[all-commits] [llvm/llvm-project] a375bf: [analyzer][NFCI] Allow clients of NoStateChangeFun...

Kristóf Umann via All-commits all-commits at lists.llvm.org
Fri Sep 3 04:50:55 PDT 2021


  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: a375bfb5b729e0f3ca8d5e001f423fa89e74de87
      https://github.com/llvm/llvm-project/commit/a375bfb5b729e0f3ca8d5e001f423fa89e74de87
  Author: Kristóf Umann <dkszelethus at gmail.com>
  Date:   2021-09-03 (Fri, 03 Sep 2021)

  Changed paths:
    M clang/include/clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h
    M clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
    M clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
    M clang/unittests/StaticAnalyzer/CMakeLists.txt
    M clang/unittests/StaticAnalyzer/CallEventTest.cpp
    M clang/unittests/StaticAnalyzer/CheckerRegistration.h
    M clang/unittests/StaticAnalyzer/FalsePositiveRefutationBRVisitorTest.cpp
    A clang/unittests/StaticAnalyzer/NoStateChangeFuncVisitorTest.cpp
    M clang/unittests/StaticAnalyzer/RegisterCustomCheckersTest.cpp

  Log Message:
  -----------
  [analyzer][NFCI] Allow clients of NoStateChangeFuncVisitor to check entire function calls, rather than each ExplodedNode in it

D105553 added NoStateChangeFuncVisitor, an abstract class to aid in creating
notes such as "Returning without writing to 'x'", or "Returning without changing
the ownership status of allocated memory". Its clients need to define, among
other things, what a change of state is.

For code like this:

f() {
  g();
}

foo() {
  f();
  h();
}

We'd have a path in the ExplodedGraph that looks like this:

             -- <g> -->
            /          \
         ---     <f>    -------->        --- <h> --->
        /                        \      /            \
--------        <foo>             ------    <foo>     -->

When we're interested in whether f neglected to change some property,
NoStateChangeFuncVisitor asks these questions:

                       ÷×~
                -- <g> -->
           ß   /          \$    @&#*
            ---     <f>    -------->        --- <h> --->
           /                        \      /            \
   --------        <foo>             ------    <foo>     -->

Has anything changed in between # and *?
Has anything changed in between & and *?
Has anything changed in between @ and *?
...
Has anything changed in between $ and *?
Has anything changed in between × and ~?
Has anything changed in between ÷ and ~?
...
Has anything changed in between ß and *?
...
This is a rather thorough line of questioning, which is why in D105819, I was
only interested in whether state *right before* and *right after* a function
call changed, and early returned to the CallEnter location:

if (!CurrN->getLocationAs<CallEnter>())
  return;
Except that I made a typo, and forgot to negate the condition. So, in this
patch, I'm fixing that, and under the same hood allow all clients to decide to
do this whole-function check instead of the thorough one.

Differential Revision: https://reviews.llvm.org/D108695




More information about the All-commits mailing list