[PATCH] D64274: [analyzer] VirtualCallChecker overhaul.
Kristóf Umann via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Jul 15 13:05:50 PDT 2019
Szelethus added a comment.
In D64274#1574086 <https://reviews.llvm.org/D64274#1574086>, @NoQ wrote:
> Hmm, wait, i don't really break backwards compatibility. Fridays...
//Ackchyually//, it doesn't per se break anything, but will result in CodeChecker no longer enabling `optin.cplusplus.VirtualCall` :^) Sorry, oversight on my end. Observe the following monster of a clang invocation by
CodeChecker check -b "g++ -c clang/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp" --verbose debug_analyzer
(I put arrows at the important lines, this is with your patch applied)
clang --analyze -Qunused-arguments --analyzer-no-default-checks
-Xclang analyzer-opt-analyze-headers
-Xclang analyzer-output=plist-multi-file -o /tmp/tmpxmqqTL/cxx-uninitialized-object-ptr-ref.cpp_e4f3d9e72b29ea0cba420c8888e947ee.plist
-Xclang analyzer-config -Xclang expand-macros=true
-Xclang analyzer-checker=core.CallAndMessage
-Xclang analyzer-checker=core.DivideZero
-Xclang analyzer-checker=core.DynamicTypePropagation
-Xclang analyzer-checker=core.NonNullParamChecker
-Xclang analyzer-checker=core.NullDereference
-Xclang analyzer-checker=core.StackAddressEscape
-Xclang analyzer-checker=core.UndefinedBinaryOperatorResult
-Xclang analyzer-checker=core.VLASize
-Xclang analyzer-checker=core.uninitialized.ArraySubscript
-Xclang analyzer-checker=core.uninitialized.Assign
-Xclang analyzer-checker=core.uninitialized.Branch
-Xclang analyzer-checker=core.uninitialized.CapturedBlockVariable
-Xclang analyzer-checker=core.uninitialized.UndefReturn
-Xclang analyzer-checker=cplusplus.InnerPointer
-Xclang analyzer-checker=cplusplus.Move
-Xclang analyzer-checker=cplusplus.NewDelete
-Xclang analyzer-checker=cplusplus.NewDeleteLeaks
-Xclang analyzer-disable-checker=cplusplus.PureVirtualCall <------------------------------------------ problem right here
-Xclang analyzer-checker=deadcode.DeadStores
-Xclang analyzer-checker=nullability.NullPassedToNonnull
-Xclang analyzer-checker=nullability.NullReturnedFromNonnull
-Xclang analyzer-disable-checker=nullability.NullableDereferenced
-Xclang analyzer-disable-checker=nullability.NullablePassedToNonnull
-Xclang analyzer-disable-checker=nullability.NullableReturnedFromNonnull
-Xclang analyzer-disable-checker=optin.cplusplus.UninitializedObject
-Xclang analyzer-checker=optin.cplusplus.VirtualCall <------------------------------------------ problem right here
-Xclang analyzer-disable-checker=optin.mpi.MPI-Checker
-Xclang analyzer-disable-checker=optin.osx.OSObjectCStyleCast
-Xclang analyzer-disable-checker=optin.osx.cocoa.localizability.EmptyLocalizationContextChecker
-Xclang analyzer-disable-checker=optin.osx.cocoa.localizability.NonLocalizedStringChecker
-Xclang analyzer-disable-checker=optin.performance.GCDAntipattern
-Xclang analyzer-disable-checker=optin.performance.Padding
-Xclang analyzer-checker=optin.portability.UnixAPI
-Xclang analyzer-disable-checker=osx.API
-Xclang analyzer-disable-checker=osx.MIG
-Xclang analyzer-disable-checker=osx.NumberObjectConversion
-Xclang analyzer-disable-checker=osx.OSObjectRetainCount
-Xclang analyzer-disable-checker=osx.ObjCProperty
-Xclang analyzer-disable-checker=osx.SecKeychainAPI
-Xclang analyzer-disable-checker=osx.cocoa.AtSync
-Xclang analyzer-disable-checker=osx.cocoa.AutoreleaseWrite
-Xclang analyzer-disable-checker=osx.cocoa.ClassRelease
-Xclang analyzer-disable-checker=osx.cocoa.Dealloc
-Xclang analyzer-disable-checker=osx.cocoa.IncompatibleMethodTypes
-Xclang analyzer-disable-checker=osx.cocoa.Loops
-Xclang analyzer-disable-checker=osx.cocoa.MissingSuperCall
-Xclang analyzer-disable-checker=osx.cocoa.NSAutoreleasePool
-Xclang analyzer-disable-checker=osx.cocoa.NSError
-Xclang analyzer-disable-checker=osx.cocoa.NilArg
-Xclang analyzer-disable-checker=osx.cocoa.NonNilReturnValue
-Xclang analyzer-disable-checker=osx.cocoa.ObjCGenerics
-Xclang analyzer-disable-checker=osx.cocoa.RetainCount
-Xclang analyzer-disable-checker=osx.cocoa.RunLoopAutoreleaseLeak
-Xclang analyzer-disable-checker=osx.cocoa.SelfInit
-Xclang analyzer-disable-checker=osx.cocoa.SuperDealloc
-Xclang analyzer-disable-checker=osx.cocoa.UnusedIvars
-Xclang analyzer-disable-checker=osx.cocoa.VariadicMethodTypes
-Xclang analyzer-disable-checker=osx.coreFoundation.CFError
-Xclang analyzer-disable-checker=osx.coreFoundation.CFNumber
-Xclang analyzer-disable-checker=osx.coreFoundation.CFRetainRelease
-Xclang analyzer-disable-checker=osx.coreFoundation.containers.OutOfBounds
-Xclang analyzer-disable-checker=osx.coreFoundation.containers.PointerSizedValues
-Xclang analyzer-checker=security.FloatLoopCounter
-Xclang analyzer-disable-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling
