r339135 - [analyzer][UninitializedObjectChecker] New flag to turn off dereferencing
Kristof Umann via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 7 05:55:26 PDT 2018
Author: szelethus
Date: Tue Aug 7 05:55:26 2018
New Revision: 339135
URL: http://llvm.org/viewvc/llvm-project?rev=339135&view=rev
Log:
[analyzer][UninitializedObjectChecker] New flag to turn off dereferencing
Even for a checker being in alpha, some reports about pointees held so little
value to the user that it's safer to disable pointer/reference chasing for now.
It can be enabled with a new flag, in which case checker should function as it
has always been. This can be set with `CheckPointeeInitialization`.
Differential Revision: https://reviews.llvm.org/D49438
Added:
cfe/trunk/test/Analysis/cxx-uninitialized-object-no-dereference.cpp
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp
cfe/trunk/test/Analysis/cxx-uninitialized-object-inheritance.cpp
cfe/trunk/test/Analysis/cxx-uninitialized-object-notes-as-warnings.cpp
cfe/trunk/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
cfe/trunk/test/Analysis/cxx-uninitialized-object.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp?rev=339135&r1=339134&r2=339135&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/UninitializedObjectChecker.cpp Tue Aug 7 05:55:26 2018
@@ -10,19 +10,33 @@
// This file defines a checker that reports uninitialized fields in objects
// created after a constructor call.
//
-// This checker has two options:
+// This checker has several options:
// - "Pedantic" (boolean). If its not set or is set to false, the checker
// won't emit warnings for objects that don't have at least one initialized
// field. This may be set with
//
-// `-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true`.
+// `-analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true`.
//
// - "NotesAsWarnings" (boolean). If set to true, the checker will emit a
// warning for each uninitalized field, as opposed to emitting one warning
// per constructor call, and listing the uninitialized fields that belongs
// to it in notes. Defaults to false.
//
-// `-analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true`.
+// `-analyzer-config \
+// alpha.cplusplus.UninitializedObject:NotesAsWarnings=true`.
+//
+// - "CheckPointeeInitialization" (boolean). If set to false, the checker will
+// not analyze the pointee of pointer/reference fields, and will only check
+// whether the object itself is initialized. Defaults to false.
+//
+// `-analyzer-config \
+// alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true`.
+//
+// TODO: With some clever heuristics, some pointers should be dereferenced
+// by default. For example, if the pointee is constructed within the
+// constructor call, it's reasonable to say that no external object
+// references it, and we wouldn't generate multiple report on the same
+// pointee.
//
//===----------------------------------------------------------------------===//
@@ -44,6 +58,7 @@ public:
// These fields will be initialized when registering the checker.
bool IsPedantic;
bool ShouldConvertNotesToWarnings;
+ bool CheckPointeeInitialization;
UninitializedObjectChecker()
: BT_uninitField(new BuiltinBug(this, "Uninitialized fields")) {}
@@ -109,13 +124,16 @@ class FindUninitializedFields {
const TypedValueRegion *const ObjectR;
const bool IsPedantic;
+ const bool CheckPointeeInitialization;
+
bool IsAnyFieldInitialized = false;
UninitFieldSet UninitFields;
public:
FindUninitializedFields(ProgramStateRef State,
- const TypedValueRegion *const R, bool IsPedantic);
+ const TypedValueRegion *const R, bool IsPedantic,
+ bool CheckPointeeInitialization);
const UninitFieldSet &getUninitFields();
private:
@@ -262,8 +280,8 @@ void UninitializedObjectChecker::checkEn
if (!Object)
return;
- FindUninitializedFields F(Context.getState(), Object->getRegion(),
- IsPedantic);
+ FindUninitializedFields F(Context.getState(), Object->getRegion(), IsPedantic,
+ CheckPointeeInitialization);
const UninitFieldSet &UninitFields = F.getUninitFields();
@@ -327,8 +345,10 @@ void UninitializedObjectChecker::checkEn
//===----------------------------------------------------------------------===//
FindUninitializedFields::FindUninitializedFields(
- ProgramStateRef State, const TypedValueRegion *const R, bool IsPedantic)
- : State(State), ObjectR(R), IsPedantic(IsPedantic) {}
+ ProgramStateRef State, const TypedValueRegion *const R, bool IsPedantic,
+ bool CheckPointeeInitialization)
+ : State(State), ObjectR(R), IsPedantic(IsPedantic),
+ CheckPointeeInitialization(CheckPointeeInitialization) {}
const UninitFieldSet &FindUninitializedFields::getUninitFields() {
isNonUnionUninit(ObjectR, FieldChainInfo());
@@ -468,6 +488,11 @@ bool FindUninitializedFields::isPointerO
