george.karpenkov (George Karpenkov)
User

Projects

User does not belong to any projects.

User Details

User Since
Apr 14 2017, 1:59 PM (65 w, 6 d)

Recent Activity

Today

george.karpenkov added inline comments to D49528: [analyzer] Syntactic matcher for leaks associated with run loop and autoreleasepool.
Thu, Jul 19, 3:36 PM

Yesterday

george.karpenkov created D49528: [analyzer] Syntactic matcher for leaks associated with run loop and autoreleasepool.
Wed, Jul 18, 5:55 PM

Tue, Jul 17

george.karpenkov added a comment to D49236: [analyzer] Moved static Context to class member.

Maybe we should keep the idea of one context on hold and focus on the reusable SAT cores for now?

Tue, Jul 17, 1:50 PM
george.karpenkov updated the diff for D49328: [FileCheck] Provide an option for FileCheck to dump original input to stderr on failure.
Tue, Jul 17, 1:07 PM
george.karpenkov added a comment to D49328: [FileCheck] Provide an option for FileCheck to dump original input to stderr on failure.

@dblaikie Good point!

Tue, Jul 17, 1:06 PM
george.karpenkov updated the diff for D49328: [FileCheck] Provide an option for FileCheck to dump original input to stderr on failure.
Tue, Jul 17, 11:37 AM
george.karpenkov added inline comments to D49328: [FileCheck] Provide an option for FileCheck to dump original input to stderr on failure.
Tue, Jul 17, 11:37 AM
george.karpenkov updated the diff for D49328: [FileCheck] Provide an option for FileCheck to dump original input to stderr on failure.
Tue, Jul 17, 11:37 AM
george.karpenkov added a comment to D15225: [Driver] Sanitizer support based on runtime library presence.

@delcypher Could you take a look?
@kcc Any objections?

Tue, Jul 17, 11:33 AM
george.karpenkov accepted D49213: [analyzer] pr38072: Suppress an assertion failure for eliding the same destructor twice due to the default argument problem..

LGTM with a nit.

Tue, Jul 17, 11:32 AM
george.karpenkov added a comment to D49249: [libFuzzer] Use separate test directory for each config.

@morehouse unit tests for other sanitizers do though.
I'm a bit confused on what exactly is happening here, and why tests pass on other platforms

Tue, Jul 17, 11:31 AM
george.karpenkov requested changes to D49438: [analyzer][UninitializedObjectChecker] New flag to turn off dereferencing.
Tue, Jul 17, 11:30 AM
george.karpenkov accepted D49210: [CFG] [analyzer] NFC: Enumerate construction context layer kinds and re-use their code for ExprEngine keys..
Tue, Jul 17, 11:25 AM
george.karpenkov added a comment to D49232: [analyzer] Memoize complexity of SymExpr.

@NoQ I think the analyzer would hang if we construct an expression with a complexity of 2^32

Tue, Jul 17, 11:21 AM
george.karpenkov added a comment to D49438: [analyzer][UninitializedObjectChecker] New flag to turn off dereferencing.

@Szelethus false positives are a single biggest problem of the analyzer.
By a *huge* margin, most projects would prefer to err on the side of less, more precise, warnings.
Given that currently in my understanding no actual bugs we are sure about were found by the uninitialized object checker,
I think by default we should err on the "less warnings" side.

Tue, Jul 17, 11:20 AM
george.karpenkov requested changes to D49199: [analyzer][UninitializedObjectChecker] Pointer/reference objects are dereferenced according to dynamic type.

Cf. my comments to https://reviews.llvm.org/D49437: is it possible to separate pointer-chasing from the rest of the checker?

Tue, Jul 17, 11:12 AM
george.karpenkov requested changes to D49228: [analyzer][UninitializedObjectChecker] Void pointer objects are casted back to their dynmic type in note message.

Cf. my comments to https://reviews.llvm.org/D49437: while this change looks great, is it possible to separate the pointer chasing from the rest of the checker?

Tue, Jul 17, 11:10 AM
george.karpenkov accepted D49232: [analyzer] Memoize complexity of SymExpr.
Tue, Jul 17, 11:07 AM
george.karpenkov requested changes to D49437: [analyzer][UninitializedObjectChecker] Support for nonloc::LocAsInteger.

I think a checker for uninitialized values left after a constructor call is very valuable.

Tue, Jul 17, 11:06 AM
george.karpenkov requested changes to D49236: [analyzer] Moved static Context to class member.
Tue, Jul 17, 10:59 AM
george.karpenkov added inline comments to D49236: [analyzer] Moved static Context to class member.
Tue, Jul 17, 10:58 AM

Mon, Jul 16

george.karpenkov updated the diff for D15225: [Driver] Sanitizer support based on runtime library presence.

