the option on, and that they're willing to accept some false positives. That's not true though; you don't personally brief every user of your option. They may try it simply because they heard about it from someone else. They're not always willing to read documentation. One user may enable the option for all other developers and they may never learn that this was an option to begin with.
  1. In particular, i believe that false positives destroy confidence in the analyzer much more than false negatives. I also don't trust the users when they say they don't care about false positives. I heard this many times from a variety of people but when I gave them what they wanted they immediately started complaining about false positives every single time.
  1. Static analysis is not a one-size-fits-all solution to bug finding. Instead of trying to find a way to find every kind of bug statically, you should be trying to find the best tool for the job. There are areas in which static analysis excels, like finding exotic execution paths not covered by tests, but it's not good for everything.
  1. Static analysis is not necessarily cheaper than testing or code review or dynamic analysis. Understanding a single analyzer report may take hours.
  1. False positives reduce cost-effectiveness of static analysis dramatically. They may cause the user to spend a lot of time trying to understand an incorrect warning, or the users may introduce a new bug when they try to silence the warning without understanding the warning and/or the surrounding code.
  1. Last but not least, honestly, we have significantly more important problems to fix. If you claim that adding an option makes a few users happy without changing anything for anybody else, then you must also admit that you're doing a lot of work for just a small portion of users, when you could spend your time (and our time) benefiting *every* user instead.

So, like, options aren't too bad on their own but they're definitely not as free as you describe. You still need to think about *all* users who can potentially access the option, not just the one who's in front of you. "The analyzer produces false positives under an option" still means that the analyzer produces false positives in one of the supported configurations. Marking features as opt-in doesn't give you an excuse for shipping bad features.

Szelethus added a comment.Jul 13 2020, 5:43 AM

There is a parallel discussion in this patch on how we should cater to user requests, I wrote a lengthy comment about my opinion, but I just don't think it adds much -- at the end of the day, it is fair that if we implement an feature for a small subset of users that is known to cause unpleasant side effects, we shouldn't make it a part of the default user interface, because among many other things it inevitably forces other contributors to maintain it, even if they weren't enthusiastic about the idea, but its also fair to prioritize direct users within reason.

Since this is in the same bullpark as D32905, I think this should land in some way or another.

(@baloghadamsoftware) So you both are saying that I should tell the user that we cannot help, the community does not support that he catches this bug in early phase with the analyzer. He must catch it in the testing phase for higher costs. This is not the best way to build confidence in the analyzer. [...]

Nobody said we cannot help. What I say, is that we should not task the broad analyzer community with the maintenance of an option that is known to make state splits that we might not be untitled to. In fact,

(@NoQ) [...] But you guys basically vend your own tool to your own customers and bear your own responsibility and i therefore can't tell you what to do in your realm, and i'm ok with having options that allow you to disagree with my choices.

I don't see how this option shouldn't be alpha -- it creates paths of execution that might be impossible. If I understand this correctly, we would emit a false positive here:

std::vector<int> V = get(); // constructs this const vector every time: { 1, 2, 3 }
auto i = V.erase(std::find(V.begin(), V.end(), 1)); // state split is creater where i is v.end()
*i;

As of now, the only way to fine-tune the analyzer through CodeChecker (edit saargs.txt, add the flag --saargs saargs.txt or something like that) is a quite a jarring interface, and is also buggy (like this thing). Eventually, it would be great to make the -analyzer-checker-option-help list visible and easily configurable. I wonder however, if I was a newcomer to CodeChecker, what my reaction would be an option that says "Enables exploration of the past-the-end branch for the return value of the erase() method of containers". Like, why wouldn't I enable that? Lets say we add a disclaimer that it could emit false positives. Lets say I stumble across one. Am I supposed to create a bug report, or is this intended behavior? Not the mention that CodeChecker might not be the only tool to have plans to support -analyzer-checker-option-help.

To be honest, I probably shouldn't even see these options straight away. Since this option creates state splits we might not be entitled to, we need more testing and data to get to a point where we could safely put in the default interface -- these are literally the traits of what we call alpha checkers/options. Its just simply not finished, and no amount of documentation will change that. Once I have a better feel for how the analyzer behaves or I'm really stuck, I may wanna go and tick a few alpha stuff as a last resort. This is why we should categorize such option under a different flag.

But, as you said in D77150#inline-707863, there is value in these forsaken options after all. They have on occasion found real bugs that saved a lot of time, and we have gotten a lot of feedback on alpha checkers that also helped us fix a lot of issues. But those are still users that decided to opt-in to in-development features. In retrospect, D32905 should've been alpha for this very reason as well.

dkrupp requested changes to this revision.EditedJul 14 2020, 3:55 AM

Since the analyzer cannot cannot model the size of the containers just yet (or precisely enough), what we are saying with this checker is to "always check the return value of the erase() function before use (for increment/decrement etc.) whether it is not past-end" .

Adam, are you sure that the user would like to enforce such a generic coding rule? Depending on the actual code analyzed, this would require this clumsy check at potentially too many places.

Wouldn't it be better to wait for the container size modeling patch? Then the user would only get a warning when we are sure that we are erasing the last element of the container.

In general I think we should keep the number of config parameters to a minimum as it is very hard to explain to the users which one to configure to what value and why.

Oops, I did not mean "request changes". This is just meant to be an additional comment in this discussion.

This revision now requires changes to proceed.Jul 14 2020, 3:55 AM
baloghadamsoftware added a comment.Jul 14 2020, 4:33 AM

I am trying to measure the amount of extra false positive on real code (not artificial examples) of this option. The modeling of container size may reduce it, of course, but we have no other option to find this bug: even loop-unrolling or loop-widening is not be able to recognize the last before the last iteration of a loop. I cannot imagine any solution to recognize it, this really sounds like voice recognition in the 80's as @NoQ wrote. I do not expect such thing in the next 10 years. Refining and enhancing container modeling is expected to reduce false positives generally in the iterator checkers and will eventually result in moving them out of alpha state.

baloghadamsoftware updated this revision to Diff 278396.Jul 16 2020, 1:35 AM

Rebased.

baloghadamsoftware added a comment.Jul 16 2020, 3:10 AM

Now I made some measurements about the false positives this option adds.

For BitCoin the increase was -1. I do not know how it happened, but it reduced the number of false positives by one.

For LLVM/Clang the increase was 15 which is less than 4% beacause we have 419 findings which is enormous. Thus the real problem that scares the user is not the 15 false positives but the 419. To reduce them we must refine the modeling of containers which is also expected to reduce the 15. (I did not examine the 15 findigs, maybe some of them are true positives.)

Honestly, this was the result I expected. This extra state split should not add many false positives because it is extremely rare that we know that we are erasing an element which is not the last one but this knowledge is not expressed by constraints. Of course, we can create artificial examples where this option gives false positives, but the measurement shows that in real code bases the increase is minimal. However, the bug is a serious one which may cause undefined behavior that may lie hidden in tests.

Szelethus requested changes to this revision.EditedJul 28 2020, 5:29 AM

Let me double down -- just because we let some select people know about an option, I still don't think it should be user facing. I'm strongly against the philosophy that a core-modifying decision, such as configuring a state split should be presented on the default interface. Having "smart users" isn't an excuse to that either -- the last thing I'd like to see broadcasted is that you need to be a genius* to use or configure a tool that is suppose to serve you, not the other way around.

edit: * and most importantly, an expert in the analyzer.

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
702–706

Please mark this hidden.

This revision now requires changes to proceed.Jul 28 2020, 5:29 AM
whisperity added a comment.Jul 28 2020, 8:39 AM
In D77150#2149870, @dkrupp wrote:

Since the analyzer cannot cannot model the size of the containers just yet (or precisely enough), what we are saying with this checker is to "always check the return value of the erase() function before use (for increment/decrement etc.) whether it is not past-end" .

Adam, are you sure that the user would like to enforce such a generic coding rule? Depending on the actual code analyzed, this would require this clumsy check at potentially too many places.

While I agree that realising in the analyser that the user code at hand is meant to express that the iterator stepping will not go out of bounds, you have to keep in mind, that going out of bounds with an iterator is still UB. In case of a for loop, it's always a dangerous construct to call erase() inside, unless you, indeed, can explicitly ensure that you won't go out of bounds.

Side note: I am surprised there isn't a Tidy check in bugprone- that simply says "If you are using erase(), use a while loop and not a for loop..."

I'm not terribly up-to-date with @baloghadamsoftware's patches (nor the innards of the analyser), but as a user who'd get this warning, I believe one crucial information missing is something like "note: assuming erase() removed the the last element, setting it to the past-the-end iterator"

In D77150#2149870, @dkrupp wrote:

Oops, I did not mean "request changes". This is just meant to be an additional comment in this discussion.

You can do the Resign as Reviewer action to remove your X from the patch. 🙂

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
702–706

Is marking something hidden still allow for modifying the value from the command-line, or via CodeChecker?

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
697–698

Is this creation prevented?

baloghadamsoftware updated this revision to Diff 282642.Aug 3 2020, 9:11 AM

Option made hidden. However, I think we should create a category "advanced" for options which affect the internal modeling. Our users are programmers and the advanced among them should see this option (and others similar to this one).

baloghadamsoftware marked an inline comment as done.Aug 3 2020, 10:31 AM
Szelethus accepted this revision.Aug 4 2020, 7:52 AM
Szelethus added a reviewer: gamesh411.

LGTM on my end, but please wait for approval from either @gamesh411 or @NoQ.

In D77150#2191049, @baloghadamsoftware wrote:

However, I think we should create a category "advanced" for options which affect the internal modeling. Our users are programmers and the advanced among them should see this option (and others similar to this one).

I think that is a discussion for another time, and definitely on cfe-dev.

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Checkers/
9 lines
lib/
StaticAnalyzer/
Checkers/
248 lines
2 lines
test/
Analysis/
Inputs/
22 lines
1 line
diagnostics/
2 lines
244 lines
38 lines

Diff 282642

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 LinesShow All 691 Lines▼ Show 20 Linesdef VirtualCallChecker : Checker<"VirtualCall">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
} // end: "optin.cplusplus" } // end: "optin.cplusplus"
let ParentPackage = CplusplusAlpha in { let ParentPackage = CplusplusAlpha in {
def ContainerModeling : Checker<"ContainerModeling">, def ContainerModeling : Checker<"ContainerModeling">,
HelpText<"Models C++ containers">, HelpText<"Models C++ containers">,
CheckerOptions<[
CmdLineOption<Boolean,
"AggressiveEraseModeling",
"Enables exploration of the past-the-end branch for the "
"return value of the erase() method of containers.",
"false",
Released,
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Hmm. The description isn't really user-friendly, imo, but the option doesn't sound too user-facing either. I don't think this is an option to be tinkered with. I think we should make this hidden.

Also, even for developers, I find this a bitconfusing at first. Do we not enable that by default? Why not? What do we have to gain/lose?

