<div dir="ltr">Sure, I will file new bug. Just sent a request to <a href="mailto:bugs-admin@lists.llvm.org">bugs-admin@lists.llvm.org</a> to get an access there.<div><br></div><div>I would be happy to fix it myself, but I really just started working with clang analyzer. Any doc to quick start? Or the code itself is the best documentation? :)</div><div><br></div><div>Thank you!</div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-05-04 23:10 GMT+03:00 Artem Dergachev <span dir="ltr"><<a href="mailto:noqnoqneo@gmail.com" target="_blank">noqnoqneo@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div><div class="h5">
<br>
<br>
<div class="m_7630571944481507071moz-cite-prefix">On 5/3/18 8:35 AM, Artem Razin wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Artem,</div>
<div><br>
</div>
<div>It seems I was wrong, the situation is not so simple as I
thought initially.</div>
<div><br>
</div>
<div>First of all, here the checkPreCall() call, it checks a
call against CloseHandle and outputs result along with passed
function information:</div>
<div><br>
</div>
<div>void HandleChecker::checkPreCall(</div>
<div><span style="white-space:pre-wrap"> </span>const CallEvent
&Call,</div>
<div><span style="white-space:pre-wrap"> </span>CheckerContext
&C) const</div>
<div>{</div>
<div><span style="white-space:pre-wrap"> </span>if
(Call.isCalled(_closeHandleFn)<wbr>)</div>
<div><span style="white-space:pre-wrap"> </span>fprintf(stderr,
"It's CloseHandle: ");</div>
<div><span style="white-space:pre-wrap"> </span>else</div>
<div><span style="white-space:pre-wrap"> </span>fprintf(stderr,
"It's NOT CloseHandle: ");</div>
<div><span style="white-space:pre-wrap"> </span>Call.dump();</div>
<div>}</div>
<div><br>
</div>
<div>The first sample uses usual CloseHandle call, without
function pointer:</div>
<div>CloseHandle(NULL);</div>
<div><br>
</div>
<div>So it works.</div>
<div><br>
</div>
<div>My original code that didn't work has used template class.
The simplified code:</div>
<div><br>
</div>
<div>typedef BOOL (WINAPI *P_CloseHandle)(HANDLE);</div>
<div><br>
</div>
<div>template <P_CloseHandle pCloseHandle> struct
AutoCloseHandle</div>
<div>{</div>
<div> AutoCloseHandle(HANDLE h) : _h(h) {}</div>
<div> ~AutoCloseHandle() { pCloseHandle(_h); };</div>
<div> HANDLE _h;</div>
<div>};</div>
<div><br>
</div>
<div>int main()</div>
<div>{</div>
<div> AutoCloseHandle<&CloseHandle>
autoCloseHandle(NULL);</div>
<div> return 1;</div>
<div>}</div>
<div><br>
</div>
<div>The output:</div>
<div><br>
</div>
<div>It's NOT CloseHandle: &CloseHandle(this->_h)</div>
<div>It's NOT CloseHandle: 0</div>
<div>It's NOT CloseHandle: Call to
~AutoCloseHandle<&CloseHandle><wbr>() noexcept {</div>
<div> &CloseHandle(this->_h);</div>
<div>}</div>
<div>It's NOT CloseHandle: &CloseHandle(this->_h)</div>
<div><br>
</div>
<div>> Could you see if you can get
Call.getOriginExpr()->dump() and/or
Call.getDecl()->dump()? These should be more informative.</div>
<div><br>
</div>
<div>Sure, I've added it. Call.getDecl() is NULL for that call.
