This is an archive of the discontinued LLVM Phabricator instance.

Differential D83677

[analyzer] Rework Z3 requirements in the CSA testsuite
Needs ReviewPublic

Authored by steakhal on Jul 13 2020, 6:14 AM.

Details

Reviewers
NoQ
Szelethus
vsavchenko
martong
ddcc
gamesh411
xazax.hun
Summary

Summary:

  • rename the USE_Z3_SOLVER llvm-lit parameter to RECHECK_WITH_Z3_SOLVER to reflect its behavior
  • document the RECHECK_WITH_Z3_SOLVER parameter in the checker_dev_manual.html
  • introduce the %clang_analyze_cc1_range and %clang_analyze_cc1_z3 substitutions to control the constraint manager used for the test
  • FIX the REQUIRES: z3 expressions in tests (before the patch it wanted to mean something like "only run this test if we use the Z3 constraint manager"; after the patch "is clang build with z3?")
  • FIX a bunch of tests, specifying the required constraint manager, and z3 requirement if needed
  • DELETE z3/enabled.c test, since that no longer serves any purpose - IMO

Before the patch:

Using ./bin/llvm-lit -sv --param USE_Z3_SOLVER=0 ...../test/Analysis --show-unsupported --show-xfail:

Unsupported Tests (6):
  Clang :: Analysis/PR24184.cpp
  Clang :: Analysis/PR37855.c
  Clang :: Analysis/exploded-graph-rewriter/win_path_forbidden_chars.cpp
  Clang :: Analysis/trustnonnullchecker_test.m
  Clang :: Analysis/z3-crosscheck.c
  Clang :: Analysis/z3/enabled.c

********************
Expectedly Failed Tests (5):
  Clang :: Analysis/container-modeling-no-aggressive-binary-operation-simplification-warn.cpp
  Clang :: Analysis/iterator-modeling-no-aggressive-binary-operation-simplification-no-crash.cpp
  Clang :: Analysis/outofbound-notwork.c
  Clang :: Analysis/redecl.c
  Clang :: Analysis/string-fail.c


Testing Time: 80.68s
  Unsupported      :   6
  Passed           : 716
  Expectedly Failed:   5

Using ./bin/llvm-lit -sv --param USE_Z3_SOLVER=1 ...../test/Analysis --show-unsupported --show-xfail:

Unsupported Tests (3):
  Clang :: Analysis/PR24184.cpp
  Clang :: Analysis/exploded-graph-rewriter/win_path_forbidden_chars.cpp
  Clang :: Analysis/trustnonnullchecker_test.m

********************
Expectedly Failed Tests (5):
  Clang :: Analysis/container-modeling-no-aggressive-binary-operation-simplification-warn.cpp
  Clang :: Analysis/iterator-modeling-no-aggressive-binary-operation-simplification-no-crash.cpp
  Clang :: Analysis/outofbound-notwork.c
  Clang :: Analysis/redecl.c
  Clang :: Analysis/string-fail.c

********************
Failed Tests (7):
  Clang :: Analysis/constant-folding.c
  Clang :: Analysis/container-modeling.cpp
  Clang :: Analysis/dump_egraph.c
  Clang :: Analysis/expr-inspection.c
  Clang :: Analysis/iterator-modeling.cpp
  Clang :: Analysis/loop-unrolling.cpp
  Clang :: Analysis/plist-macros.cpp


Testing Time: 236.37s
  Unsupported      :   3
  Passed           : 712
  Expectedly Failed:   5
  Failed           :   7

After the patch:

Using ./bin/llvm-lit -sv --param RECHECK_WITH_Z3_SOLVER=0 ...../test/Analysis --show-unsupported --show-xfail:

Unsupported Tests (1):
  Clang :: Analysis/exploded-graph-rewriter/win_path_forbidden_chars.cpp

********************
Expectedly Failed Tests (5):
  Clang :: Analysis/container-modeling-no-aggressive-binary-operation-simplification-warn.cpp
  Clang :: Analysis/iterator-modeling-no-aggressive-binary-operation-simplification-no-crash.cpp
  Clang :: Analysis/outofbound-notwork.c
  Clang :: Analysis/redecl.c
  Clang :: Analysis/string-fail.c


Testing Time: 99.74s
  Unsupported      :   1
  Passed           : 720
  Expectedly Failed:   5

Using ./bin/llvm-lit -sv --param RECHECK_WITH_Z3_SOLVER=1 ...../test/Analysis --show-unsupported --show-xfail:

Unsupported Tests (1):
  Clang :: Analysis/exploded-graph-rewriter/win_path_forbidden_chars.cpp

********************
Expectedly Failed Tests (5):
  Clang :: Analysis/container-modeling-no-aggressive-binary-operation-simplification-warn.cpp
  Clang :: Analysis/iterator-modeling-no-aggressive-binary-operation-simplification-no-crash.cpp
  Clang :: Analysis/outofbound-notwork.c
  Clang :: Analysis/redecl.c
  Clang :: Analysis/string-fail.c

********************
Failed Tests (2):
  Clang :: Analysis/container-modeling.cpp
  Clang :: Analysis/iterator-modeling.cpp


Testing Time: 255.49s
  Unsupported      :   1
  Passed           : 718
  Expectedly Failed:   5
  Failed           :   2

Before and after the patch, the container-modeling.cpp and iterator-modeling.cpp were crashing using the Z3 constraint manager.
Worth to have a look at those in the future, if we think that the Z3 constraint manager worth the investment.