return addFieldToUninits({LocalChain, FR});
}
+ if (!CheckPointeeInitialization) {
+ IsAnyFieldInitialized = true;
+ return false;
+ }
+
const FieldDecl *FD = FR->getDecl();
// TODO: The dynamic type of a void pointer may be retrieved with
@@ -685,4 +710,6 @@ void ento::registerUninitializedObjectCh
"Pedantic", /*DefaultVal*/ false, Chk);
Chk->ShouldConvertNotesToWarnings = Mgr.getAnalyzerOptions().getBooleanOption(
"NotesAsWarnings", /*DefaultVal*/ false, Chk);
+ Chk->CheckPointeeInitialization = Mgr.getAnalyzerOptions().getBooleanOption(
+ "CheckPointeeInitialization", /*DefaultVal*/ false, Chk);
}
Modified: cfe/trunk/test/Analysis/cxx-uninitialized-object-inheritance.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-uninitialized-object-inheritance.cpp?rev=339135&r1=339134&r2=339135&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/cxx-uninitialized-object-inheritance.cpp (original)
+++ cfe/trunk/test/Analysis/cxx-uninitialized-object-inheritance.cpp Tue Aug 7 05:55:26 2018
@@ -1,4 +1,7 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -std=c++11 -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \
+// RUN: -std=c++11 -verify %s
//===----------------------------------------------------------------------===//
// Non-polymorphic inheritance tests
Added: cfe/trunk/test/Analysis/cxx-uninitialized-object-no-dereference.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-uninitialized-object-no-dereference.cpp?rev=339135&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/cxx-uninitialized-object-no-dereference.cpp (added)
+++ cfe/trunk/test/Analysis/cxx-uninitialized-object-no-dereference.cpp Tue Aug 7 05:55:26 2018
@@ -0,0 +1,27 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -std=c++11 -DPEDANTIC -verify %s
+
+class UninitPointerTest {
+ int *ptr; // expected-note{{uninitialized pointer 'this->ptr'}}
+ int dontGetFilteredByNonPedanticMode = 0;
+
+public:
+ UninitPointerTest() {} // expected-warning{{1 uninitialized field}}
+};
+
+void fUninitPointerTest() {
+ UninitPointerTest();
+}
+
+class UninitPointeeTest {
+ int *ptr; // no-note
+ int dontGetFilteredByNonPedanticMode = 0;
+
+public:
+ UninitPointeeTest(int *ptr) : ptr(ptr) {} // no-warning
+};
+
+void fUninitPointeeTest() {
+ int a;
+ UninitPointeeTest t(&a);
+}
Modified: cfe/trunk/test/Analysis/cxx-uninitialized-object-notes-as-warnings.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-uninitialized-object-notes-as-warnings.cpp?rev=339135&r1=339134&r2=339135&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/cxx-uninitialized-object-notes-as-warnings.cpp (original)
+++ cfe/trunk/test/Analysis/cxx-uninitialized-object-notes-as-warnings.cpp Tue Aug 7 05:55:26 2018
@@ -1,4 +1,7 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true -std=c++11 -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:NotesAsWarnings=true \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \
+// RUN: -std=c++11 -verify %s
class NotesAsWarningsTest {
int a;
Modified: cfe/trunk/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp?rev=339135&r1=339134&r2=339135&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp (original)
+++ cfe/trunk/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp Tue Aug 7 05:55:26 2018
@@ -1,6 +1,11 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -std=c++11 -DPEDANTIC -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \
+// RUN: -std=c++11 -verify %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -std=c++11 -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \
+// RUN: -std=c++11 -verify %s
//===----------------------------------------------------------------------===//
// Concrete location tests.
Modified: cfe/trunk/test/Analysis/cxx-uninitialized-object.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cxx-uninitialized-object.cpp?rev=339135&r1=339134&r2=339135&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/cxx-uninitialized-object.cpp (original)
+++ cfe/trunk/test/Analysis/cxx-uninitialized-object.cpp Tue Aug 7 05:55:26 2018
@@ -1,6 +1,11 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -std=c++11 -DPEDANTIC -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:Pedantic=true -DPEDANTIC \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \
+// RUN: -std=c++11 -verify %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject -std=c++11 -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.cplusplus.UninitializedObject \
+// RUN: -analyzer-config alpha.cplusplus.UninitializedObject:CheckPointeeInitialization=true \
+// RUN: -std=c++11 -verify %s
//===----------------------------------------------------------------------===//
// Default constructor test.
More information about the cfe-commits
mailing list