r321130 - [analyzer] trackNullOrUndefValue: track last store to non-variables.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Tue Dec 19 16:47:17 PST 2017
Author: dergachev
Date: Tue Dec 19 16:47:17 2017
New Revision: 321130
URL: http://llvm.org/viewvc/llvm-project?rev=321130&view=rev
Log:
[analyzer] trackNullOrUndefValue: track last store to non-variables.
When reporting certain kinds of analyzer warnings, we use the
bugreporter::trackNullOrUndefValue mechanism, which is part of public checker
API, to understand where a zero, null-pointer, or garbage value came from,
which would highlight important events with respect to that value in the
diagnostic path notes, and help us suppress various false positives that result
from values appearing from particular sources.
Previously, we've lost track of the value when it was written into a memory
region that is not a plain variable. Now try to resume tracking in this
situation by finding where the last write to this region has occured.
Differential revision: https://reviews.llvm.org/D41253
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c
cfe/trunk/test/Analysis/nullptr.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=321130&r1=321129&r2=321130&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Tue Dec 19 16:47:17 2017
@@ -1142,9 +1142,12 @@ bool bugreporter::trackNullOrUndefValue(
else
RVal = state->getSVal(L->getRegion());
- const MemRegion *RegionRVal = RVal.getAsRegion();
report.addVisitor(llvm::make_unique<UndefOrNullArgVisitor>(L->getRegion()));
+ if (Optional<KnownSVal> KV = RVal.getAs<KnownSVal>())
+ report.addVisitor(llvm::make_unique<FindLastStoreBRVisitor>(
+ *KV, L->getRegion(), EnableNullFPSuppression));
+ const MemRegion *RegionRVal = RVal.getAsRegion();
if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) {
report.markInteresting(RegionRVal);
report.addVisitor(llvm::make_unique<TrackConstraintBRVisitor>(
Modified: cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c?rev=321130&r1=321129&r2=321130&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c (original)
+++ cfe/trunk/test/Analysis/inlining/inline-defensive-checks.c Tue Dec 19 16:47:17 2017
@@ -190,3 +190,21 @@ void idcTrackZeroValueThroughUnaryPointe
idc(s);
*(&(s->a[0])) = 7; // no-warning
}
+
+void idcTrackConstraintThroughSymbolicRegion(int **x) {
+ idc(*x);
+ // FIXME: Should not warn.
+ **x = 7; // expected-warning{{Dereference of null pointer}}
+}
+
+int *idcPlainNull(int coin) {
+ if (coin)
+ return 0;
+ static int X;
+ return &X;
+}
+
+void idcTrackZeroValueThroughSymbolicRegion(int coin, int **x) {
+ *x = idcPlainNull(coin);
+ **x = 7; // no-warning
+}
Modified: cfe/trunk/test/Analysis/nullptr.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nullptr.cpp?rev=321130&r1=321129&r2=321130&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/nullptr.cpp (original)
+++ cfe/trunk/test/Analysis/nullptr.cpp Tue Dec 19 16:47:17 2017
@@ -142,8 +142,9 @@ void shouldNotCrash() {
// expected-note at -1{{Passing null pointer value via 1st parameter 'x'}}
if (getSymbol()) { // expected-note {{Assuming the condition is true}}
// expected-note at -1{{Taking true branch}}
- X *x = Type().x; // expected-note{{'x' initialized to a null pointer value}}
- x->f(); // expected-warning{{Called C++ object pointer is null}}
+ X *xx = Type().x; // expected-note {{Null pointer value stored to field 'x'}}
+ // expected-note at -1{{'xx' initialized to a null pointer value}}
+ xx->f(); // expected-warning{{Called C++ object pointer is null}}
// expected-note at -1{{Called C++ object pointer is null}}
}
}
More information about the cfe-commits
mailing list