Attempt #2: reduced version of this patch, without ubsan support.

Mon, Jul 16, 4:24 PM
george.karpenkov commandeered D15225: [Driver] Sanitizer support based on runtime library presence.
Mon, Jul 16, 4:22 PM
george.karpenkov committed rC337214: [ASTMatchers] Quickfix for tests..
[ASTMatchers] Quickfix for tests.
Mon, Jul 16, 1:47 PM
george.karpenkov committed rL337214: [ASTMatchers] Quickfix for tests..
[ASTMatchers] Quickfix for tests.
Mon, Jul 16, 1:47 PM
george.karpenkov committed rL337213: [analyzer] Bugfix for an overly eager suppression for null pointer return from….
[analyzer] Bugfix for an overly eager suppression for null pointer return from…
Mon, Jul 16, 1:38 PM
george.karpenkov committed rC337213: [analyzer] Bugfix for an overly eager suppression for null pointer return from….
[analyzer] Bugfix for an overly eager suppression for null pointer return from…
Mon, Jul 16, 1:38 PM
george.karpenkov closed D48856: [analyzer] Fix overly eager suppression of NPE when the value used is returned from a macro.
Mon, Jul 16, 1:38 PM
george.karpenkov committed rL337212: [analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is….
[analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is…
Mon, Jul 16, 1:38 PM
george.karpenkov committed rC337212: [analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is….
[analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is…
Mon, Jul 16, 1:38 PM
george.karpenkov closed D48911: [analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is initialized to zero.
Mon, Jul 16, 1:38 PM
george.karpenkov committed rL337211: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation….
[analyzer] Provide a symmetric method for generating a PathDiagnosticLocation…
Mon, Jul 16, 1:37 PM
george.karpenkov committed rC337211: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation….
[analyzer] Provide a symmetric method for generating a PathDiagnosticLocation…
Mon, Jul 16, 1:37 PM
george.karpenkov closed D49166: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation from Decl.
Mon, Jul 16, 1:37 PM
george.karpenkov committed rL337209: [ASTMatchers] Introduce Objective-C matchers `hasReceiver` and….
[ASTMatchers] Introduce Objective-C matchers `hasReceiver` and…
Mon, Jul 16, 1:27 PM
george.karpenkov committed rC337209: [ASTMatchers] Introduce Objective-C matchers `hasReceiver` and….
[ASTMatchers] Introduce Objective-C matchers `hasReceiver` and…
Mon, Jul 16, 1:27 PM
george.karpenkov closed D49333: [ASTMatchers] Introduce Objective-C matchers `hasReceiver` and `isInstanceMessage` for ObjCMessageExpr.
Mon, Jul 16, 1:27 PM
george.karpenkov added a comment to D49333: [ASTMatchers] Introduce Objective-C matchers `hasReceiver` and `isInstanceMessage` for ObjCMessageExpr.

Addressed comments.

Mon, Jul 16, 12:07 PM
george.karpenkov updated the diff for D49333: [ASTMatchers] Introduce Objective-C matchers `hasReceiver` and `isInstanceMessage` for ObjCMessageExpr.
Mon, Jul 16, 12:07 PM

Fri, Jul 13

george.karpenkov created D49333: [ASTMatchers] Introduce Objective-C matchers `hasReceiver` and `isInstanceMessage` for ObjCMessageExpr.
Fri, Jul 13, 6:08 PM
george.karpenkov created D49328: [FileCheck] Provide an option for FileCheck to dump original input to stderr on failure.
Fri, Jul 13, 4:04 PM
george.karpenkov requested changes to D49233: [analyzer] Create generic SMT Context class.
Fri, Jul 13, 1:29 PM

Thu, Jul 12

george.karpenkov committed rCRT336966: [fuzzer] [tests] Increase the number of iterations for three-bytes.test.
[fuzzer] [tests] Increase the number of iterations for three-bytes.test
Thu, Jul 12, 6:26 PM
george.karpenkov committed rL336966: [fuzzer] [tests] Increase the number of iterations for three-bytes.test.
[fuzzer] [tests] Increase the number of iterations for three-bytes.test
Thu, Jul 12, 6:26 PM
george.karpenkov closed D49277: [fuzzer] [tests] Increase the number of iterations for three-bytes.test.
Thu, Jul 12, 6:26 PM
george.karpenkov created D49277: [fuzzer] [tests] Increase the number of iterations for three-bytes.test.
Thu, Jul 12, 6:24 PM
george.karpenkov requested changes to D49236: [analyzer] Moved static Context to class member.
Thu, Jul 12, 10:41 AM
george.karpenkov requested changes to D49233: [analyzer] Create generic SMT Context class.
Thu, Jul 12, 10:35 AM

Wed, Jul 11

george.karpenkov accepted D49215: [analyzer] Admit that some copy/move constructors have more than one argument..
Wed, Jul 11, 6:48 PM
george.karpenkov added a comment to D49058: [analyzer] Move DanglingInternalBufferChecker out of alpha.

