This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
lib/StaticAnalyzer/Checkers/
-
StaticAnalyzer/
-
Checkers/
9/9
SmartPtrModeling.cpp
-
test/Analysis/
-
Analysis/
-
Inputs/
3/3
system-header-simulator-cxx.h
3/4
smart-ptr.cpp

Differential D83836

[Analyzer] Add checkRegionChanges for SmartPtrModeling
ClosedPublic

Authored by vrnithinkumar on Jul 14 2020, 5:58 PM.

Download Raw Diff

Details

Reviewers

NoQ
Szelethus
vsavchenko
xazax.hun

Summary

Implementing checkRegionChanges for SmartPtrModeling.
To improve the accuracy, when a smart pointer is passed by a non-const reference into a function, removed the tracked region data. Since it is not sure what happens to the smart pointer inside the function.

Diff Detail

Repository: rG LLVM Github Monorepo

Unit TestsFailed

	Time	Test
	500 ms	linux > MemorySanitizer-X86_64.MemorySanitizer-X86_64::Unknown Unit Message ("")
	240 ms	linux > MemorySanitizer-lld-X86_64.MemorySanitizer-lld-X86_64::Unknown Unit Message ("")
	550 ms	linux > SanitizerCommon-asan-x86_64-Linux.Linux::Unknown Unit Message ("")
	300 ms	linux > SanitizerCommon-lsan-x86_64-Linux.Linux::Unknown Unit Message ("")
	420 ms	linux > SanitizerCommon-msan-x86_64-Linux.Linux::Unknown Unit Message ("")
		View Full Test Results (9 Failed)

Event Timeline

vrnithinkumar created this revision.Jul 14 2020, 5:58 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 14 2020, 5:58 PM

Herald added subscribers: cfe-commits, martong. · View Herald Transcript

vrnithinkumar retitled this revision from Implementing checkRegionChanges to [Analyzer] Implementing checkRegionChanges for SmartPtrModeling.Jul 14 2020, 6:06 PM

vrnithinkumar edited the summary of this revision. (Show Details)

vrnithinkumar added reviewers: NoQ, Szelethus, vsavchenko, xazax.hun.

Herald added subscribers: ASDenysPetrov, Charusso, dkrupp and 6 others. · View Herald TranscriptJul 14 2020, 6:06 PM

Harbormaster failed remote builds in B64267: Diff 278032!Jul 14 2020, 6:10 PM

vrnithinkumar marked 3 inline comments as done.Jul 14 2020, 6:16 PM

vrnithinkumar added inline comments.

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
182	I am using the same code from the `MoveChecker` since the same logic applies here too. But I am not completely sure whether this is the clean approach.
clang/test/Analysis/Inputs/system-header-simulator-cxx.h
962	added this to support use case like `Q = std::move(P)`
clang/test/Analysis/smart-ptr.cpp
145	@xazax.hun , Is this the type of test you were suggesting?

NoQ added inline comments.Jul 14 2020, 8:21 PM

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
191–192	The whole reason why we are making this patch first is because we don't fully handle methods :) Also, unlike the move checker, once we handle them, they'll probably stop changing regions, so no exceptional code path would be necessary in most cases. So i'd rather start with fully wiping all the data on any sneeze and later see if we can relax it.

xazax.hun added inline comments.Jul 15 2020, 8:27 AM

clang/test/Analysis/Inputs/system-header-simulator-cxx.h
962	This operation should be `noexcept`: https://en.cppreference.com/w/cpp/memory/unique_ptr/operator%3D While it makes little difference for the analyzer at this point we should try to be as close to the standard as possible. If you have some time feel free to add `noexcept` to other methods that miss it :)
clang/test/Analysis/smart-ptr.cpp
145	Yes, looks good to me, thanks! :)

Untrack all changing regions in checkRegionChanges

vrnithinkumar marked 2 inline comments as done.Jul 15 2020, 8:48 AM

vrnithinkumar added inline comments.

