[PATCH] D35674: [analyzer] Treat C++ throw as sink during CFG-based suppress-on-sink.
Phabricator via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jul 25 02:44:44 PDT 2017
This revision was automatically updated to reflect the committed changes.
Closed by commit rL308961: [analyzer] Treat throws as sinks for suppress-on-sink purposes. (authored by dergachev).
Changed prior to commit:
https://reviews.llvm.org/D35674?vs=107873&id=108029#toc
Repository:
rL LLVM
https://reviews.llvm.org/D35674
Files:
cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp
cfe/trunk/test/Analysis/max-nodes-suppress-on-sink.cpp
Index: cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp
@@ -3310,13 +3310,34 @@
return nullptr;
}
+static bool isNoReturnBlock(const CFGBlock *Blk) {
+ if (Blk->hasNoReturnElement())
+ return true;
+
+ // FIXME: Throw-expressions are currently generating sinks during analysis:
+ // they're not supported yet, and also often used for actually terminating
+ // the program. So we should treat them as sinks in this analysis as well,
+ // at least for now, but once we have better support for exceptions,
+ // we'd need to carefully handle the case when the throw is being
+ // immediately caught.
+ if (std::any_of(Blk->begin(), Blk->end(), [](const CFGElement &Elm) {
+ if (Optional<CFGStmt> StmtElm = Elm.getAs<CFGStmt>())
+ if (isa<CXXThrowExpr>(StmtElm->getStmt()))
+ return true;
+ return false;
+ }))
+ return true;
+
+ return false;
+}
+
static bool isDominatedByNoReturnBlocks(const ExplodedNode *N) {
const CFG &Cfg = N->getCFG();
const CFGBlock *StartBlk = findBlockForNode(N);
if (!StartBlk)
return false;
- if (StartBlk->hasNoReturnElement())
+ if (isNoReturnBlock(StartBlk))
return true;
llvm::SmallVector<const CFGBlock *, 32> DFSWorkList;
@@ -3336,7 +3357,7 @@
return false;
}
- if (!SuccBlk->hasNoReturnElement() && !Visited.count(SuccBlk)) {
+ if (!isNoReturnBlock(SuccBlk) && !Visited.count(SuccBlk)) {
// If the block has reachable child blocks that aren't no-return,
// add them to the worklist.
DFSWorkList.push_back(SuccBlk);
Index: cfe/trunk/test/Analysis/max-nodes-suppress-on-sink.cpp
===================================================================
--- cfe/trunk/test/Analysis/max-nodes-suppress-on-sink.cpp
+++ cfe/trunk/test/Analysis/max-nodes-suppress-on-sink.cpp
@@ -0,0 +1,34 @@
+// RUN: %clang_analyze_cc1 -x c++ -fcxx-exceptions -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config max-nodes=12 -verify %s
+
+// Here we test how "suppress on sink" feature of certain bugtypes interacts
+// with reaching analysis limits. See comments in max-nodes-suppress-on-sink.c
+// for more discussion.
+
+typedef __typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+
+void clang_analyzer_warnIfReached(void);
+
+// Because we don't have a better approach, we currently treat throw as
+// noreturn.
+void test_throw_treated_as_noreturn() {
+ void *p = malloc(1); // no-warning
+
+ clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}
+ clang_analyzer_warnIfReached(); // no-warning
+
+ throw 0;
+}
+
+// FIXME: Handled throws shouldn't be suppressing us!
+void test_handled_throw_treated_as_noreturn() {
+ void *p = malloc(1); // no-warning
+
+ clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}
+ clang_analyzer_warnIfReached(); // no-warning
+
+ try {
+ throw 0;
+ } catch (int i) {
+ }
+}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D35674.108029.patch
Type: text/x-patch
Size: 3110 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170725/5ff86a42/attachment-0001.bin>
More information about the cfe-commits
mailing list