Diff Detail

Event Timeline

steakhal created this revision.Jul 13 2020, 6:14 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 13 2020, 6:14 AM
Herald added subscribers: llvm-commits, ASDenysPetrov, Charusso and 12 others. · View Herald Transcript
steakhal edited the summary of this revision. (Show Details)Jul 13 2020, 6:15 AM
steakhal mentioned this in D83558: [analyzer] Use %clang_cc1 instead of %clang_analyze_cc1 if the test requires a specific constraint manager.
steakhal updated this revision to Diff 277409.Jul 13 2020, 6:29 AM
  • use the %clang_analyze_cc1_range in PR37855.c
Szelethus added a comment.Jul 13 2020, 8:07 AM

I lack the confidence to accept this straight away, but the overall direction looks great. LGTM!

You're going to be very popular around here with these patches! :)

clang/test/Analysis/trustnonnullchecker_test.m
1–3

Why did you delete this? @NoQ, is D57062 related?

clang/www/analyzer/checker_dev_manual.html
6

This menu is still not working, right?

548–550

What is the difference in between clang_analyze_cc1 and clang_analyze_cc1_range then?

548–550

I meant to delete this inline, oops :)

steakhal marked an inline comment as done.Jul 13 2020, 9:13 AM

Thanks for the really fast feedback @Szelethus!

Should we prefer using %clang_analyze_cc1 over raw %clang_cc1 invocations with the -analyze flag? And fall back to the more specific %clang_analyze_cc1_range/%clang_analyze_cc1_z3, if the test turns out, requires a certain constraint manager?
If so, I started to update some tests according to this, and a few questions raised during that process.

  • Which should we use for example the analyzer-enabled-checkers.c, which only prints the enabled checkers?
  • There is also an interesting behavior about command-line parsing. [1]

[1]: AFAIK flags should not be position dependant.
But moving the -analyze flag around makes this test fail.

PASS:
./bin/clang -cc1 -internal-isystem ./lib/clang/11.0.0/include -nostdsysteminc -analyzer-constraints=range -setup-static-analyzer -fsyntax-only -analyze -analyzer-checker=core,debug.ExprInspection ../../clang/test/Analysis/handle_constructors_with_new_array.cpp -verify

After moving the -analyze after the -nostdsysteminc flag, it FAILs:
./bin/clang -cc1 -internal-isystem ./lib/clang/11.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -setup-static-analyzer -fsyntax-only -analyzer-checker=core,debug.ExprInspection ../../clang/test/Analysis/handle_constructors_with_new_array.cpp -verify

Could someone tell me the difference?

clang/www/analyzer/checker_dev_manual.html
6

IDK. But I don't really want to touch any css/js related things :D

steakhal added a comment.Jul 13 2020, 9:41 AM

@Szelethus Can you vaguely remember why did we keep the invalid-analyzer-config-value.c test if the invalid-a-na-ly-zer-con-fig-value.c has the very same content?
IMO we should only keep the former with a description why has the file such a weird name :D

NoQ added a comment.Jul 13 2020, 2:08 PM

Folks, please announce your overall plan for Z3 (unless i missed it). It looks like you are planning to actively support Z3 as a constraint manager, i.e. invoke it on every assume()? Did you consider my usual suggestion to only apply it to refuting non-buggy states in order to combat your false negatives similarly to how our current Z3 refutation refutes buggy states to combat false positives?

clang/www/analyzer/checker_dev_manual.html
534

Yeah, just delete this :)

llvm/utils/lit/lit/llvm/config.py
412–413

I'm for longer names, "range" is too vague, "z3" is already ambiguous (does it mean as constraint manager or for refutation?).

%clang_analyze_cc1_range_cm_only would probably make more sense. It also looks more like a FIXME and tells that something's wrong with the test.

steakhal marked 4 inline comments as done.Jul 14 2020, 1:45 AM
In D83677#2148435, @NoQ wrote:

[...] It looks like you are planning to actively support Z3 as a constraint manager. [...] Did you consider my usual suggestion to only apply it to refuting non-buggy states in order to combat your false negatives similarly to how our current Z3 refutation refutes buggy states to combat false positives?

I don't plan to invest time to support Z3-CM.

Although, I highly value the refutation infrastructure. TBH this patch focused fixing the test-infra to be able to have tests explicitly testing refutation related warnings.
Please note that previously you could not require z3 and only run the test using the range-CM. Using also the Z3-CM would not emit warning for that case, making the test fail.
Besides fixing this (which was my primary object), adds new ToolSubsts in a backward-compatible manner to let the test author specify explicitly the CM of their choice.

clang/www/analyzer/checker_dev_manual.html
534

Is the ninja check-clang-analysis the prefered way running the test?
I will reword the doc then.

llvm/utils/lit/lit/llvm/config.py
412–413

I'm for longer names, "range" is too vague, "z3" is already ambiguous (does it mean as constraint manager or for refutation?).

