[all-commits] [llvm/llvm-project] 8f9613: [analyzer] StdLibraryFunctionsChecker: match signa...

Gabor Marton via All-commits all-commits at lists.llvm.org
Mon Apr 6 08:35:13 PDT 2020 

  Branch: refs/heads/master
  Home:   https://github.com/llvm/llvm-project
  Commit: 8f961399739f539cb0b3c9ac68ca1b62c2a17a80
      https://github.com/llvm/llvm-project/commit/8f961399739f539cb0b3c9ac68ca1b62c2a17a80
  Author: Gabor Marton <gabor.marton at ericsson.com>
  Date:   2020-04-06 (Mon, 06 Apr 2020)

  Changed paths:
    M clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
    M clang/test/Analysis/std-c-library-functions-arg-constraints.c
    M clang/test/Analysis/std-c-library-functions.c

  Log Message:
  -----------
  [analyzer] StdLibraryFunctionsChecker: match signature based on FunctionDecl

Summary:
Currently we match the summary signature based on the arguments in the CallExpr.
There are a few problems with this approach.
1) Variadic arguments are handled badly. Consider the below code:
     int foo(void *stream, const char *format, ...);
     void test_arg_constraint_on_variadic_fun() {
        foo(0, "%d%d", 1, 2); // CallExpr
     }
   Here the call expression holds 4 arguments, whereas the function declaration
   has only 2 `ParmVarDecl`s. So there is no way to create a summary that
   matches the call expression, because the discrepancy in the number of
   arguments causes a mismatch.
2) The call expression does not handle the `restrict` type qualifier.
   In C99, fwrite's signature is the following:
     size_t fwrite(const void *restrict, size_t, size_t, FILE *restrict);
   However, in a call expression, like below, the type of the argument does not
   have the restrict qualifier.
    void test_fread_fwrite(FILE *fp, int *buf) {
      size_t x = fwrite(buf, sizeof(int), 10, fp);
    }
   This can result in an unmatches signature, so the summary is not applied.
The solution is to match the summary against the referened callee
`FunctionDecl` that we can query from the `CallExpr`.

Further patches will continue with additional refactoring where I am going to
do a lookup during the checker initialization and the signature match will
happen there. That way, we will not check the signature during every call,
rather we will compare only two `FunctionDecl` pointers.

Reviewers: NoQ, Szelethus, gamesh411, baloghadamsoftware

Subscribers: whisperity, xazax.hun, kristof.beyls, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, steakhal, danielkiss, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77410

More information about the All-commits mailing list