@rnkovacs Do you have evaluation statistics handy for this checker? How many bugs it finds, on which projects? How many of those are real bugs?

Wed, Jul 11, 6:34 PM
george.karpenkov updated the diff for D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.
Wed, Jul 11, 6:20 PM
george.karpenkov added inline comments to D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.
Wed, Jul 11, 6:20 PM
george.karpenkov accepted D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.
Wed, Jul 11, 3:26 PM
george.karpenkov added a comment to D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.

That's an awesome idea!

Wed, Jul 11, 3:05 PM
george.karpenkov resigned from D49177: [CMake] Remove unnecesary list of source files for Xray unit tests..

Looks reasonable, but I think @dberris would have to approve.

Wed, Jul 11, 2:32 PM
george.karpenkov resigned from D49178: [CMake] Fix a typo in the variable used to retrieve source file names for the `RTHwasan_dynamic` target..
Wed, Jul 11, 2:31 PM
george.karpenkov added inline comments to D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.
Wed, Jul 11, 2:30 PM
george.karpenkov added a comment to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.

The imprecision in the built in solver might result in failure to constrain a value to zero while the Z3 might be able to do that.

Wed, Jul 11, 2:20 PM
george.karpenkov accepted D49176: [CMake] Rename `SANITIZER_HEADERS` to `SANITIZER_IMPL_HEADERS` under `lib/sanitizer_common`..
Wed, Jul 11, 12:00 PM
george.karpenkov accepted D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.

LGTM with a nit. We'll watch the bots after this is merged.

Wed, Jul 11, 11:57 AM
george.karpenkov added a comment to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.

What issues could it cause since it is guarded by an option?

Wed, Jul 11, 11:51 AM

Tue, Jul 10

george.karpenkov committed rC336756: [analyzer] Fix bots by changing the analyzer-config tests..
[analyzer] Fix bots by changing the analyzer-config tests.
Tue, Jul 10, 7:06 PM
george.karpenkov committed rL336756: [analyzer] Fix bots by changing the analyzer-config tests..
[analyzer] Fix bots by changing the analyzer-config tests.
Tue, Jul 10, 7:06 PM
george.karpenkov committed rL336755: [analyzer] Partial revert of https://reviews.llvm.org/D49050.
[analyzer] Partial revert of https://reviews.llvm.org/D49050
Tue, Jul 10, 7:03 PM
george.karpenkov committed rC336755: [analyzer] Partial revert of https://reviews.llvm.org/D49050.
[analyzer] Partial revert of https://reviews.llvm.org/D49050
Tue, Jul 10, 7:03 PM
george.karpenkov added a dependency for D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file: D49166: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation from Decl.
Tue, Jul 10, 6:44 PM
george.karpenkov added a dependent revision for D49166: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation from Decl: D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.
Tue, Jul 10, 6:44 PM
george.karpenkov created D49167: [frontend] [analyzer] Provide an option to load a checker from a declarative file.
Tue, Jul 10, 6:44 PM
george.karpenkov created D49166: [analyzer] Provide a symmetric method for generating a PathDiagnosticLocation from Decl.
Tue, Jul 10, 6:34 PM
george.karpenkov committed rL336753: [analyzer] Pass through all arguments from the registerChecker() to the checker….
[analyzer] Pass through all arguments from the registerChecker() to the checker…
Tue, Jul 10, 6:28 PM
george.karpenkov committed rC336753: [analyzer] Pass through all arguments from the registerChecker() to the checker….
[analyzer] Pass through all arguments from the registerChecker() to the checker…
Tue, Jul 10, 6:28 PM
george.karpenkov closed D49050: [analyzer] Pass through all arguments from the registerChecker() to the checker constructor.
Tue, Jul 10, 6:28 PM
george.karpenkov added a comment to D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.

@mikhail.ramalho Could you also state how different values affect the effectivity of refutation?

Tue, Jul 10, 10:57 AM

Mon, Jul 9

george.karpenkov accepted D49093: [analyzer] Add option to set maximum symbol complexity threshold.
Mon, Jul 9, 5:56 PM
george.karpenkov added a comment to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.

The overall point is that writing this kind of code is *extremely* error-prone.
We are actually considering going in a different direction and doing a rollback for the previous rearrangement patches due to some issues.
Could you see whether Z3 visitor would meet your needs?

Mon, Jul 9, 3:39 PM
george.karpenkov requested changes to D49093: [analyzer] Add option to set maximum symbol complexity threshold.

For the first change, let's leave the complexity the same.

Mon, Jul 9, 3:19 PM
george.karpenkov requested changes to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.