If we don't expect the clangSA dev to be able to differentiate, why should we expect them to know what 'cm' means there?
I'm not against longer names, but kinda hard to strike the balance for finding short but descriptive names.

A lengthy ToolSubst would consume most of the available space in the line, rendering most of the RUN commands to span across multiple lines.

[...] It also looks more like a FIXME and tells that something's wrong with the test.

I don't think that should be suspicious.
I wouldn't assume that test is wrong, simply that test works only with the range-CM.

steakhal mentioned this in D85528: [analyzer] Fix cast evaluation on scoped enums in ExprEngine.Aug 7 2020, 9:52 AM
martong mentioned this in D83660: [analyzer] Fix a crash for dereferencing an empty llvm::Optional variable in SMTConstraintManager.h..Mar 31 2021, 7:06 AM

Revision Contents

PathSize
clang/
test/
Analysis/
8 lines
4 lines
23 lines
3 lines
14 lines
6 lines
2 lines
25 lines
4 lines
5 lines
z3/
2 lines
2 lines
www/
analyzer/
18 lines
llvm/
utils/
gn/
secondary/
clang/
test/
2 lines
lit/
lit/
llvm/
4 lines

Diff 277409

clang/test/Analysis/PR24184.cpp

// UNSUPPORTED: z3 // RUN: %clang_analyze_cc1_range -w -fcxx-exceptions -analyzer-max-loop 64 -verify %s \
// RUN: %clang_analyze_cc1 -w -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s // RUN: -analyzer-checker=core,alpha.core.PointerArithm,alpha.core.CastToStruct
// RUN: %clang_analyze_cc1 -w -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s //
// RUN: %clang_analyze_cc1_range -w -fcxx-exceptions -analyzer-max-loop 63 -verify %s \
// RUN: -analyzer-checker=core,alpha.core.PointerArithm,alpha.core.CastToStruct,cplusplus
// These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184. // These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184.
typedef struct { typedef struct {
int cbData; int cbData;
unsigned pbData; unsigned pbData;
} CRYPT_DATA_BLOB; } CRYPT_DATA_BLOB;
typedef enum { DT_NONCE_FIXED } DATA_TYPE; typedef enum { DT_NONCE_FIXED } DATA_TYPE;
▲ Show 20 LinesShow All 87 LinesShow Last 20 Lines

clang/test/Analysis/PR37855.c

// RUN: %clang_cc1 -analyze -analyzer-checker=core -w -DNO_CROSSCHECK -verify %s // RUN: %clang_analyze_cc1_range -analyzer-checker=core -w -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core -w -analyzer-config crosscheck-with-z3=true -verify %s // RUN: %clang_analyze_cc1_range -analyzer-checker=core -w -verify %s -analyzer-config crosscheck-with-z3=true
// REQUIRES: z3 // REQUIRES: z3
typedef struct o p; typedef struct o p;
struct o { struct o {
struct { struct {
} s; } s;
}; };
Show All 14 Lines

clang/test/Analysis/analyzer_test.py

import lit.formats import lit.formats
import lit.TestRunner import lit.TestRunner
# Custom format class for static analyzer tests # Custom format class for static analyzer tests
class AnalyzerTest(lit.formats.ShTest): class AnalyzerTest(lit.formats.ShTest):
def __init__(self, execute_external, use_z3_solver=False): def __init__(self, execute_external, recheck_with_z3_solver=False):
super(AnalyzerTest, self).__init__(execute_external) super(AnalyzerTest, self).__init__(execute_external)
self.use_z3_solver = use_z3_solver self.recheck_with_z3_solver = recheck_with_z3_solver
def execute(self, test, litConfig): def execute(self, test, litConfig):
results = [] results = []
# Parse any test requirements ('REQUIRES: ') # Parse any test requirements ('REQUIRES: ')
saved_test = test saved_test = test
lit.TestRunner.parseIntegratedTestScript(test) lit.TestRunner.parseIntegratedTestScript(test)
if 'z3' not in test.requires: results.append(self.executeWithConstraintManagerSubstitution(
results.append(self.executeWithAnalyzeSubstitution(
saved_test, litConfig, '-analyzer-constraints=range')) saved_test, litConfig, '-analyzer-constraints=range'))
if results[-1].code == lit.Test.FAIL: if results[-1].code == lit.Test.FAIL:
return results[-1] return results[-1]
# If z3 backend available, add an additional run line for it # If we want to rerun the test with the Z3 solver, add an additional run line for it
if self.use_z3_solver == '1': if self.recheck_with_z3_solver == '1':
assert(test.config.clang_staticanalyzer_z3 == '1') assert(test.config.clang_staticanalyzer_z3 == '1')
results.append(self.executeWithAnalyzeSubstitution( results.append(self.executeWithConstraintManagerSubstitution(
saved_test, litConfig, '-analyzer-constraints=z3 -DANALYZER_CM_Z3')) saved_test, litConfig, '-analyzer-constraints=z3 -DANALYZER_CM_Z3'))
# Combine all result outputs into the last element # Combine all result outputs into the last element
for x in results: for x in results:
if x != results[-1]: if x != results[-1]:
results[-1].output = x.output + results[-1].output results[-1].output = x.output + results[-1].output
if results: if results:
return results[-1] return results[-1]
return lit.Test.Result(lit.Test.UNSUPPORTED, return lit.Test.Result(lit.Test.UNSUPPORTED,
"Test requires the following unavailable features: z3") "Test requires the following unavailable features: z3")
def executeWithAnalyzeSubstitution(self, test, litConfig, substitution): def executeWithConstraintManagerSubstitution(self, test, litConfig, substitution):
saved_substitutions = list(test.config.substitutions) saved_substitutions = list(test.config.substitutions)
test.config.substitutions.append(('%analyze', substitution)) test.config.substitutions.append(('%constraint_manager', substitution))
result = lit.TestRunner.executeShTest(test, litConfig, result = lit.TestRunner.executeShTest(test, litConfig,
self.execute_external) self.execute_external)
test.config.substitutions = saved_substitutions test.config.substitutions = saved_substitutions
return result return result

