[PATCH] D62883: [analyzer] Track conditions of terminator statements on which the reported node depends on

Kristóf Umann via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Jun 4 15:53:17 PDT 2019 

Szelethus created this revision.
Szelethus added reviewers: NoQ, dcoughlin, a.sidorin, baloghadamsoftware, xazax.hun, Charusso, rnkovacs.
Szelethus added a project: clang.
Herald added subscribers: cfe-commits, gamesh411, dkrupp, donat.nagy, mikhail.ramalho, szepet, whisperity.
Szelethus added a parent revision: D62619: [analyzer][Dominators] Add a control dependency tree builder + a new debug checker.

This patch implements the idea discussed on the mailing list <http://lists.llvm.org/pipermail/cfe-dev/2019-May/062427.html>, in fact, the included testfile contains the functions `example_1` and `example_2` exactly how it's described there.

The idea is to, as the title says, to track the value of the condition of the terminator statement on which the reported node depends on:

  01 int flag;
  02 bool coin();
  03 
  04 void foo() {
  05   flag = coin(); // no note
  06 }
  07 
  08 int main() {
  09   int *x = 0; // x initialized to 0
  10   flag = 1;
  11   foo();
  12   if (flag) // assumed false
  13     x = new int;
  14   foo();
  15 
  16   if (flag) // assumed true
  17     *x = 5; // warn
  18 }

We emit a warning at statement 17. The new BugReporter visitor figures out that statement 16 is in fact a control dependency if the reported node, and uses `trackExpressionValue()` to track it's condition, in this case, `flag`, resulting in new notes being placed at for the call to `foo()` on line 14 and a note about `flag` being invalidated on line 5.

Now, whether this change is any good is practically impossible to tell without evaluation on production code, so I'll get back with that once I gather some data.


Repository:
  rC Clang

https://reviews.llvm.org/D62883

Files:
  clang/include/clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h
  clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
  clang/test/Analysis/Inputs/expected-plists/cxx-for-range.cpp.plist
  clang/test/Analysis/Inputs/expected-plists/edges-new.mm.plist
  clang/test/Analysis/Inputs/expected-plists/retain-release.m.objc.plist
  clang/test/Analysis/Inputs/expected-plists/retain-release.m.objcpp.plist
  clang/test/Analysis/Inputs/expected-plists/unix-fns.c.plist
  clang/test/Analysis/diagnostics/Inputs/expected-plists/undef-value-param.m.plist
  clang/test/Analysis/diagnostics/no-store-func-path-notes.m
  clang/test/Analysis/diagnostics/undef-value-param.m
  clang/test/Analysis/track-control-dependency-conditions.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D62883.203040.patch
Type: text/x-patch
Size: 31125 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190604/b1a3dd88/attachment-0001.bin>

More information about the cfe-commits mailing list