[PATCH] D50488: [Analyzer] Checker for non-determinism caused by sorting of pointer-like keys
Mandeep Singh Grang via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 17 13:15:27 PDT 2018
mgrang added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/PointerSortingChecker.cpp:72-76
+ auto IteratesPointerKeysM = hasType(cxxRecordDecl(has(
+ fieldDecl(hasType(hasCanonicalType(
+ pointsTo(hasCanonicalType(pointerType()))
+ )))
+ )));
----------------
Szelethus wrote:
> Szelethus wrote:
> > I'm not a matcher-expert, but here we go:
> >
> > As I understand it, you're matching iterator objects that wrap a pointer to pointer. Would it match this case?:
> >
> > ```
> > void fill(int **IntPointerArray);
> >
> > int main() {
> > int *IntPointerArray[20]; // or a simple int array
> > fill(IntPointerArray);
> >
> > std::sort(IntPointerArray, IntPointerArray + 20);
> > }
> > ```
> > `int**` is an [[ https://en.cppreference.com/w/cpp/named_req/RandomAccessIterator | RandomAccessIterator ]], but is not a `CXXRecordDecl`. As I mentioned earlier, it might be worth taking a look at `hasType`, and attempt to acquire `value_type`, as it is required for STL algorithms (it could be in a base class as well). `value_type` is also predefined through `std::iterator_traits` for pointer iterators like `int**`.
> Also, this could lead to false positives, as iterators may store pointers to pointers that don't compare memory addresses. And it could maybe cause false negatives, if the `value_type` is a pointer type but the elements are stored in wrappers.
>
> As I understand it.
Yes, I will try to fine tune the heuristic in subsequent patches. I have noted the false-positives in the FIXME.
https://reviews.llvm.org/D50488
More information about the cfe-commits
mailing list