[clang] 37c1bf2 - [analyzer] Enable constructor support in evalCall event.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Thu Jun 25 09:49:05 PDT 2020
Author: Nithin Vadukkumchery Rajendrakumar
Date: 2020-06-25T09:47:13-07:00
New Revision: 37c1bf21d1da85c164638efc32e8c7cfbf713ac5
URL: https://github.com/llvm/llvm-project/commit/37c1bf21d1da85c164638efc32e8c7cfbf713ac5
DIFF: https://github.com/llvm/llvm-project/commit/37c1bf21d1da85c164638efc32e8c7cfbf713ac5.diff
LOG: [analyzer] Enable constructor support in evalCall event.
Pass EvalCallOptions via runCheckersForEvalCall into defaultEvalCall.
Update the AnalysisOrderChecker to support evalCall for testing.
Differential Revision: https://reviews.llvm.org/D82256
Added:
clang/test/Analysis/cxxctr-evalcall-analysis-order.cpp
Modified:
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
clang/lib/StaticAnalyzer/Checkers/AnalysisOrderChecker.cpp
clang/lib/StaticAnalyzer/Core/CallEvent.cpp
clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
clang/test/Analysis/analyzer-config.c
clang/test/Analysis/new-ctor-conservative.cpp
Removed:
################################################################################
diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
index 9de324506bf6..8430dc123598 100644
--- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
+++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
@@ -1372,6 +1372,12 @@ def AnalysisOrderChecker : Checker<"AnalysisOrder">,
"false",
Released,
Hide>,
+ CmdLineOption<Boolean,
+ "EvalCall",
+ "",
+ "false",
+ Released,
+ Hide>,
CmdLineOption<Boolean,
"PreCall",
"",
diff --git a/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h b/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
index 820ccfceecf6..1f3c6a1b780b 100644
--- a/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h
@@ -47,6 +47,7 @@ class ExplodedGraph;
class ExplodedNode;
class ExplodedNodeSet;
class ExprEngine;
+struct EvalCallOptions;
class MemRegion;
struct NodeBuilderContext;
class ObjCMethodCall;
@@ -433,9 +434,9 @@ class CheckerManager {
/// Run checkers for evaluating a call.
///
/// Warning: Currently, the CallEvent MUST come from a CallExpr!
- void runCheckersForEvalCall(ExplodedNodeSet &Dst,
- const ExplodedNodeSet &Src,
- const CallEvent &CE, ExprEngine &Eng);
+ void runCheckersForEvalCall(ExplodedNodeSet &Dst, const ExplodedNodeSet &Src,
+ const CallEvent &CE, ExprEngine &Eng,
+ const EvalCallOptions &CallOpts);
/// Run checkers for the entire Translation Unit.
void runCheckersOnEndOfTranslationUnit(const TranslationUnitDecl *TU,
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
index baa3a94adb64..cdfe986355c5 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h
@@ -96,8 +96,37 @@ class RegionAndSymbolInvalidationTraits;
class SymbolManager;
class SwitchNodeBuilder;
+/// Hints for figuring out of a call should be inlined during evalCall().
+struct EvalCallOptions {
+ /// This call is a constructor or a destructor for which we do not currently
+ /// compute the this-region correctly.
+ bool IsCtorOrDtorWithImproperlyModeledTargetRegion = false;
+
+ /// This call is a constructor or a destructor for a single element within
+ /// an array, a part of array construction or destruction.
+ bool IsArrayCtorOrDtor = false;
+
+ /// This call is a constructor or a destructor of a temporary value.
+ bool IsTemporaryCtorOrDtor = false;
+
+ /// This call is a constructor for a temporary that is lifetime-extended
+ /// by binding it to a reference-type field within an aggregate,
+ /// for example 'A { const C &c; }; A a = { C() };'
+ bool IsTemporaryLifetimeExtendedViaAggregate = false;
+
+ /// This call is a pre-C++17 elidable constructor that we failed to elide
+ /// because we failed to compute the target region into which
+ /// this constructor would have been ultimately elided. Analysis that
+ /// we perform in this case is still correct but it behaves
diff erently,
+ /// as if copy elision is disabled.
+ bool IsElidableCtorThatHasNotBeenElided = false;
+
+ EvalCallOptions() {}
+};
+
class ExprEngine {
void anchor();
+
public:
/// The modes of inlining, which override the default analysis-wide settings.
enum InliningModes {
@@ -108,34 +137,6 @@ class ExprEngine {
Inline_Minimal = 0x1
};
- /// Hints for figuring out of a call should be inlined during evalCall().
- struct EvalCallOptions {
- /// This call is a constructor or a destructor for which we do not currently
- /// compute the this-region correctly.
- bool IsCtorOrDtorWithImproperlyModeledTargetRegion = false;
-
- /// This call is a constructor or a destructor for a single element within
- /// an array, a part of array construction or destruction.