-Xclang analyzer-checker=security.insecureAPI.UncheckedReturn
-Xclang analyzer-disable-checker=security.insecureAPI.bcmp
-Xclang analyzer-disable-checker=security.insecureAPI.bcopy
-Xclang analyzer-disable-checker=security.insecureAPI.bzero
-Xclang analyzer-checker=security.insecureAPI.getpw
-Xclang analyzer-checker=security.insecureAPI.gets
-Xclang analyzer-checker=security.insecureAPI.mkstemp
-Xclang analyzer-checker=security.insecureAPI.mktemp
-Xclang analyzer-checker=security.insecureAPI.rand
-Xclang analyzer-disable-checker=security.insecureAPI.strcpy
-Xclang analyzer-checker=security.insecureAPI.vfork
-Xclang analyzer-checker=unix.API
-Xclang analyzer-checker=unix.Malloc
-Xclang analyzer-checker=unix.MallocSizeof
-Xclang analyzer-checker=unix.MismatchedDeallocator
-Xclang analyzer-checker=unix.Vfork
-Xclang analyzer-checker=unix.cstring.BadSizeArg
-Xclang analyzer-checker=unix.cstring.NullArg
-Xclang analyzer-checker=valist.CopyToSelf
-Xclang analyzer-checker=valist.Uninitialized
-Xclang analyzer-checker=valist.Unterminated
-Xclang analyzer-config -Xclang aggressive-binary-operation-simplification=true
-Xclang analyzer-config -Xclang crosscheck-with-z3=true
-x c++ --target=x86_64-linux-gnu -std=gnu++14 -nobuiltininc
-isystem /home/szelethus/Documents/llvm-project/build/lib/clang/9.0.0/include
-isystem /usr/include/c++/7
-isystem /usr/include/x86_64-linux-gnu/c++/7
-isystem /usr/include/c++/7/backward
-isystem /usr/local/include
-isystem /usr/include/x86_64-linux-gnu
-isystem /usr/include
/home/szelethus/Documents/llvm-project/clang/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp
echo "-Xclang -analyzer-list-enabled-checkers" > saargs.txt
CodeChecker check -b "g++ -c clang/test/Analysis/cxx-uninitialized-object-ptr-ref.cpp" --saargs saargs.txt --verbose debug_analyzer`
OVERVIEW: Clang Static Analyzer Enabled Checkers List
core.CallAndMessage
core.DivideZero
core.DynamicTypePropagation
core.NonNullParamChecker
core.NullDereference
core.StackAddrEscapeBase
core.StackAddressEscape
core.UndefinedBinaryOperatorResult
core.VLASize
core.uninitialized.ArraySubscript
core.uninitialized.Assign
core.uninitialized.Branch
core.uninitialized.CapturedBlockVariable
core.uninitialized.UndefReturn
unix.cstring.CStringModeling
unix.DynamicMemoryModeling
cplusplus.InnerPointer
cplusplus.Move
cplusplus.NewDelete
cplusplus.NewDeleteLeaks
deadcode.DeadStores
nullability.NullabilityBase
nullability.NullPassedToNonnull
nullability.NullReturnedFromNonnull
optin.portability.UnixAPI
security.insecureAPI.SecuritySyntaxChecker
security.FloatLoopCounter
security.insecureAPI.UncheckedReturn
security.insecureAPI.getpw
security.insecureAPI.gets
security.insecureAPI.mkstemp
security.insecureAPI.mktemp
security.insecureAPI.rand
security.insecureAPI.vfork
unix.API
unix.Malloc
unix.MallocSizeof
unix.MismatchedDeallocator
unix.Vfork
unix.cstring.BadSizeArg
unix.cstring.NullArg
valist.ValistBase
valist.CopyToSelf
valist.Uninitialized
valist.Unterminated
Would it be trouble for you to reverse the dependency please?
In D64274#1584974 <https://reviews.llvm.org/D64274#1584974>, @baloghadamsoftware wrote:
> Hmm, I still fail to understand the problem with the current `VirtualCall` checker. Is it unstable? Does it report many false positives?
Yup. While painfully artificial, take a look at this little code snippet:
struct Base {
Base() {
log();
}
virtual void log();
};
struct Derived : public Base {};
void f() { Derived d; }
In this example, no error is made, `Derived` doesn't override `log()`, there is no chance for a misuse, yet the checker warns. Now, of course, its only a matter of time until another derived class actually implements `log()` and we'd **potentially** run into a problem, but similarly to `UninitializedObjectChecker`, we detect code smell, not error. Calls to pure virtual functions is UB.
================
Comment at: clang/include/clang/StaticAnalyzer/Checkers/Checkers.td:562
+ HelpText<"Check virtual function calls during construction/destruction">,
Documentation<HasDocumentation>;
----------------
Szelethus wrote:
> `Dependencies<[PureVirtualCallChecker]>,`
//Ackchyually//, we should have this the other way around for backward compatibility reasons :^) Sorry, oversight on my end.
================
Comment at: clang/include/clang/StaticAnalyzer/Checkers/Checkers.td:569
"false",
- Released>
+ InAlpha>
]>,
----------------
Lets hide it as well.
```
CmdLineOption<Boolean,
"PureOnly",
"Disables the checker. Keeps cplusplus.PureVirtualCall "
"enabled. This option is only provided for backwards "
"compatibility.",
"false",
InAlpha,
Hide>
```
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D64274/new/
https://reviews.llvm.org/D64274
More information about the cfe-commits
mailing list