User Details
- User Since
- Dec 25 2017, 5:51 AM (160 w, 3 d)
Dec 18 2020
Dec 14 2020
Hey! We are somewhat slow in reviews, please understand that.
Dec 4 2020
Nov 27 2020
Jul 17 2020
I do not get why my solution -analyzer-config silence-checkers=core.NullDereference -analyzer-config silence-checkers=core.DivideZero was insufficient, whereas -analyzer-config silence-checkers=core.NullDereference;core.DivideZero is working. One funny thing to note here: LLDB cannot parse "a;b", so that it stops to parse the compiler flags at ;... It is mostly LLDB's fault, but that is why I wanted to avoid the character ;. If I remember right I have picked ; over ,, because the Clang's flag-parser cannot parse ,, but may , is working now. Could you try that and overwrite these silly behaviors, please?
Jul 15 2020
Thanks for the reviews!
- Resolve most of the review comments.
- We really need to specify the design of future checkers.
Jul 14 2020
Jun 3 2020
Okay! Thanks for the review.
- Using getNameAsString().
I do not see any debug burden because there were no information to begin the debug. The *new* information occurs at the appropriate place now.
Story: I was looking at the va_list test files and I was very curious why I cannot catch its binding as a struct. So I have checked out an implementation:
typedef struct { unsigned int gp_offset; unsigned int fp_offset; void *overflow_arg_area; void *reg_save_area; } va_list[1];
The answer was: bindArray(). I believe it is convenient to see immediately what we model.
May this is somewhat hand-waving, but this double-binding does not seem useful.
- Refactor.
May 24 2020
- Refactor.
- Refactor.
- State out explicitly whether the Analyzer models the dynamic size.
Way more sophisticated matching: https://reviews.llvm.org/D77745
- Refactor.
May 19 2020
Apr 7 2020
I believe it is very strange on a Windows system to have multiple dots in a file. The other issue could be the wildcard /*/ in a path full of \s. The LLVM lit (https://llvm.org/docs/CommandGuide/lit.html) has tons of Windows-related shortcuts, which I have never seen being used, but could be useful.
Apr 5 2020
Apr 3 2020
Apr 1 2020
- Simplify tests.
- Remove dead code, they are far away to being used.
- Add an extra test case.
- Remove the last dead comment.
Thanks for the review, hopefully if I ping @NoQ in every round, it will be green-marked soon.
Hm, the MemRegion's offset should be great. I was thinking about if we would store SVal offsets in the Store.
Mar 31 2020
Given that the secondary behavior confuse people I have removed it for now. May if someone introduce a NullTerminationChecker then we introduce such option to warn on insecure calls instant. Thanks @balazske for influencing that change. @NoQ this project had a deadline like half year ago, could you smash that green button please?
- Get rid of the secondary behavior for now.
- Fix review comments.
- Remove the last gymnastic.
- Rebase.
Please avoid to stuff in CheckerContext because this facility should be used by ExprEngine/Store as well.
Let us reword your API: getDynamicSizeWithOffset(ProgramStateRef, SVal, SValBuilder &). Of course we are trying to obtain some buffer-ish size, that is the purpose of the entire API.
I also could imagine something like getDynamicSizeMul(ProgramStateRef, const MemRegion &, const MemRegion &, SValBuilder &), as it is very common.
Each class has its own dumpJson method which builds up the graph together. The actual dot creation happens in ExprEngine.cpp's struct DOTGraphTraits<ExplodedGraph*>, changed in: D62346
Mar 30 2020
- Remove the test of creating a live checker, instead copy over the live checker when the script runs.
- Simplify the script by adding the new package to the end of the file.
- In case of the checkers.rst a non-alpha package is going to be added before the alpha packages.
- According to this change simplify the tests.
- DummyChecker -> ExampleChecker.
Mar 29 2020
Mar 28 2020
- Fix VLASizeChecker's multi-dimensional array early return.
- So that fix the regression in test misc-ps-region-store.m.
- Fix tests that need regex.
- Add documentation about dumpExtent, dumpElementCount.
Mar 25 2020
"To prevent such errors, either limit copies through truncation or, preferably, ensure that the destination is of sufficient size to hold the character data" - from the rule's page.
Most of the projects are fine truncating by hand because the write happens in somewhat well-bounded strings: IP-addresses, names, numbers... I wanted to make this as practical as possible. Until you are having a null-terminated string without being read, you are most likely fine. Feel free to try this out, probably you would already understand the WarnOnCall option very well.
Mar 24 2020
Mar 23 2020
Thanks for the feedback! Given that it will remain an alpha checker for a long time (~1 year), no one really should use it.
Nice catch, thanks! We have some FIXMEs about MSVC sadly and I was thinking about the same change back in the days.
Mar 17 2020
Mar 13 2020
Mar 12 2020
- Try to invoke TableGen, if that fails the user need to specify the path to it.
- The script actually creates a real world (hidden) checker.
- This checker always made with the build invocation.
- Its test file always made with the build invocation.
- Everything else remain as is.
- (calculated: DummyChecker.cpp (100 lines))
Mar 9 2020
Mar 4 2020
Could you mention how to use this feature in the Summary please?
cd reports scan-build --generate-index-only .
Mar 3 2020
- Make the tags robust and more unique.
Done, thanks! I will eventually document more. "Some day"... jk.
[Achievement unlocked] 3 green marks.
Thanks everyone! I hope the Analyzer developers start to use the wonderful features from Clang-Tidy.
- Set the size properly.
- Add new debug.ExprInspection patterns: region, size, element count.
- clang-format -i ExprInspectionChecker.cpp.
- Having no idea what is the single regression in tests.
Could you add a test please? We really need tests for every patch.
Cool, that one a lucky one! I think the SymbolRef based world also working, just at some point it could not scale because other systems are region based... For now, it is a much better solution, and this pattern to overload the callback with all the interestingness seems like the standard way of using NoteTags. Thanks!
I believe our path and context sensitive engine is more extensible and precise than checking the source file. Are you sure it scales? I would prefer to tie this information for MemRegions, rather than arbitrary places in the source code. My knowledge is very weak in this checker but I have changed from the Tidy world to the Analyzer to enjoy its benefits. Please enjoy these benefits in your work as well.
I have added green markers to all of your patches as well. I really appreciate the simplification of the MallocChecker. May you would commit it as soon as possible, given that you have nailed what Artem has suggested. Cool^2.
Also... as to why I added so much LLVM_UNREACHABLE annotations
look for a solution better then demonstrated in this patch.
I wish for a third map, something like ReallocationMap. Other than that it is a great direction, I love it. Thanks!
Cool! May it worth to mention the corresponding mail from the mailing list in the Summary: http://lists.llvm.org/pipermail/cfe-dev/2020-February/064754.html
Feb 27 2020
! In D75271#1896223, @Szelethus wrote:
Thinking back, I did have a number of failed attempts to make something a bit less ugly, but the sharp divide between the 2 libraries makes is really-really difficult, and I don't recall alternative solutions being that much better. Either the checker interface gets worse, or the checker registration interface gets so messy that it would severely hurt further improvements in terms of checker dependency development.
PS: The CheckerManager also could serve this behavior as registerXXX() already passing around that manager, but I believe the AnalysisManager supposed to manage the analysis.
I am so sorry to mention, but we need the AnalysisManager to pass around which manages the analysis, therefore it knows both the LangOptions and AnalyzerOptions. Also this entire callback should be removed ideally: it has to be a virtual function defaulting to return true; and if someone needs this feature could rewrite the behavior. I guess there was some debate whether it should be on by default or not, but for a checker writer and future changes this patch shows that how weak this API is.