Call.getOriginExpr() is the following:</div>
<div><br>
</div>
<div>CallExpr 0x64ecb10 'BOOL':'int'</div>
<div>|-SubstNonTypeTemplateParmExpr 0x64ecac0 'BOOL (*)(HANDLE)
__attribute__((stdcall))'</div>
<div>| `-UnaryOperator 0x64ecaa8 'BOOL (*)(HANDLE)
__attribute__((stdcall))' prefix '&' cannot overflow</div>
<div>| `-DeclRefExpr 0x64eca90 'BOOL (HANDLE)
__attribute__((stdcall))':'<wbr>BOOL (HANDLE)
__attribute__((stdcall))' lvalue Function </div>
</div>
</blockquote>
<br></div></div>
Aha, interesting. At a glance it seems that we know how to evaluate
a function pointer (i.e. ExprEngine::Visit()), but we don't know how
to constant-fold it (i.e. Environment::getSVal() ->
SValBuilder::getConstantVal())<wbr>. And we don't evaluate anything
within SubstNonTypeTemplateParmExpr (see ExprEngine::Visit() again)
because it's supposed to be constant-foldable.<br>
<br>
Constant-folding should be easy, but it should be followed up with a
cleanup work to remove the evaluation.<br>
<br>
Would you be willing to file a bug against me in bugzilla (or fix
it)?<div><div class="h5"><br>
<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>0x57b8890 'CloseHandle' 'BOOL (HANDLE)
__attribute__((stdcall))':'<wbr>BOOL (HANDLE)
__attribute__((stdcall))'</div>
<div>`-ImplicitCastExpr 0x64ecb30 'HANDLE':'void *'
<LValueToRValue></div>
<div> `-MemberExpr 0x64ecae8 'HANDLE':'void *' lvalue ->_h
0x64dc710</div>
<div> `-CXXThisExpr 0x64ecad8 'struct
AutoCloseHandle<&CloseHandle> *' this</div>
<div><br>
</div>
<div>Call.dump()'s result:</div>
<div><br>
</div>
<div>&CloseHandle(this->_h)</div>
<div><br>
</div>
<div>Thank you!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-05-02 23:32 GMT+03:00 Artem
Dergachev <span dir="ltr"><<a href="mailto:noqnoqneo@gmail.com" target="_blank">noqnoqneo@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span> On
5/2/18 3:58 AM, Artem Razin via cfe-dev wrote:<br>
</span>
<blockquote type="cite">
<div dir="ltr"><span>Hi All,
<div><br>
</div>
<div>I hope this is right place to ask such a newbie
question like the following.</div>
<div><br>
</div>
<div>I am trying to write a checker to catch
potential handle leaks (it's on Windows: a handle
is closed by CloseHandle).</div>
<div><br>
</div>
<div>So I took SimpleStreamChecker as a base, now my
checkPreCall() checks if "CloseHandle" is called.
Call.isCalled() works great except one case when
CloseHandle is called by pointer. It happens
because of using a template class that took a
pointer to closing function as template parameter
(useful to close different types of handles by
appropriate functions: FindClose, CloseHandle
etc.).</div>
<div><br>
</div>
</span>
<div>Call.dump() prints
"&CloseHandle(this->m_h)" in this case, so it
understands that this a pointer and that this is a
pointer of CloseHandle.But how to "extract" the the
identifier of CloseHandle?<br>
</div>
</div>
</blockquote>
<br>
I'm not quite understanding that dump, it looks a bit
weird. What is the actual code under analysis? Could you
see if you can get Call.getOriginExpr()->dump() and/or
Call.getDecl()->dump()? These should be more
informative.<br>
<br>
In general the analyzer does indeed understand calls
through function pointers, as long as it can at all be
tracked by looking at the current execution path.<br>
<br>
And when it is tracked, CallEvent::isCalled() should "just
work" because it only looks at Call.getDecl() which should
be the path-specific decl.<br>
<br>
<blockquote type="cite"><span>
<div dir="ltr">
<div><br>
</div>
<div>Thank you in advance!</div>
<div>
<div><br>
</div>
-- <br>
<div class="m_7630571944481507071m_1725759654421836021gmail_signature">Best
regards, <br>
Artem A. Razin</div>
</div>
</div>
<br>
<fieldset class="m_7630571944481507071m_1725759654421836021mimeAttachmentHeader"></fieldset>
</span>
<pre class="m_7630571944481507071m_1725759654421836021moz-quote-pre">______________________________<wbr>_________________
cfe-dev mailing list
<a class="m_7630571944481507071m_1725759654421836021moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>
<a class="m_7630571944481507071m_1725759654421836021moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_7630571944481507071gmail_signature" data-smartmail="gmail_signature">Best
regards, <br>
Artem A. Razin</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Best regards, <br>Artem A. Razin</div>
</div>