NoQ (Artem Dergachev)
User

Projects

User does not belong to any projects.

User Details

User Since
Sep 3 2015, 9:16 AM (149 w, 3 d)

Recent Activity

Fri, Jul 13

NoQ accepted D48831: [Analyzer] alpha.unix.cstring.OutOfBounds checker enable/disable fix.

Whoops, sry, yeah, looks good, please commit!

Fri, Jul 13, 6:31 AM
NoQ accepted D48764: [Analyzer] Hotfix for iterator checkers: Mark left-hand side of `SymIntExpr` objects as live in the program state maps..

Looks good otherwise, please commit.

Fri, Jul 13, 5:59 AM

Thu, Jul 12

NoQ added a comment to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.

I'd also rather stick to integer arithmetic and avoid using floats even in intermediate calculations. It'd be hard to make sure that no rounding errors kick in if we use floats.

Thu, Jul 12, 1:54 PM
NoQ added inline comments to D48436: [analyzer][UninitializedObjectChecker] Fixed a false negative by no longer filtering out certain constructor calls.
Thu, Jul 12, 12:45 PM
NoQ added a comment to D48436: [analyzer][UninitializedObjectChecker] Fixed a false negative by no longer filtering out certain constructor calls.

A call to Derived::Derived() previously emitted no warnings. However, with these changes, a warning is emitted for Base::a.

Thu, Jul 12, 12:43 PM
NoQ accepted D48325: [analyzer][UninitializedObjectChecker] Support for MemberPointerTypes.

Yay less code.

Thu, Jul 12, 12:24 PM
NoQ accepted D48291: [analyzer][UninitializedObjectChecker] Fixed captured lambda variable name.

Looks good!

Thu, Jul 12, 12:23 PM
NoQ added inline comments to D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.
Thu, Jul 12, 12:17 PM
NoQ accepted D49166: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation from Decl.

You might need to annotate the unused parameter to avoid a compiler warning.

Thu, Jul 12, 12:03 PM
NoQ accepted D48911: [analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is initialized to zero.
Thu, Jul 12, 11:50 AM
NoQ accepted D48856: [analyzer] Fix overly eager suppression of NPE when the value used is returned from a macro.
Thu, Jul 12, 11:49 AM
NoQ added a comment to D49236: [analyzer] [WIP] Moved static Context to class member.

Z3Solver takes Z3Context by value, but then stores a reference. It should take it by reference.

Thu, Jul 12, 11:25 AM
NoQ added a comment to D49236: [analyzer] [WIP] Moved static Context to class member.

Mm, wait, nvm, it's a pointer.

Thu, Jul 12, 11:23 AM
NoQ added a comment to D49236: [analyzer] [WIP] Moved static Context to class member.

SMTContext::getContext() returns the context by value, which means making a copy. It should return by reference.

Thu, Jul 12, 11:21 AM
NoQ added inline comments to D49232: [analyzer] Memoize complexity of SymExpr.
Thu, Jul 12, 10:07 AM

Wed, Jul 11

NoQ updated the diff for D49215: [analyzer] Admit that some copy/move constructors have more than one argument..

Actually verify the CFG in the test.

Wed, Jul 11, 6:52 PM
NoQ created D49215: [analyzer] Admit that some copy/move constructors have more than one argument..
Wed, Jul 11, 6:48 PM
NoQ added inline comments to D49213: [analyzer] pr38072: Suppress an assertion failure for eliding the same destructor twice due to the default argument problem..
Wed, Jul 11, 6:32 PM
NoQ added a dependency for D49213: [analyzer] pr38072: Suppress an assertion failure for eliding the same destructor twice due to the default argument problem.: D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys..
Wed, Jul 11, 6:30 PM
NoQ added a dependent revision for D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys.: D49213: [analyzer] pr38072: Suppress an assertion failure for eliding the same destructor twice due to the default argument problem..
Wed, Jul 11, 6:30 PM
NoQ created D49213: [analyzer] pr38072: Suppress an assertion failure for eliding the same destructor twice due to the default argument problem..
Wed, Jul 11, 6:30 PM
NoQ abandoned D27202: [analyzer] Do not conjure a symbol for return value of a conservatively evaluated function.

Outdated by D44131.

