[PATCH] D34508: [Analyzer] Bug Reporter Visitor to Display Values of Variables - PRELIMINARY!

Balogh, Ádám via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Jun 22 05:10:54 PDT 2017 

baloghadamsoftware created this revision.

This patch is made upon user request. The first example is the following:

int f(int n) {

  return n;

}

int main() {

  int v[3], i;
  
  v[0] = 0;
  v[2] = 2;
  
  for(i = 0; i<3; ++i) {
    f(v[i]);
  }
  
  return 0;

}

Here we get warning that parameter 'v[i]' is uninitialized when calling 'f()'. However, it is not clear in the bug path for which 'i' is this true. In the example 'v[1]' is uninitialized. Our patch adds a note to the bug path: Assuming 'i' == 1.

Another user complained about false positive here:

static unsigned size = 32;

int init(int *s);
void assert(int);

static void test(void) {

  int val;
  if (size>10) {
    for (unsigned j = 0; j<size+1; j++)
      init(&val);
    assert((int) (val == 1));
  }

}

At the 'assert()' statement we get warning for garbage value. This looks impossible for the first site, however, with our patch we get a note at the beginning of the loop: Assuming 'j' == 0, 'size' == 4294967295. Now it is clear that 'val' is indeed uninitialized in case of integer overflow in 'size'.

This patch is still preliminary, only part of the tests is adjusted. First we try to reduce the unnecessary noise, by e.g. removing duplicate messages.

Questions to consider:

1. Name of the Visitor. Currently it is VariableValuesBRVIsitor, maybe a better one could be found.
2. Maybe we shoud use "is" insted of "==" to make it compatible with ConditionBRVisitor.
3. Currently we add the note to the last appearance of the variable before the bug. Maybe we should change it to the first appearance where the variable takes its final value.


https://reviews.llvm.org/D34508

Files:
  include/clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitor.h
  lib/StaticAnalyzer/Core/BugReporter.cpp
  lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
  test/Analysis/MisusedMovedObject.cpp
  test/Analysis/bug_hash_test.m
  test/Analysis/conditional-operator.cpp
  test/Analysis/cxx-for-range.cpp
  test/Analysis/diagnostics/deref-track-symbolic-region.c
  test/Analysis/diagnostics/deref-track-symbolic-region.cpp
  test/Analysis/diagnostics/macros.cpp
  test/Analysis/diagnostics/macros.m
  test/Analysis/diagnostics/text-diagnostics.c
  test/Analysis/test-after-div-zero.c
  test/Analysis/uninit-const.c
  test/Analysis/unix-fns.c
  test/Analysis/variable-path-notes.c

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D34508.103555.patch
Type: text/x-patch
Size: 250891 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170622/d5d3ccce/attachment-0001.bin>

More information about the cfe-commits mailing list