- User Since
- Dec 25 2017, 5:51 AM (119 w, 1 d)
I believe it is very strange on a Windows system to have multiple dots in a file. The other issue could be the wildcard /*/ in a path full of \s. The LLVM lit (https://llvm.org/docs/CommandGuide/lit.html) has tons of Windows-related shortcuts, which I have never seen being used, but could be useful.
Sun, Apr 5
Fri, Apr 3
Wed, Apr 1
- Simplify tests.
- Remove dead code, they are far away to being used.
- Add an extra test case.
- Remove the last dead comment.
Thanks for the review, hopefully if I ping @NoQ in every round, it will be green-marked soon.
Hm, the MemRegion's offset should be great. I was thinking about if we would store SVal offsets in the Store.
Tue, Mar 31
Given that the secondary behavior confuse people I have removed it for now. May if someone introduce a NullTerminationChecker then we introduce such option to warn on insecure calls instant. Thanks @balazske for influencing that change. @NoQ this project had a deadline like half year ago, could you smash that green button please?
- Get rid of the secondary behavior for now.
- Fix review comments.
- Remove the last gymnastic.
Please avoid to stuff in CheckerContext because this facility should be used by ExprEngine/Store as well.
Let us reword your API: getDynamicSizeWithOffset(ProgramStateRef, SVal, SValBuilder &). Of course we are trying to obtain some buffer-ish size, that is the purpose of the entire API.
I also could imagine something like getDynamicSizeMul(ProgramStateRef, const MemRegion &, const MemRegion &, SValBuilder &), as it is very common.
Each class has its own dumpJson method which builds up the graph together. The actual dot creation happens in ExprEngine.cpp's struct DOTGraphTraits<ExplodedGraph*>, changed in: D62346
Mon, Mar 30
- Remove the test of creating a live checker, instead copy over the live checker when the script runs.
- Simplify the script by adding the new package to the end of the file.
- In case of the checkers.rst a non-alpha package is going to be added before the alpha packages.
- According to this change simplify the tests.
- DummyChecker -> ExampleChecker.
Sun, Mar 29
Sat, Mar 28
- Fix VLASizeChecker's multi-dimensional array early return.
- So that fix the regression in test misc-ps-region-store.m.
- Fix tests that need regex.
- Add documentation about dumpExtent, dumpElementCount.
Wed, Mar 25
"To prevent such errors, either limit copies through truncation or, preferably, ensure that the destination is of sufficient size to hold the character data" - from the rule's page.
Most of the projects are fine truncating by hand because the write happens in somewhat well-bounded strings: IP-addresses, names, numbers... I wanted to make this as practical as possible. Until you are having a null-terminated string without being read, you are most likely fine. Feel free to try this out, probably you would already understand the WarnOnCall option very well.
Tue, Mar 24
Mon, Mar 23
Thanks for the feedback! Given that it will remain an alpha checker for a long time (~1 year), no one really should use it.
Nice catch, thanks! We have some FIXMEs about MSVC sadly and I was thinking about the same change back in the days.
Tue, Mar 17
Fri, Mar 13
Thu, Mar 12
- Try to invoke TableGen, if that fails the user need to specify the path to it.
- The script actually creates a real world (hidden) checker.
- This checker always made with the build invocation.
- Its test file always made with the build invocation.
- Everything else remain as is.
- (calculated: DummyChecker.cpp (100 lines))
Mon, Mar 9
Mar 4 2020
Could you mention how to use this feature in the Summary please?
cd reports scan-build --generate-index-only .
Mar 3 2020
- Make the tags robust and more unique.
Done, thanks! I will eventually document more. "Some day"... jk.
[Achievement unlocked] 3 green marks.
Thanks everyone! I hope the Analyzer developers start to use the wonderful features from Clang-Tidy.
- Set the size properly.
- Add new debug.ExprInspection patterns: region, size, element count.
- clang-format -i ExprInspectionChecker.cpp.
- Having no idea what is the single regression in tests.
Could you add a test please? We really need tests for every patch.
Cool, that one a lucky one! I think the SymbolRef based world also working, just at some point it could not scale because other systems are region based... For now, it is a much better solution, and this pattern to overload the callback with all the interestingness seems like the standard way of using NoteTags. Thanks!
I believe our path and context sensitive engine is more extensible and precise than checking the source file. Are you sure it scales? I would prefer to tie this information for MemRegions, rather than arbitrary places in the source code. My knowledge is very weak in this checker but I have changed from the Tidy world to the Analyzer to enjoy its benefits. Please enjoy these benefits in your work as well.
I have added green markers to all of your patches as well. I really appreciate the simplification of the MallocChecker. May you would commit it as soon as possible, given that you have nailed what Artem has suggested. Cool^2.
Also... as to why I added so much LLVM_UNREACHABLE annotations
look for a solution better then demonstrated in this patch.
I wish for a third map, something like ReallocationMap. Other than that it is a great direction, I love it. Thanks!
Cool! May it worth to mention the corresponding mail from the mailing list in the Summary: http://lists.llvm.org/pipermail/cfe-dev/2020-February/064754.html
Feb 27 2020
! In D75271#1896223, @Szelethus wrote:
Thinking back, I did have a number of failed attempts to make something a bit less ugly, but the sharp divide between the 2 libraries makes is really-really difficult, and I don't recall alternative solutions being that much better. Either the checker interface gets worse, or the checker registration interface gets so messy that it would severely hurt further improvements in terms of checker dependency development.
PS: The CheckerManager also could serve this behavior as registerXXX() already passing around that manager, but I believe the AnalysisManager supposed to manage the analysis.
I am so sorry to mention, but we need the AnalysisManager to pass around which manages the analysis, therefore it knows both the LangOptions and AnalyzerOptions. Also this entire callback should be removed ideally: it has to be a virtual function defaulting to return true; and if someone needs this feature could rewrite the behavior. I guess there was some debate whether it should be on by default or not, but for a checker writer and future changes this patch shows that how weak this API is.
Feb 25 2020
Feb 24 2020
Thanks for the reviews! Are we good to go?
Feb 23 2020
That is very unfortunate, but may if you could introduce a bullet-proof ls we could see if the scan-build sub-directory removal is non-alphabetical. I think the latter smells more badly.
I think on a long term our knowledge increases so we could generalize upon what we have learnt. For now as long as it is working and have tests, it is cool.
Feb 12 2020
Thanks! I would mention in the Summary the necessary flags to perform index-only output. (May write some release notes?)
Feb 7 2020
Feb 5 2020
Feb 4 2020
Cool, thanks you!
Thanks for the fix! The PopUpRanges is very important, please revert it back in its original shape. Sorry for the inconvenience.
Feb 3 2020
Thanks! I have felt that may I create a too complex symbolic value. Sorry for stealing your time.
- Remove the modeling from CStringChecker.
Jan 31 2020
- 2020-ify the checker writing
- Remove extra bullet-points of CERT checker documentation: we only need the checker's documentation, not the packages.
- Let us reuse this patch.
- Remove the expression storing feature.
- Only store known sizes.
Jan 30 2020
Thanks for the reviews! Sorry for the delay.
- Rename the script from check_analyzer_fixit.py to check-analyzer-fixit.py
- Change to 4-column space standard.
- Simplify obtaining the Clang include directory.
Let us say, we do not need this patch. In case we would need it, I will reopen.