head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.8 netbsd-11-0-RC3:1.1.1.8 netbsd-11-0-RC2:1.1.1.8 netbsd-11-0-RC1:1.1.1.8 perseant-exfatfs-base-20250801:1.1.1.8 netbsd-11:1.1.1.8.0.10 netbsd-11-base:1.1.1.8 netbsd-10-1-RELEASE:1.1.1.8 perseant-exfatfs-base-20240630:1.1.1.8 perseant-exfatfs:1.1.1.8.0.8 perseant-exfatfs-base:1.1.1.8 netbsd-8-3-RELEASE:1.1.1.5 netbsd-9-4-RELEASE:1.1.1.7 netbsd-10-0-RELEASE:1.1.1.8 netbsd-10-0-RC6:1.1.1.8 netbsd-10-0-RC5:1.1.1.8 netbsd-10-0-RC4:1.1.1.8 netbsd-10-0-RC3:1.1.1.8 netbsd-10-0-RC2:1.1.1.8 netbsd-10-0-RC1:1.1.1.8 netbsd-10:1.1.1.8.0.6 netbsd-10-base:1.1.1.8 netbsd-9-3-RELEASE:1.1.1.7 cjep_sun2x:1.1.1.8.0.4 cjep_sun2x-base:1.1.1.8 cjep_staticlib_x-base1:1.1.1.8 netbsd-9-2-RELEASE:1.1.1.7 cjep_staticlib_x:1.1.1.8.0.2 cjep_staticlib_x-base:1.1.1.8 netbsd-9-1-RELEASE:1.1.1.7 phil-wifi-20200421:1.1.1.8 phil-wifi-20200411:1.1.1.8 phil-wifi-20200406:1.1.1.8 netbsd-8-2-RELEASE:1.1.1.5 netbsd-9-0-RELEASE:1.1.1.7 netbsd-9-0-RC2:1.1.1.7 netbsd-9-0-RC1:1.1.1.7 netbsd-9:1.1.1.7.0.2 netbsd-9-base:1.1.1.7 phil-wifi-20190609:1.1.1.7 netbsd-8-1-RELEASE:1.1.1.5 netbsd-8-1-RC1:1.1.1.5 pgoyette-compat-merge-20190127:1.1.1.6.2.1 pgoyette-compat-20190127:1.1.1.7 pgoyette-compat-20190118:1.1.1.7 pgoyette-compat-1226:1.1.1.7 pgoyette-compat-1126:1.1.1.7 pgoyette-compat-1020:1.1.1.7 pgoyette-compat-0930:1.1.1.7 pgoyette-compat-0906:1.1.1.7 netbsd-7-2-RELEASE:1.1.1.3 pgoyette-compat-0728:1.1.1.7 clang-337282:1.1.1.7 netbsd-8-0-RELEASE:1.1.1.5 phil-wifi:1.1.1.6.0.4 phil-wifi-base:1.1.1.6 pgoyette-compat-0625:1.1.1.6 netbsd-8-0-RC2:1.1.1.5 pgoyette-compat-0521:1.1.1.6 pgoyette-compat-0502:1.1.1.6 pgoyette-compat-0422:1.1.1.6 netbsd-8-0-RC1:1.1.1.5 pgoyette-compat-0415:1.1.1.6 pgoyette-compat-0407:1.1.1.6 pgoyette-compat-0330:1.1.1.6 pgoyette-compat-0322:1.1.1.6 pgoyette-compat-0315:1.1.1.6 netbsd-7-1-2-RELEASE:1.1.1.3 pgoyette-compat:1.1.1.6.0.2 pgoyette-compat-base:1.1.1.6 netbsd-7-1-1-RELEASE:1.1.1.3 clang-319952:1.1.1.6 matt-nb8-mediatek:1.1.1.5.0.10 matt-nb8-mediatek-base:1.1.1.5 clang-309604:1.1.1.6 perseant-stdc-iso10646:1.1.1.5.0.8 perseant-stdc-iso10646-base:1.1.1.5 netbsd-8:1.1.1.5.0.6 netbsd-8-base:1.1.1.5 prg-localcount2-base3:1.1.1.5 prg-localcount2-base2:1.1.1.5 prg-localcount2-base1:1.1.1.5 prg-localcount2:1.1.1.5.0.4 prg-localcount2-base:1.1.1.5 pgoyette-localcount-20170426:1.1.1.5 bouyer-socketcan-base1:1.1.1.5 pgoyette-localcount-20170320:1.1.1.5 netbsd-7-1:1.1.1.3.0.10 netbsd-7-1-RELEASE:1.1.1.3 netbsd-7-1-RC2:1.1.1.3 clang-294123:1.1.1.5 netbsd-7-nhusb-base-20170116:1.1.1.3 bouyer-socketcan:1.1.1.5.0.2 bouyer-socketcan-base:1.1.1.5 clang-291444:1.1.1.5 pgoyette-localcount-20170107:1.1.1.4 netbsd-7-1-RC1:1.1.1.3 pgoyette-localcount-20161104:1.1.1.4 netbsd-7-0-2-RELEASE:1.1.1.3 localcount-20160914:1.1.1.4 netbsd-7-nhusb:1.1.1.3.0.8 netbsd-7-nhusb-base:1.1.1.3 clang-280599:1.1.1.4 pgoyette-localcount-20160806:1.1.1.4 pgoyette-localcount-20160726:1.1.1.4 pgoyette-localcount:1.1.1.4.0.2 pgoyette-localcount-base:1.1.1.4 netbsd-7-0-1-RELEASE:1.1.1.3 clang-261930:1.1.1.4 netbsd-7-0:1.1.1.3.0.6 netbsd-7-0-RELEASE:1.1.1.3 netbsd-7-0-RC3:1.1.1.3 netbsd-7-0-RC2:1.1.1.3 netbsd-7-0-RC1:1.1.1.3 clang-237755:1.1.1.3 clang-232565:1.1.1.3 clang-227398:1.1.1.3 tls-maxphys-base:1.1.1.3 tls-maxphys:1.1.1.3.0.4 netbsd-7:1.1.1.3.0.2 netbsd-7-base:1.1.1.3 clang-215315:1.1.1.3 clang-209886:1.1.1.3 yamt-pagecache:1.1.1.2.0.4 yamt-pagecache-base9:1.1.1.2 tls-earlyentropy:1.1.1.2.0.2 tls-earlyentropy-base:1.1.1.3 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.2 riastradh-drm2-base3:1.1.1.2 clang-202566:1.1.1.2 clang-201163:1.1.1.1 clang-199312:1.1.1.1 clang-198450:1.1.1.1 clang-196603:1.1.1.1 clang-195771:1.1.1.1 LLVM:1.1.1; locks; strict; comment @// @; 1.1 date 2013.11.28.14.14.52; author joerg; state Exp; branches 1.1.1.1; next ; commitid ow8OybrawrB1f3fx; 1.1.1.1 date 