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
191–192	I completely missed that point and jumped ahead. Made changes to untrack all changing regions in `checkRegionChanges`

Harbormaster failed remote builds in B64370: Diff 278207!Jul 15 2020, 9:22 AM

vsavchenko added inline comments.Jul 15 2020, 9:44 AM

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
97	nit: *need to be removed
98	Maybe `Subregions` would fit better in this name then?
188	It is not critical, but potentially we can allocate/deallocate a whole bunch of states here. We can do the same sort of operation with the map itself (`State->get<TrackedRegionMap>()`), which still have similar problem but to a lesser degree. Additionally, this `get<MAP_TYPE>` method is not compile-time, it searches for the corresponding map in runtime (also in a map), so you repeat that as many times as you have `Regions`. And super-duper over-optimization note on my part: making the loop over `Regions` to be the inner-most is more cache-friendly. It is not really critical here, but it is overall good to have an eye for things like that.
clang/test/Analysis/smart-ptr.cpp
190	Usually we simply add the test with expectations matching current state of things, but add a TODO over those particular lines. This way when you fix the issue the test will start failing and you won't forget to uncomment it.

Additionally, I would prefer commit message to be imperative. It is sorta like a rule of a good commit message.

whisperity added a subscriber: whisperity.Jul 16 2020, 5:51 AM

vrnithinkumar retitled this revision from [Analyzer] Implementing checkRegionChanges for SmartPtrModeling to [Analyzer] Add checkRegionChanges for SmartPtrModeling.Jul 16 2020, 3:31 PM

Addressing review comments
Enabling commented out tests

Adding a missed todo

vrnithinkumar marked 2 inline comments as done.Jul 16 2020, 4:34 PM

vrnithinkumar added inline comments.

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
97	fixed
98	Changed to Subregions
188	Updated `removeTrackedSubregions` for passing `TrackedRegionMap`
clang/test/Analysis/Inputs/system-header-simulator-cxx.h
962	Added `noexcept` for all applicable methods
clang/test/Analysis/smart-ptr.cpp
190	Enabled the test and added the todo.

Harbormaster failed remote builds in B64603: Diff 278622!Jul 16 2020, 4:44 PM

Harbormaster failed remote builds in B64606: Diff 278628!Jul 16 2020, 5:10 PM

I think this looks great!

P.S. I unforgot why we won't be able to remove the option after all. That's because when we partially evalCall and partially inline, inlining breaks. Like, once we evalCalled a single method call, we can no longer trust RegionStore to have the right data inside of it on the current path, so further inlining cannot work correctly. We could forbid inlining and resort to conservative evaluation but that'd still be a regression compared to inlining. So i'd rather keep the option for as long as possible :)

This revision is now accepted and ready to land.Jul 17 2020, 2:08 PM

steakhal added a subscriber: steakhal.Jul 30 2020, 3:40 AM

These patches look like they're done, maybe let's land them?

In D83836#2189636, @NoQ wrote:

These patches look like they're done, maybe let's land them?

This one also committed. (https://github.com/llvm/llvm-project/commit/a5609102117d2384fb73a14f37d24a0c844e3864)

vrnithinkumar closed this revision.Aug 3 2020, 5:06 PM

Revision Contents

Path

Size

clang/

lib/

StaticAnalyzer/

Checkers/

SmartPtrModeling.cpp

37 lines

test/

Analysis/

Inputs/

system-header-simulator-cxx.h

37 lines

smart-ptr.cpp

104 lines

Diff 278628

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp

// SmartPtrModeling.cpp - Model behavior of C++ smart pointers - C++ ------===//		// SmartPtrModeling.cpp - Model behavior of C++ smart pointers - C++ ------===//
		Lint: Lint Inline Actions clang-format not found in user's PATH; not linting file. Lint: Lint: clang-format not found in user's PATH; not linting file.
//		//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.		// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
Show All 16 Lines
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"

using namespace clang;		using namespace clang;
using namespace ento;		using namespace ento;

namespace {		namespace {
class SmartPtrModeling : public Checker<eval::Call, check::DeadSymbols> {		class SmartPtrModeling
		: public Checker<eval::Call, check::DeadSymbols, check::RegionChanges> {

bool isNullAfterMoveMethod(const CallEvent &Call) const;		bool isNullAfterMoveMethod(const CallEvent &Call) const;

public:		public:
// Whether the checker should model for null dereferences of smart pointers.		// Whether the checker should model for null dereferences of smart pointers.
DefaultBool ModelSmartPtrDereference;		DefaultBool ModelSmartPtrDereference;
bool evalCall(const CallEvent &Call, CheckerContext &C) const;		bool evalCall(const CallEvent &Call, CheckerContext &C) const;
void checkPreCall(const CallEvent &Call, CheckerContext &C) const;		void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;		void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;
		ProgramStateRef
		checkRegionChanges(ProgramStateRef State,
		const InvalidatedSymbols *Invalidated,
		ArrayRef<const MemRegion *> ExplicitRegions,
		ArrayRef<const MemRegion *> Regions,
		const LocationContext LCtx, const CallEvent Call) const;