Szelethus: Hmm. The description isn't really user-friendly, imo, but the option doesn't sound too user…
NoQUnsubmitted
Not Done
ReplyInline Actions

What is the rule that the user needs to follow in order to avoid the warning? "Always check the return value of erase() before use"? If so, a good description would be along the lines of "Warn when the return value of erase() is not checked before use; compare that value to end() in order to suppress the warning" (or something more specific).

NoQ: What is the rule that the user needs to follow in order to avoid the warning? "Always check the…
SzelethusUnsubmitted
Done
ReplyInline Actions

Please mark this hidden.

Szelethus: Please mark this hidden.
whisperityUnsubmitted
Not Done
ReplyInline Actions

Is marking something hidden still allow for modifying the value from the command-line, or via CodeChecker?

whisperity: Is marking something hidden still allow for modifying the value from the command-line, or via…
Hide>
]>,
Documentation<NotDocumented>, Documentation<NotDocumented>,
Hidden; Hidden;
def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">, def DeleteWithNonVirtualDtorChecker : Checker<"DeleteWithNonVirtualDtor">,
HelpText<"Reports destructions of polymorphic objects with a non-virtual " HelpText<"Reports destructions of polymorphic objects with a non-virtual "
"destructor in their base class">, "destructor in their base class">,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">, def EnumCastOutOfRangeChecker : Checker<"EnumCastOutOfRange">,
HelpText<"Check integer to enumeration casts for out of range values">, HelpText<"Check integer to enumeration casts for out of range values">,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def IteratorModeling : Checker<"IteratorModeling">, def IteratorModeling : Checker<"IteratorModeling">,
HelpText<"Models iterators of C++ containers">, HelpText<"Models iterators of C++ containers">,
Dependencies<[ContainerModeling]>, Dependencies<[ContainerModeling]>,
Documentation<NotDocumented>, Documentation<NotDocumented>,
Hidden; Hidden;
def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">, def STLAlgorithmModeling : Checker<"STLAlgorithmModeling">,
HelpText<"Models the algorithm library of the C++ STL.">, HelpText<"Models the algorithm library of the C++ STL.">,
CheckerOptions<[ CheckerOptions<[
CmdLineOption<Boolean, CmdLineOption<Boolean,
"AggressiveStdFindModeling", "AggressiveStdFindModeling",
"Enables exploration of the failure branch in std::find-like " "Enables exploration of the failure branch in std::find-like "
"functions.", "functions.",
"false", "false",
Released> Released>
]>, ]>,
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Ah, okay, I see which one you refer to. We should totally make this non-user facing as well.

Szelethus: Ah, okay, I see which one you refer to. We should totally make this non-user facing as well.
baloghadamsoftwareAuthorUnsubmitted
Done
ReplyInline Actions

The option is not about state split! It is for choosing between the (default) conservative approach and a more aggressive one. It is absolutely for the user to set. Some users prefer less false positive for the price of losing true positives. However, some other users prefer more true positives for the price of additional false positives. This is why we have checker options to be able to serve both groups.

This feature was explicitly requested by our users who first disabled iterator checkers because of the too many false positives but later re-enabled them because they run into a bug in a production system which could have been prevented by enabling them. However, they run into another bug that our checker did not find because of its conservative behavior. They requested a more aggressive one but we must not do it for everyone. The concept of the Analyzer is that we apply the conservative approach by default and the aggressive can be enabled by analyzer and checker options.

baloghadamsoftware: The option is not about state split! It is for choosing between the (default) conservative…
NoQUnsubmitted
Not Done
ReplyInline Actions

These options are unlikely to be on-by-default in vanilla clang because of having a fundamentally unfixable class of false positives associated with them. Honestly, i've never seen users who are actually ok with false positives. I've regularly seen users say that they are ok with false positives when they wanted their false negatives fixed, but it always turned out that they don't understand what they're asking for and they quickly changed their mind when they saw the result. But you guys basically vend your own tool to your own customers and bear your own responsibility and i therefore can't tell you what to do in your realm, and i'm ok with having options that allow you to disagree with my choices.

inb4, "-analyzer-config is not user-facing!!!11"

NoQ: These options are unlikely to be on-by-default in vanilla clang because of having a…
SzelethusUnsubmitted
Not Done
ReplyInline Actions

inb4, "-analyzer-config is not user-facing!!!11"

I was starting to breath really heavy and type really fast :D

Jokes aside, I'll spill the beans, we don't have a really convenient way to tweak these options through CodeChecker just yet, so for the time being, they really aren't, but maybe one day.

With that said, I also agree with you regarding options that overapproximate the analysis (greater code coverage with more false and true positives). User facing options should be the ones where the nature of the bug itself if subjective, like whether we want to check the initializedness of pointees. We sure can regard them as unwanted, or we could regard them as totally fine, so an option is a great compromise.

[...] it always turned out that they don't understand what they're asking for [...]

This is why I think this shouldn't be user-facing. You need to be quite knowledgeable about the analyzer, and IteratorChecker in particular to make good judgement about enabling the option added in this patch. That doesn't mean you shouldn't experiment with it, but I'd prefer to not expose it too much.

I just don't see this feature being that desired by many if they knew the costs, even if one user really wants it. We could however, in that case, say
"Hey, there is this option you can enable that might help you hunt down more bugs. It does change the actual analysis itself, and experience showed that it might result in more false positives and could impact performance, so we opted not to make it user-facing, but it is there, if you feel adventurous."

Szelethus: >inb4, "-analyzer-config is not user-facing!!!11" I was starting to breath really heavy and…
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Granted, I might be demonizing the cons of these options too much, but the description doesn't help on understanding it that much either O:)

Szelethus: Granted, I might be demonizing the cons of these options too much, but the description doesn't…
baloghadamsoftwareAuthorUnsubmitted
Done
ReplyInline Actions

So you both are saying that I should tell the user that we cannot help, the community does not support that he catches this bug in early phase with the analyzer. He must catch it in the testing phase for higher costs. This is not the best way to build confidence in the analyzer.

In my perception options are used to serve one users need without harming others. I never understand why there is so much resistance against introducing an option that does not change the default behavior at all.

baloghadamsoftware: So you both are saying that I should tell the user that we cannot help, the community does not…
NoQUnsubmitted
Not Done
ReplyInline Actions
  1. That's right, implementing every single suggestion users have is a terrible idea. Not everything is possible, not everything is feasible. Populism should not be put ahead of common sense. As an extreme example, imagine you're in the 80's and a user complained that they need a voice recognition feature in their computer ("Why do I have to type all this text, it's so slow???"). Would you be ready to inform them that it'll take 30 years and a few revolutionary breakthroughs in computer science to implement? Would you be ready to tell them that learning how to touch-type will make their typing faster than anything they could ever achieve with dictation? Because that's your job as a programmer to be assertive and to be able to say "no" or "maybe later" or "you're not using the program correctly" when user demands don't make sense or are impossible to implement or if the user doesn't know what they're asking for. Developers of every single program that has any users at all constantly struggle with this.
  1. Supporting multiple configurations is much harder than supporting a single configuration. I wish I could say that it will be entirely up to you to maintain these configurations, including the situations when it doesn't cause problems yet but obstructs future development. However, I can't say that, due to 3.
  1. You can't control who uses your option once it's landed in open-source. By committing the option to the upstream LLVM, you're not shipping this option to just one user, you're shipping it to the entire world.
  1. You can't simply say "I know it may sometimes work incorrectly but I tested it and it works for me". The option may behave fine on codebases in your company but completely ruin reputation of the static analyzer by producing a lot of false positives on a famous open-source project that you didn't test it on. This is why we care a lot about correctness and not introducing new sources of false positives.
  1. You may say that the users know what they're doing when they turn the option on, and that they're willing to accept some false positives. That's not true though; you don't personally brief every user of your option. They may try it simply because they heard about it from someone else. They're not always willing to read documentation. One user may enable the option for all other developers and they may never learn that this was an option to begin with.
  1. In particular, i believe that false positives destroy confidence in the analyzer much more than false negatives. I also don't trust the users when they say they don't care about false positives. I heard this many times from a variety of people but when I gave them what they wanted they immediately started complaining about false positives every single time.
  1. Static analysis is not a one-size-fits-all solution to bug finding. Instead of trying to find a way to find every kind of bug statically, you should be trying to find the best tool for the job. There are areas in which static analysis excels, like finding exotic execution paths not covered by tests, but it's not good for everything.
  1. Static analysis is not necessarily cheaper than testing or code review or dynamic analysis. Understanding a single analyzer report may take hours.
  1. False positives reduce cost-effectiveness of static analysis dramatically. They may cause the user to spend a lot of time trying to understand an incorrect warning, or the users may introduce a new bug when they try to silence the warning without understanding the warning and/or the surrounding code.
  1. Last but not least, honestly, we have significantly more important problems to fix. If you claim that adding an option makes a few users happy without changing anything for anybody else, then you must also admit that you're doing a lot of work for just a small portion of users, when you could spend your time (and our time) benefiting *every* user instead.

So, like, options aren't too bad on their own but they're definitely not as free as you describe. You still need to think about *all* users who can potentially access the option, not just the one who's in front of you. "The analyzer produces false positives under an option" still means that the analyzer produces false positives in one of the supported configurations. Marking features as opt-in doesn't give you an excuse for shipping bad features.

NoQ: 1. That's right, implementing every single suggestion users have is a terrible idea. Not…
Dependencies<[ContainerModeling]>, Dependencies<[ContainerModeling]>,
Documentation<NotDocumented>; Documentation<NotDocumented>;
def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">, def InvalidatedIteratorChecker : Checker<"InvalidatedIterator">,
HelpText<"Check for use of invalidated iterators">, HelpText<"Check for use of invalidated iterators">,
Dependencies<[IteratorModeling]>, Dependencies<[IteratorModeling]>,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
▲ Show 20 LinesShow All 930 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp

Show All 38 Linesclass ContainerModeling
void handleAssignment(CheckerContext &C, SVal Cont, const Expr *CE = nullptr, void handleAssignment(CheckerContext &C, SVal Cont, const Expr *CE = nullptr,
SVal OldCont = UndefinedVal()) const; SVal OldCont = UndefinedVal()) const;
void handleAssign(CheckerContext &C, SVal Cont, const Expr *ContE) const; void handleAssign(CheckerContext &C, SVal Cont, const Expr *ContE) const;
void handleClear(CheckerContext &C, SVal Cont, const Expr *ContE) const; void handleClear(CheckerContext &C, SVal Cont, const Expr *ContE) const;
void handlePushBack(CheckerContext &C, SVal Cont, const Expr *ContE) const; void handlePushBack(CheckerContext &C, SVal Cont, const Expr *ContE) const;
void handlePopBack(CheckerContext &C, SVal Cont, const Expr *ContE) const; void handlePopBack(CheckerContext &C, SVal Cont, const Expr *ContE) const;
void handlePushFront(CheckerContext &C, SVal Cont, const Expr *ContE) const; void handlePushFront(CheckerContext &C, SVal Cont, const Expr *ContE) const;
void handlePopFront(CheckerContext &C, SVal Cont, const Expr *ContE) const; void handlePopFront(CheckerContext &C, SVal Cont, const Expr *ContE) const;
void handleInsert(CheckerContext &C, SVal Cont, SVal Iter) const; void handleInsert(CheckerContext &C, SVal Cont, SVal Iter, SVal RetVal,
void handleErase(CheckerContext &C, SVal Cont, SVal Iter) const; const Expr *CE) const;
void handleErase(CheckerContext &C, SVal Cont, SVal Iter1, SVal Iter2) const; void handleInsertAfter(CheckerContext &C, SVal Cont, SVal Iter, SVal RetVal,
void handleEraseAfter(CheckerContext &C, SVal Cont, SVal Iter) const; const Expr *CE) const;
void handleErase(CheckerContext &C, SVal Cont, SVal Iter, SVal RetVal,
const Expr *CE) const;
void handleErase(CheckerContext &C, SVal Cont, SVal Iter1, SVal Iter2,
SVal RetVal) const;
void handleEraseAfter(CheckerContext &C, SVal Cont, SVal Iter, SVal RetVal,
const Expr *CE) const;
void handleEraseAfter(CheckerContext &C, SVal Cont, SVal Iter1, void handleEraseAfter(CheckerContext &C, SVal Cont, SVal Iter1,
SVal Iter2) const; SVal Iter2, SVal RetVal) const;
const NoteTag *getChangeTag(CheckerContext &C, StringRef Text, const NoteTag *getChangeTag(CheckerContext &C, StringRef Text,
const MemRegion *ContReg, const MemRegion *ContReg,
const Expr *ContE) const; const Expr *ContE) const;
void printState(raw_ostream &Out, ProgramStateRef State, const char *NL, void printState(raw_ostream &Out, ProgramStateRef State, const char *NL,
const char *Sep) const override; const char *Sep) const override;
public: public:
ContainerModeling() = default; ContainerModeling() = default;
DefaultBool AggressiveEraseModeling;
void checkPostCall(const CallEvent &Call, CheckerContext &C) const; void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
void checkLiveSymbols(ProgramStateRef State, SymbolReaper &SR) const; void checkLiveSymbols(ProgramStateRef State, SymbolReaper &SR) const;
void checkDeadSymbols(SymbolReaper &SR, CheckerContext &C) const; void checkDeadSymbols(SymbolReaper &SR, CheckerContext &C) const;
using NoItParamFn = void (ContainerModeling::*)(CheckerContext &, SVal, using NoItParamFn = void (ContainerModeling::*)(CheckerContext &, SVal,
const Expr *) const; const Expr *) const;
using OneItParamFn = void (ContainerModeling::*)(CheckerContext &, SVal, using OneItParamFn = void (ContainerModeling::*)(CheckerContext &, SVal, SVal,
SVal) const; SVal, const Expr*) const;
using TwoItParamFn = void (ContainerModeling::*)(CheckerContext &, SVal, SVal, using TwoItParamFn = void (ContainerModeling::*)(CheckerContext &, SVal, SVal,
SVal) const; SVal, SVal) const;
CallDescriptionMap<NoItParamFn> NoIterParamFunctions = { CallDescriptionMap<NoItParamFn> NoIterParamFunctions = {
{{0, "clear", 0}, {{0, "clear", 0},
&ContainerModeling::handleClear}, &ContainerModeling::handleClear},
{{0, "assign", 2}, {{0, "assign", 2},
&ContainerModeling::handleAssign}, &ContainerModeling::handleAssign},
{{0, "push_back", 1}, {{0, "push_back", 1},
&ContainerModeling::handlePushBack}, &ContainerModeling::handlePushBack},
{{0, "emplace_back", 1}, {{0, "emplace_back", 1},
&ContainerModeling::handlePushBack}, &ContainerModeling::handlePushBack},
{{0, "pop_back", 0}, {{0, "pop_back", 0},
&ContainerModeling::handlePopBack}, &ContainerModeling::handlePopBack},
{{0, "push_front", 1}, {{0, "push_front", 1},
&ContainerModeling::handlePushFront}, &ContainerModeling::handlePushFront},
{{0, "emplace_front", 1}, {{0, "emplace_front", 1},
&ContainerModeling::handlePushFront}, &ContainerModeling::handlePushFront},
{{0, "pop_front", 0}, {{0, "pop_front", 0},
&ContainerModeling::handlePopFront}, &ContainerModeling::handlePopFront},
}; };
CallDescriptionMap<OneItParamFn> OneIterParamFunctions = { CallDescriptionMap<OneItParamFn> OneIterParamFunctions = {
{{0, "insert", 2}, {{0, "insert", 2},
&ContainerModeling::handleInsert}, &ContainerModeling::handleInsert},
{{0, "insert_after", 2},
&ContainerModeling::handleInsertAfter},
{{0, "emplace", 2}, {{0, "emplace", 2},
&ContainerModeling::handleInsert}, &ContainerModeling::handleInsert},
{{0, "emplace_after", 2},
&ContainerModeling::handleInsertAfter},
{{0, "erase", 1}, {{0, "erase", 1},
&ContainerModeling::handleErase}, &ContainerModeling::handleErase},
{{0, "erase_after", 1}, {{0, "erase_after", 1},
&ContainerModeling::handleEraseAfter}, &ContainerModeling::handleEraseAfter},
}; };
CallDescriptionMap<TwoItParamFn> TwoIterParamFunctions = { CallDescriptionMap<TwoItParamFn> TwoIterParamFunctions = {
{{0, "erase", 2}, {{0, "erase", 2},
▲ Show 20 LinesShow All 69 Lines▼ Show 20 Lines if (Op == OO_Equal) {
return; return;
} }
handleAssignment(C, InstCall->getCXXThisVal()); handleAssignment(C, InstCall->getCXXThisVal());
return; return;
} }
} else { } else {
if (const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call)) { if (const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call)) {
const auto *OrigExpr = Call.getOriginExpr();
if (!OrigExpr)
return;
QualType RetType = Call.getResultType();
SVal RetVal = Call.getReturnValue();
if (isIteratorType(RetType) && RetVal.isUnknown()) {
ProgramStateRef State = C.getState();
auto &SymMgr = C.getSymbolManager();
auto *LCtx = C.getLocationContext();
SymbolRef RetSym = SymMgr.conjureSymbol(OrigExpr, LCtx, RetType,
C.blockCount());
if (RetType->getUnqualifiedDesugaredType()->isPointerType()) {
auto &RegMgr = C.getStoreManager().getRegionManager();
const MemRegion *RetReg = RegMgr.getSymbolicRegion(RetSym);
RetVal = loc::MemRegionVal(RetReg);
} else {
RetVal = nonloc::SymbolVal(RetSym);
}
State = State->BindExpr(OrigExpr, LCtx, RetVal);
C.addTransition(State);
}
const NoItParamFn *Handler0 = NoIterParamFunctions.lookup(Call); const NoItParamFn *Handler0 = NoIterParamFunctions.lookup(Call);
if (Handler0) { if (Handler0) {
(this->**Handler0)(C, InstCall->getCXXThisVal(), (this->**Handler0)(C, InstCall->getCXXThisVal(),
InstCall->getCXXThisExpr()); InstCall->getCXXThisExpr());
return; return;
} }
const OneItParamFn *Handler1 = OneIterParamFunctions.lookup(Call); const OneItParamFn *Handler1 = OneIterParamFunctions.lookup(Call);
if (Handler1) { if (Handler1) {
(this->**Handler1)(C, InstCall->getCXXThisVal(), Call.getArgSVal(0)); (this->**Handler1)(C, InstCall->getCXXThisVal(), Call.getArgSVal(0),
RetVal, Call.getOriginExpr());
return; return;
} }
const TwoItParamFn *Handler2 = TwoIterParamFunctions.lookup(Call); const TwoItParamFn *Handler2 = TwoIterParamFunctions.lookup(Call);
if (Handler2) { if (Handler2) {
(this->**Handler2)(C, InstCall->getCXXThisVal(), Call.getArgSVal(0), (this->**Handler2)(C, InstCall->getCXXThisVal(), Call.getArgSVal(0),
Call.getArgSVal(1)); Call.getArgSVal(1), RetVal);
return; return;
} }
const auto *OrigExpr = Call.getOriginExpr();
if (!OrigExpr)
return;
if (isBeginCall(Func)) { if (isBeginCall(Func)) {
handleBegin(C, OrigExpr, Call.getReturnValue(), handleBegin(C, OrigExpr, RetVal, InstCall->getCXXThisVal());
InstCall->getCXXThisVal());
return; return;
} }
if (isEndCall(Func)) { if (isEndCall(Func)) {
handleEnd(C, OrigExpr, Call.getReturnValue(), handleEnd(C, OrigExpr, RetVal, InstCall->getCXXThisVal());
InstCall->getCXXThisVal());
return; return;
} }
} }
} }
} }
void ContainerModeling::checkLiveSymbols(ProgramStateRef State, void ContainerModeling::checkLiveSymbols(ProgramStateRef State,
SymbolReaper &SR) const { SymbolReaper &SR) const {
▲ Show 20 LinesShow All 217 Lines▼ Show 20 Lines if (!CData)
return; return;
// For vector-like containers invalidate the past-end iterator positions // For vector-like containers invalidate the past-end iterator positions
if (const auto EndSym = CData->getEnd()) { if (const auto EndSym = CData->getEnd()) {
if (hasSubscriptOperator(State, ContReg)) { if (hasSubscriptOperator(State, ContReg)) {
State = invalidateIteratorPositions(State, EndSym, BO_GE); State = invalidateIteratorPositions(State, EndSym, BO_GE);
} }
auto &SymMgr = C.getSymbolManager(); auto &SymMgr = C.getSymbolManager();
auto &BVF = SymMgr.getBasicVals();
auto &SVB = C.getSValBuilder(); auto &SVB = C.getSValBuilder();
const auto newEndSym = const auto newEndSym =
SVB.evalBinOp(State, BO_Add, SVB.evalBinOp(State, BO_Add, nonloc::SymbolVal(EndSym),
nonloc::SymbolVal(EndSym), SVB.makeIntVal(1, false),
nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(1))),
SymMgr.getType(EndSym)).getAsSymbol(); SymMgr.getType(EndSym)).getAsSymbol();
const NoteTag *ChangeTag = const NoteTag *ChangeTag =
getChangeTag(C, "extended to the back by 1 position", ContReg, ContE); getChangeTag(C, "extended to the back by 1 position", ContReg, ContE);
State = setContainerData(State, ContReg, CData->newEnd(newEndSym)); State = setContainerData(State, ContReg, CData->newEnd(newEndSym));
C.addTransition(State, ChangeTag); C.addTransition(State, ChangeTag);
} }
} }
void ContainerModeling::handlePopBack(CheckerContext &C, SVal Cont, void ContainerModeling::handlePopBack(CheckerContext &C, SVal Cont,
const Expr *ContE) const { const Expr *ContE) const {
const auto *ContReg = Cont.getAsRegion(); const auto *ContReg = Cont.getAsRegion();
if (!ContReg) if (!ContReg)
return; return;
ContReg = ContReg->getMostDerivedObjectRegion(); ContReg = ContReg->getMostDerivedObjectRegion();
auto State = C.getState(); auto State = C.getState();
const auto CData = getContainerData(State, ContReg); const auto CData = getContainerData(State, ContReg);
if (!CData) if (!CData)
return; return;
if (const auto EndSym = CData->getEnd()) { if (const auto EndSym = CData->getEnd()) {
auto &SymMgr = C.getSymbolManager(); auto &SymMgr = C.getSymbolManager();
auto &BVF = SymMgr.getBasicVals();
auto &SVB = C.getSValBuilder(); auto &SVB = C.getSValBuilder();
const auto BackSym = const auto BackSym =
SVB.evalBinOp(State, BO_Sub, SVB.evalBinOp(State, BO_Sub, nonloc::SymbolVal(EndSym),
nonloc::SymbolVal(EndSym), SVB.makeIntVal(1, false),
nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(1))),
SymMgr.getType(EndSym)).getAsSymbol(); SymMgr.getType(EndSym)).getAsSymbol();
const NoteTag *ChangeTag = const NoteTag *ChangeTag =
getChangeTag(C, "shrank from the back by 1 position", ContReg, ContE); getChangeTag(C, "shrank from the back by 1 position", ContReg, ContE);
// For vector-like and deque-like containers invalidate the last and the // For vector-like and deque-like containers invalidate the last and the
// past-end iterator positions. For list-like containers only invalidate // past-end iterator positions. For list-like containers only invalidate
// the last position // the last position
if (hasSubscriptOperator(State, ContReg) && if (hasSubscriptOperator(State, ContReg) &&
backModifiable(State, ContReg)) { backModifiable(State, ContReg)) {
Show All 23 Lines if (hasSubscriptOperator(State, ContReg)) {
C.addTransition(State); C.addTransition(State);
} else { } else {
const auto CData = getContainerData(State, ContReg); const auto CData = getContainerData(State, ContReg);
if (!CData) if (!CData)
return; return;
if (const auto BeginSym = CData->getBegin()) { if (const auto BeginSym = CData->getBegin()) {
auto &SymMgr = C.getSymbolManager(); auto &SymMgr = C.getSymbolManager();
auto &BVF = SymMgr.getBasicVals();
auto &SVB = C.getSValBuilder(); auto &SVB = C.getSValBuilder();
const auto newBeginSym = const auto newBeginSym =
SVB.evalBinOp(State, BO_Sub, SVB.evalBinOp(State, BO_Sub, nonloc::SymbolVal(BeginSym),
nonloc::SymbolVal(BeginSym), SVB.makeIntVal(1, false),
nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(1))),
SymMgr.getType(BeginSym)).getAsSymbol(); SymMgr.getType(BeginSym)).getAsSymbol();
const NoteTag *ChangeTag = const NoteTag *ChangeTag =
getChangeTag(C, "extended to the front by 1 position", ContReg, ContE); getChangeTag(C, "extended to the front by 1 position", ContReg, ContE);
State = setContainerData(State, ContReg, CData->newBegin(newBeginSym)); State = setContainerData(State, ContReg, CData->newBegin(newBeginSym));
C.addTransition(State, ChangeTag); C.addTransition(State, ChangeTag);
} }
} }
} }
Show All 15 Linesvoid ContainerModeling::handlePopFront(CheckerContext &C, SVal Cont,
// iterators only invalidate the first position // iterators only invalidate the first position
if (const auto BeginSym = CData->getBegin()) { if (const auto BeginSym = CData->getBegin()) {
if (hasSubscriptOperator(State, ContReg)) { if (hasSubscriptOperator(State, ContReg)) {
State = invalidateIteratorPositions(State, BeginSym, BO_LE); State = invalidateIteratorPositions(State, BeginSym, BO_LE);
} else { } else {
State = invalidateIteratorPositions(State, BeginSym, BO_EQ); State = invalidateIteratorPositions(State, BeginSym, BO_EQ);
} }
auto &SymMgr = C.getSymbolManager(); auto &SymMgr = C.getSymbolManager();
auto &BVF = SymMgr.getBasicVals();
auto &SVB = C.getSValBuilder(); auto &SVB = C.getSValBuilder();
const auto newBeginSym = const auto newBeginSym =
SVB.evalBinOp(State, BO_Add, SVB.evalBinOp(State, BO_Add, nonloc::SymbolVal(BeginSym),
nonloc::SymbolVal(BeginSym), SVB.makeIntVal(1, false),
nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(1))),
SymMgr.getType(BeginSym)).getAsSymbol(); SymMgr.getType(BeginSym)).getAsSymbol();
const NoteTag *ChangeTag = const NoteTag *ChangeTag =
getChangeTag(C, "shrank from the front by 1 position", ContReg, ContE); getChangeTag(C, "shrank from the front by 1 position", ContReg, ContE);
State = setContainerData(State, ContReg, CData->newBegin(newBeginSym)); State = setContainerData(State, ContReg, CData->newBegin(newBeginSym));
C.addTransition(State, ChangeTag); C.addTransition(State, ChangeTag);
} }
} }
void ContainerModeling::handleInsert(CheckerContext &C, SVal Cont, void ContainerModeling::handleInsert(CheckerContext &C, SVal Cont, SVal Iter,
SVal Iter) const { SVal RetVal, const Expr*) const {
const auto *ContReg = Cont.getAsRegion(); const auto *ContReg = Cont.getAsRegion();
if (!ContReg) if (!ContReg)
return; return;
ContReg = ContReg->getMostDerivedObjectRegion(); ContReg = ContReg->getMostDerivedObjectRegion();
auto State = C.getState(); auto State = C.getState();
const auto *Pos = getIteratorPosition(State, Iter); const auto *Pos = getIteratorPosition(State, Iter);
Show All 9 Lines if (frontModifiable(State, ContReg)) {
State = invalidateIteratorPositions(State, Pos->getOffset(), BO_GE); State = invalidateIteratorPositions(State, Pos->getOffset(), BO_GE);
} }
if (const auto *CData = getContainerData(State, ContReg)) { if (const auto *CData = getContainerData(State, ContReg)) {
if (const auto EndSym = CData->getEnd()) { if (const auto EndSym = CData->getEnd()) {
State = invalidateIteratorPositions(State, EndSym, BO_GE); State = invalidateIteratorPositions(State, EndSym, BO_GE);
State = setContainerData(State, ContReg, CData->newEnd(nullptr)); State = setContainerData(State, ContReg, CData->newEnd(nullptr));
} }
} }
}
// Set the return value
if (!RetVal.isUnknown()) {
auto RetPos =
IteratorPosition::getPosition(Pos->getContainer(), Pos->getOffset());
State = setIteratorPosition(State, RetVal, RetPos);
}
C.addTransition(State); C.addTransition(State);
} }
void ContainerModeling::handleInsertAfter(CheckerContext &C, SVal Cont,
SVal Iter, SVal RetVal,
const Expr*) const {
const auto *ContReg = Cont.getAsRegion();
if (!ContReg)
return;
ContReg = ContReg->getMostDerivedObjectRegion();
auto State = C.getState();
const auto *Pos = getIteratorPosition(State, Iter);
if (!Pos)
return;
// Set the return value
if (!RetVal.isUnknown()) {
auto &SymMgr = C.getSymbolManager();
auto &SVB = C.getSValBuilder();
const auto RetOffset =
SVB.evalBinOp(State, BO_Add, nonloc::SymbolVal(Pos->getOffset()),
SVB.makeIntVal(1, false),
SymMgr.getType(Pos->getOffset())).getAsSymbol();
auto RetPos = IteratorPosition::getPosition(Pos->getContainer(), RetOffset);
State = setIteratorPosition(State, RetVal, RetPos);
}
C.addTransition(State);
} }
void ContainerModeling::handleErase(CheckerContext &C, SVal Cont, void ContainerModeling::handleErase(CheckerContext &C, SVal Cont, SVal Iter,
SVal Iter) const { SVal RetVal, const Expr *CE) const {
const auto *ContReg = Cont.getAsRegion(); const auto *ContReg = Cont.getAsRegion();
if (!ContReg) if (!ContReg)
return; return;
ContReg = ContReg->getMostDerivedObjectRegion(); ContReg = ContReg->getMostDerivedObjectRegion();
auto State = C.getState(); auto State = C.getState();
const auto *Pos = getIteratorPosition(State, Iter); const auto *Pos = getIteratorPosition(State, Iter);
Show All 13 Lines if (const auto *CData = getContainerData(State, ContReg)) {
if (const auto EndSym = CData->getEnd()) { if (const auto EndSym = CData->getEnd()) {
State = invalidateIteratorPositions(State, EndSym, BO_GE); State = invalidateIteratorPositions(State, EndSym, BO_GE);
State = setContainerData(State, ContReg, CData->newEnd(nullptr)); State = setContainerData(State, ContReg, CData->newEnd(nullptr));
} }
} }
} else { } else {
State = invalidateIteratorPositions(State, Pos->getOffset(), BO_EQ); State = invalidateIteratorPositions(State, Pos->getOffset(), BO_EQ);
} }
// Set the return value
if (!RetVal.isUnknown()) {
auto &SymMgr = C.getSymbolManager();
auto &SVB = C.getSValBuilder();
const auto RetOffset =
SVB.evalBinOp(State, BO_Add, nonloc::SymbolVal(Pos->getOffset()),
whisperityUnsubmitted
Not Done
ReplyInline Actions

