<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 5/3/18 8:35 AM, Artem Razin wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACS3OuQ2dnWqOcYAjTAMyWXMKpnfwtjGL7OmzW7s=ZHrMqFDxg@mail.gmail.com">
<div dir="ltr">
<div>Hi Artem,</div>
<div><br>
</div>
<div>It seems I was wrong, the situation is not so simple as I
thought initially.</div>
<div><br>
</div>
<div>First of all, here the checkPreCall() call, it checks a
call against CloseHandle and outputs result along with passed
function information:</div>
<div><br>
</div>
<div>void HandleChecker::checkPreCall(</div>
<div><span style="white-space:pre"> </span>const CallEvent
&Call,</div>
<div><span style="white-space:pre"> </span>CheckerContext
&C) const</div>
<div>{</div>
<div><span style="white-space:pre"> </span>if
(Call.isCalled(_closeHandleFn))</div>
<div><span style="white-space:pre"> </span>fprintf(stderr,
"It's CloseHandle: ");</div>
<div><span style="white-space:pre"> </span>else</div>
<div><span style="white-space:pre"> </span>fprintf(stderr,
"It's NOT CloseHandle: ");</div>
<div><span style="white-space:pre"> </span>Call.dump();</div>
<div>}</div>
<div><br>
</div>
<div>The first sample uses usual CloseHandle call, without
function pointer:</div>
<div>CloseHandle(NULL);</div>
<div><br>
</div>
<div>So it works.</div>
<div><br>
</div>
<div>My original code that didn't work has used template class.
The simplified code:</div>
<div><br>
</div>
<div>typedef BOOL (WINAPI *P_CloseHandle)(HANDLE);</div>
<div><br>
</div>
<div>template <P_CloseHandle pCloseHandle> struct
AutoCloseHandle</div>
<div>{</div>
<div> AutoCloseHandle(HANDLE h) : _h(h) {}</div>
<div> ~AutoCloseHandle() { pCloseHandle(_h); };</div>
<div> HANDLE _h;</div>
<div>};</div>
<div><br>
</div>
<div>int main()</div>
<div>{</div>
<div> AutoCloseHandle<&CloseHandle>
autoCloseHandle(NULL);</div>
<div> return 1;</div>
<div>}</div>
<div><br>
</div>
<div>The output:</div>
<div><br>
</div>
<div>It's NOT CloseHandle: &CloseHandle(this->_h)</div>
<div>It's NOT CloseHandle: 0</div>
<div>It's NOT CloseHandle: Call to
~AutoCloseHandle<&CloseHandle>() noexcept {</div>
<div> &CloseHandle(this->_h);</div>
<div>}</div>
<div>It's NOT CloseHandle: &CloseHandle(this->_h)</div>
<div><br>
</div>
<div>> Could you see if you can get
Call.getOriginExpr()->dump() and/or
Call.getDecl()->dump()? These should be more informative.</div>
<div><br>
</div>
<div>Sure, I've added it. Call.getDecl() is NULL for that call.
