r185609 - [analyzer] Suppress reports reported in std::list
Anna Zaks
ganna at apple.com
Wed Jul 3 19:38:10 PDT 2013
Author: zaks
Date: Wed Jul 3 21:38:10 2013
New Revision: 185609
URL: http://llvm.org/viewvc/llvm-project?rev=185609&view=rev
Log:
[analyzer] Suppress reports reported in std::list
The motivation is to suppresses false use-after-free reports that occur when calling
std::list::pop_front() or std::list::pop_back() twice. The analyzer does not
reason about the internal invariants of the list implementation, so just do not report
any of warnings in std::list.
Fixes radar://14317928.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h
cfe/trunk/test/Analysis/inlining/stl.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=185609&r1=185608&r2=185609&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Wed Jul 3 21:38:10 2013
@@ -1521,18 +1521,33 @@ LikelyFalsePositiveSuppressionBRVisitor:
BugReport &BR) {
// Here we suppress false positives coming from system headers. This list is
// based on known issues.
-
- // Skip reports within the 'std' namespace. Although these can sometimes be
- // the user's fault, we currently don't report them very well, and
- // Note that this will not help for any other data structure libraries, like
- // TR1, Boost, or llvm/ADT.
ExprEngine &Eng = BRC.getBugReporter().getEngine();
AnalyzerOptions &Options = Eng.getAnalysisManager().options;
- if (Options.shouldSuppressFromCXXStandardLibrary()) {
- const LocationContext *LCtx = N->getLocationContext();
- if (isInStdNamespace(LCtx->getDecl())) {
+ const Decl *D = N->getLocationContext()->getDecl();
+
+ if (isInStdNamespace(D)) {
+ // Skip reports within the 'std' namespace. Although these can sometimes be
+ // the user's fault, we currently don't report them very well, and
+ // Note that this will not help for any other data structure libraries, like
+ // TR1, Boost, or llvm/ADT.
+ if (Options.shouldSuppressFromCXXStandardLibrary()) {
BR.markInvalid(getTag(), 0);
return 0;
+
+ } else {
+ // If the the complete 'std' suppression is not enabled, suppress reports
+ // from the 'std' namespace that are known to produce false positives.
+
+ // The analyzer issues a false use-after-free when std::list::pop_front
+ // or std::list::pop_back are called multiple times because we cannot
+ // reason about the internal invariants of the datastructure.
+ const DeclContext *DC =
+ D->getDeclContext()->getEnclosingNamespaceContext();
+ const NamespaceDecl *ND = dyn_cast<NamespaceDecl>(DC);
+ if (ND && ND->getName() == "list") {
+ BR.markInvalid(getTag(), 0);
+ return 0;
+ }
}
}
Modified: cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h?rev=185609&r1=185608&r2=185609&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h (original)
+++ cfe/trunk/test/Analysis/Inputs/system-header-simulator-cxx.h Wed Jul 3 21:38:10 2013
@@ -86,6 +86,23 @@ namespace std {
struct forward_iterator_tag : public input_iterator_tag { };
struct bidirectional_iterator_tag : public forward_iterator_tag { };
struct random_access_iterator_tag : public bidirectional_iterator_tag { };
+
+ template <class _Tp>
+ class allocator {};
+
+ template <class _Tp, class _Alloc>
+ class __list_imp
+ {};
+
+ template <class _Tp, class _Alloc = allocator<_Tp> >
+ class list
+ : private __list_imp<_Tp, _Alloc>
+ {
+ public:
+ void pop_front();
+ bool empty() const;
+ };
+
}
void* operator new(std::size_t, const std::nothrow_t&) throw();
Modified: cfe/trunk/test/Analysis/inlining/stl.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inlining/stl.cpp?rev=185609&r1=185608&r2=185609&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/inlining/stl.cpp (original)
+++ cfe/trunk/test/Analysis/inlining/stl.cpp Wed Jul 3 21:38:10 2013
@@ -27,3 +27,9 @@ void testException(std::exception e) {
// expected-warning at -4 {{UNKNOWN}}
#endif
}
+
+void testList_pop_front(std::list<int> list) {
+ while(!list.empty())
+ list.pop_front(); // no-warning
+}
+
More information about the cfe-commits
mailing list