Is this creation prevented?

whisperity: Is this creation prevented?
SVB.makeIntVal(1, false),
SymMgr.getType(Pos->getOffset())).getAsSymbol();
auto RetPos = IteratorPosition::getPosition(Pos->getContainer(), RetOffset);
State = setIteratorPosition(State, RetVal, RetPos);
if (AggressiveEraseModeling) {
SymbolRef EndSym = getContainerEnd(State, ContReg);
// For std::vector and std::queue-like containers we just removed the
// end symbol from the container data because the past-the-end iterator
// was also invalidated. The next call to member function `end()` would
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Right, so the const is a state split. That doesn't sound like something regular users should fine-tune.

Szelethus: Right, so the const is a state split. That doesn't sound like something regular users should…
SzelethusUnsubmitted
Not Done
ReplyInline Actions

cost* :^)

Szelethus: cost* :^)
baloghadamsoftwareAuthorUnsubmitted
Done
ReplyInline Actions

We made something like this (upon suggestion from @NoQ) in STLAlgorithmModeling. There is an option which is disabled by default, but if the user enables it, then std::find() and the like will aggressively assume that the element may not be found thus they return their second iterator parameter. This option is very similar to that one.

baloghadamsoftware: We made something like this (upon suggestion from @NoQ) in `STLAlgorithmModeling`. There is an…
// create a new one, but we need it now so we create it now.
if (!EndSym) {
State = createContainerEnd(State, ContReg, CE, C.getASTContext().LongTy,
C.getLocationContext(), C.blockCount());
EndSym = getContainerEnd(State, ContReg);
}
const auto RetEnd =
SVB.evalBinOp(State, BO_EQ, nonloc::SymbolVal(RetOffset),
nonloc::SymbolVal(EndSym), SVB.getConditionType())
.getAs<DefinedOrUnknownSVal>();
if (RetEnd) {
ProgramStateRef StateEnd, StateNotEnd;
std::tie(StateEnd, StateNotEnd) = State->assume(*RetEnd);
if (StateEnd) {
C.addTransition(StateEnd);
}
if (StateNotEnd) {
C.addTransition(StateNotEnd);
}
return;
}
}
}
C.addTransition(State); C.addTransition(State);
} }
void ContainerModeling::handleErase(CheckerContext &C, SVal Cont, SVal Iter1, void ContainerModeling::handleErase(CheckerContext &C, SVal Cont, SVal Iter1,
SVal Iter2) const { SVal Iter2, SVal RetVal) const {
const auto *ContReg = Cont.getAsRegion(); const auto *ContReg = Cont.getAsRegion();
if (!ContReg) if (!ContReg)
return; return;
ContReg = ContReg->getMostDerivedObjectRegion(); ContReg = ContReg->getMostDerivedObjectRegion();
auto State = C.getState(); auto State = C.getState();
const auto *Pos1 = getIteratorPosition(State, Iter1); const auto *Pos1 = getIteratorPosition(State, Iter1);
const auto *Pos2 = getIteratorPosition(State, Iter2); const auto *Pos2 = getIteratorPosition(State, Iter2);
Show All 15 Lines if (const auto *CData = getContainerData(State, ContReg)) {
State = invalidateIteratorPositions(State, EndSym, BO_GE); State = invalidateIteratorPositions(State, EndSym, BO_GE);
State = setContainerData(State, ContReg, CData->newEnd(nullptr)); State = setContainerData(State, ContReg, CData->newEnd(nullptr));
} }
} }
} else { } else {
State = invalidateIteratorPositions(State, Pos1->getOffset(), BO_GE, State = invalidateIteratorPositions(State, Pos1->getOffset(), BO_GE,
Pos2->getOffset(), BO_LT); Pos2->getOffset(), BO_LT);
} }
// Set the return value
if (!RetVal.isUnknown()) {
auto RetPos =
IteratorPosition::getPosition(Pos2->getContainer(), Pos2->getOffset());
State = setIteratorPosition(State, RetVal, RetPos);
}
C.addTransition(State); C.addTransition(State);
} }
void ContainerModeling::handleEraseAfter(CheckerContext &C, SVal Cont, void ContainerModeling::handleEraseAfter(CheckerContext &C, SVal Cont,
SVal Iter) const { SVal Iter, SVal RetVal,
const Expr *CE) const {
const auto *ContReg = Cont.getAsRegion();
if (!ContReg)
return;
ContReg = ContReg->getMostDerivedObjectRegion();
auto State = C.getState(); auto State = C.getState();
const auto *Pos = getIteratorPosition(State, Iter); const auto *Pos = getIteratorPosition(State, Iter);
if (!Pos) if (!Pos)
return; return;
// Invalidate the deleted iterator position, which is the position of the // Invalidate the deleted iterator position, which is the position of the
// parameter plus one. // parameter plus one.
auto &SymMgr = C.getSymbolManager(); auto &SymMgr = C.getSymbolManager();
auto &BVF = SymMgr.getBasicVals();
auto &SVB = C.getSValBuilder(); auto &SVB = C.getSValBuilder();
const auto NextSym = const auto NextSym =
SVB.evalBinOp(State, BO_Add, SVB.evalBinOp(State, BO_Add, nonloc::SymbolVal(Pos->getOffset()),
nonloc::SymbolVal(Pos->getOffset()), SVB.makeIntVal(1, false),
nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(1))),
SymMgr.getType(Pos->getOffset())).getAsSymbol(); SymMgr.getType(Pos->getOffset())).getAsSymbol();
State = invalidateIteratorPositions(State, NextSym, BO_EQ); State = invalidateIteratorPositions(State, NextSym, BO_EQ);
martongUnsubmitted
Not Done
ReplyInline Actions

This seems to be very similar to the hunk we have in handleErase, so this suggests some unnecessary code duplication. I presume we could create a function which is called from both callers.

martong: This seems to be very similar to the hunk we have in `handleErase`, so this suggests some…
baloghadamsoftwareAuthorUnsubmitted
Done
ReplyInline Actions

Yes, I was thinking about that as well. Many parameters have to be passed so it will be not so much shorter.

baloghadamsoftware: Yes, I was thinking about that as well. Many parameters have to be passed so it will be not so…
// Set the return value
if (!RetVal.isUnknown()) {
const auto RetOffset =
SVB.evalBinOp(State, BO_Add, nonloc::SymbolVal(NextSym),
SVB.makeIntVal(1, false),
SymMgr.getType(NextSym)).getAsSymbol();
auto RetPos = IteratorPosition::getPosition(Pos->getContainer(), RetOffset);
State = setIteratorPosition(State, RetVal, RetPos);
if (AggressiveEraseModeling) {
if (const auto *CData = getContainerData(State, ContReg)) {
if (const SymbolRef EndSym = CData->getEnd()) {
const auto RetEnd =
SVB.evalBinOp(State, BO_EQ, nonloc::SymbolVal(RetOffset),
nonloc::SymbolVal(EndSym), SVB.getConditionType())
.getAs<DefinedOrUnknownSVal>();
if (RetEnd) {
ProgramStateRef StateEnd, StateNotEnd;
std::tie(StateEnd, StateNotEnd) = State->assume(*RetEnd);
if (StateEnd) {
C.addTransition(StateEnd);
}
if (StateNotEnd) {
C.addTransition(StateNotEnd);
}
return;
}
}
}
}
}
C.addTransition(State); C.addTransition(State);
} }
void ContainerModeling::handleEraseAfter(CheckerContext &C, SVal Cont, void ContainerModeling::handleEraseAfter(CheckerContext &C, SVal Cont,
SVal Iter1, SVal Iter2) const { SVal Iter1, SVal Iter2,
SVal RetVal) const {
auto State = C.getState(); auto State = C.getState();
const auto *Pos1 = getIteratorPosition(State, Iter1); const auto *Pos1 = getIteratorPosition(State, Iter1);
const auto *Pos2 = getIteratorPosition(State, Iter2); const auto *Pos2 = getIteratorPosition(State, Iter2);
if (!Pos1 || !Pos2) if (!Pos1 || !Pos2)
return; return;
// Invalidate the deleted iterator position range (first..last) // Invalidate the deleted iterator position range (first..last)
State = invalidateIteratorPositions(State, Pos1->getOffset(), BO_GT, State = invalidateIteratorPositions(State, Pos1->getOffset(), BO_GT,
Pos2->getOffset(), BO_LT); Pos2->getOffset(), BO_LT);
// Set the return value
if (!RetVal.isUnknown()) {
auto RetPos =
IteratorPosition::getPosition(Pos2->getContainer(), Pos2->getOffset());
State = setIteratorPosition(State, RetVal, RetPos);
}
C.addTransition(State); C.addTransition(State);
} }
const NoteTag *ContainerModeling::getChangeTag(CheckerContext &C, const NoteTag *ContainerModeling::getChangeTag(CheckerContext &C,
StringRef Text, StringRef Text,
const MemRegion *ContReg, const MemRegion *ContReg,
const Expr *ContE) const { const Expr *ContE) const {
StringRef Name; StringRef Name;
▲ Show 20 LinesShow All 346 Lines▼ Show 20 Linesbool hasLiveIterators(ProgramStateRef State, const MemRegion *Cont) {
} }
return false; return false;
} }
} // namespace } // namespace
void ento::registerContainerModeling(CheckerManager &mgr) { void ento::registerContainerModeling(CheckerManager &mgr) {
mgr.registerChecker<ContainerModeling>(); auto *Checker = mgr.registerChecker<ContainerModeling>();
Checker->AggressiveEraseModeling =
mgr.getAnalyzerOptions().getCheckerBooleanOption(
"alpha.cplusplus.ContainerModeling", "AggressiveEraseModeling");
} }
bool ento::shouldRegisterContainerModeling(const CheckerManager &mgr) { bool ento::shouldRegisterContainerModeling(const CheckerManager &mgr) {
if (!mgr.getLangOpts().CPlusPlus) if (!mgr.getLangOpts().CPlusPlus)
return false; return false;
if (!mgr.getAnalyzerOptions().ShouldAggressivelySimplifyBinaryOperation) { if (!mgr.getAnalyzerOptions().ShouldAggressivelySimplifyBinaryOperation) {
mgr.getASTContext().getDiagnostics().Report( mgr.getASTContext().getDiagnostics().Report(
diag::err_analyzer_checker_incompatible_analyzer_option) diag::err_analyzer_checker_incompatible_analyzer_option)
<< "aggressive-binary-operation-simplification" << "false"; << "aggressive-binary-operation-simplification" << "false";
return false; return false;
} }
return true; return true;
} }

clang/lib/StaticAnalyzer/Checkers/Iterator.cpp

Show All 11 Lines
#include "Iterator.h" #include "Iterator.h"
namespace clang { namespace clang {
namespace ento { namespace ento {
namespace iterator { namespace iterator {
bool isIteratorType(const QualType &Type) { bool isIteratorType(const QualType &Type) {
if (Type->isPointerType()) if (Type->getUnqualifiedDesugaredType()->isPointerType())
return true; return true;
const auto *CRD = Type->getUnqualifiedDesugaredType()->getAsCXXRecordDecl(); const auto *CRD = Type->getUnqualifiedDesugaredType()->getAsCXXRecordDecl();
return isIterator(CRD); return isIterator(CRD);
} }
bool isIterator(const CXXRecordDecl *CRD) { bool isIterator(const CXXRecordDecl *CRD) {
if (!CRD) if (!CRD)
▲ Show 20 LinesShow All 291 LinesShow Last 20 Lines

