<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Sorry was afk.<br>
Thanks!<br>
<br>
Analyzer documentation is very fragmented, but apart from the
SimpleStreamChecker video that you've probably already watched we do
have the manual on the website
(<a class="moz-txt-link-freetext" href="http://clang-analyzer.llvm.org/checker_dev_manual.html">http://clang-analyzer.llvm.org/checker_dev_manual.html</a>), some
in-tree high-level overview docs
(<a class="moz-txt-link-freetext" href="https://github.com/llvm-mirror/clang/tree/release_60/docs/analyzer">https://github.com/llvm-mirror/clang/tree/release_60/docs/analyzer</a>),
and my workbook
(<a class="moz-txt-link-freetext" href="https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf">https://github.com/haoNoQ/clang-analyzer-guide/releases/download/v0.1/clang-analyzer-guide-v0.1.pdf</a>).
There's also doxygen.<br>
<br>
None of these applies directly to the problem though.<br>
<br>
The correct value for DeclRefExpr to a known FunctionDecl would be a
function pointer that is represented in the Analyzer by a value
(<a class="moz-txt-link-freetext" href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1SVal.html">https://clang.llvm.org/doxygen/classclang_1_1ento_1_1SVal.html</a>) of
loc::MemRegionVal kind that wraps a memory region of
FunctionCodeRegion kind
(<a class="moz-txt-link-freetext" href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1MemRegion.html">http://clang.llvm.org/doxygen/classclang_1_1ento_1_1MemRegion.html</a>).
In order to evaluate DeclRefExpr, i.e. tell our checkers (and also
ourselves) that its value is the respective FunctionCodeRegion, we
bind the value in the Environment when we encounter it. The proposed
solution is to avoid adding an Environment binding, and instead
always know, simply by looking at the expression, what its value is.
You might not always know what is the value of "x + y" just by
looking at the expression, but you'll always know what is the value
of expression "1" - it's, well, 1. The point is to do the same for
function pointers, as i described above, emm, sorry, actually below.<br>
<br>
I would have probably already fixed the problem if i didn't have
write all this, but you sounded interested and apparently i enjoy
talking :)<br>
<br>
<div class="moz-cite-prefix">On 5/7/18 9:21 AM, Artem Razin wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACS3OuTJqQYxQYePZ70WqKQkmCXZS5rhfp2+C7TE5jZ82H2LNA@mail.gmail.com">
<div dir="ltr">Sure, I will file new bug. Just sent a request to <a
href="mailto:bugs-admin@lists.llvm.org" moz-do-not-send="true">bugs-admin@lists.llvm.org</a>
to get an access there.
<div><br>
</div>
<div>I would be happy to fix it myself, but I really just
started working with clang analyzer. Any doc to quick start?
Or the code itself is the best documentation? :)</div>
<div><br>
</div>
<div>Thank you!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-05-04 23:10 GMT+03:00 Artem
Dergachev <span dir="ltr"><<a
href="mailto:noqnoqneo@gmail.com" target="_blank"
moz-do-not-send="true">noqnoqneo@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div class="h5"> <br>
<br>
<div class="m_7630571944481507071moz-cite-prefix">On
5/3/18 8:35 AM, Artem Razin wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Artem,</div>
<div><br>
</div>
<div>It seems I was wrong, the situation is not so
simple as I thought initially.</div>
<div><br>
</div>
<div>First of all, here the checkPreCall() call,
it checks a call against CloseHandle and outputs
result along with passed function information:</div>
<div><br>
</div>
<div>void HandleChecker::checkPreCall(</div>
<div><span style="white-space:pre-wrap"> </span>const
CallEvent &Call,</div>
<div><span style="white-space:pre-wrap"> </span>CheckerContext
&C) const</div>
<div>{</div>
<div><span style="white-space:pre-wrap"> </span>if
(Call.isCalled(_closeHandleFn)<wbr>)</div>
<div><span style="white-space:pre-wrap"> </span>fprintf(stderr,
"It's CloseHandle: ");</div>
<div><span style="white-space:pre-wrap"> </span>else</div>
<div><span style="white-space:pre-wrap"> </span>fprintf(stderr,
"It's NOT CloseHandle: ");</div>
<div><span style="white-space:pre-wrap"> </span>Call.dump();</div>
<div>}</div>
<div><br>
</div>
<div>The first sample uses usual CloseHandle call,
without function pointer:</div>
<div>CloseHandle(NULL);</div>
<div><br>
</div>
<div>So it works.</div>
<div><br>
</div>
<div>My original code that didn't work has used
template class. The simplified code:</div>
<div><br>
</div>
<div>typedef BOOL (WINAPI *P_CloseHandle)(HANDLE);</div>
<div><br>
</div>
<div>template <P_CloseHandle pCloseHandle>
struct AutoCloseHandle</div>
<div>{</div>
<div> AutoCloseHandle(HANDLE h) : _h(h) {}</div>
<div> ~AutoCloseHandle() { pCloseHandle(_h); };</div>
<div> HANDLE _h;</div>
<div>};</div>
<div><br>
</div>
<div>int main()</div>
<div>{</div>
<div> AutoCloseHandle<&CloseHandle>
autoCloseHandle(NULL);</div>
<div> return 1;</div>
<div>}</div>
<div><br>
</div>
<div>The output:</div>
<div><br>
</div>
<div>It's NOT CloseHandle:
&CloseHandle(this->_h)</div>
<div>It's NOT CloseHandle: 0</div>
<div>It's NOT CloseHandle: Call to
~AutoCloseHandle<&CloseHandle><wbr>()
noexcept {</div>
<div> &CloseHandle(this->_h);</div>
<div>}</div>
<div>It's NOT CloseHandle:
&CloseHandle(this->_h)</div>
<div><br>
</div>
<div>> Could you see if you can get
Call.getOriginExpr()->dump() and/or
Call.getDecl()->dump()? These should be more
informative.</div>
<div><br>
</div>
<div>Sure, I've added it. Call.getDecl() is NULL
for that call. Call.getOriginExpr() is the
following:</div>
<div><br>
</div>
<div>CallExpr 0x64ecb10 'BOOL':'int'</div>
<div>|-SubstNonTypeTemplateParmExpr 0x64ecac0
'BOOL (*)(HANDLE) __attribute__((stdcall))'</div>
<div>| `-UnaryOperator 0x64ecaa8 'BOOL (*)(HANDLE)
__attribute__((stdcall))' prefix '&' cannot
overflow</div>
<div>| `-DeclRefExpr 0x64eca90 'BOOL (HANDLE)
__attribute__((stdcall))':'<wbr>BOOL (HANDLE)
__attribute__((stdcall))' lvalue Function </div>
</div>
</blockquote>
<br>
</div>
</div>
Aha, interesting. At a glance it seems that we know how to
evaluate a function pointer (i.e. ExprEngine::Visit()),
but we don't know how to constant-fold it (i.e.