clang/test/Analysis/constant-folding.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1_range -analyzer-config eagerly-assume=false -verify %s \
// RUN: -analyzer-checker=core,debug.ExprInspection
#define UINT_MAX (~0U) #define UINT_MAX (~0U)
#define INT_MAX (int)(UINT_MAX & (UINT_MAX >> 1)) #define INT_MAX (int)(UINT_MAX & (UINT_MAX >> 1))
#define INT_MIN (int)(UINT_MAX & ~(UINT_MAX >> 1)) #define INT_MIN (int)(UINT_MAX & ~(UINT_MAX >> 1))
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
// There should be no warnings unless otherwise indicated. // There should be no warnings unless otherwise indicated.
▲ Show 20 LinesShow All 244 LinesShow Last 20 Lines

clang/test/Analysis/dump_egraph.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core \ // RUN: %clang_analyze_cc1_range -analyzer-checker=core \
// RUN: -analyzer-dump-egraph=%t.dot %s // RUN: -analyzer-dump-egraph=%t.dot %s
// RUN: cat %t.dot | FileCheck %s // RUN: cat %t.dot | FileCheck %s
//
// RUN: %clang_analyze_cc1 -analyzer-checker=core \ // RUN: %clang_analyze_cc1_range -analyzer-checker=core \
// RUN: -analyzer-dump-egraph=%t.dot \ // RUN: -analyzer-dump-egraph=%t.dot \
// RUN: -trim-egraph %s // RUN: -trim-egraph %s
// RUN: cat %t.dot | FileCheck %s // RUN: cat %t.dot | FileCheck %s
//
// REQUIRES: asserts // REQUIRES: asserts
int getJ(); int getJ();
int foo() { int foo() {
int *x = 0, *y = 0; int *x = 0, *y = 0;
char c = '\x13'; char c = '\x13';
Show All 35 Lines

clang/test/Analysis/expr-inspection.c

// RUN: %clang_analyze_cc1 \ // RUN: %clang_analyze_cc1_range -analyzer-checker=debug.ExprInspection -verify %s 2>&1 | FileCheck %s
// RUN: -analyzer-checker=debug.ExprInspection \ //
// RUN: -verify %s 2>&1 | FileCheck %s
// Self-tests for the debug.ExprInspection checker. // Self-tests for the debug.ExprInspection checker.
void clang_analyzer_dump(int x); void clang_analyzer_dump(int x);
void clang_analyzer_dump_pointer(int *p); void clang_analyzer_dump_pointer(int *p);
void clang_analyzer_printState(); void clang_analyzer_printState();
void clang_analyzer_numTimesReached(); void clang_analyzer_numTimesReached();
void foo(int x) { void foo(int x) {
▲ Show 20 LinesShow All 42 LinesShow Last 20 Lines

clang/test/Analysis/lit.local.cfg

# -*- Python -*- vim: set ft=python ts=4 sw=4 expandtab tw=79: # -*- Python -*- vim: set ft=python ts=4 sw=4 expandtab tw=79:
import site import site
# Load the custom analyzer test format, which runs the test again with Z3 if it # Load the custom analyzer test format, which runs the test again with Z3 if it
# is available. # is available.
site.addsitedir(os.path.dirname(__file__)) site.addsitedir(os.path.dirname(__file__))
import analyzer_test import analyzer_test
config.test_format = analyzer_test.AnalyzerTest( config.test_format = analyzer_test.AnalyzerTest(
config.test_format.execute_external, config.use_z3_solver) config.test_format.execute_external, config.recheck_with_z3_solver)
# Filtering command used by Clang Analyzer tests (when comparing .plist files # Filtering command used by Clang Analyzer tests (when comparing .plist files
# with reference output) # with reference output)
config.substitutions.append(('%normalize_plist', config.substitutions.append(('%normalize_plist',
"grep -Ev '%s|%s|%s'" % "grep -Ev '%s|%s|%s'" %
('^[[:space:]]*<string>.* version .*</string>[[:space:]]*$', ('^[[:space:]]*<string>.* version .*</string>[[:space:]]*$',
'^[[:space:]]*<string>/.*</string>[[:space:]]*$', '^[[:space:]]*<string>/.*</string>[[:space:]]*$',
'^[[:space:]]*<string>.:.*</string>[[:space:]]*$'))) '^[[:space:]]*<string>.:.*</string>[[:space:]]*$')))
Show All 10 Lines