- bool IsArrayCtorOrDtor = false;
-
- /// This call is a constructor or a destructor of a temporary value.
- bool IsTemporaryCtorOrDtor = false;
-
- /// This call is a constructor for a temporary that is lifetime-extended
- /// by binding it to a reference-type field within an aggregate,
- /// for example 'A { const C &c; }; A a = { C() };'
- bool IsTemporaryLifetimeExtendedViaAggregate = false;
-
- /// This call is a pre-C++17 elidable constructor that we failed to elide
- /// because we failed to compute the target region into which
- /// this constructor would have been ultimately elided. Analysis that
- /// we perform in this case is still correct but it behaves
diff erently,
- /// as if copy elision is disabled.
- bool IsElidableCtorThatHasNotBeenElided = false;
-
- EvalCallOptions() {}
- };
-
private:
cross_tu::CrossTranslationUnitContext &CTU;
diff --git a/clang/lib/StaticAnalyzer/Checkers/AnalysisOrderChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/AnalysisOrderChecker.cpp
index 479e50b80867..0e8cbc60689a 100644
--- a/clang/lib/StaticAnalyzer/Checkers/AnalysisOrderChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/AnalysisOrderChecker.cpp
@@ -38,7 +38,7 @@ class AnalysisOrderChecker
check::PostStmt<OffsetOfExpr>, check::PreCall, check::PostCall,
check::EndFunction, check::EndAnalysis, check::NewAllocator,
check::Bind, check::PointerEscape, check::RegionChanges,
- check::LiveSymbols> {
+ check::LiveSymbols, eval::Call> {
bool isCallbackEnabled(const AnalyzerOptions &Opts,
StringRef CallbackName) const {
@@ -122,6 +122,19 @@ class AnalysisOrderChecker
llvm::errs() << "PostStmt<OffsetOfExpr>\n";
}
+ bool evalCall(const CallEvent &Call, CheckerContext &C) const {
+ if (isCallbackEnabled(C, "EvalCall")) {
+ llvm::errs() << "EvalCall";
+ if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(Call.getDecl()))
+ llvm::errs() << " (" << ND->getQualifiedNameAsString() << ')';
+ llvm::errs() << " {argno: " << Call.getNumArgs() << '}';
+ llvm::errs() << " [" << Call.getKindAsString() << ']';
+ llvm::errs() << '\n';
+ return true;
+ }
+ return false;
+ }
+
void checkPreCall(const CallEvent &Call, CheckerContext &C) const {
if (isCallbackEnabled(C, "PreCall")) {
llvm::errs() << "PreCall";
diff --git a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
index b8d8d467341d..78d13ddfb773 100644
--- a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
+++ b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
@@ -523,7 +523,7 @@ CallEvent::getReturnValueUnderConstruction() const {
if (!CC)
return None;
- ExprEngine::EvalCallOptions CallOpts;
+ EvalCallOptions CallOpts;
ExprEngine &Engine = getState()->getStateManager().getOwningEngine();
SVal RetVal =
Engine.computeObjectUnderConstruction(getOriginExpr(), getState(),
diff --git a/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp b/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
index 98504006030a..86cecf6524f0 100644
--- a/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
+++ b/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp
@@ -653,7 +653,8 @@ CheckerManager::runCheckersForEvalAssume(ProgramStateRef state,
void CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst,
const ExplodedNodeSet &Src,
const CallEvent &Call,
- ExprEngine &Eng) {
+ ExprEngine &Eng,
+ const EvalCallOptions &CallOpts) {
for (auto *const Pred : Src) {
bool anyEvaluated = false;
@@ -665,10 +666,8 @@ void CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst,
// TODO: Support the situation when the call doesn't correspond
// to any Expr.
ProgramPoint L = ProgramPoint::getProgramPoint(
- cast<CallExpr>(Call.getOriginExpr()),
- ProgramPoint::PostStmtKind,
- Pred->getLocationContext(),
- EvalCallChecker.Checker);
+ Call.getOriginExpr(), ProgramPoint::PostStmtKind,
+ Pred->getLocationContext(), EvalCallChecker.Checker);
bool evaluated = false;
{ // CheckerContext generates transitions(populates checkDest) on
// destruction, so introduce the scope to make sure it gets properly
@@ -690,7 +689,7 @@ void CheckerManager::runCheckersForEvalCall(ExplodedNodeSet &Dst,
// If none of the checkers evaluated the call, ask ExprEngine to handle it.
if (!anyEvaluated) {
NodeBuilder B(Pred, Dst, Eng.getBuilderContext());
- Eng.defaultEvalCall(B, Pred, Call);
+ Eng.defaultEvalCall(B, Pred, Call, CallOpts);
}
}
}
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index ba2875aab754..38a680eb04c0 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -615,7 +615,8 @@ void ExprEngine::handleConstructor(const Expr *E,
} else {
for (ExplodedNodeSet::iterator I = DstPreCall.begin(), E = DstPreCall.end();
I != E; ++I)
- defaultEvalCall(Bldr, *I, *Call, CallOpts);
+ getCheckerManager().runCheckersForEvalCall(DstEvaluated, *I, *Call, *this,
+ CallOpts);
}
// If the CFG was constructed without elements for temporary destructors
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
index da7b5d9efa47..52ba17d59ae0 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -584,7 +584,7 @@ void ExprEngine::evalCall(ExplodedNodeSet &Dst, ExplodedNode *Pred,
// defaultEvalCall if all of them fail.
