[cfe-commits] [PATCH] Add analyzer_assert for regression tests

Anna Zaks ganna at apple.com
Mon May 14 16:40:56 PDT 2012 

Jordy,

I think having something like this is a great idea.

> A downside I am realizing is that silent success means the output looks the same whether debug.Asserts is on or off...not sure yet what to do about that.

How about having something like "clang_analyzer_check_expr()" that always produces a warning which tells us about the expression's state, like "true", "false", "unknown"?

I've added a taint debug checker, which serves similar purpose. We could also use this to check taint or other info by appending another string to the warning message "true (tainted:true)", but possibly with better markup.

A few minor comments:
 - I'd prefix these asserts with "clang_analyzer".
 - We should check for undefined here. This checker is not guaranteed to be run along with other checkers.

Cheers,
Anna.

On May 13, 2012, at 10:01 AM, Jordy Rose wrote:

> 
> 
> 
> On May 13, 2012, at 12:13, Jordy Rose wrote:
> 
>> Hi, Anna, Ted, and everyone else. Currently a number of static analyzer regression tests have constructs like the following to test how the analyzer's handling its constraints:
>> 
>> void testUnsigned (unsigned a) {
>> if (a > 0)
>>   return;
>> 
>> void *sentinel = malloc(1);
>> if (a)
>>   return; // expected-warning{{never executed}}
>> free(sentinel);
>> }
>> 
>> void testSigned (int a) {
>> if (a > 0)
>>   return;
>> 
>> void *sentinel = malloc(1);
>> if (a)
>>   return; // expected-warning{{leak}}
>> free(sentinel);
>> }
>> 
>> That is, we're using MallocChecker, UnreachableCodeChecker, and others to trigger warnings based on the truth or falsehood of conditions. I propose a checker that looks for "calls" to functions named analyzer_assert and analyzer_assert_unknown. Unlike regular assertions, which are /added/ to the analyzer's constraint store, these assertions will warn if they do not match what is /already/ known. This would allow us to much more cleanly write the above tests:
>> 
>> // Any signature with an integral type will do.
>> // 'bool' would be canonical in C++.
>> void analyzer_assert(int);
>> void analyzer_assert_unknown(int);
>> 
>> void testUnsigned (unsigned a) {
>> if (a > 0)
>>   return;
>> 
>> analyzer_assert(a == 0);
>> }
>> 
>> void testSigned (int a) {
>> if (a > 0)
>>   return;
>> 
>> analyzer_assert_unknown(a == 0);
>> }
>> 
>> Proper use of these functions will never include an expected warning.
>> 
>> Comments? I think makes a lot of our regression tests a lot simpler.
>> 
>> Jordy
>> 
>> <DebugAsserts.patch>
>

More information about the cfe-commits mailing list