clang/test/Analysis/loop-unrolling.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config unroll-loops=true,cfg-loopexit=true -verify -std=c++11 -analyzer-config exploration_strategy=unexplored_first_queue %s // RUN: %clang_analyze_cc1_range -verify=expected,ufq -std=c++11 %s \
// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config unroll-loops=true,cfg-loopexit=true,exploration_strategy=dfs -verify -std=c++11 -DDFS=1 %s // RUN: -analyzer-checker=core,debug.ExprInspection \
// RUN: -analyzer-config unroll-loops=true,cfg-loopexit=true,exploration_strategy=unexplored_first_queue
//
// RUN: %clang_analyze_cc1_range -verify=expected,dfs -std=c++11 %s \
// RUN: -analyzer-checker=core,debug.ExprInspection \
// RUN: -analyzer-config unroll-loops=true,cfg-loopexit=true,exploration_strategy=dfs
void clang_analyzer_numTimesReached(); void clang_analyzer_numTimesReached();
void clang_analyzer_warnIfReached(); void clang_analyzer_warnIfReached();
int getNum(); int getNum();
void foo(int &); void foo(int &);
int simple_unroll1() { int simple_unroll1() {
▲ Show 20 LinesShow All 330 Lines▼ Show 20 Lines for (int i = 2; i < 12; i++) {
// This function is inlined in nested_inlined_unroll1() // This function is inlined in nested_inlined_unroll1()
clang_analyzer_numTimesReached(); // expected-warning {{90}} clang_analyzer_numTimesReached(); // expected-warning {{90}}
} }
return 0; return 0;
} }
int simple_unknown_bound_loop() { int simple_unknown_bound_loop() {
for (int i = 2; i < getNum(); i++) { for (int i = 2; i < getNum(); i++) {
#ifdef DFS clang_analyzer_numTimesReached();
clang_analyzer_numTimesReached(); // expected-warning {{16}} // dfs-warning@-1 {{16}}
#else // ufq-warning@-2 {{8}}
clang_analyzer_numTimesReached(); // expected-warning {{8}}
#endif
} }
return 0; return 0;
} }
int nested_inlined_unroll1() { int nested_inlined_unroll1() {
int k; int k;
for (int i = 0; i < 9; i++) { for (int i = 0; i < 9; i++) {
clang_analyzer_numTimesReached(); // expected-warning {{9}} clang_analyzer_numTimesReached(); // expected-warning {{9}}
k = simple_known_bound_loop(); // no reevaluation without inlining k = simple_known_bound_loop(); // no reevaluation without inlining
} }
int a = 22 / k; // expected-warning {{Division by zero}} int a = 22 / k; // expected-warning {{Division by zero}}
return 0; return 0;
} }
int nested_inlined_no_unroll1() { int nested_inlined_no_unroll1() {
int k; int k;
for (int i = 0; i < 9; i++) { for (int i = 0; i < 9; i++) {
#ifdef DFS clang_analyzer_numTimesReached();
clang_analyzer_numTimesReached(); // expected-warning {{18}} // dfs-warning@-1 {{18}}
#else // ufq-warning@-2 {{14}}
clang_analyzer_numTimesReached(); // expected-warning {{14}}
#endif
k = simple_unknown_bound_loop(); // reevaluation without inlining, splits the state as well k = simple_unknown_bound_loop(); // reevaluation without inlining, splits the state as well
} }
int a = 22 / k; // no-warning int a = 22 / k; // no-warning
return 0; return 0;
} }
int recursion_unroll1(bool b) { int recursion_unroll1(bool b) {
int k = 2; int k = 2;
▲ Show 20 LinesShow All 130 LinesShow Last 20 Lines

clang/test/Analysis/plist-macros.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix -verify %s // RUN: %clang_analyze_cc1_range -analyzer-checker=core,unix -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix -analyzer-output=plist-multi-file %s -o %t.plist // RUN: %clang_analyze_cc1_range -analyzer-checker=core,unix -analyzer-output=plist-multi-file %s -o %t.plist
// RUN: %normalize_plist <%t.plist | diff -ub %S/Inputs/expected-plists/plist-macros.cpp.plist - // RUN: %normalize_plist <%t.plist | diff -ub %S/Inputs/expected-plists/plist-macros.cpp.plist -
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t); void *malloc(size_t);
#define mallocmemory int *x = (int*)malloc(12); #define mallocmemory int *x = (int*)malloc(12);
void noteOnMacro(int y) { void noteOnMacro(int y) {
▲ Show 20 LinesShow All 78 LinesShow Last 20 Lines

clang/test/Analysis/trustnonnullchecker_test.m

// Temporarily disabling the test, it failes the "system is over-constrained"
// assertion in *non* optimized builds.
// REQUIRES: rdar44992170
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Why did you delete this? @NoQ, is D57062 related?