ExplodedNodeSet dstCallEvaluated;
getCheckerManager().runCheckersForEvalCall(dstCallEvaluated, dstPreVisit,
- Call, *this);
+ Call, *this, EvalCallOptions());
// If there were other constructors called for object-type arguments
// of this call, clean them up.
@@ -717,7 +717,7 @@ void ExprEngine::conservativeEvalCall(const CallEvent &Call, NodeBuilder &Bldr,
ExprEngine::CallInlinePolicy
ExprEngine::mayInlineCallKind(const CallEvent &Call, const ExplodedNode *Pred,
AnalyzerOptions &Opts,
- const ExprEngine::EvalCallOptions &CallOpts) {
+ const EvalCallOptions &CallOpts) {
const LocationContext *CurLC = Pred->getLocationContext();
const StackFrameContext *CallerSFC = CurLC->getStackFrame();
switch (Call.getKind()) {
diff --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c
index 1d4a96389fb3..7a411a162201 100644
--- a/clang/test/Analysis/analyzer-config.c
+++ b/clang/test/Analysis/analyzer-config.c
@@ -50,6 +50,7 @@
// CHECK-NEXT: debug.AnalysisOrder:Bind = false
// CHECK-NEXT: debug.AnalysisOrder:EndAnalysis = false
// CHECK-NEXT: debug.AnalysisOrder:EndFunction = false
+// CHECK-NEXT: debug.AnalysisOrder:EvalCall = false
// CHECK-NEXT: debug.AnalysisOrder:LiveSymbols = false
// CHECK-NEXT: debug.AnalysisOrder:NewAllocator = false
// CHECK-NEXT: debug.AnalysisOrder:PointerEscape = false
diff --git a/clang/test/Analysis/cxxctr-evalcall-analysis-order.cpp b/clang/test/Analysis/cxxctr-evalcall-analysis-order.cpp
new file mode 100644
index 000000000000..0e1ec2f9de56
--- /dev/null
+++ b/clang/test/Analysis/cxxctr-evalcall-analysis-order.cpp
@@ -0,0 +1,33 @@
+// RUN: %clang_analyze_cc1 %s \
+// RUN: -analyzer-checker=debug.AnalysisOrder \
+// RUN: -analyzer-config debug.AnalysisOrder:EvalCall=true \
+// RUN: -analyzer-config debug.AnalysisOrder:PreCall=true \
+// RUN: -analyzer-config debug.AnalysisOrder:PostCall=true \
+// RUN: 2>&1 | FileCheck %s
+
+// This test ensures that eval::Call event will be triggered for constructors.
+
+class C {
+public:
+ C(){};
+ C(int x){};
+ C(int x, int y){};
+};
+
+void foo() {
+ C C0;
+ C C1(42);
+ C *C2 = new C{2, 3};
+}
+
+// CHECK: PreCall (C::C) [CXXConstructorCall]
+// CHECK-NEXT: EvalCall (C::C) {argno: 0} [CXXConstructorCall]
+// CHECK-NEXT: PostCall (C::C) [CXXConstructorCall]
+// CHECK-NEXT: PreCall (C::C) [CXXConstructorCall]
+// CHECK-NEXT: EvalCall (C::C) {argno: 1} [CXXConstructorCall]
+// CHECK-NEXT: PostCall (C::C) [CXXConstructorCall]
+// CHECK-NEXT: PreCall (operator new) [CXXAllocatorCall]
+// CHECK-NEXT: PostCall (operator new) [CXXAllocatorCall]
+// CHECK-NEXT: PreCall (C::C) [CXXConstructorCall]
+// CHECK-NEXT: EvalCall (C::C) {argno: 2} [CXXConstructorCall]
+// CHECK-NEXT: PostCall (C::C) [CXXConstructorCall]
diff --git a/clang/test/Analysis/new-ctor-conservative.cpp b/clang/test/Analysis/new-ctor-conservative.cpp
index 6cd403b50e5a..83c4bed1530c 100644
--- a/clang/test/Analysis/new-ctor-conservative.cpp
+++ b/clang/test/Analysis/new-ctor-conservative.cpp
@@ -27,6 +27,7 @@ void checkNewArray() {
S *s = new S[10];
// FIXME: Should be true once we inline array constructors.
clang_analyzer_eval(s[0].x == 1); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(s[1].x == 1); // expected-warning{{UNKNOWN}}
}
struct NullS {
More information about the cfe-commits
mailing list