Environment::getSVal() ->
SValBuilder::getConstantVal())<wbr>. And we don't evaluate
anything within SubstNonTypeTemplateParmExpr (see
ExprEngine::Visit() again) because it's supposed to be
constant-foldable.<br>
<br>
Constant-folding should be easy, but it should be followed
up with a cleanup work to remove the evaluation.<br>
<br>
Would you be willing to file a bug against me in bugzilla
(or fix it)?
<div>
<div class="h5"><br>
<br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>0x57b8890 'CloseHandle' 'BOOL (HANDLE)
__attribute__((stdcall))':'<wbr>BOOL (HANDLE)
__attribute__((stdcall))'</div>
<div>`-ImplicitCastExpr 0x64ecb30 'HANDLE':'void
*' <LValueToRValue></div>
<div> `-MemberExpr 0x64ecae8 'HANDLE':'void *'
lvalue ->_h 0x64dc710</div>
<div> `-CXXThisExpr 0x64ecad8 'struct
AutoCloseHandle<&CloseHandle> *' this</div>
<div><br>
</div>
<div>Call.dump()'s result:</div>
<div><br>
</div>
<div>&CloseHandle(this->_h)</div>
<div><br>
</div>
<div>Thank you!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2018-05-02 23:32
GMT+03:00 Artem Dergachev <span dir="ltr"><<a
href="mailto:noqnoqneo@gmail.com"
target="_blank" moz-do-not-send="true">noqnoqneo@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span>
On 5/2/18 3:58 AM, Artem Razin via cfe-dev
wrote:<br>
</span>
<blockquote type="cite">
<div dir="ltr"><span>Hi All,
<div><br>
</div>
<div>I hope this is right place to ask
such a newbie question like the
following.</div>
<div><br>
</div>
<div>I am trying to write a checker to
catch potential handle leaks (it's
on Windows: a handle is closed by
CloseHandle).</div>
<div><br>
</div>
<div>So I took SimpleStreamChecker as
a base, now my checkPreCall() checks
if "CloseHandle" is called.
Call.isCalled() works great except
one case when CloseHandle is called
by pointer. It happens because of
using a template class that took a
pointer to closing function as
template parameter (useful to close
different types of handles by
appropriate functions: FindClose,
CloseHandle etc.).</div>
<div><br>
</div>
</span>
<div>Call.dump() prints
"&CloseHandle(this->m_h)" in
this case, so it understands that this
a pointer and that this is a pointer
of CloseHandle.But how to "extract"
the the identifier of CloseHandle?<br>
</div>
</div>
</blockquote>
<br>
I'm not quite understanding that dump, it
looks a bit weird. What is the actual code
under analysis? Could you see if you can get
Call.getOriginExpr()->dump() and/or
Call.getDecl()->dump()? These should be
more informative.<br>
<br>
In general the analyzer does indeed
understand calls through function pointers,
as long as it can at all be tracked by
looking at the current execution path.<br>
<br>
And when it is tracked,
CallEvent::isCalled() should "just work"
because it only looks at Call.getDecl()
which should be the path-specific decl.<br>
<br>
<blockquote type="cite"><span>
<div dir="ltr">
<div><br>
</div>
<div>Thank you in advance!</div>
<div>
<div><br>
</div>
-- <br>
<div
class="m_7630571944481507071m_1725759654421836021gmail_signature">Best
regards, <br>
Artem A. Razin</div>
</div>
</div>
<br>
<fieldset
class="m_7630571944481507071m_1725759654421836021mimeAttachmentHeader"></fieldset>
</span>
<pre class="m_7630571944481507071m_1725759654421836021moz-quote-pre">______________________________<wbr>_________________
cfe-dev mailing list
<a class="m_7630571944481507071m_1725759654421836021moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org" target="_blank" moz-do-not-send="true">cfe-dev@lists.llvm.org</a>
<a class="m_7630571944481507071m_1725759654421836021moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank" moz-do-not-send="true">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_7630571944481507071gmail_signature"
data-smartmail="gmail_signature">Best regards, <br>
Artem A. Razin</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">Best
regards, <br>
Artem A. Razin</div>
</div>
</blockquote>
<br>
</body>
</html>