Szelethus: Why did you delete this? @NoQ, is D57062 related?
// RUN: %clang_analyze_cc1 -fblocks -analyze -analyzer-checker=core,nullability,apiModeling,debug.ExprInspection -verify %s // RUN: %clang_analyze_cc1 -fblocks -analyze -analyzer-checker=core,nullability,apiModeling,debug.ExprInspection -verify %s
#include "Inputs/system-header-simulator-for-nullability.h" #include "Inputs/system-header-simulator-for-nullability.h"
void clang_analyzer_warnIfReached(); void clang_analyzer_warnIfReached();
NSString* _Nonnull trust_nonnull_framework_annotation() { NSString* _Nonnull trust_nonnull_framework_annotation() {
NSString* out = [NSString generateString]; NSString* out = [NSString generateString];
if (out) {} if (out) {}
▲ Show 20 LinesShow All 185 LinesShow Last 20 Lines

clang/test/Analysis/z3/enabled.c

  • This file was deleted.
// REQUIRES: z3
// RUN: echo %clang_analyze_cc1 | FileCheck %s
// CHECK: -analyzer-constraints=z3

clang/test/CMakeLists.txt

Show First 20 LinesShow All 100 Lines▼ Show 20 Lines list(APPEND CLANG_TEST_DEPS
Attribute Attribute
AnnotateFunctions AnnotateFunctions
clang-interpreter clang-interpreter
PrintFunctionNames PrintFunctionNames
) )
endif () endif ()
set(CLANG_TEST_PARAMS set(CLANG_TEST_PARAMS
USE_Z3_SOLVER=0 RECHECK_WITH_Z3_SOLVER=0
) )
if( NOT CLANG_BUILT_STANDALONE ) if( NOT CLANG_BUILT_STANDALONE )
list(APPEND CLANG_TEST_DEPS list(APPEND CLANG_TEST_DEPS
llvm-config llvm-config
FileCheck count not FileCheck count not
llc llc
llvm-as llvm-as
▲ Show 20 LinesShow All 68 LinesShow Last 20 Lines

clang/test/lit.site.cfg.py.in

Show All 22 Lines
config.clang_staticanalyzer_z3 = "@LLVM_WITH_Z3@" config.clang_staticanalyzer_z3 = "@LLVM_WITH_Z3@"
config.clang_examples = @CLANG_BUILD_EXAMPLES@ config.clang_examples = @CLANG_BUILD_EXAMPLES@
config.enable_shared = @ENABLE_SHARED@ config.enable_shared = @ENABLE_SHARED@
config.enable_backtrace = @ENABLE_BACKTRACES@ config.enable_backtrace = @ENABLE_BACKTRACES@
config.enable_experimental_new_pass_manager = @ENABLE_EXPERIMENTAL_NEW_PASS_MANAGER@ config.enable_experimental_new_pass_manager = @ENABLE_EXPERIMENTAL_NEW_PASS_MANAGER@
config.enable_threads = @LLVM_ENABLE_THREADS@ config.enable_threads = @LLVM_ENABLE_THREADS@
config.host_arch = "@HOST_ARCH@" config.host_arch = "@HOST_ARCH@"
config.python_executable = "@Python3_EXECUTABLE@" config.python_executable = "@Python3_EXECUTABLE@"
config.use_z3_solver = lit_config.params.get('USE_Z3_SOLVER', "@USE_Z3_SOLVER@") config.recheck_with_z3_solver = lit_config.params.get('RECHECK_WITH_Z3_SOLVER', "@RECHECK_WITH_Z3_SOLVER@")
config.has_plugins = @LLVM_ENABLE_PLUGINS@ config.has_plugins = @LLVM_ENABLE_PLUGINS@
config.clang_vendor_uti = "@CLANG_VENDOR_UTI@" config.clang_vendor_uti = "@CLANG_VENDOR_UTI@"
# Support substitution of the tools and libs dirs with user parameters. This is # Support substitution of the tools and libs dirs with user parameters. This is
# used when we can't determine the tool dir at configuration time. # used when we can't determine the tool dir at configuration time.
try: try:
config.clang_tools_dir = config.clang_tools_dir % lit_config.params config.clang_tools_dir = config.clang_tools_dir % lit_config.params
config.llvm_tools_dir = config.llvm_tools_dir % lit_config.params config.llvm_tools_dir = config.llvm_tools_dir % lit_config.params
Show All 16 Lines

clang/www/analyzer/checker_dev_manual.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd"> "http://www.w3.org/TR/html4/strict.dtd">
<html> <html>
<head> <head>
<title>Checker Developer Manual</title> <title>Checker Developer Manual</title>
<link type="text/css" rel="stylesheet" href="menu.css"> <link type="text/css" rel="stylesheet" href="menu.css">
SzelethusUnsubmitted
Not Done
ReplyInline Actions

This menu is still not working, right?