Wed, Jul 11, 6:10 PM
NoQ added inline comments to D22391: [Sema] Add warning for implicitly casting a null constant to a non null pointer type .
Wed, Jul 11, 6:09 PM
NoQ added a dependency for D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys.: D48681: [CFG] [analyzer] Add construction contexts for function arguments..
Wed, Jul 11, 5:48 PM
NoQ added a dependent revision for D48681: [CFG] [analyzer] Add construction contexts for function arguments.: D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys..
Wed, Jul 11, 5:48 PM
NoQ created D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys..
Wed, Jul 11, 5:46 PM
NoQ updated the diff for D48681: [CFG] [analyzer] Add construction contexts for function arguments..

Address my own comments.

Wed, Jul 11, 5:26 PM
NoQ added a comment to D48764: [Analyzer] Hotfix for iterator checkers: Mark left-hand side of `SymIntExpr` objects as live in the program state maps..

Looks good with minor comments.

Wed, Jul 11, 4:09 PM

Tue, Jul 10

NoQ added inline comments to D48681: [CFG] [analyzer] Add construction contexts for function arguments..
Tue, Jul 10, 5:34 PM
NoQ accepted D49050: [analyzer] Pass through all arguments from the registerChecker() to the checker constructor.

Looks pretty great!

Tue, Jul 10, 5:33 PM
NoQ updated subscribers of D22391: [Sema] Add warning for implicitly casting a null constant to a non null pointer type .
Tue, Jul 10, 12:04 PM
NoQ accepted D49057: [analyzer] Track multiple raw pointer symbols in DanglingInternalBufferChecker.

Looks great, thanks!

Tue, Jul 10, 11:06 AM

Mon, Jul 9

NoQ added inline comments to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.
Mon, Jul 9, 3:37 PM

Sun, Jul 8

NoQ added a comment to D49057: [analyzer] Track multiple raw pointer symbols in DanglingInternalBufferChecker.

Much symbols!

Sun, Jul 8, 12:25 PM

Mon, Jul 2

NoQ added a comment to D48831: [Analyzer] alpha.unix.cstring.OutOfBounds checker enable/disable fix.

Uhm, so we had an alpha checker enabled all along? Thanks for patching this up!

Mon, Jul 2, 4:38 PM
NoQ added inline comments to D48027: [analyzer] Improve `CallDescription` to handle c++ method..
Mon, Jul 2, 4:27 PM
NoQ added inline comments to D48681: [CFG] [analyzer] Add construction contexts for function arguments..
Mon, Jul 2, 2:16 PM
NoQ added a comment to D48427: [Analyzer] Iterator Checker Hotfix: Defer deletion of container data until its last iterator is cleaned up.

That'd be a hell for you because when the container is updated you won't be able to easily find iterators all that iterate over it. Normally what you want to do is keep mapping iterators to container regions, and when the region dies, "freeze" the data (make sure it can no longer be mutated, through an assertion or, ideally, via the type system) and re-map the iterator to data directly.

Mon, Jul 2, 9:39 AM

Fri, Jun 29

NoQ added inline comments to D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.
Fri, Jun 29, 2:08 PM
NoQ added a comment to D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.

Am I correct to assume that, since if (nodep) is undefined behaviour in this path (nodep is uninitialized), the static analyzer doesn't evaluate it?

Fri, Jun 29, 1:40 PM
NoQ added a comment to D48764: [Analyzer] Hotfix for iterator checkers: Mark left-hand side of `SymIntExpr` objects as live in the program state maps..

That's right. You only need to mark "atomic" symbols (SymbolData) as live, and expressions that contain them would automatically become live. So i think you should just iterate through a symbol_iterator and mark all SymbolData symbols you encounter as live.

Fri, Jun 29, 10:39 AM

Wed, Jun 27

NoQ accepted D46944: [analyzer] Use sufficiently large types for index/size calculation..

Yep, this definitely looks safe and sound in the current shape.

Wed, Jun 27, 5:07 PM
NoQ added inline comments to D48681: [CFG] [analyzer] Add construction contexts for function arguments..
Wed, Jun 27, 4:29 PM
NoQ created D48681: [CFG] [analyzer] Add construction contexts for function arguments..
Wed, Jun 27, 4:27 PM
NoQ added a comment to D48324: [analyzer] Fix wrong comparison generation of the ranges generated by the refutation manager.