private:		private:
ProgramStateRef updateTrackedRegion(const CallEvent &Call, CheckerContext &C,		ProgramStateRef updateTrackedRegion(const CallEvent &Call, CheckerContext &C,
const MemRegion *ThisValRegion) const;		const MemRegion *ThisValRegion) const;
void handleReset(const CallEvent &Call, CheckerContext &C) const;		void handleReset(const CallEvent &Call, CheckerContext &C) const;
void handleRelease(const CallEvent &Call, CheckerContext &C) const;		void handleRelease(const CallEvent &Call, CheckerContext &C) const;
void handleSwap(const CallEvent &Call, CheckerContext &C) const;		void handleSwap(const CallEvent &Call, CheckerContext &C) const;

Show All 31 Lines
bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion) {		bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion) {
const auto *InnerPointVal = State->get<TrackedRegionMap>(ThisRegion);		const auto *InnerPointVal = State->get<TrackedRegionMap>(ThisRegion);
return InnerPointVal && InnerPointVal->isZeroConstant();		return InnerPointVal && InnerPointVal->isZeroConstant();
}		}
} // namespace smartptr		} // namespace smartptr
} // namespace ento		} // namespace ento
} // namespace clang		} // namespace clang

		// If a region is removed all of the subregions need to be removed too.
		vsavchenkoUnsubmitted Done Reply Inline Actions nit: need to be removed vsavchenko:* nit: *need to be removed
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions fixed vrnithinkumar: fixed
		static TrackedRegionMapTy
		vsavchenkoUnsubmitted Done Reply Inline Actions Maybe `Subregions` would fit better in this name then? vsavchenko: Maybe `Subregions` would fit better in this name then?
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions Changed to Subregions vrnithinkumar: Changed to Subregions
		removeTrackedSubregions(TrackedRegionMapTy RegionMap,
		TrackedRegionMapTy::Factory &RegionMapFactory,
		const MemRegion *Region) {
		if (!Region)
		return RegionMap;
		for (const auto &E : RegionMap) {
		if (E.first->isSubRegionOf(Region))
		RegionMap = RegionMapFactory.remove(RegionMap, E.first);
		}
		return RegionMap;
		}

bool SmartPtrModeling::isNullAfterMoveMethod(const CallEvent &Call) const {		bool SmartPtrModeling::isNullAfterMoveMethod(const CallEvent &Call) const {
// TODO: Update CallDescription to support anonymous calls?		// TODO: Update CallDescription to support anonymous calls?
// TODO: Handle other methods, such as .get() or .release().		// TODO: Handle other methods, such as .get() or .release().
// But once we do, we'd need a visitor to explain null dereferences		// But once we do, we'd need a visitor to explain null dereferences
// that are found via such modeling.		// that are found via such modeling.
const auto *CD = dyn_cast_or_null<CXXConversionDecl>(Call.getDecl());		const auto *CD = dyn_cast_or_null<CXXConversionDecl>(Call.getDecl());
return CD && CD->getConversionType()->isBooleanType();		return CD && CD->getConversionType()->isBooleanType();
}		}
▲ Show 20 Lines • Show All 55 Lines • ▼ Show 20 Lines	for (auto E : TrackedRegions) {
bool IsRegDead = !SymReaper.isLiveRegion(Region);		bool IsRegDead = !SymReaper.isLiveRegion(Region);

if (IsRegDead)		if (IsRegDead)
State = State->remove<TrackedRegionMap>(Region);		State = State->remove<TrackedRegionMap>(Region);
}		}
C.addTransition(State);		C.addTransition(State);
}		}

