[PATCH] D97183: [analyzer] Add NoteTag for smart-ptr get()

Deep Majumder via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Sat Mar 20 23:34:23 PDT 2021


RedDocMD updated this revision to Diff 332147.
RedDocMD added a comment.

Fixed up the git history


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D97183/new/

https://reviews.llvm.org/D97183

Files:
  clang/lib/StaticAnalyzer/Checkers/SmartPtrChecker.cpp
  clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
  clang/test/Analysis/smart-ptr-text-output.cpp


Index: clang/test/Analysis/smart-ptr-text-output.cpp
===================================================================
--- clang/test/Analysis/smart-ptr-text-output.cpp
+++ clang/test/Analysis/smart-ptr-text-output.cpp
@@ -306,10 +306,44 @@
 };
 
 void derefAfterBranchingOnUnknownInnerPtr(std::unique_ptr<A> P) {
-  A *RP = P.get();
+  A *RP = P.get(); // expected-note {{Obtained null inner pointer from 'P'}}
   if (!RP) { // expected-note {{Assuming 'RP' is null}}
     // expected-note at -1 {{Taking true branch}}
     P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
     // expected-note at -1{{Dereference of null smart pointer 'P'}}
   }
 }
+
+void getShouldNotAlwaysLeaveANote() {
+	std::unique_ptr<A> P; // expected-note {{Default constructed smart pointer 'P' is null}}
+	A *a = P.get(); 
+	P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+    // expected-note at -1{{Dereference of null smart pointer 'P'}}
+}
+
+void getShouldNotLeaveNoteWhenPtrNotUsed(std::unique_ptr<A> P) {
+  A *a = P.get(); 
+  if (!P) { // expected-note {{Taking true branch}}
+    // expected-note at -1 {{Assuming smart pointer 'P' is null}}
+    P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+    // expected-note at -1{{Dereference of null smart pointer 'P'}}
+  }
+}
+
+void getShouldLeaveANoteWithWhileLoop(std::unique_ptr<A> P) {
+  A *RP = P.get(); // expected-note {{Obtained null inner pointer from 'P'}}
+  while (!RP) {    // expected-note {{Assuming 'RP' is null}}
+    // expected-note at -1 {{Loop condition is true.  Entering loop body}}
+    P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+    // expected-note at -1{{Dereference of null smart pointer 'P'}}
+  }
+}
+
+void getShouldLeaveANoteWithForLoop(std::unique_ptr<A> P) {
+  for (A *RP = P.get(); !RP;) { // expected-note {{Assuming 'RP' is null}}
+    // expected-note at -1 {{Loop condition is true.  Entering loop body}}
+    // expected-note at -2 {{Obtained null inner pointer from 'P'}}
+    P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+    // expected-note at -1{{Dereference of null smart pointer 'P'}}
+  }
+}
\ No newline at end of file
Index: clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
+++ clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
@@ -457,8 +457,22 @@
 
   State = State->BindExpr(Call.getOriginExpr(), C.getLocationContext(),
                           InnerPointerVal);
-  // TODO: Add NoteTag, for how the raw pointer got using 'get' method.
-  C.addTransition(State);
+
+  C.addTransition(State, C.getNoteTag([ThisRegion, InnerPointerVal,
+                                       State](PathSensitiveBugReport &BR,
+                                              llvm::raw_ostream &OS) {
+    if (&BR.getBugType() != smartptr::getNullDereferenceBugType() ||
+        !BR.isInteresting(ThisRegion))
+      return;
+    if (!BR.isInteresting(InnerPointerVal) || !BR.isInteresting(InnerPointerVal.getAsSymbol()))
+      return;
+    if (ThisRegion->canPrintPretty()) {
+      OS << "Obtained null inner pointer from";
+      checkAndPrettyPrintRegion(OS, ThisRegion);
+    } else {
+      OS << "Obtained null inner pointer here";
+    }
+  }));
 }
 
 bool SmartPtrModeling::handleAssignOp(const CallEvent &Call,
Index: clang/lib/StaticAnalyzer/Checkers/SmartPtrChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/SmartPtrChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/SmartPtrChecker.cpp
@@ -87,6 +87,8 @@
   auto R = std::make_unique<PathSensitiveBugReport>(NullDereferenceBugType,
                                                     OS.str(), ErrNode);
   R->markInteresting(DerefRegion);
+  const Expr *BugExpr = Call.getOriginExpr();
+  bugreporter::trackExpressionValue(ErrNode, BugExpr, *R);
   C.emitReport(std::move(R));
 }
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D97183.332147.patch
Type: text/x-patch
Size: 4163 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210321/474275cb/attachment-0001.bin>


More information about the cfe-commits mailing list