The case here is that the subtraction is generated by the CSA, as there is no subtraction in the example.

Wed, Jun 27, 3:50 PM
NoQ added inline comments to D48608: [CFG] [analyzer] Add construction contexts for C++ objects returned from Objective-C messages..
Wed, Jun 27, 1:34 PM
NoQ updated the diff for D48608: [CFG] [analyzer] Add construction contexts for C++ objects returned from Objective-C messages..

Code re-use!

Wed, Jun 27, 1:34 PM
NoQ updated the diff for D48249: [analyzer] Add stubs for argument construction contexts for arguments of C++ constructors and Objective-C messages..

Actually, yeah, add the comment.

Wed, Jun 27, 12:47 PM
NoQ updated the diff for D48249: [analyzer] Add stubs for argument construction contexts for arguments of C++ constructors and Objective-C messages..

Code re-use!

Wed, Jun 27, 12:42 PM
NoQ accepted D32642: [Analyzer] Iterator Checker - Part 2: Increment, decrement operators and ahead-of-begin checks.
Wed, Jun 27, 12:12 PM
NoQ added a comment to D32642: [Analyzer] Iterator Checker - Part 2: Increment, decrement operators and ahead-of-begin checks.

I think this looks good. There's a problem with missing construction contexts, but i guess that's not the checker's fault, so let's add a FIXME and commit.

Wed, Jun 27, 12:11 PM
NoQ added a comment to D48427: [Analyzer] Iterator Checker Hotfix: Defer deletion of container data until its last iterator is cleaned up.

Aha, ok, yeah, we should have seen this coming. Whenever a checker tracks pairs of objects, like containers and iterators, or strings objects and their internal buffers (D48522), or return values and out-parameters of the same function call (D32449), we should expect races on which of the two dies first. Such races are inevitable because any of the two may be arbitrarily stored for an indefinite amount of time. The test that you see failing is one of the tricky cases to understand because it's about liveness of a parameter region, which is a bit counter-intuitive.

Wed, Jun 27, 11:38 AM
NoQ added a comment to D48324: [analyzer] Fix wrong comparison generation of the ranges generated by the refutation manager.

As usual, the analyzer, unlike the compiler, should be prepared to handle three different situations:

Wed, Jun 27, 11:01 AM
NoQ accepted D35110: [Analyzer] Constraint Manager Negates Difference.

Thank you!! Please commit.

Wed, Jun 27, 10:45 AM
NoQ added a reviewer for D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled: baloghadamsoftware.

+Adam because that's a lot of stuff he's interested in and his tests are affected.

Wed, Jun 27, 10:39 AM
NoQ added inline comments to D48325: [analyzer][UninitializedObjectChecker] Support for MemberPointerTypes.
Wed, Jun 27, 10:28 AM

Tue, Jun 26

NoQ added a comment to D48565: [analyzer] Replace the vector of ConstraintSets by a single ConstraintSet and a function to merge ConstraintSets.

I think @xazax.hun has a point. We should not be intersecting any ranges because older ranges (that are closer to the root of the graph) are always super-sets of the newer ranges. Essentially, for every symbol we need to take either the final range (if it's present in the last program state) or the latest range (from the last state in which it's present) and feed it to the solver. That's all. No intersections. No PreStmtPurgeDeadSymbols program points. That's a fairly normal visitor workflow - that's exactly we have a pair of nodes as arguments to VisitNode. Just observe how state changes.

Tue, Jun 26, 6:17 PM
NoQ accepted D48514: [analyzer] [NFC] Add -verify to malloc checker test.

I like such commits.

Tue, Jun 26, 6:17 PM
NoQ requested changes to D48436: [analyzer][UninitializedObjectChecker] Fixed a false negative by no longer filtering out certain constructor calls.
Tue, Jun 26, 6:07 PM
NoQ added a comment to D48436: [analyzer][UninitializedObjectChecker] Fixed a false negative by no longer filtering out certain constructor calls.

I think we need to finish our dialog on who's responsible for initialization and why do we need to filter constructors at all, cause it's kinda hanging (i.e. D45532#inline-422673).