		ProgramStateRef SmartPtrModeling::checkRegionChanges(
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions I am using the same code from the `MoveChecker` since the same logic applies here too. But I am not completely sure whether this is the clean approach. vrnithinkumar: I am using the same code from the `MoveChecker` since the same logic applies here too. But I…
		ProgramStateRef State, const InvalidatedSymbols *Invalidated,
		ArrayRef<const MemRegion *> ExplicitRegions,
		ArrayRef<const MemRegion > Regions, const LocationContext LCtx,
		const CallEvent *Call) const {
		TrackedRegionMapTy RegionMap = State->get<TrackedRegionMap>();
		TrackedRegionMapTy::Factory &RegionMapFactory =
		vsavchenkoUnsubmitted Done Reply Inline Actions It is not critical, but potentially we can allocate/deallocate a whole bunch of states here. We can do the same sort of operation with the map itself (`State->get<TrackedRegionMap>()`), which still have similar problem but to a lesser degree. Additionally, this `get<MAP_TYPE>` method is not compile-time, it searches for the corresponding map in runtime (also in a map), so you repeat that as many times as you have `Regions`. And super-duper over-optimization note on my part: making the loop over `Regions` to be the inner-most is more cache-friendly. It is not really critical here, but it is overall good to have an eye for things like that. vsavchenko: It is not critical, but potentially we can allocate/deallocate a whole bunch of states here.
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions Updated `removeTrackedSubregions` for passing `TrackedRegionMap` vrnithinkumar: Updated `removeTrackedSubregions` for passing `TrackedRegionMap`
		State->get_context<TrackedRegionMap>();
		for (const auto *Region : Regions)
		RegionMap = removeTrackedSubregions(RegionMap, RegionMapFactory,
		Region->getBaseRegion());
		NoQUnsubmitted Done Reply Inline Actions The whole reason why we are making this patch first is because we don't fully handle methods :) Also, unlike the move checker, once we handle them, they'll probably stop changing regions, so no exceptional code path would be necessary in most cases. So i'd rather start with fully wiping all the data on any sneeze and later see if we can relax it. NoQ: The whole reason why we are making this patch first is because we don't fully handle methods…
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions I completely missed that point and jumped ahead. Made changes to untrack all changing regions in `checkRegionChanges` vrnithinkumar: I completely missed that point and jumped ahead. Made changes to untrack all changing regions…
		return State->set<TrackedRegionMap>(RegionMap);
		}

void SmartPtrModeling::handleReset(const CallEvent &Call,		void SmartPtrModeling::handleReset(const CallEvent &Call,
CheckerContext &C) const {		CheckerContext &C) const {
const auto *IC = dyn_cast<CXXInstanceCall>(&Call);		const auto *IC = dyn_cast<CXXInstanceCall>(&Call);
if (!IC)		if (!IC)
return;		return;

const MemRegion *ThisValRegion = IC->getCXXThisVal().getAsRegion();		const MemRegion *ThisValRegion = IC->getCXXThisVal().getAsRegion();
if (!ThisValRegion)		if (!ThisValRegion)
▲ Show 20 Lines • Show All 65 Lines • Show Last 20 Lines

clang/test/Analysis/Inputs/system-header-simulator-cxx.h

// Like the compiler, the static analyzer treats some functions differently if		// Like the compiler, the static analyzer treats some functions differently if
		Lint: Lint Inline Actions clang-format not found in user's PATH; not linting file. Lint: Lint: clang-format not found in user's PATH; not linting file.
// they come from a system header -- for example, it is assumed that system		// they come from a system header -- for example, it is assumed that system
// functions do not arbitrarily free() their parameters, and that some bugs		// functions do not arbitrarily free() their parameters, and that some bugs
// found in system headers cannot be fixed by the user and should be		// found in system headers cannot be fixed by the user and should be
// suppressed.		// suppressed.
#pragma clang system_header		#pragma clang system_header

typedef unsigned char uint8_t;		typedef unsigned char uint8_t;
▲ Show 20 Lines • Show All 929 Lines • ▼ Show 20 Lines	#endif
template <class InputIterator, class OutputIterator>		template <class InputIterator, class OutputIterator>
OutputIterator copy(InputIterator first, InputIterator last,		OutputIterator copy(InputIterator first, InputIterator last,
OutputIterator result);		OutputIterator result);

}		}

#if __cplusplus >= 201103L		#if __cplusplus >= 201103L
namespace std {		namespace std {
template <typename T> // TODO: Implement the stub for deleter.		template <typename T> // TODO: Implement the stub for deleter.
class unique_ptr {		class unique_ptr {
public:		public:
unique_ptr() {}		unique_ptr() noexcept {}
unique_ptr(T *) {}		unique_ptr(T *) noexcept {}
unique_ptr(const unique_ptr &) = delete;		unique_ptr(const unique_ptr &) noexcept = delete;
unique_ptr(unique_ptr &&);		unique_ptr(unique_ptr &&) noexcept;