clang/test/Analysis/Inputs/system-header-simulator-cxx.h

Show First 20 LinesShow All 82 Lines▼ Show 20 Linestemplate <typename T, typename Ptr, typename Ref> struct __vector_iterator {
bool operator==(const iterator &rhs) const { return ptr == rhs.ptr; } bool operator==(const iterator &rhs) const { return ptr == rhs.ptr; }
bool operator==(const const_iterator &rhs) const { return ptr == rhs.ptr; } bool operator==(const const_iterator &rhs) const { return ptr == rhs.ptr; }
bool operator!=(const iterator &rhs) const { return ptr != rhs.ptr; } bool operator!=(const iterator &rhs) const { return ptr != rhs.ptr; }
bool operator!=(const const_iterator &rhs) const { return ptr != rhs.ptr; } bool operator!=(const const_iterator &rhs) const { return ptr != rhs.ptr; }
const Ptr& base() const { return ptr; } const Ptr& base() const { return ptr; }
template <typename UT, typename UPtr, typename URef>
friend struct __vector_iterator;
private: private:
Ptr ptr; Ptr ptr;
}; };
template <typename T, typename Ptr, typename Ref> struct __deque_iterator { template <typename T, typename Ptr, typename Ref> struct __deque_iterator {
typedef __deque_iterator<T, T *, T &> iterator; typedef __deque_iterator<T, T *, T &> iterator;
typedef __deque_iterator<T, const T *, const T &> const_iterator; typedef __deque_iterator<T, const T *, const T &> const_iterator;
Show All 39 Linestemplate <typename T, typename Ptr, typename Ref> struct __deque_iterator {
bool operator==(const iterator &rhs) const { return ptr == rhs.ptr; } bool operator==(const iterator &rhs) const { return ptr == rhs.ptr; }
bool operator==(const const_iterator &rhs) const { return ptr == rhs.ptr; } bool operator==(const const_iterator &rhs) const { return ptr == rhs.ptr; }
bool operator!=(const iterator &rhs) const { return ptr != rhs.ptr; } bool operator!=(const iterator &rhs) const { return ptr != rhs.ptr; }
bool operator!=(const const_iterator &rhs) const { return ptr != rhs.ptr; } bool operator!=(const const_iterator &rhs) const { return ptr != rhs.ptr; }
const Ptr& base() const { return ptr; } const Ptr& base() const { return ptr; }
template <typename UT, typename UPtr, typename URef>
friend struct __deque_iterator;
private: private:
Ptr ptr; Ptr ptr;
}; };
template <typename T, typename Ptr, typename Ref> struct __list_iterator { template <typename T, typename Ptr, typename Ref> struct __list_iterator {
typedef __list_iterator<T, __typeof__(T::data) *, __typeof__(T::data) &> iterator; typedef __list_iterator<T, __typeof__(T::data) *, __typeof__(T::data) &> iterator;
typedef __list_iterator<T, const __typeof__(T::data) *, const __typeof__(T::data) &> const_iterator; typedef __list_iterator<T, const __typeof__(T::data) *, const __typeof__(T::data) &> const_iterator;
Show All 16 Lines __list_iterator<T, Ptr, Ref> operator--(int) {
auto tmp = *this; auto tmp = *this;
item = item->prev; item = item->prev;
return tmp; return tmp;
} }
Ref operator*() const { return item->data; } Ref operator*() const { return item->data; }
Ptr operator->() const { return &item->data; } Ptr operator->() const { return &item->data; }
bool operator==(const iterator &rhs) const { return item == rhs->item; } bool operator==(const iterator &rhs) const { return item == rhs.item; }
bool operator==(const const_iterator &rhs) const { return item == rhs->item; } bool operator==(const const_iterator &rhs) const { return item == rhs.item; }
bool operator!=(const iterator &rhs) const { return item != rhs->item; } bool operator!=(const iterator &rhs) const { return item != rhs.item; }
bool operator!=(const const_iterator &rhs) const { return item != rhs->item; } bool operator!=(const const_iterator &rhs) const { return item != rhs.item; }
const T* &base() const { return item; } const T* &base() const { return item; }
template <typename UT, typename UPtr, typename URef> template <typename UT, typename UPtr, typename URef>
friend struct __list_iterator; friend struct __list_iterator;
private: private:
T* item; T* item;
Show All 15 Linestemplate <typename T, typename Ptr, typename Ref> struct __fwdl_iterator {
__fwdl_iterator<T, Ptr, Ref> operator++(int) { __fwdl_iterator<T, Ptr, Ref> operator++(int) {
auto tmp = *this; auto tmp = *this;
item = item->next; item = item->next;
return tmp; return tmp;
} }
Ref operator*() const { return item->data; } Ref operator*() const { return item->data; }
Ptr operator->() const { return &item->data; } Ptr operator->() const { return &item->data; }
bool operator==(const iterator &rhs) const { return item == rhs->item; } bool operator==(const iterator &rhs) const { return item == rhs.item; }
bool operator==(const const_iterator &rhs) const { return item == rhs->item; } bool operator==(const const_iterator &rhs) const { return item == rhs.item; }
bool operator!=(const iterator &rhs) const { return item != rhs->item; } bool operator!=(const iterator &rhs) const { return item != rhs.item; }
bool operator!=(const const_iterator &rhs) const { return item != rhs->item; } bool operator!=(const const_iterator &rhs) const { return item != rhs.item; }
const T* &base() const { return item; } const T* &base() const { return item; }
template <typename UT, typename UPtr, typename URef> template <typename UT, typename UPtr, typename URef>
friend struct __fwdl_iterator; friend struct __fwdl_iterator;
private: private:
T* item; T* item;
▲ Show 20 LinesShow All 893 LinesShow Last 20 Lines

clang/test/Analysis/analyzer-config.c

// RUN: %clang_analyze_cc1 -analyzer-checker=debug.ConfigDumper > %t 2>&1 // RUN: %clang_analyze_cc1 -analyzer-checker=debug.ConfigDumper > %t 2>&1
// RUN: FileCheck --input-file=%t %s --match-full-lines // RUN: FileCheck --input-file=%t %s --match-full-lines
// CHECK: [config] // CHECK: [config]
// CHECK-NEXT: add-pop-up-notes = true // CHECK-NEXT: add-pop-up-notes = true
// CHECK-NEXT: aggressive-binary-operation-simplification = false // CHECK-NEXT: aggressive-binary-operation-simplification = false
// CHECK-NEXT: alpha.clone.CloneChecker:IgnoredFilesPattern = "" // CHECK-NEXT: alpha.clone.CloneChecker:IgnoredFilesPattern = ""
// CHECK-NEXT: alpha.clone.CloneChecker:MinimumCloneComplexity = 50 // CHECK-NEXT: alpha.clone.CloneChecker:MinimumCloneComplexity = 50
// CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true // CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true
// CHECK-NEXT: alpha.cplusplus.ContainerModeling:AggressiveEraseModeling = false
// CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false // CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false
// CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false // CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false
// CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtExec = 0x04 // CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtExec = 0x04
// CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtRead = 0x01 // CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtRead = 0x01
// CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = "" // CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = ""
// CHECK-NEXT: apiModeling.StdCLibraryFunctions:DisplayLoadedSummaries = false // CHECK-NEXT: apiModeling.StdCLibraryFunctions:DisplayLoadedSummaries = false
// CHECK-NEXT: apiModeling.StdCLibraryFunctions:ModelPOSIX = false // CHECK-NEXT: apiModeling.StdCLibraryFunctions:ModelPOSIX = false
// CHECK-NEXT: apply-fixits = false // CHECK-NEXT: apply-fixits = false
▲ Show 20 LinesShow All 104 LinesShow Last 20 Lines

clang/test/Analysis/diagnostics/explicit-suppression.cpp

Show All 13 Linesclass C {
// The virtual function is to make C not trivially copy assignable so that we call the // The virtual function is to make C not trivially copy assignable so that we call the
// variant of std::copy() that does not defer to memmove(). // variant of std::copy() that does not defer to memmove().
virtual int f(); virtual int f();
}; };
void testCopyNull(C *I, C *E) { void testCopyNull(C *I, C *E) {
std::copy(I, E, (C *)0); std::copy(I, E, (C *)0);
#ifndef SUPPRESSED #ifndef SUPPRESSED
// expected-warning@../Inputs/system-header-simulator-cxx.h:699 {{Called C++ object pointer is null}} // expected-warning@../Inputs/system-header-simulator-cxx.h:705 {{Called C++ object pointer is null}}
#endif #endif
} }

