[PATCH] D12780: [analyzer] Add generateErrorNode() APIs to CheckerContext

Devin Coughlin via cfe-commits cfe-commits at lists.llvm.org
Thu Sep 10 15:47:55 PDT 2015 

dcoughlin created this revision.
dcoughlin added reviewers: zaks.anna, krememek.
dcoughlin added subscribers: jordan_rose, cfe-commits, xazax.hun.

The analyzer trims unnecessary nodes from the exploded graph before reporting path diagnostics. However, in some cases it can trim all nodes (including the error node), leading to an assertion failure (see https://llvm.org/bugs/show_bug.cgi?id=24184).

This patch addresses the issue by adding two new APIs to CheckerContext to explicitly create error nodes.  Unless the client provides a custom tag, these APIs tag the node with the checker's tag -- preventing it from being trimmed. The generateErrorNode() method creates a sink error node, while generateNonFatalErrorNode() creates an error node for a path that should continue being explored.

The intent is that one of these two methods should be used whenever a checker creates an error node.

I've updated the checkers to use these APIs. You'll notice that these APIs (unlike addTransition() and generateSink()) do not take an explicit Pred node. This is because I did not find any error nodes in the checkers that were created with an explicit node that was different than the default (the CheckerContext's Pred node). Do you think this is a reasonable simplification, or should we permit checkers to specify Pred explicitly?

I also added a test case written by Ying Yi as part of http://reviews.llvm.org/D12163 (that patch originally addressed this issue but was reverted because it introduced false positive regressions).

http://reviews.llvm.org/D12780

Files:
  include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h
  lib/StaticAnalyzer/Checkers/ArrayBoundChecker.cpp
  lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
  lib/StaticAnalyzer/Checkers/BasicObjCFoundationChecks.cpp
  lib/StaticAnalyzer/Checkers/BoolAssignmentChecker.cpp
  lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
  lib/StaticAnalyzer/Checkers/CastSizeChecker.cpp
  lib/StaticAnalyzer/Checkers/CastToStructChecker.cpp
  lib/StaticAnalyzer/Checkers/ChrootChecker.cpp
  lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
  lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
  lib/StaticAnalyzer/Checkers/ExprInspectionChecker.cpp
  lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
  lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
  lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
  lib/StaticAnalyzer/Checkers/MacOSXAPIChecker.cpp
  lib/StaticAnalyzer/Checkers/MallocChecker.cpp
  lib/StaticAnalyzer/Checkers/NSAutoreleasePoolChecker.cpp
  lib/StaticAnalyzer/Checkers/NonNullParamChecker.cpp
  lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp
  lib/StaticAnalyzer/Checkers/ObjCAtSyncChecker.cpp
  lib/StaticAnalyzer/Checkers/ObjCContainersChecker.cpp
  lib/StaticAnalyzer/Checkers/ObjCSelfInitChecker.cpp
  lib/StaticAnalyzer/Checkers/PointerArithChecker.cpp
  lib/StaticAnalyzer/Checkers/PointerSubChecker.cpp
  lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
  lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
  lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
  lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp
  lib/StaticAnalyzer/Checkers/SimpleStreamChecker.cpp
  lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
  lib/StaticAnalyzer/Checkers/StreamChecker.cpp
  lib/StaticAnalyzer/Checkers/TaintTesterChecker.cpp
  lib/StaticAnalyzer/Checkers/TestAfterDivZeroChecker.cpp
  lib/StaticAnalyzer/Checkers/UndefBranchChecker.cpp
  lib/StaticAnalyzer/Checkers/UndefCapturedBlockVarChecker.cpp
  lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp
  lib/StaticAnalyzer/Checkers/UndefinedArraySubscriptChecker.cpp
  lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp
  lib/StaticAnalyzer/Checkers/UnixAPIChecker.cpp
  lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
  lib/StaticAnalyzer/Core/BugReporter.cpp
  test/Analysis/PR24184.cpp
  test/Analysis/malloc.c

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D12780.34480.patch
Type: text/x-patch
Size: 45303 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150910/d6f1f986/attachment-0001.bin>

More information about the cfe-commits mailing list