Szelethus: This menu is still not working, right?
steakhalAuthorUnsubmitted
Done
ReplyInline Actions

IDK. But I don't really want to touch any css/js related things :D

steakhal: IDK. But I don't really want to touch any css/js related things :D
<link type="text/css" rel="stylesheet" href="content.css"> <link type="text/css" rel="stylesheet" href="content.css">
<script type="text/javascript" src="scripts/menu.js"></script> <script type="text/javascript" src="scripts/menu.js"></script>
</head> </head>
<body> <body>
<div id="page"> <div id="page">
<!--#include virtual="menu.html.incl"--> <!--#include virtual="menu.html.incl"-->
▲ Show 20 LinesShow All 511 Lines▼ Show 20 Lines<h2 id=ast>AST Visitors</h2>
situation, AST callbacks <tt><b>checkASTDecl</b></tt> and situation, AST callbacks <tt><b>checkASTDecl</b></tt> and
<tt><b>checkASTCodeBody</b></tt> are your best friends. <tt><b>checkASTCodeBody</b></tt> are your best friends.
<h2 id=testing>Testing</h2> <h2 id=testing>Testing</h2>
Every patch should be well tested with Clang regression tests. The checker tests Every patch should be well tested with Clang regression tests. The checker tests
live in <tt>clang/test/Analysis</tt> folder. To run all of the analyzer tests, live in <tt>clang/test/Analysis</tt> folder. To run all of the analyzer tests,
execute the following from the <tt>clang</tt> build directory: execute the following from the <tt>clang</tt> build directory:
<pre class="code"> <pre class="code">
$ <b>bin/llvm-lit -sv ../llvm/tools/clang/test/Analysis</b> $ <b>bin/llvm-lit -sv ../llvm/tools/clang/test/Analysis</b>
NoQUnsubmitted
Not Done
ReplyInline Actions

Yeah, just delete this :)

NoQ: Yeah, just delete this :)
steakhalAuthorUnsubmitted
Done
ReplyInline Actions

Is the ninja check-clang-analysis the prefered way running the test?
I will reword the doc then.

steakhal: Is the `ninja check-clang-analysis` the prefered way running the test? I will reword the doc…
</pre> </pre>
Or you can simply use the corresponding ninja target to achieve this:
<pre class="code">
$ <b>ninja check-clang-analysis</b>
</pre>
Tests that require the Z3 constraint manager won't run since those would require too much time.
It will require clang to be built with the Z3 though.
You can enable these tests by an explicit llvm-lit parameter:
<pre class="code">
$ <b>bin/llvm-lit -sv ../llvm/tools/clang/test/Analysis --param RECHECK_WITH_Z3_SOLVER=1</b>
</pre>
The <tt>RECHECK_WITH_Z3_SOLVER</tt> parameter lets the testsuite to use both
constraint managers, which are substituted by the <tt>%clang_analyze_cc1</tt>
in each <tt>RUN</tt> line.
SzelethusUnsubmitted
Done
ReplyInline Actions

What is the difference in between clang_analyze_cc1 and clang_analyze_cc1_range then?

Szelethus: What is the difference in between clang_analyze_cc1 and clang_analyze_cc1_range then?
SzelethusUnsubmitted
Done
ReplyInline Actions

I meant to delete this inline, oops :)

Szelethus: I meant to delete this inline, oops :)
Your test can explicitly require a specific constraint manager using either
<tt>%clang_analyze_cc1_range</tt> or <tt>%clang_analyze_cc1_z3</tt> if that won't
work with both of them.
<h2 id=commands>Useful Commands/Debugging Hints</h2> <h2 id=commands>Useful Commands/Debugging Hints</h2>
<h3 id=attaching>Attaching the Debugger</h3> <h3 id=attaching>Attaching the Debugger</h3>
<p>When your command contains the <tt><b>-cc1</b></tt> flag, you can attach the <p>When your command contains the <tt><b>-cc1</b></tt> flag, you can attach the
debugger to it directly:</p> debugger to it directly:</p>
▲ Show 20 LinesShow All 282 LinesShow Last 20 Lines