clang/test/Analysis/iterator-modeling.cpp

Show First 20 LinesShow All 867 Lines▼ Show 20 Linesvoid list_insert_begin(std::list<int> &L, int n) {
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i2 = L.insert(i0, n); auto i2 = L.insert(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $L.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.begin()}}
} }
void list_insert_behind_begin(std::list<int> &L, int n) { void list_insert_behind_begin(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = ++L.cbegin(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = ++L.cbegin(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.insert(i1, n); auto i3 = L.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} FIXME: Should be $L.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.begin() + 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.begin() + 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.begin() clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.begin()}}
} }
template <typename Iter> Iter return_any_iterator(const Iter &It); template <typename Iter> Iter return_any_iterator(const Iter &It);
void list_insert_unknown(std::list<int> &L, int n) { void list_insert_unknown(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = return_any_iterator(L.cbegin()), i2 = L.cend(); auto i0 = L.cbegin(), i1 = return_any_iterator(L.cbegin()), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = L.insert(i1, n); auto i3 = L.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$i1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$i1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i - 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1}}
} }
void list_insert_ahead_of_end(std::list<int> &L, int n) { void list_insert_ahead_of_end(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.insert(i1, n); auto i3 = L.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.end() - 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.end() - 1}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.end() - 1}}
} }
void list_insert_end(std::list<int> &L, int n) { void list_insert_end(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.insert(i2, n); auto i3 = L.insert(i2, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.end() - 1{{$}}}} FIXME: should be $L.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.end() - 1}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.end() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.end()}}
} }
/// std::vector-like containers: Only the iterators before the insertion point /// std::vector-like containers: Only the iterators before the insertion point
/// remain valid. The past-the-end iterator is also /// remain valid. The past-the-end iterator is also
/// invalidated. /// invalidated.
void vector_insert_begin(std::vector<int> &V, int n) { void vector_insert_begin(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = V.cend(); auto i0 = V.cbegin(), i1 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i2 = V.insert(i0, n); auto i2 = V.insert(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $V.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$V.begin()}}
} }
void vector_insert_behind_begin(std::vector<int> &V, int n) { void vector_insert_behind_begin(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.insert(i1, n); auto i3 = V.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} FIXME: Should be $V.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); // FIXME: expect -warning $V.begin() clang_analyzer_express(clang_analyzer_iterator_position(i3)); //expected-warning{{$V.begin()}}
} }
void vector_insert_unknown(std::vector<int> &V, int n) { void vector_insert_unknown(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = return_any_iterator(V.cbegin()), i2 = V.cend(); auto i0 = V.cbegin(), i1 = return_any_iterator(V.cbegin()), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = V.insert(i1, n); auto i3 = V.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expecte warning $i1 - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1}}
} }
void vector_insert_ahead_of_end(std::vector<int> &V, int n) { void vector_insert_ahead_of_end(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.insert(i1, n); auto i3 = V.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.end() - 1}}
} }
void vector_insert_end(std::vector<int> &V, int n) { void vector_insert_end(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.insert(i2, n); auto i3 = V.insert(i2, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$V.end() - 1{{$}}}} FIXME: Should be $V.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$V.end() - 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.end() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.end()}}
} }
/// std::deque-like containers: All iterators, including the past-the-end /// std::deque-like containers: All iterators, including the past-the-end
/// iterator, are invalidated. /// iterator, are invalidated.
void deque_insert_begin(std::deque<int> &D, int n) { void deque_insert_begin(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = D.cend(); auto i0 = D.cbegin(), i1 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i2 = D.insert(i0, n); auto i2 = D.insert(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $D.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$D.begin()}}
} }
void deque_insert_behind_begin(std::deque<int> &D, int n) { void deque_insert_behind_begin(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.insert(i1, n); auto i3 = D.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.begin() + 1}}
} }
void deque_insert_unknown(std::deque<int> &D, int n) { void deque_insert_unknown(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = return_any_iterator(D.cbegin()), i2 = D.cend(); auto i0 = D.cbegin(), i1 = return_any_iterator(D.cbegin()), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = D.insert(i1, n); auto i3 = D.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1}}
} }
void deque_insert_ahead_of_end(std::deque<int> &D, int n) { void deque_insert_ahead_of_end(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.insert(i1, n); auto i3 = D.insert(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.end() - 1}}
} }
void deque_insert_end(std::deque<int> &D, int n) { void deque_insert_end(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.insert(i2, n); auto i3 = D.insert(i2, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.end() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.end()}}
} }
/// insert_after() [std::forward_list-like containers] /// insert_after() [std::forward_list-like containers]
/// ///
/// - Design decision: shifts positions to the ->RIGHT-> (i.e. all iterator /// - Design decision: shifts positions to the ->RIGHT-> (i.e. all iterator
/// ahead of the insertion point are incremented; if the /// ahead of the insertion point are incremented; if the
/// relation between the insertion point and the past-the-end /// relation between the insertion point and the past-the-end
/// position of the container is known, the first position of /// position of the container is known, the first position of
/// the container is also incremented). /// the container is also incremented).
/// ///
/// - No iterators are invalidated. /// - No iterators are invalidated.
void forward_list_insert_after_begin(std::forward_list<int> &FL, int n) { void forward_list_insert_after_begin(std::forward_list<int> &FL, int n) {
auto i0 = FL.cbegin(), i1 = FL.cend(); auto i0 = FL.cbegin(), i1 = FL.cend();
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
auto i2 = FL.insert_after(i0, n); auto i2 = FL.insert_after(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $FL.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.begin() + 1}}
} }
void forward_list_insert_after_behind_begin(std::forward_list<int> &FL, int n) { void forward_list_insert_after_behind_begin(std::forward_list<int> &FL, int n) {
auto i0 = FL.cbegin(), i1 = ++FL.cbegin(), i2 = FL.cend(); auto i0 = FL.cbegin(), i1 = ++FL.cbegin(), i2 = FL.cend();
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
auto i3 = FL.insert_after(i1, n); auto i3 = FL.insert_after(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$FL.begin() + 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$FL.begin() + 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $FL.begin() + 2 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$FL.begin() + 2}}
} }
void forward_list_insert_after_unknown(std::forward_list<int> &FL, int n) { void forward_list_insert_after_unknown(std::forward_list<int> &FL, int n) {
auto i0 = FL.cbegin(), i1 = return_any_iterator(FL.cbegin()), i2 = FL.cend(); auto i0 = FL.cbegin(), i1 = return_any_iterator(FL.cbegin()), i2 = FL.cend();
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = FL.insert_after(i1, n); auto i3 = FL.insert_after(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$i1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$i1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1 + 1}}
} }
/// emplace() /// emplace()
/// ///
/// - Design decision: shifts positions to the <-LEFT<- (i.e. all iterator /// - Design decision: shifts positions to the <-LEFT<- (i.e. all iterator
/// ahead of the emplacement point are decremented; if the /// ahead of the emplacement point are decremented; if the
/// relation between the emplacement point and the first /// relation between the emplacement point and the first
/// position of the container is known, the first position /// position of the container is known, the first position
Show All 9 Linesvoid list_emplace_begin(std::list<int> &L, int n) {
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i2 = L.emplace(i0, n); auto i2 = L.emplace(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $L.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.begin()}}
} }
void list_emplace_behind_begin(std::list<int> &L, int n) { void list_emplace_behind_begin(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = ++L.cbegin(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = ++L.cbegin(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.emplace(i1, n); auto i3 = L.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} FIXME: Should be $L.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.begin() + 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.begin() + 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.begin() clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.begin() + 1}}
} }
template <typename Iter> Iter return_any_iterator(const Iter &It); template <typename Iter> Iter return_any_iterator(const Iter &It);
void list_emplace_unknown(std::list<int> &L, int n) { void list_emplace_unknown(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = return_any_iterator(L.cbegin()), i2 = L.cend(); auto i0 = L.cbegin(), i1 = return_any_iterator(L.cbegin()), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = L.emplace(i1, n); auto i3 = L.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$i1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$i1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i - 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i}}
} }
void list_emplace_ahead_of_end(std::list<int> &L, int n) { void list_emplace_ahead_of_end(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.emplace(i1, n); auto i3 = L.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.end() - 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.end() - 1}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.end() - 1}}
} }
void list_emplace_end(std::list<int> &L, int n) { void list_emplace_end(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.emplace(i2, n); auto i3 = L.emplace(i2, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.end() - 1{{$}}}} FIXME: should be $L.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.end() - 1}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.end() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.end()}}
} }
/// std::vector-like containers: Only the iterators before the emplacement point /// std::vector-like containers: Only the iterators before the emplacement point
/// remain valid. The past-the-end iterator is also /// remain valid. The past-the-end iterator is also
/// invalidated. /// invalidated.
void vector_emplace_begin(std::vector<int> &V, int n) { void vector_emplace_begin(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = V.cend(); auto i0 = V.cbegin(), i1 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i2 = V.emplace(i0, n); auto i2 = V.emplace(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $V.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$V.begin()}}
} }
void vector_emplace_behind_begin(std::vector<int> &V, int n) { void vector_emplace_behind_begin(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.emplace(i1, n); auto i3 = V.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} FIXME: Should be $V.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); // FIXME: expect -warning $V.begin() clang_analyzer_express(clang_analyzer_iterator_position(i3)); // // expected-warning{{$V.begin() + 1}}
} }
void vector_emplace_unknown(std::vector<int> &V, int n) { void vector_emplace_unknown(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = return_any_iterator(V.cbegin()), i2 = V.cend(); auto i0 = V.cbegin(), i1 = return_any_iterator(V.cbegin()), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = V.emplace(i1, n); auto i3 = V.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expecte warning $i1 - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1}}
} }
void vector_emplace_ahead_of_end(std::vector<int> &V, int n) { void vector_emplace_ahead_of_end(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.emplace(i1, n); auto i3 = V.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.end() - 1}}
} }
void vector_emplace_end(std::vector<int> &V, int n) { void vector_emplace_end(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.emplace(i2, n); auto i3 = V.emplace(i2, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$V.end() - 1{{$}}}} FIXME: Should be $V.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$V.end() - 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.end() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.end()}}
} }
/// std::deque-like containers: All iterators, including the past-the-end /// std::deque-like containers: All iterators, including the past-the-end
/// iterator, are invalidated. /// iterator, are invalidated.
void deque_emplace_begin(std::deque<int> &D, int n) { void deque_emplace_begin(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = D.cend(); auto i0 = D.cbegin(), i1 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i2 = D.emplace(i0, n); auto i2 = D.emplace(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $D.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$D.begin()}}
} }
void deque_emplace_behind_begin(std::deque<int> &D, int n) { void deque_emplace_behind_begin(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.emplace(i1, n); auto i3 = D.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.begin() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.begin() + 1}}