Call.getOriginExpr() is the following:</div>
<div><br>
</div>
<div>CallExpr 0x64ecb10 'BOOL':'int'</div>
<div>|-SubstNonTypeTemplateParmExpr 0x64ecac0 'BOOL (*)(HANDLE)
__attribute__((stdcall))'</div>
<div>| `-UnaryOperator 0x64ecaa8 'BOOL (*)(HANDLE)
__attribute__((stdcall))' prefix '&' cannot overflow</div>
<div>| `-DeclRefExpr 0x64eca90 'BOOL (HANDLE)
__attribute__((stdcall))':'BOOL (HANDLE)
__attribute__((stdcall))' lvalue Function </div>
</div>
</blockquote>
<br>
Aha, interesting. At a glance it seems that we know how to evaluate
a function pointer (i.e. ExprEngine::Visit()), but we don't know how
to constant-fold it (i.e. Environment::getSVal() ->
SValBuilder::getConstantVal()). And we don't evaluate anything
within SubstNonTypeTemplateParmExpr (see ExprEngine::Visit() again)
because it's supposed to be constant-foldable.<br>
<br>
Constant-folding should be easy, but it should be followed up with a
cleanup work to remove the evaluation.<br>
<br>
Would you be willing to file a bug against me in bugzilla (or fix
it)?<br>
<br>
<br>
<blockquote type="cite"
cite="mid:CACS3OuQ2dnWqOcYAjTAMyWXMKpnfwtjGL7OmzW7s=ZHrMqFDxg@mail.gmail.com">
<div dir="ltr">
<div>0x57b8890 'CloseHandle' 'BOOL (HANDLE)
__attribute__((stdcall))':'BOOL (HANDLE)
__attribute__((stdcall))'</div>
<div>`-ImplicitCastExpr 0x64ecb30 'HANDLE':'void *'
<LValueToRValue></div>
<div> `-MemberExpr 0x64ecae8 'HANDLE':'void *' lvalue ->_h
0x64dc710</div>
<div> `-CXXThisExpr 0x64ecad8 'struct
AutoCloseHandle<&CloseHandle> *' this</div>
<div><br>
</div>
<div>Call.dump()'s result:</div>
<div><br>
</div>
<div>&CloseHandle(this->_h)</div>
<div><br>
</div>
<div>Thank you!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-05-02 23:32 GMT+03:00 Artem
Dergachev <span dir="ltr"><<a
href="mailto:noqnoqneo@gmail.com" target="_blank"
moz-do-not-send="true">noqnoqneo@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class=""> On
5/2/18 3:58 AM, Artem Razin via cfe-dev wrote:<br>
</span>
<blockquote type="cite">
<div dir="ltr"><span class="">Hi All,
<div><br>
</div>
<div>I hope this is right place to ask such a newbie
question like the following.</div>
<div><br>
</div>
<div>I am trying to write a checker to catch
potential handle leaks (it's on Windows: a handle
is closed by CloseHandle).</div>
<div><br>
</div>
<div>So I took SimpleStreamChecker as a base, now my
checkPreCall() checks if "CloseHandle" is called.
Call.isCalled() works great except one case when
CloseHandle is called by pointer. It happens
because of using a template class that took a
pointer to closing function as template parameter
(useful to close different types of handles by
appropriate functions: FindClose, CloseHandle
etc.).</div>
<div><br>
</div>
</span>
<div>Call.dump() prints
"&CloseHandle(this->m_h)" in this case, so it
understands that this a pointer and that this is a
pointer of CloseHandle.But how to "extract" the the
identifier of CloseHandle?<br>
</div>
</div>
</blockquote>
<br>
I'm not quite understanding that dump, it looks a bit
weird. What is the actual code under analysis? Could you
see if you can get Call.getOriginExpr()->dump() and/or
Call.getDecl()->dump()? These should be more
informative.<br>
<br>
In general the analyzer does indeed understand calls
through function pointers, as long as it can at all be
tracked by looking at the current execution path.<br>
<br>
And when it is tracked, CallEvent::isCalled() should "just
work" because it only looks at Call.getDecl() which should
be the path-specific decl.<br>
<br>
<blockquote type="cite"><span class="">
<div dir="ltr">
<div><br>
</div>
<div>Thank you in advance!</div>
<div>
<div><br>
</div>
-- <br>
<div class="m_1725759654421836021gmail_signature">Best
regards, <br>
Artem A. Razin</div>
</div>
</div>
<br>
<fieldset
class="m_1725759654421836021mimeAttachmentHeader"></fieldset>
</span>
<pre class="m_1725759654421836021moz-quote-pre">______________________________<wbr>_________________
cfe-dev mailing list
<a class="m_1725759654421836021moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org" target="_blank" moz-do-not-send="true">cfe-dev@lists.llvm.org</a>
<a class="m_1725759654421836021moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank" moz-do-not-send="true">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">Best
regards, <br>
Artem A. Razin</div>
</div>
</blockquote>
<br>
</body>
</html>