llvm/utils/gn/secondary/clang/test/BUILD.gn

Show First 20 LinesShow All 57 Lines▼ Show 20 Lines extra_values = [
# builds exist, to make sure it's a toolchain var. # builds exist, to make sure it's a toolchain var.
"CMAKE_CXX_COMPILER=c++", "CMAKE_CXX_COMPILER=c++",
"ENABLE_BACKTRACES=1", "ENABLE_BACKTRACES=1",
"ENABLE_EXPERIMENTAL_NEW_PASS_MANAGER=0", "ENABLE_EXPERIMENTAL_NEW_PASS_MANAGER=0",
"LLVM_HOST_TRIPLE=$llvm_current_triple", "LLVM_HOST_TRIPLE=$llvm_current_triple",
"LLVM_LIT_TOOLS_DIR=", # Intentionally empty, matches cmake build. "LLVM_LIT_TOOLS_DIR=", # Intentionally empty, matches cmake build.
"LLVM_USE_SANITIZER=", "LLVM_USE_SANITIZER=",
"Python3_EXECUTABLE=$python_path", "Python3_EXECUTABLE=$python_path",
"USE_Z3_SOLVER=", "RECHECK_WITH_Z3_SOLVER=",
] ]
if (clang_enable_arcmt) { if (clang_enable_arcmt) {
extra_values += [ "CLANG_ENABLE_ARCMT=1" ] extra_values += [ "CLANG_ENABLE_ARCMT=1" ]
} else { } else {
extra_values += [ "CLANG_ENABLE_ARCMT=0" ] extra_values += [ "CLANG_ENABLE_ARCMT=0" ]
} }
▲ Show 20 LinesShow All 134 LinesShow Last 20 Lines

llvm/utils/lit/lit/llvm/config.py

Show First 20 LinesShow All 403 Lines▼ Show 20 Lines def use_clang(self, additional_tool_dirs=[], additional_flags=[], required=True):
if shl: if shl:
self.config.substitutions.append(('%llvmshlibdir', shl)) self.config.substitutions.append(('%llvmshlibdir', shl))
if pext: if pext:
self.config.substitutions.append(('%pluginext', pext)) self.config.substitutions.append(('%pluginext', pext))
builtin_include_dir = self.get_clang_builtin_include_dir(self.config.clang) builtin_include_dir = self.get_clang_builtin_include_dir(self.config.clang)
tool_substitutions = [ tool_substitutions = [
ToolSubst('%clang', command=self.config.clang, extra_args=additional_flags), ToolSubst('%clang', command=self.config.clang, extra_args=additional_flags),
ToolSubst('%clang_analyze_cc1', command='%clang_cc1', extra_args=['-analyze', '%analyze', '-setup-static-analyzer']+additional_flags), ToolSubst('%clang_analyze_cc1_range', command='%clang_cc1', extra_args=['-analyze', '-analyzer-constraints=range', '-setup-static-analyzer']+additional_flags),
ToolSubst('%clang_analyze_cc1_z3', command='%clang_cc1', extra_args=['-analyze', '-analyzer-constraints=z3', '-setup-static-analyzer']+additional_flags),
NoQUnsubmitted
Not Done
ReplyInline Actions

I'm for longer names, "range" is too vague, "z3" is already ambiguous (does it mean as constraint manager or for refutation?).

%clang_analyze_cc1_range_cm_only would probably make more sense. It also looks more like a FIXME and tells that something's wrong with the test.

NoQ: I'm for longer names, "range" is too vague, "z3" is already ambiguous (does it mean as…
steakhalAuthorUnsubmitted
Done
ReplyInline Actions

I'm for longer names, "range" is too vague, "z3" is already ambiguous (does it mean as constraint manager or for refutation?).

If we don't expect the clangSA dev to be able to differentiate, why should we expect them to know what 'cm' means there?
I'm not against longer names, but kinda hard to strike the balance for finding short but descriptive names.

A lengthy ToolSubst would consume most of the available space in the line, rendering most of the RUN commands to span across multiple lines.

[...] It also looks more like a FIXME and tells that something's wrong with the test.

I don't think that should be suspicious.
I wouldn't assume that test is wrong, simply that test works only with the range-CM.

steakhal: > I'm for longer names, "range" is too vague, "z3" is already ambiguous (does it mean as…
ToolSubst('%clang_analyze_cc1', command='%clang_cc1', extra_args=['-analyze', '%constraint_manager', '-setup-static-analyzer']+additional_flags),
ToolSubst('%clang_cc1', command=self.config.clang, extra_args=['-cc1', '-internal-isystem', builtin_include_dir, '-nostdsysteminc']+additional_flags), ToolSubst('%clang_cc1', command=self.config.clang, extra_args=['-cc1', '-internal-isystem', builtin_include_dir, '-nostdsysteminc']+additional_flags),
ToolSubst('%clang_cpp', command=self.config.clang, extra_args=['--driver-mode=cpp']+additional_flags), ToolSubst('%clang_cpp', command=self.config.clang, extra_args=['--driver-mode=cpp']+additional_flags),
ToolSubst('%clang_cl', command=self.config.clang, extra_args=['--driver-mode=cl']+additional_flags), ToolSubst('%clang_cl', command=self.config.clang, extra_args=['--driver-mode=cl']+additional_flags),
ToolSubst('%clangxx', command=self.config.clang, extra_args=['--driver-mode=g++']+additional_flags), ToolSubst('%clangxx', command=self.config.clang, extra_args=['--driver-mode=g++']+additional_flags),
] ]
self.add_tool_substitutions(tool_substitutions) self.add_tool_substitutions(tool_substitutions)
self.config.substitutions.append(('%itanium_abi_triple', self.config.substitutions.append(('%itanium_abi_triple',
▲ Show 20 LinesShow All 83 LinesShow Last 20 Lines
clang/test/Analysis/plist-macros.cpp