} }
void deque_emplace_unknown(std::deque<int> &D, int n) { void deque_emplace_unknown(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = return_any_iterator(D.cbegin()), i2 = D.cend(); auto i0 = D.cbegin(), i1 = return_any_iterator(D.cbegin()), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = D.emplace(i1, n); auto i3 = D.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1}}
} }
void deque_emplace_ahead_of_end(std::deque<int> &D, int n) { void deque_emplace_ahead_of_end(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.emplace(i1, n); auto i3 = D.emplace(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.end() - 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.end() - 1}}
} }
void deque_emplace_end(std::deque<int> &D, int n) { void deque_emplace_end(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.emplace(i2, n); auto i3 = D.emplace(i2, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.end() - 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.end()}}
} }
/// emplace_after() [std::forward_list-like containers] /// emplace_after() [std::forward_list-like containers]
/// ///
/// - Design decision: shifts positions to the ->RIGHT-> (i.e. all iterator /// - Design decision: shifts positions to the ->RIGHT-> (i.e. all iterator
/// ahead of the emplacement point are incremented; if the /// ahead of the emplacement point are incremented; if the
/// relation between the emplacement point and the /// relation between the emplacement point and the
/// past-the-end position of the container is known, the /// past-the-end position of the container is known, the
/// first position of the container is also incremented). /// first position of the container is also incremented).
/// ///
/// - No iterators are invalidated. /// - No iterators are invalidated.
void forward_list_emplace_after_begin(std::forward_list<int> &FL, int n) { void forward_list_emplace_after_begin(std::forward_list<int> &FL, int n) {
auto i0 = FL.cbegin(), i1 = FL.cend(); auto i0 = FL.cbegin(), i1 = FL.cend();
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
auto i2 = FL.emplace_after(i0, n); auto i2 = FL.emplace_after(i0, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i2)); FIXME: expect warning $FL.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.begin() + 1}}
} }
void forward_list_emplace_after_behind_begin(std::forward_list<int> &FL, void forward_list_emplace_after_behind_begin(std::forward_list<int> &FL,
int n) { int n) {
auto i0 = FL.cbegin(), i1 = ++FL.cbegin(), i2 = FL.cend(); auto i0 = FL.cbegin(), i1 = ++FL.cbegin(), i2 = FL.cend();
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
auto i3 = FL.emplace_after(i1, n); auto i3 = FL.emplace_after(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$FL.begin() + 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$FL.begin() + 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $FL.begin() + 2 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$FL.begin() + 2}}
} }
void forward_list_emplace_after_unknown(std::forward_list<int> &FL, int n) { void forward_list_emplace_after_unknown(std::forward_list<int> &FL, int n) {
auto i0 = FL.cbegin(), i1 = return_any_iterator(FL.cbegin()), i2 = FL.cend(); auto i0 = FL.cbegin(), i1 = return_any_iterator(FL.cbegin()), i2 = FL.cend();
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = FL.emplace_after(i1, n); auto i3 = FL.emplace_after(i1, n);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$i1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$i1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1 + 1}}
} }
/// erase() /// erase()
/// ///
/// - Design decision: shifts positions to the ->RIGHT-> (i.e. all iterator /// - Design decision: shifts positions to the ->RIGHT-> (i.e. all iterator
/// ahead of the ereased element are incremented; if the /// ahead of the ereased element are incremented; if the
/// relation between the position of the erased element /// relation between the position of the erased element
/// and the first position of the container is known, the /// and the first position of the container is known, the
Show All 11 Linesvoid list_erase_begin(std::list<int> &L) {
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.erase(i0); auto i3 = L.erase(i0);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$L.begin() + 1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$L.begin() + 1}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.begin() + 1}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
} }
void list_erase_behind_begin(std::list<int> &L, int n) { void list_erase_behind_begin(std::list<int> &L, int n) {
auto i0 = L.cbegin(), i1 = ++L.cbegin(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = ++L.cbegin(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.erase(i1); auto i3 = L.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} FIXME: Should be $L.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}} FIXME: Should be $L.begin() + 1
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.begin() + 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.begin() + 2}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
} }
void list_erase_unknown(std::list<int> &L) { void list_erase_unknown(std::list<int> &L) {
auto i0 = L.cbegin(), i1 = return_any_iterator(L.cbegin()), i2 = L.cend(); auto i0 = L.cbegin(), i1 = return_any_iterator(L.cbegin()), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = L.erase(i1); auto i3 = L.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1 + 1}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
} }
void list_erase_ahead_of_end(std::list<int> &L) { void list_erase_ahead_of_end(std::list<int> &L) {
auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend(); auto i0 = L.cbegin(), i1 = --L.cend(), i2 = L.cend();
clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(L), "$L.begin()");
clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()"); clang_analyzer_denote(clang_analyzer_container_end(L), "$L.end()");
auto i3 = L.erase(i1); auto i3 = L.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$L.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$L.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$L.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$L.end()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $L.end() clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$L.end()}}
} }
/// std::vector-like containers: Invalidates iterators at or after the point of /// std::vector-like containers: Invalidates iterators at or after the point of
/// the erase, including the past-the-end iterator. /// the erase, including the past-the-end iterator.
void vector_erase_begin(std::vector<int> &V) { void vector_erase_begin(std::vector<int> &V) {
auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.erase(i0); auto i3 = V.erase(i0);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.begin() + 1}}
} }
void vector_erase_behind_begin(std::vector<int> &V, int n) { void vector_erase_behind_begin(std::vector<int> &V, int n) {
auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = ++V.cbegin(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.erase(i1); auto i3 = V.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} FIXME: Should be $V.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}} FIXME: Should be $V.begin() + 1
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.begin() + 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.begin() + 2}}
} }
void vector_erase_unknown(std::vector<int> &V) { void vector_erase_unknown(std::vector<int> &V) {
auto i0 = V.cbegin(), i1 = return_any_iterator(V.cbegin()), i2 = V.cend(); auto i0 = V.cbegin(), i1 = return_any_iterator(V.cbegin()), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = V.erase(i1); auto i3 = V.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1 + 1}}
} }
void vector_erase_ahead_of_end(std::vector<int> &V) { void vector_erase_ahead_of_end(std::vector<int> &V) {
auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend(); auto i0 = V.cbegin(), i1 = --V.cend(), i2 = V.cend();
clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(V), "$V.begin()");
clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()"); clang_analyzer_denote(clang_analyzer_container_end(V), "$V.end()");
auto i3 = V.erase(i1); auto i3 = V.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$V.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$V.begin()}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $V.end() clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$V.end()}}
} }
/// std::deque-like containers: All iterators are invalidated, unless the erased /// std::deque-like containers: All iterators are invalidated, unless the erased
/// element is at the end or the beginning of the /// element is at the end or the beginning of the
/// container, in which case only the iterators to /// container, in which case only the iterators to
/// the erased element are invalidated. The /// the erased element are invalidated. The
/// past-the-end iterator is also invalidated unless /// past-the-end iterator is also invalidated unless
/// the erased element is at the beginning of the /// the erased element is at the beginning of the
/// container and the last element is not erased. /// container and the last element is not erased.
void deque_erase_begin(std::deque<int> &D) { void deque_erase_begin(std::deque<int> &D) {
auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.erase(i0); auto i3 = D.erase(i0);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.begin() + 1}}
} }
void deque_erase_behind_begin(std::deque<int> &D, int n) { void deque_erase_behind_begin(std::deque<int> &D, int n) {
auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = ++D.cbegin(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.erase(i1); auto i3 = D.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.begin() + 2 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.begin() + 2}}
} }
void deque_erase_unknown(std::deque<int> &D) { void deque_erase_unknown(std::deque<int> &D) {
auto i0 = D.cbegin(), i1 = return_any_iterator(D.cbegin()), i2 = D.cend(); auto i0 = D.cbegin(), i1 = return_any_iterator(D.cbegin()), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i3 = D.erase(i1); auto i3 = D.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1 + 1}}
} }
void deque_erase_ahead_of_end(std::deque<int> &D) { void deque_erase_ahead_of_end(std::deque<int> &D) {
auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend(); auto i0 = D.cbegin(), i1 = --D.cend(), i2 = D.cend();
clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(D), "$D.begin()");
clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()"); clang_analyzer_denote(clang_analyzer_container_end(D), "$D.end()");
auto i3 = D.erase(i1); auto i3 = D.erase(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
// clang_analyzer_express(clang_analyzer_iterator_position(i3)); FIXME: expect warning $D.end() clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$D.end()}}
} }
/// erase_after() [std::forward_list-like containers] /// erase_after() [std::forward_list-like containers]
/// ///
/// - Design decision: shifts positions to the <-LEFT<- (i.e. all iterator /// - Design decision: shifts positions to the <-LEFT<- (i.e. all iterator
/// begind of the ereased element are decremented; if the /// begind of the ereased element are decremented; if the
/// relation between the position of the erased element /// relation between the position of the erased element
/// and the past-the-end position of the container is known, /// and the past-the-end position of the container is known,
Show All 13 Linesvoid forward_list_erase_after_begin(std::forward_list<int> &FL) {
auto i4 = FL.erase_after(i0); auto i4 = FL.erase_after(i0);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i3)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i3)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning-re {{$FL.begin() + 2{{$}}}} FIXME: Should be $FL.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i2)); // expected-warning{{$FL.begin() + 2}}
// clang_analyzer_express(clang_analyzer_iterator_position(i4)); FIXME: expect warning $FL.begin() + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i4)); // expected-warning{{$FL.begin() + 2}}
} }
void forward_list_erase_after_unknown(std::forward_list<int> &FL) { void forward_list_erase_after_unknown(std::forward_list<int> &FL) {
auto i0 = FL.cbegin(), i1 = return_any_iterator(FL.cbegin()), i2 = i1, auto i0 = FL.cbegin(), i1 = return_any_iterator(FL.cbegin()), i2 = i1,
i3 = i1, i4 = FL.cend(); i3 = i1, i4 = FL.cend();
++i2; ++i2;
++i3; ++i3;
++i3; ++i3;
clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()"); clang_analyzer_denote(clang_analyzer_container_begin(FL), "$FL.begin()");
clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()"); clang_analyzer_denote(clang_analyzer_container_end(FL), "$FL.end()");
clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1"); clang_analyzer_denote(clang_analyzer_iterator_position(i1), "$i1");
auto i5 = FL.erase_after(i1); auto i5 = FL.erase_after(i1);
clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i0)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i1)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i2)); //expected-warning{{FALSE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i3)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i3)); //expected-warning{{TRUE}}
clang_analyzer_eval(clang_analyzer_iterator_validity(i4)); //expected-warning{{TRUE}} clang_analyzer_eval(clang_analyzer_iterator_validity(i4)); //expected-warning{{TRUE}}
clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning-re {{$FL.begin(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i0)); // expected-warning{{$FL.begin()}}
clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning-re {{$i1{{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i1)); // expected-warning{{$i1}}
clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning-re {{$i1 + 2{{$}}}} FIXME: Should be $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i3)); // expected-warning{{$i1 + 2}}
// clang_analyzer_express(clang_analyzer_iterator_position(i5)); FIXME: expect warning $i1 + 1 clang_analyzer_express(clang_analyzer_iterator_position(i4)); // expected-warning{{$FL.end()}}
clang_analyzer_express(clang_analyzer_iterator_position(i4)); // expected-warning-re {{$FL.end(){{$}}}} clang_analyzer_express(clang_analyzer_iterator_position(i5)); // expected-warning{{$i1 + 2}}
} }
struct simple_iterator_base { struct simple_iterator_base {
simple_iterator_base(); simple_iterator_base();
simple_iterator_base(const simple_iterator_base& rhs); simple_iterator_base(const simple_iterator_base& rhs);
simple_iterator_base &operator=(const simple_iterator_base& rhs); simple_iterator_base &operator=(const simple_iterator_base& rhs);
virtual ~simple_iterator_base(); virtual ~simple_iterator_base();
bool friend operator==(const simple_iterator_base &lhs, bool friend operator==(const simple_iterator_base &lhs,
▲ Show 20 LinesShow All 227 LinesShow Last 20 Lines