Tue, Jun 26, 6:07 PM
NoQ added inline comments to D48325: [analyzer][UninitializedObjectChecker] Support for MemberPointerTypes.
Tue, Jun 26, 6:02 PM
NoQ accepted D48325: [analyzer][UninitializedObjectChecker] Support for MemberPointerTypes.

Looks good! One minor comment.

Tue, Jun 26, 6:00 PM
NoQ added inline comments to D48291: [analyzer][UninitializedObjectChecker] Fixed captured lambda variable name.
Tue, Jun 26, 5:12 PM
NoQ accepted D48285: [analyzer][UninitializedObjectChecker] Added "NotesAsWarnings" flag.

Looks great, thanks!

Tue, Jun 26, 4:42 PM
NoQ created D48608: [CFG] [analyzer] Add construction contexts for C++ objects returned from Objective-C messages..
Tue, Jun 26, 2:17 PM
NoQ accepted D47856: [analyzer] Do not run visitors until the fixpoint, run only once.

Make BugReporter great again. One bug report at a time.

Tue, Jun 26, 11:57 AM
NoQ retitled D47658: [analyzer] Re-enable lifetime extension for temporaries without destructors and bring back static temporaries. from [analyzer] Re-enable lifetime extension for temporaries with destructors and bring back static temporaries. to [analyzer] Re-enable lifetime extension for temporaries without destructors and bring back static temporaries..
Tue, Jun 26, 10:01 AM

Mon, Jun 25

NoQ added inline comments to D47856: [analyzer] Do not run visitors until the fixpoint, run only once.
Mon, Jun 25, 6:26 PM
NoQ added inline comments to D48205: [analyzer] Assert that nonloc::SymbolVal always wraps a non-Loc-type symbol..
Mon, Jun 25, 4:51 PM
NoQ added inline comments to D48205: [analyzer] Assert that nonloc::SymbolVal always wraps a non-Loc-type symbol..
Mon, Jun 25, 4:50 PM
NoQ added a comment to D48513: [analyzer] Correctly create a non-fatal error node for VA list checker..

We noticed this when debugging D47856, because the visitor was saying "va_list ended" right before the report, because the key is indeed removed from the program state just before reporting the issue, so it's not there in the issue state and is there in the state before that.

Mon, Jun 25, 4:00 PM

Sat, Jun 23

NoQ accepted D48521: [analyzer] Highlight container object destruction in MallocChecker.

Only minor nits, as usual :)

Sat, Jun 23, 4:18 PM
NoQ accepted D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker.

Looks good tho!

Sat, Jun 23, 4:11 PM
NoQ added inline comments to D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker.
Sat, Jun 23, 4:07 PM
NoQ added a comment to D48460: [analyzer] Fix invalidation on C++ const methods..

Well, i guess that's just one of those mildly infuriating aspects of the AST and/or the standard :)

Sat, Jun 23, 3:58 PM

Fri, Jun 22

NoQ added a comment to D35110: [Analyzer] Constraint Manager Negates Difference.

Ok, code makes sense to me now!

Fri, Jun 22, 6:32 PM
NoQ added a comment to D47044: [analyzer] Ensure that we only visit a destructor for a reference if type information is available..

Aha, yeah, i see. It only invalidates the current stack frame, and additionally it's impossible to bring the reference into the current stack frame by reference, because, well, it's already a reference and you can't mutate a reference.

Fri, Jun 22, 12:55 PM

Thu, Jun 21

NoQ created D48460: [analyzer] Fix invalidation on C++ const methods..
Thu, Jun 21, 3:15 PM

Mon, Jun 18

NoQ added a comment to D48285: [analyzer][UninitializedObjectChecker] Added "NotesAsWarnings" flag.

Also, great, and can i has tests?^^

Mon, Jun 18, 7:05 PM
NoQ added inline comments to D48285: [analyzer][UninitializedObjectChecker] Added "NotesAsWarnings" flag.
Mon, Jun 18, 6:59 PM

Jun 15 2018

NoQ updated the diff for D48249: [analyzer] Add stubs for argument construction contexts for arguments of C++ constructors and Objective-C messages..

Whoops, that was an old patch.

