[clang] 80fd37f - [analyzer] PthreadLock: Fix return value modeling for XNU lock functions.

Fri Jan 24 07:43:36 PST 2020

Author: Artem Dergachev
Date: 2020-01-24T18:43:23+03:00
New Revision: 80fd37f9d66e49994eb06e2613a29a6d7016df6d

URL: https://github.com/llvm/llvm-project/commit/80fd37f9d66e49994eb06e2613a29a6d7016df6d
DIFF: https://github.com/llvm/llvm-project/commit/80fd37f9d66e49994eb06e2613a29a6d7016df6d.diff

LOG: [analyzer] PthreadLock: Fix return value modeling for XNU lock functions.

Differential Revision: https://reviews.llvm.org/D37806

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
    clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
index 8649b8b96dd0..1597955a604a 100644

--- a/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
@@ -226,12 +226,6 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
   if (sym)
     state = resolvePossiblyDestroyedMutex(state, lockR, sym);
 
-  SVal X = C.getSVal(CE);
-  if (X.isUnknownOrUndef())
-    return;
-
-  DefinedSVal retVal = X.castAs<DefinedSVal>();
-
   if (const LockState *LState = state->get<LockMap>(lockR)) {
     if (LState->isLocked()) {
       if (!BT_doublelock)
@@ -254,25 +248,35 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
   ProgramStateRef lockSucc = state;
   if (isTryLock) {
     // Bifurcate the state, and allow a mode where the lock acquisition fails.
-    ProgramStateRef lockFail;
-    switch (semantics) {
-    case PthreadSemantics:
-      std::tie(lockFail, lockSucc) = state->assume(retVal);
-      break;
-    case XNUSemantics:
-      std::tie(lockSucc, lockFail) = state->assume(retVal);
-      break;
-    default:
-      llvm_unreachable("Unknown tryLock locking semantics");
+    SVal RetVal = state->getSVal(CE, C.getLocationContext());
+    if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) {
+      ProgramStateRef lockFail;
+      switch (semantics) {
+      case PthreadSemantics:
+        std::tie(lockFail, lockSucc) = state->assume(*DefinedRetVal);
+        break;
+      case XNUSemantics:
+        std::tie(lockSucc, lockFail) = state->assume(*DefinedRetVal);
+        break;
+      default:
+        llvm_unreachable("Unknown tryLock locking semantics");
+      }
+      assert(lockFail && lockSucc);
+      C.addTransition(lockFail);
     }
-    assert(lockFail && lockSucc);
-    C.addTransition(lockFail);
-
+    // We might want to handle the case when the mutex lock function was inlined
+    // and returned an Unknown or Undefined value.
   } else if (semantics == PthreadSemantics) {
     // Assume that the return value was 0.
-    lockSucc = state->assume(retVal, false);
-    assert(lockSucc);
-
+    SVal RetVal = state->getSVal(CE, C.getLocationContext());
+    if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) {
+      // FIXME: If the lock function was inlined and returned true,
+      // we need to behave sanely - at least generate sink.
+      lockSucc = state->assume(*DefinedRetVal, false);
+      assert(lockSucc);
+    }
+    // We might want to handle the case when the mutex lock function was inlined
+    // and returned an Unknown or Undefined value.
   } else {
     // XNU locking semantics return void on non-try locks
     assert((semantics == XNUSemantics) && "Unknown locking semantics");

diff  --git a/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h b/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h
index b290ffe8d879..bf60daa4d732 100644
--- a/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h
+++ b/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h
@@ -22,7 +22,9 @@ extern int pthread_mutex_unlock(pthread_mutex_t *);
 extern int pthread_mutex_trylock(pthread_mutex_t *);
 extern int pthread_mutex_destroy(pthread_mutex_t *);
 extern int pthread_mutex_init(pthread_mutex_t  *mutex, const pthread_mutexattr_t *mutexattr);
-extern int lck_mtx_lock(lck_mtx_t *);
-extern int lck_mtx_unlock(lck_mtx_t *);
-extern int lck_mtx_try_lock(lck_mtx_t *);
+
+typedef int boolean_t;
+extern void lck_mtx_lock(lck_mtx_t *);
+extern void lck_mtx_unlock(lck_mtx_t *);
+extern boolean_t lck_mtx_try_lock(lck_mtx_t *);
 extern void lck_mtx_destroy(lck_mtx_t *lck, lck_grp_t *grp);


        