2013.11.28.14.14.52; author joerg; state Exp; branches; next 1.1.1.2; commitid ow8OybrawrB1f3fx; 1.1.1.2 date 2014.03.04.19.54.57; author joerg; state Exp; branches 1.1.1.2.2.1 1.1.1.2.4.1; next 1.1.1.3; commitid 29z1hJonZISIXprx; 1.1.1.3 date 2014.05.30.18.14.44; author joerg; state Exp; branches 1.1.1.3.4.1; next 1.1.1.4; commitid 8q0kdlBlCn09GACx; 1.1.1.4 date 2016.02.27.22.12.06; author joerg; state Exp; branches 1.1.1.4.2.1; next 1.1.1.5; commitid tIimz3oDlh1NpBWy; 1.1.1.5 date 2017.01.11.10.35.38; author joerg; state Exp; branches; next 1.1.1.6; commitid CNnUNfII1jgNmxBz; 1.1.1.6 date 2017.08.01.19.35.16; author joerg; state Exp; branches 1.1.1.6.2.1 1.1.1.6.4.1; next 1.1.1.7; commitid pMuDy65V0VicSx1A; 1.1.1.7 date 2018.07.17.18.31.08; author joerg; state Exp; branches; next 1.1.1.8; commitid wDzL46ALjrCZgwKA; 1.1.1.8 date 2019.11.13.22.19.28; author joerg; state dead; branches; next ; commitid QD8YATxuNG34YJKB; 1.1.1.2.2.1 date 2014.08.10.07.08.10; author tls; state Exp; branches; next ; commitid t01A1TLTYxkpGMLx; 1.1.1.2.4.1 date 2014.03.04.19.54.57; author yamt; state dead; branches; next 1.1.1.2.4.2; commitid WSrDtL5nYAUyiyBx; 1.1.1.2.4.2 date 2014.05.22.16.18.31; author yamt; state Exp; branches; next ; commitid WSrDtL5nYAUyiyBx; 1.1.1.3.4.1 date 2014.05.30.18.14.44; author tls; state dead; branches; next 1.1.1.3.4.2; commitid jTnpym9Qu0o4R1Nx; 1.1.1.3.4.2 date 2014.08.19.23.47.31; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.1.1.4.2.1 date 2017.03.20.06.52.42; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.1.1.6.2.1 date 2018.07.28.04.33.23; author pgoyette; state Exp; branches; next ; commitid 1UP1xAIUxv1ZgRLA; 1.1.1.6.4.1 date 2019.06.10.21.45.28; author christos; state Exp; branches; next 1.1.1.6.4.2; commitid jtc8rnCzWiEEHGqB; 1.1.1.6.4.2 date 2020.04.13.07.46.38; author martin; state dead; branches; next ; commitid X01YhRUPVUDaec4C; desc @@ 1.1 log @Initial revision @ text @//==- ExprInspectionChecker.cpp - Used for regression tests ------*- C++ -*-==// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "llvm/ADT/StringSwitch.h" using namespace clang; using namespace ento; namespace { class ExprInspectionChecker : public Checker< eval::Call > { mutable OwningPtr BT; void analyzerEval(const CallExpr *CE, CheckerContext &C) const; void analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const; void analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const; void analyzerCrash(const CallExpr *CE, CheckerContext &C) const; typedef void (ExprInspectionChecker::*FnCheck)(const CallExpr *, CheckerContext &C) const; public: bool evalCall(const CallExpr *CE, CheckerContext &C) const; }; } bool ExprInspectionChecker::evalCall(const CallExpr *CE, CheckerContext &C) const { // These checks should have no effect on the surrounding environment // (globals should not be invalidated, etc), hence the use of evalCall. FnCheck Handler = llvm::StringSwitch(C.getCalleeName(CE)) .Case("clang_analyzer_eval", &ExprInspectionChecker::analyzerEval) .Case("clang_analyzer_checkInlined", &ExprInspectionChecker::analyzerCheckInlined) .Case("clang_analyzer_crash", &ExprInspectionChecker::analyzerCrash) .Case("clang_analyzer_warnIfReached", &ExprInspectionChecker::analyzerWarnIfReached) .Default(0); if (!Handler) return false; (this->*Handler)(CE, C); return true; } static const char *getArgumentValueString(const CallExpr *CE, CheckerContext &C) { if (CE->getNumArgs() == 0) return "Missing assertion argument"; ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); ProgramStateRef State = N->getState(); const Expr *Assertion = CE->getArg(0); SVal AssertionVal = State->getSVal(Assertion, LC); if (AssertionVal.isUndef()) return "UNDEFINED"; ProgramStateRef StTrue, StFalse; llvm::tie(StTrue, StFalse) = State->assume(AssertionVal.castAs()); if (StTrue) { if (StFalse) return "UNKNOWN"; else