clang/test/Analysis/iterator-range-aggressive-erase-modeling.cpp

  • This file was added.
// RUN: %clang_analyze_cc1 -std=c++11 \
// RUN: -analyzer-checker=core,cplusplus,alpha.cplusplus.IteratorRange \
// RUN: -analyzer-config aggressive-binary-operation-simplification=true \
// RUN: -analyzer-config c++-container-inlining=false %s \
// RUN: -analyzer-config alpha.cplusplus.ContainerModeling:AggressiveEraseModeling=true \
// RUN: -verify
// RUN: %clang_analyze_cc1 -std=c++11 \
// RUN: -analyzer-checker=core,cplusplus,alpha.cplusplus.IteratorRange \
// RUN: -analyzer-config aggressive-binary-operation-simplification=true \
// RUN: -analyzer-config c++-container-inlining=true -DINLINE=1 %s \
// RUN: -analyzer-config alpha.cplusplus.ContainerModeling:AggressiveEraseModeling=true \
// RUN: -verify
#include "Inputs/system-header-simulator-cxx.h"
extern void __assert_fail (__const char *__assertion, __const char *__file,
unsigned int __line, __const char *__function)
__attribute__ ((__noreturn__));
#define assert(expr) \
((expr) ? (void)(0) : __assert_fail (#expr, __FILE__, __LINE__, __func__))
void bad_erase_loop(std::list<int> L) {
for (auto i = L.cbegin(); i != L.end(); ++i) { // expected-warning{{Iterator incremented behind the past-the-end iterator}}
i = L.erase(i);
}
}
void bad_erase_loop(std::vector<int> V) {
for (auto i = V.cbegin(); i != V.end(); ++i) { // expected-warning{{Iterator incremented behind the past-the-end iterator}}
i = V.erase(i);
}
}
void bad_erase_loop(std::deque<int> D) {
for (auto i = D.cbegin(); i != D.end(); ++i) { // expected-warning{{Iterator incremented behind the past-the-end iterator}}
i = D.erase(i);
}
}