Jun 15 2018, 4:20 PM
NoQ created D48249: [analyzer] Add stubs for argument construction contexts for arguments of C++ constructors and Objective-C messages..
Jun 15 2018, 4:19 PM
NoQ accepted D45532: [StaticAnalyzer] Checker to find uninitialized fields after a constructor call.

Ok, let's land this one and see how it goes! I'm looking forward to seeing the follow-up patches.

Jun 15 2018, 2:36 PM
NoQ added a comment to D35110: [Analyzer] Constraint Manager Negates Difference.

I still don't think i fully understand your concern. Could you provide an example and point out what exactly goes wrong?

Jun 15 2018, 2:08 PM
NoQ added a comment to D35110: [Analyzer] Constraint Manager Negates Difference.

In the iterator checkers we do not know anything about the rearranged expressions, it has no access to the sum/difference, the whole purpose of your proposal was to put in into the infrastructure.

Jun 15 2018, 2:05 PM
NoQ added a dependent revision for D48205: [analyzer] Assert that nonloc::SymbolVal always wraps a non-Loc-type symbol.: D48232: [analyzer] pr37802: Fix symbolic-pointer-to-boolean casts during load..
Jun 15 2018, 12:42 PM
NoQ added a dependency for D48232: [analyzer] pr37802: Fix symbolic-pointer-to-boolean casts during load.: D48205: [analyzer] Assert that nonloc::SymbolVal always wraps a non-Loc-type symbol..
Jun 15 2018, 12:42 PM
NoQ retitled D48232: [analyzer] pr37802: Fix symbolic-pointer-to-boolean casts during load. from [analyzer] Fix symbolic-pointer-to-boolean casts during load. to [analyzer] pr37802: Fix symbolic-pointer-to-boolean casts during load..
Jun 15 2018, 12:42 PM
NoQ created D48232: [analyzer] pr37802: Fix symbolic-pointer-to-boolean casts during load..
Jun 15 2018, 12:42 PM
NoQ added inline comments to D48204: [analyzer] Make getDerefExpr() skip cleanups..
Jun 15 2018, 12:19 PM

Jun 14 2018

NoQ created D48205: [analyzer] Assert that nonloc::SymbolVal always wraps a non-Loc-type symbol..
Jun 14 2018, 8:10 PM
NoQ added a comment to D48204: [analyzer] Make getDerefExpr() skip cleanups..

This is supposed to suppress a few Inlined-Defensive-Checks-related false positives that accidentally spiked up during my testing of copy elision.

Jun 14 2018, 6:53 PM
NoQ created D48204: [analyzer] Make getDerefExpr() skip cleanups..
Jun 14 2018, 6:52 PM

Jun 13 2018

NoQ added a comment to D47671: [analyzer] Implement copy elision..

P.S. It seems that one of my currently-on-review patches has introduced a performance regression, i'm investigating it.

Jun 13 2018, 5:54 PM
NoQ updated the diff for D47671: [analyzer] Implement copy elision..

I added an option to disable copy elision on CFG side in D47616. The analyzer makes use of it automagically: elided constructors are replaced with temporary constructors in the CFG and the old behavior is restored.

Jun 13 2018, 5:50 PM
NoQ added inline comments to D47616: [CFG] [analyzer] Explain copy elision through construction contexts..
Jun 13 2018, 5:45 PM
NoQ updated the diff for D47667: [CFG] [analyzer] Remove unnecessary CXXBindTemporaryExpr from lifetime-extended temporary construction contexts..

Rebase.

Jun 13 2018, 5:45 PM
NoQ updated the diff for D47616: [CFG] [analyzer] Explain copy elision through construction contexts..

Add a flag to disable copy elision. It's convenient to have such flag in the CFG because this way all clients will be able to transparently handle it. When the option is turned off, elided construction contexts will be replaced with simple temporary object construction contexts which need to be handled anyway. When construction contexts are disabled entirely, the option has no effect.

Jun 13 2018, 5:45 PM
NoQ added inline comments to D47658: [analyzer] Re-enable lifetime extension for temporaries without destructors and bring back static temporaries..
Jun 13 2018, 5:39 PM
NoQ updated the diff for D47658: [analyzer] Re-enable lifetime extension for temporaries without destructors and bring back static temporaries..

Fxd.

Jun 13 2018, 5:39 PM