T *get() const;		T *get() const noexcept;
T *release() const;		T *release() noexcept;
void reset(T *p = nullptr) const;		void reset(T *p = nullptr) noexcept;
void swap(unique_ptr<T> &p) const;		void swap(unique_ptr<T> &p) noexcept;

typename std::add_lvalue_reference<T>::type operator*() const;		typename std::add_lvalue_reference<T>::type operator*() const;
T *operator->() const;		T *operator->() const noexcept;
operator bool() const;		operator bool() const noexcept;
		unique_ptr<T> &operator=(unique_ptr<T> &&p) noexcept;
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions added this to support use case like `Q = std::move(P)` vrnithinkumar: added this to support use case like `Q = std::move(P)`
		xazax.hunUnsubmitted Done Reply Inline Actions This operation should be `noexcept`: https://en.cppreference.com/w/cpp/memory/unique_ptr/operator%3D While it makes little difference for the analyzer at this point we should try to be as close to the standard as possible. If you have some time feel free to add `noexcept` to other methods that miss it :) xazax.hun: This operation should be `noexcept`: https://en.cppreference.
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions Added `noexcept` for all applicable methods vrnithinkumar: Added `noexcept` for all applicable methods
};		};
}		} // namespace std
#endif		#endif

#ifdef TEST_INLINABLE_ALLOCATORS		#ifdef TEST_INLINABLE_ALLOCATORS
namespace std {		namespace std {
void *malloc(size_t);		void *malloc(size_t);
void free(void *);		void free(void *);
}		}
void* operator new(std::size_t size, const std::nothrow_t&) throw() { return std::malloc(size); }		void* operator new(std::size_t size, const std::nothrow_t&) throw() { return std::malloc(size); }
▲ Show 20 Lines • Show All 148 Lines • Show Last 20 Lines

clang/test/Analysis/smart-ptr.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection\		// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection\
		Lint: Lint Inline Actions clang-format not found in user's PATH; not linting file. Lint: Lint: clang-format not found in user's PATH; not linting file.
// RUN: -analyzer-checker cplusplus.Move,alpha.cplusplus.SmartPtr\		// RUN: -analyzer-checker cplusplus.Move,alpha.cplusplus.SmartPtr\
// RUN: -analyzer-config cplusplus.SmartPtrModeling:ModelSmartPtrDereference=true\		// RUN: -analyzer-config cplusplus.SmartPtrModeling:ModelSmartPtrDereference=true\
// RUN: -std=c++11 -verify %s		// RUN: -std=c++11 -verify %s

#include "Inputs/system-header-simulator-cxx.h"		#include "Inputs/system-header-simulator-cxx.h"

void clang_analyzer_warnIfReached();		void clang_analyzer_warnIfReached();
▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines	void derefAfterCtrWithNullReturnMethod() {
std::unique_ptr<A> P(return_null());		std::unique_ptr<A> P(return_null());
P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
}		}

void derefAfterRelease() {		void derefAfterRelease() {
std::unique_ptr<A> P(new A());		std::unique_ptr<A> P(new A());
P.release();		P.release();
clang_analyzer_numTimesReached(); // expected-warning {{1}}		clang_analyzer_numTimesReached(); // expected-warning {{1}}
P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
}		}

void derefAfterReset() {		void derefAfterReset() {
std::unique_ptr<A> P(new A());		std::unique_ptr<A> P(new A());
P.reset();		P.reset();
clang_analyzer_numTimesReached(); // expected-warning {{1}}		clang_analyzer_numTimesReached(); // expected-warning {{1}}
P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
}		}

void derefAfterResetWithNull() {		void derefAfterResetWithNull() {
std::unique_ptr<A> P(new A());		std::unique_ptr<A> P(new A());
P.reset(nullptr);		P.reset(nullptr);
P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
}		}

Show All 10 Lines	void derefAfterReleaseAndResetWithNonNull() {
P->foo(); // No warning.		P->foo(); // No warning.
}		}

void derefOnReleasedNullRawPtr() {		void derefOnReleasedNullRawPtr() {
std::unique_ptr<A> P;		std::unique_ptr<A> P;
A *AP = P.release();		A *AP = P.release();
AP->foo(); // expected-warning {{Called C++ object pointer is null [core.CallAndMessage]}}		AP->foo(); // expected-warning {{Called C++ object pointer is null [core.CallAndMessage]}}
}		}

		void pass_smart_ptr_by_ref(std::unique_ptr<A> &a);
		void pass_smart_ptr_by_const_ref(const std::unique_ptr<A> &a);
		void pass_smart_ptr_by_rvalue_ref(std::unique_ptr<A> &&a);
		void pass_smart_ptr_by_const_rvalue_ref(const std::unique_ptr<A> &&a);
		void pass_smart_ptr_by_ptr(std::unique_ptr<A> *a);
		void pass_smart_ptr_by_const_ptr(const std::unique_ptr<A> *a);