Let's discuss alternatives first.

Mon, Jul 9, 10:57 AM
george.karpenkov added a comment to D49074: [Analyzer] [WIP] Basic support for multiplication and division in the constraint manager.

@baloghadamsoftware @dkrupp @xazax.hun Interesting. What do you think about instead using Z3 cross-check functionality recently added, to solve this and all other similar problems instead?

Mon, Jul 9, 10:47 AM

Fri, Jul 6

george.karpenkov created D49050: [analyzer] Pass through all arguments from the registerChecker() to the checker constructor.
Fri, Jul 6, 5:53 PM
george.karpenkov added inline comments to D49005: [AST] [NFC] Introduce an abstract superclass for CallExpr | CXXConstructExpr | ObjCMessageExpr.
Fri, Jul 6, 3:17 PM
george.karpenkov committed rL336468: [ASTMatchers] A matcher for Objective-C @autoreleasepool.
[ASTMatchers] A matcher for Objective-C @autoreleasepool
Fri, Jul 6, 2:41 PM
george.karpenkov committed rC336468: [ASTMatchers] A matcher for Objective-C @autoreleasepool.
[ASTMatchers] A matcher for Objective-C @autoreleasepool
Fri, Jul 6, 2:41 PM
george.karpenkov closed D48910: [ASTMatchers] A matcher for Objective-C @autoreleasepool.
Fri, Jul 6, 2:41 PM
george.karpenkov added a comment to D49005: [AST] [NFC] Introduce an abstract superclass for CallExpr | CXXConstructExpr | ObjCMessageExpr.

@rsmith i hope i'm on the right track here.

Fri, Jul 6, 2:36 PM
george.karpenkov updated the diff for D49005: [AST] [NFC] Introduce an abstract superclass for CallExpr | CXXConstructExpr | ObjCMessageExpr.
Fri, Jul 6, 2:34 PM
george.karpenkov added inline comments to D49005: [AST] [NFC] Introduce an abstract superclass for CallExpr | CXXConstructExpr | ObjCMessageExpr.
Fri, Jul 6, 10:59 AM
george.karpenkov updated subscribers of D48200: [CMake] Run libFuzzer tests with check-all..

Thanks!

Fri, Jul 6, 10:36 AM

Thu, Jul 5

george.karpenkov created D49005: [AST] [NFC] Introduce an abstract superclass for CallExpr | CXXConstructExpr | ObjCMessageExpr.
Thu, Jul 5, 7:32 PM
george.karpenkov updated subscribers of D48200: [CMake] Run libFuzzer tests with check-all..

Do you think you can instead disable three problematic tests on AARCH64 and revert the revert?
That seems like a more local solution.

Thu, Jul 5, 3:48 PM
george.karpenkov updated the diff for D48999: [analyzer] [WIP] Checker for pointers-written-into and then not read from..
Thu, Jul 5, 2:48 PM
george.karpenkov added a dependency for D48999: [analyzer] [WIP] Checker for pointers-written-into and then not read from.: D18860: [analyzer] Fix the "Zombie symbols" issue..
Thu, Jul 5, 2:46 PM
george.karpenkov added a dependent revision for D18860: [analyzer] Fix the "Zombie symbols" issue.: D48999: [analyzer] [WIP] Checker for pointers-written-into and then not read from..
Thu, Jul 5, 2:46 PM
george.karpenkov created D48999: [analyzer] [WIP] Checker for pointers-written-into and then not read from..
Thu, Jul 5, 2:46 PM
george.karpenkov updated the diff for D48910: [ASTMatchers] A matcher for Objective-C @autoreleasepool.
Thu, Jul 5, 2:14 PM
george.karpenkov added a comment to D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.

@mikhail.ramalho please resubmit with -U999

Thu, Jul 5, 10:30 AM

Tue, Jul 3

george.karpenkov created D48911: [analyzer] Fix GCDAntipatternChecker to only fire when the semaphore is initialized to zero.
Tue, Jul 3, 6:47 PM
george.karpenkov updated the diff for D48910: [ASTMatchers] A matcher for Objective-C @autoreleasepool.
Tue, Jul 3, 6:35 PM
george.karpenkov created D48910: [ASTMatchers] A matcher for Objective-C @autoreleasepool.
Tue, Jul 3, 6:32 PM
george.karpenkov closed D48906: [libFuzzer] [NFC] Inline static local variable to avoid linker warning.

Made a copy-paste error. Committed in https://reviews.llvm.org/rL336238.

Tue, Jul 3, 5:54 PM
george.karpenkov reopened D48650: [analyzer] Fix constraint being dropped when analyzing a program without taint tracking enabled.

Oh sorry I've referenced wrong revision in the commit. Re-opening.

Tue, Jul 3, 5:53 PM