return "TRUE"; } else { if (StFalse) return "FALSE"; else llvm_unreachable("Invalid constraint; neither true or false."); } } void ExprInspectionChecker::analyzerEval(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); // A specific instantiation of an inlined function may have more constrained // values than can generally be assumed. Skip the check. if (LC->getCurrentStackFrame()->getParent() != 0) return; if (!BT) BT.reset(new BugType("Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, getArgumentValueString(CE, C), N); C.emitReport(R); } void ExprInspectionChecker::analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); if (!BT) BT.reset(new BugType("Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, "REACHABLE", N); C.emitReport(R); } void ExprInspectionChecker::analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); // An inlined function could conceivably also be analyzed as a top-level // function. We ignore this case and only emit a message (TRUE or FALSE) // when we are analyzing it as an inlined function. This means that // clang_analyzer_checkInlined(true) should always print TRUE, but // clang_analyzer_checkInlined(false) should never actually print anything. if (LC->getCurrentStackFrame()->getParent() == 0) return; if (!BT) BT.reset(new BugType("Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, getArgumentValueString(CE, C), N); C.emitReport(R); } void ExprInspectionChecker::analyzerCrash(const CallExpr *CE, CheckerContext &C) const { LLVM_BUILTIN_TRAP; } void ento::registerExprInspectionChecker(CheckerManager &Mgr) { Mgr.registerChecker(); } @ 1.1.1.1 log @Import Clang 3.4rc1 r195771. @ text @@ 1.1.1.2 log @Import Clang 3.5svn r202566. @ text @d98 1 a98 1 BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); d109 1 a109 1 BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); d129 1 a129 1 BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); @ 1.1.1.2.2.1 log @Rebase. @ text @d21 1 a21 1 mutable std::unique_ptr BT; d46 1 a46 1 .Default(nullptr); d71 1 a71 1 std::tie(StTrue, StFalse) = d94 1 a94 1 if (LC->getCurrentStackFrame()->getParent() != nullptr) d125 1 a125 1 if (LC->getCurrentStackFrame()->getParent() == nullptr) @ 1.1.1.3 log @Import Clang 3.5svn r209886. @ text @d21 1 a21 1 mutable std::unique_ptr BT; d46 1 a46 1 .Default(nullptr); d71 1 a71 1 std::tie(StTrue, StFalse) = d94 1 a94 1 if (LC->getCurrentStackFrame()->getParent() != nullptr) d125 1 a125 1 if (LC->getCurrentStackFrame()->getParent() == nullptr) @ 1.1.1.4 log @Import Clang 3.8.0rc3 r261930. @ text @d20 1 a20 1 class ExprInspectionChecker : public Checker { a26 1 void analyzerWarnOnDeadSymbol(const CallExpr *CE, CheckerContext &C) const; a32 1 void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; a35 2 REGISTER_SET_WITH_PROGRAMSTATE(MarkedSymbols, const void *) d45 1 a45 4 .Case("clang_analyzer_warnIfReached", &ExprInspectionChecker::analyzerWarnIfReached) .Case("clang_analyzer_warnOnDeadSymbol", &ExprInspectionChecker::analyzerWarnOnDeadSymbol) d89 2 a90 1 const LocationContext *LC = C.getPredecessor()->getLocationContext(); d100 2 a101 5 ExplodedNode *N = C.generateNonFatalErrorNode(); if (!N) return; C.emitReport( llvm::make_unique(*BT, getArgumentValueString(CE, C), N)); d106 1 d111 2 a112 4 ExplodedNode *N = C.generateNonFatalErrorNode(); if (!N) return; C.emitReport(llvm::make_unique(*BT, "REACHABLE", N)); d117 2 a118 1 const LocationContext *LC = C.getPredecessor()->getLocationContext(); d131 2 a132 40 ExplodedNode *N = C.generateNonFatalErrorNode(); if (!N) return; C.emitReport( llvm::make_unique(*BT, getArgumentValueString(CE, C), N)); } void ExprInspectionChecker::analyzerWarnOnDeadSymbol(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) return; SVal Val = C.getSVal(CE->getArg(0)); SymbolRef Sym = Val.getAsSymbol(); if (!Sym) return; ProgramStateRef State = C.getState(); State = State->add(Sym); C.addTransition(State); } void ExprInspectionChecker::checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const { ProgramStateRef State = C.getState(); const MarkedSymbolsTy &Syms = State->get(); for (auto I = Syms.begin(), E = Syms.end(); I != E; ++I) { SymbolRef Sym = static_cast(*I); if (!SymReaper.isDead(Sym)) continue; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); ExplodedNode *N = C.generateNonFatalErrorNode(); if (!N) return; C.emitReport(llvm::make_unique(*BT, "SYMBOL DEAD", N)); C.addTransition(State->remove(Sym), N); } @ 1.1.1.4.2.1 log @Sync with HEAD @ text @a13 1 #include "clang/StaticAnalyzer/Checkers/SValExplainer.h" d20 1 a20 2 class ExprInspectionChecker : public Checker { a22 8 // These stats are per-analysis, not per-branch, hence they shouldn't // stay inside the program state. struct ReachedStat { ExplodedNode *ExampleNode; unsigned NumTimesReached; }; mutable llvm::DenseMap ReachedStats; a25 1 void analyzerNumTimesReached(const CallExpr *CE, CheckerContext &C) const; a27 4 void analyzerDump(const CallExpr *CE, CheckerContext &C) const; void analyzerExplain(const CallExpr *CE, CheckerContext &C) const; void analyzerPrintState(const CallExpr *CE, CheckerContext &C) const; void analyzerGetExtent(const CallExpr *CE, CheckerContext &C) const; a31 4 ExplodedNode *reportBug(llvm::StringRef Msg, CheckerContext &C) const; ExplodedNode *reportBug(llvm::StringRef Msg, BugReporter &BR, ExplodedNode *N) const; a34 2 void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR, ExprEngine &Eng) const; d38 1 a38 1 REGISTER_SET_WITH_PROGRAMSTATE(MarkedSymbols, SymbolRef) a52 7 .Case("clang_analyzer_explain", &ExprInspectionChecker::analyzerExplain) .Case("clang_analyzer_dump", &ExprInspectionChecker::analyzerDump) .Case("clang_analyzer_getExtent", &ExprInspectionChecker::analyzerGetExtent) .Case("clang_analyzer_printState", &ExprInspectionChecker::analyzerPrintState) .Case("clang_analyzer_numTimesReached", &ExprInspectionChecker::analyzerNumTimesReached) a93 20 ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg, CheckerContext &C) const { ExplodedNode *N = C.generateNonFatalErrorNode(); reportBug(Msg, C.getBugReporter(), N); return N; } ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg, BugReporter &BR, ExplodedNode *N) const { if (!N) return nullptr; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BR.emitReport(llvm::make_unique(*BT, Msg, N)); return N; } d103 8 a110 1 reportBug(getArgumentValueString(CE, C), C); a114 2 reportBug("REACHABLE", C); } d116 7 a122 7 void ExprInspectionChecker::analyzerNumTimesReached(const CallExpr *CE, CheckerContext &C) const { ++ReachedStats[CE].NumTimesReached; if (!ReachedStats[CE].ExampleNode) { // Later, in checkEndAnalysis, we'd throw a report against it. ReachedStats[CE].ExampleNode = C.generateNonFatalErrorNode(); } d137 2 a138 2 reportBug(getArgumentValueString(CE, C), C); } d140 2 a141 16 void ExprInspectionChecker::analyzerExplain(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) { reportBug("Missing argument for explaining", C); return; } SVal V = C.getSVal(CE->getArg(0)); SValExplainer Ex(C.getASTContext()); reportBug(Ex.Visit(V), C); } void ExprInspectionChecker::analyzerDump(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) { reportBug("Missing argument for dumping", C); d143 2 a144 32 } SVal V = C.getSVal(CE->getArg(0)); llvm::SmallString<32> Str; llvm::raw_svector_ostream OS(Str); V.dumpToStream(OS); reportBug(OS.str(), C); } void ExprInspectionChecker::analyzerGetExtent(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) { reportBug("Missing region for obtaining extent", C); return; } auto MR = dyn_cast_or_null(C.getSVal(CE->getArg(0)).getAsRegion()); if (!MR) { reportBug("Obtaining extent of a non-region", C); return; } ProgramStateRef State = C.getState(); State = State->BindExpr(CE, C.getLocationContext(), MR->getExtent(C.getSValBuilder())); C.addTransition(State); } void ExprInspectionChecker::analyzerPrintState(const CallExpr *CE, CheckerContext &C) const { C.getState()->dump(); a164 1 ExplodedNode *N = C.getPredecessor(); d166 1 a166 1 SymbolRef Sym = *I; d170 2 a171 7 // The non-fatal error node should be the same for all reports. if (ExplodedNode *BugNode = reportBug("SYMBOL DEAD", C)) N = BugNode; State = State->remove(Sym); } C.addTransition(State, N); } d173 3 a175 5 void ExprInspectionChecker::checkEndAnalysis(ExplodedGraph &G, BugReporter &BR, ExprEngine &Eng) const { for (auto Item: ReachedStats) { unsigned NumTimesReached = Item.second.NumTimesReached; ExplodedNode *N = Item.second.ExampleNode; d177 2 a178 1 reportBug(std::to_string(NumTimesReached), BR, N); @ 1.1.1.5 log @Import Clang pre-4.0.0 r291444. @ text @a13 1 #include "clang/StaticAnalyzer/Checkers/SValExplainer.h" d20 1 a20 2 class ExprInspectionChecker : public Checker { a22 8 // These stats are per-analysis, not per-branch, hence they shouldn't // stay inside the program state. struct ReachedStat { ExplodedNode *ExampleNode; unsigned NumTimesReached; }; mutable llvm::DenseMap ReachedStats; a25 1 void analyzerNumTimesReached(const CallExpr *CE, CheckerContext &C) const; a27 4 void analyzerDump(const CallExpr *CE, CheckerContext &C) const; void analyzerExplain(const CallExpr *CE, CheckerContext &C) const; void analyzerPrintState(const CallExpr *CE, CheckerContext &C) const; void analyzerGetExtent(const CallExpr *CE, CheckerContext &C) const; a31 4 ExplodedNode *reportBug(llvm::StringRef Msg, CheckerContext &C) const; ExplodedNode *reportBug(llvm::StringRef Msg, BugReporter &BR, ExplodedNode *N) const; a34 2 void checkEndAnalysis(ExplodedGraph &G, BugReporter &BR, ExprEngine &Eng) const; d38 1 a38 1 REGISTER_SET_WITH_PROGRAMSTATE(MarkedSymbols, SymbolRef) a52 7 .Case("clang_analyzer_explain", &ExprInspectionChecker::analyzerExplain) .Case("clang_analyzer_dump", &ExprInspectionChecker::analyzerDump) .Case("clang_analyzer_getExtent", &ExprInspectionChecker::analyzerGetExtent) .Case("clang_analyzer_printState", &ExprInspectionChecker::analyzerPrintState) .Case("clang_analyzer_numTimesReached", &ExprInspectionChecker::analyzerNumTimesReached) a93 20 ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg, CheckerContext &C) const { ExplodedNode *N = C.generateNonFatalErrorNode(); reportBug(Msg, C.getBugReporter(), N); return N; } ExplodedNode *ExprInspectionChecker::reportBug(llvm::StringRef Msg, BugReporter &BR, ExplodedNode *N) const { if (!N) return nullptr; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BR.emitReport(llvm::make_unique(*BT, Msg, N)); return N; } d103 8 a110 1 reportBug(getArgumentValueString(CE, C), C); a114 2 reportBug("REACHABLE", C); } d116 7 a122 7 void ExprInspectionChecker::analyzerNumTimesReached(const CallExpr *CE, CheckerContext &C) const { ++ReachedStats[CE].NumTimesReached; if (!ReachedStats[CE].ExampleNode) { // Later, in checkEndAnalysis, we'd throw a report against it. ReachedStats[CE].ExampleNode = C.generateNonFatalErrorNode(); } d137 2 a138 2 reportBug(getArgumentValueString(CE, C), C); } d140 2 a141 16 void ExprInspectionChecker::analyzerExplain(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) { reportBug("Missing argument for explaining", C); return; } SVal V = C.getSVal(CE->getArg(0)); SValExplainer Ex(C.getASTContext()); reportBug(Ex.Visit(V), C); } void ExprInspectionChecker::analyzerDump(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) { reportBug("Missing argument for dumping", C); d143 2 a144 32 } SVal V = C.getSVal(CE->getArg(0)); llvm::SmallString<32> Str; llvm::raw_svector_ostream OS(Str); V.dumpToStream(OS); reportBug(OS.str(), C); } void ExprInspectionChecker::analyzerGetExtent(const CallExpr *CE, CheckerContext &C) const { if (CE->getNumArgs() == 0) { reportBug("Missing region for obtaining extent", C); return; } auto MR = dyn_cast_or_null(C.getSVal(CE->getArg(0)).getAsRegion()); if (!MR) { reportBug("Obtaining extent of a non-region", C); return; } ProgramStateRef State = C.getState(); State = State->BindExpr(CE, C.getLocationContext(), MR->getExtent(C.getSValBuilder())); C.addTransition(State); } void ExprInspectionChecker::analyzerPrintState(const CallExpr *CE, CheckerContext &C) const { C.getState()->dump(); a164 1 ExplodedNode *N = C.getPredecessor(); d166 1 a166 1 SymbolRef Sym = *I; d170 2 a171 7 // The non-fatal error node should be the same for all reports. if (ExplodedNode *BugNode = reportBug("SYMBOL DEAD", C)) N = BugNode; State = State->remove(Sym); } C.addTransition(State, N); } d173 3 a175 5 void ExprInspectionChecker::checkEndAnalysis(ExplodedGraph &G, BugReporter &BR, ExprEngine &Eng) const { for (auto Item: ReachedStats) { unsigned NumTimesReached = Item.second.NumTimesReached; ExplodedNode *N = Item.second.ExampleNode; d177 2 a178 1 reportBug(std::to_string(NumTimesReached), BR, N); @ 1.1.1.6 log @Import clang r309604 from branches/release_50 @ text @a15 1 #include "llvm/Support/ScopedPrinter.h" d74 2 a75 2 .StartsWith("clang_analyzer_explain", &ExprInspectionChecker::analyzerExplain) .StartsWith("clang_analyzer_dump", &ExprInspectionChecker::analyzerDump) d272 1 a272 1 reportBug(llvm::to_string(NumTimesReached), BR, N); @ 1.1.1.6.4.1 log @Sync with HEAD @ text @a10 1 #include "clang/StaticAnalyzer/Checkers/SValExplainer.h" a12 1 #include "clang/StaticAnalyzer/Core/IssueHash.h" d14 1 a43 1 void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const; a81 1 .Case("clang_analyzer_hashDump", &ExprInspectionChecker::analyzerHashDump) d149 1 a149 1 if (LC->getStackFrame()->getParent() != nullptr) d178 1 a178 1 if (LC->getStackFrame()->getParent() == nullptr) a274 1 ReachedStats.clear(); a281 12 void ExprInspectionChecker::analyzerHashDump(const CallExpr *CE, CheckerContext &C) const { const LangOptions &Opts = C.getLangOpts(); const SourceManager &SM = C.getSourceManager(); FullSourceLoc FL(CE->getArg(0)->getLocStart(), SM); std::string HashContent = GetIssueString(SM, FL, getCheckName().getName(), "Category", C.getLocationContext()->getDecl(), Opts); reportBug(HashContent, C); } d285 1 @ 1.1.1.6.4.2 log @Mostly merge changes from HEAD upto 20200411 @ text @@ 1.1.1.6.2.1 log @Sync with HEAD @ text @a10 1 #include "clang/StaticAnalyzer/Checkers/SValExplainer.h" a12 1 #include "clang/StaticAnalyzer/Core/IssueHash.h" d14 1 a43 1 void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const; a81 1 .Case("clang_analyzer_hashDump", &ExprInspectionChecker::analyzerHashDump) d149 1 a149 1 if (LC->getStackFrame()->getParent() != nullptr) d178 1 a178 1 if (LC->getStackFrame()->getParent() == nullptr) a274 1 ReachedStats.clear(); a281 12 void ExprInspectionChecker::analyzerHashDump(const CallExpr *CE, CheckerContext &C) const { const LangOptions &Opts = C.getLangOpts(); const SourceManager &SM = C.getSourceManager(); FullSourceLoc FL(CE->getArg(0)->getLocStart(), SM); std::string HashContent = GetIssueString(SM, FL, getCheckName().getName(), "Category", C.getLocationContext()->getDecl(), Opts); reportBug(HashContent, C); } d285 1 @ 1.1.1.7 log @Import clang r337282 from trunk @ text @a10 1 #include "clang/StaticAnalyzer/Checkers/SValExplainer.h" a12 1 #include "clang/StaticAnalyzer/Core/IssueHash.h" d14 1 a43 1 void analyzerHashDump(const CallExpr *CE, CheckerContext &C) const; a81 1 .Case("clang_analyzer_hashDump", &ExprInspectionChecker::analyzerHashDump) d149 1 a149 1 if (LC->getStackFrame()->getParent() != nullptr) d178 1 a178 1 if (LC->getStackFrame()->getParent() == nullptr) a274 1 ReachedStats.clear(); a281 12 void ExprInspectionChecker::analyzerHashDump(const CallExpr *CE, CheckerContext &C) const { const LangOptions &Opts = C.getLangOpts(); const SourceManager &SM = C.getSourceManager(); FullSourceLoc FL(CE->getArg(0)->getLocStart(), SM); std::string HashContent = GetIssueString(SM, FL, getCheckName().getName(), "Category", C.getLocationContext()->getDecl(), Opts); reportBug(HashContent, C); } d285 1 @ 1.1.1.8 log @Mark old LLVM instance as dead. @ text @@ 1.1.1.3.4.1 log @file ExprInspectionChecker.cpp was added on branch tls-maxphys on 2014-08-19 23:47:31 +0000 @ text @d1 143 @ 1.1.1.3.4.2 log @Rebase to HEAD as of a few days ago. @ text @a0 143 //==- ExprInspectionChecker.cpp - Used for regression tests ------*- C++ -*-==// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "llvm/ADT/StringSwitch.h" using namespace clang; using namespace ento; namespace { class ExprInspectionChecker : public Checker< eval::Call > { mutable std::unique_ptr BT; void analyzerEval(const CallExpr *CE, CheckerContext &C) const; void analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const; void analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const; void analyzerCrash(const CallExpr *CE, CheckerContext &C) const; typedef void (ExprInspectionChecker::*FnCheck)(const CallExpr *, CheckerContext &C) const; public: bool evalCall(const CallExpr *CE, CheckerContext &C) const; }; } bool ExprInspectionChecker::evalCall(const CallExpr *CE, CheckerContext &C) const { // These checks should have no effect on the surrounding environment // (globals should not be invalidated, etc), hence the use of evalCall. FnCheck Handler = llvm::StringSwitch(C.getCalleeName(CE)) .Case("clang_analyzer_eval", &ExprInspectionChecker::analyzerEval) .Case("clang_analyzer_checkInlined", &ExprInspectionChecker::analyzerCheckInlined) .Case("clang_analyzer_crash", &ExprInspectionChecker::analyzerCrash) .Case("clang_analyzer_warnIfReached", &ExprInspectionChecker::analyzerWarnIfReached) .Default(nullptr); if (!Handler) return false; (this->*Handler)(CE, C); return true; } static const char *getArgumentValueString(const CallExpr *CE, CheckerContext &C) { if (CE->getNumArgs() == 0) return "Missing assertion argument"; ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); ProgramStateRef State = N->getState(); const Expr *Assertion = CE->getArg(0); SVal AssertionVal = State->getSVal(Assertion, LC); if (AssertionVal.isUndef()) return "UNDEFINED"; ProgramStateRef StTrue, StFalse; std::tie(StTrue, StFalse) = State->assume(AssertionVal.castAs()); if (StTrue) { if (StFalse) return "UNKNOWN"; else return "TRUE"; } else { if (StFalse) return "FALSE"; else llvm_unreachable("Invalid constraint; neither true or false."); } } void ExprInspectionChecker::analyzerEval(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); // A specific instantiation of an inlined function may have more constrained // values than can generally be assumed. Skip the check. if (LC->getCurrentStackFrame()->getParent() != nullptr) return; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, getArgumentValueString(CE, C), N); C.emitReport(R); } void ExprInspectionChecker::analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, "REACHABLE", N); C.emitReport(R); } void ExprInspectionChecker::analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); // An inlined function could conceivably also be analyzed as a top-level // function. We ignore this case and only emit a message (TRUE or FALSE) // when we are analyzing it as an inlined function. This means that // clang_analyzer_checkInlined(true) should always print TRUE, but // clang_analyzer_checkInlined(false) should never actually print anything. if (LC->getCurrentStackFrame()->getParent() == nullptr) return; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, getArgumentValueString(CE, C), N); C.emitReport(R); } void ExprInspectionChecker::analyzerCrash(const CallExpr *CE, CheckerContext &C) const { LLVM_BUILTIN_TRAP; } void ento::registerExprInspectionChecker(CheckerManager &Mgr) { Mgr.registerChecker(); } @ 1.1.1.2.4.1 log @file ExprInspectionChecker.cpp was added on branch yamt-pagecache on 2014-05-22 16:18:31 +0000 @ text @d1 143 @ 1.1.1.2.4.2 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @a0 143 //==- ExprInspectionChecker.cpp - Used for regression tests ------*- C++ -*-==// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "llvm/ADT/StringSwitch.h" using namespace clang; using namespace ento; namespace { class ExprInspectionChecker : public Checker< eval::Call > { mutable OwningPtr BT; void analyzerEval(const CallExpr *CE, CheckerContext &C) const; void analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const; void analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const; void analyzerCrash(const CallExpr *CE, CheckerContext &C) const; typedef void (ExprInspectionChecker::*FnCheck)(const CallExpr *, CheckerContext &C) const; public: bool evalCall(const CallExpr *CE, CheckerContext &C) const; }; } bool ExprInspectionChecker::evalCall(const CallExpr *CE, CheckerContext &C) const { // These checks should have no effect on the surrounding environment // (globals should not be invalidated, etc), hence the use of evalCall. FnCheck Handler = llvm::StringSwitch(C.getCalleeName(CE)) .Case("clang_analyzer_eval", &ExprInspectionChecker::analyzerEval) .Case("clang_analyzer_checkInlined", &ExprInspectionChecker::analyzerCheckInlined) .Case("clang_analyzer_crash", &ExprInspectionChecker::analyzerCrash) .Case("clang_analyzer_warnIfReached", &ExprInspectionChecker::analyzerWarnIfReached) .Default(0); if (!Handler) return false; (this->*Handler)(CE, C); return true; } static const char *getArgumentValueString(const CallExpr *CE, CheckerContext &C) { if (CE->getNumArgs() == 0) return "Missing assertion argument"; ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); ProgramStateRef State = N->getState(); const Expr *Assertion = CE->getArg(0); SVal AssertionVal = State->getSVal(Assertion, LC); if (AssertionVal.isUndef()) return "UNDEFINED"; ProgramStateRef StTrue, StFalse; llvm::tie(StTrue, StFalse) = State->assume(AssertionVal.castAs()); if (StTrue) { if (StFalse) return "UNKNOWN"; else return "TRUE"; } else { if (StFalse) return "FALSE"; else llvm_unreachable("Invalid constraint; neither true or false."); } } void ExprInspectionChecker::analyzerEval(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); // A specific instantiation of an inlined function may have more constrained // values than can generally be assumed. Skip the check. if (LC->getCurrentStackFrame()->getParent() != 0) return; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, getArgumentValueString(CE, C), N); C.emitReport(R); } void ExprInspectionChecker::analyzerWarnIfReached(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, "REACHABLE", N); C.emitReport(R); } void ExprInspectionChecker::analyzerCheckInlined(const CallExpr *CE, CheckerContext &C) const { ExplodedNode *N = C.getPredecessor(); const LocationContext *LC = N->getLocationContext(); // An inlined function could conceivably also be analyzed as a top-level // function. We ignore this case and only emit a message (TRUE or FALSE) // when we are analyzing it as an inlined function. This means that // clang_analyzer_checkInlined(true) should always print TRUE, but // clang_analyzer_checkInlined(false) should never actually print anything. if (LC->getCurrentStackFrame()->getParent() == 0) return; if (!BT) BT.reset(new BugType(this, "Checking analyzer assumptions", "debug")); BugReport *R = new BugReport(*BT, getArgumentValueString(CE, C), N); C.emitReport(R); } void ExprInspectionChecker::analyzerCrash(const CallExpr *CE, CheckerContext &C) const { LLVM_BUILTIN_TRAP; } void ento::registerExprInspectionChecker(CheckerManager &Mgr) { Mgr.registerChecker(); } @