		void regioninvalidationTest() {
		{
		std::unique_ptr<A> P;
		pass_smart_ptr_by_ref(P);
		P->foo(); // no-warning
		}
		{
		std::unique_ptr<A> P;
		pass_smart_ptr_by_const_ref(P);
		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
		}
		{
		std::unique_ptr<A> P;
		pass_smart_ptr_by_rvalue_ref(std::move(P));
		P->foo(); // no-warning
		}
		{
		std::unique_ptr<A> P;
		pass_smart_ptr_by_const_rvalue_ref(std::move(P));
		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
		}
		{
		std::unique_ptr<A> P;
		pass_smart_ptr_by_ptr(&P);
		P->foo();
		}
		{
		std::unique_ptr<A> P;
		pass_smart_ptr_by_const_ptr(&P);
		P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
		}
		}

		struct StructWithSmartPtr {
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions @xazax.hun , Is this the type of test you were suggesting? vrnithinkumar: @xazax.hun , Is this the type of test you were suggesting?
		xazax.hunUnsubmitted Not Done Reply Inline Actions Yes, looks good to me, thanks! :) xazax.hun: Yes, looks good to me, thanks! :)
		std::unique_ptr<A> P;
		};

		void pass_struct_with_smart_ptr_by_ref(StructWithSmartPtr &a);
		void pass_struct_with_smart_ptr_by_const_ref(const StructWithSmartPtr &a);
		void pass_struct_with_smart_ptr_by_rvalue_ref(StructWithSmartPtr &&a);
		void pass_struct_with_smart_ptr_by_const_rvalue_ref(const StructWithSmartPtr &&a);
		void pass_struct_with_smart_ptr_by_ptr(StructWithSmartPtr *a);
		void pass_struct_with_smart_ptr_by_const_ptr(const StructWithSmartPtr *a);

		void regioninvalidationTestWithinStruct() {
		{
		StructWithSmartPtr S;
		pass_struct_with_smart_ptr_by_ref(S);
		S.P->foo(); // no-warning
		}
		{
		StructWithSmartPtr S;
		pass_struct_with_smart_ptr_by_const_ref(S);
		S.P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
		}
		{
		StructWithSmartPtr S;
		pass_struct_with_smart_ptr_by_rvalue_ref(std::move(S));
		S.P->foo(); // no-warning
		}
		{
		StructWithSmartPtr S;
		pass_struct_with_smart_ptr_by_const_rvalue_ref(std::move(S));
		S.P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
		}
		{
		StructWithSmartPtr S;
		pass_struct_with_smart_ptr_by_ptr(&S);
		S.P->foo();
		}
		{
		StructWithSmartPtr S;
		pass_struct_with_smart_ptr_by_const_ptr(&S);
		S.P->foo(); // expected-warning {{Dereference of null smart pointer [alpha.cplusplus.SmartPtr]}}
		}
		}

		void derefAfterAssignment() {
		{
		vsavchenkoUnsubmitted Done Reply Inline Actions Usually we simply add the test with expectations matching current state of things, but add a TODO over those particular lines. This way when you fix the issue the test will start failing and you won't forget to uncomment it. vsavchenko: Usually we simply add the test with expectations matching current state of things, but add a…
		vrnithinkumarAuthorUnsubmitted Done Reply Inline Actions Enabled the test and added the todo. vrnithinkumar: Enabled the test and added the todo.
		std::unique_ptr<A> P(new A());
		std::unique_ptr<A> Q;
		Q = std::move(P);
		Q->foo(); // no-warning
		}
		{
		std::unique_ptr<A> P;
		std::unique_ptr<A> Q;
		Q = std::move(P);
		// TODO: Fix test with expecting warning after '=' operator overloading modeling.
		Q->foo(); // no-warning
		}
		}

This is an archive of the discontinued LLVM Phabricator instance.

[Analyzer] Add checkRegionChanges for SmartPtrModelingClosedPublic

Details

Diff Detail

Unit TestsFailed

Event Timeline

Revision Contents

Diff 278628

clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp

clang/test/Analysis/Inputs/system-header-simulator-cxx.h

clang/test/Analysis/smart-ptr.cpp

[Analyzer] Add checkRegionChanges for SmartPtrModeling
ClosedPublic