[PATCH] D157104: [analyzer] Improve underflow handling in ArrayBoundV2
DonĂ¡t Nagy via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Aug 18 06:34:20 PDT 2023
donat.nagy added a comment.
The results on open-source projects are depressing, but acceptable. This checker is looking for a serious defect, so it doesn't find any true positives on stable versions of open-source projects; however it produces a steady trickle of false positives because the Clang SA engine regularly misinterprets complicated code. As this patch allows this checker to analyze more situations, it introduces no true positives and a manageable amount of false positives (on average ~1/project).
Table of raw results:
| memcached | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_D157104@llvm/main_baseline&newcheck=memcached_1.6.8_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_D157104@llvm/main_baseline&newcheck=memcached_1.6.8_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| tmux | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_D157104@llvm/main_baseline&newcheck=tmux_2.6_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_D157104@llvm/main_baseline&newcheck=tmux_2.6_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| twin | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_D157104@llvm/main_baseline&newcheck=twin_v0.8.1_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_D157104@llvm/main_baseline&newcheck=twin_v0.8.1_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| vim | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_D157104@llvm/main_baseline&newcheck=vim_v8.2.1920_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_D157104@llvm/main_baseline&newcheck=vim_v8.2.1920_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| openssl | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_D157104@llvm/main_baseline&newcheck=openssl_openssl-3.0.0-alpha7_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_D157104@llvm/main_baseline&newcheck=openssl_openssl-3.0.0-alpha7_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| sqlite | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_D157104@llvm/main_baseline&newcheck=sqlite_version-3.33.0_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_D157104@llvm/main_baseline&newcheck=sqlite_version-3.33.0_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| ffmpeg | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_D157104@llvm/main_baseline&newcheck=ffmpeg_n4.3.1_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_D157104@llvm/main_baseline&newcheck=ffmpeg_n4.3.1_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | four new reports (probably FPs), two of them are from the same macro |
| postgres | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_D157104@llvm/main_baseline&newcheck=postgres_REL_13_0_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_D157104@llvm/main_baseline&newcheck=postgres_REL_13_0_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | two new false positives |
| tinyxml2 | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_D157104@llvm/main_baseline&newcheck=tinyxml2_8.0.0_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_D157104@llvm/main_baseline&newcheck=tinyxml2_8.0.0_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| libwebm | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_D157104@llvm/main_baseline&newcheck=libwebm_libwebm-1.0.0.27_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_D157104@llvm/main_baseline&newcheck=libwebm_libwebm-1.0.0.27_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| xerces | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_D157104@llvm/main_baseline&newcheck=xerces_v3.2.3_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_D157104@llvm/main_baseline&newcheck=xerces_v3.2.3_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| bitcoin | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_D157104@llvm/main_baseline&newcheck=bitcoin_v0.20.1_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_D157104@llvm/main_baseline&newcheck=bitcoin_v0.20.1_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
| protobuf | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_D157104@llvm/main_baseline&newcheck=protobuf_v3.13.0_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_D157104@llvm/main_baseline&newcheck=protobuf_v3.13.0_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | seven new FPs, but six of them are caused by incorrect config of our CI |
| qtbase | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=qtbase_v6.2.0_D157104@llvm/main_baseline&newcheck=qtbase_v6.2.0_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=qtbase_v6.2.0_D157104@llvm/main_baseline&newcheck=qtbase_v6.2.0_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | one new FP and one new result of UndefinedBinaryOperatorResult |
| contour | New reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=contour_v0.2.0.173_D157104@llvm/main_baseline&newcheck=contour_v0.2.0.173_D157104@llvm/main_new&is-unique=on&diff-mode=New> | Lost reports <https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=contour_v0.2.0.173_D157104@llvm/main_baseline&newcheck=contour_v0.2.0.173_D157104@llvm/main_new&is-unique=on&diff-mode=Resolved> | no change |
|
(In protobuf, our CI misconfigures the build of protobuf, so the preprocessor handles an assert-like macro incorrectly and six of the seven new false positives are on "assume that this assertion fails, then we have underflow" branches. On qtbase I don't understand why did the UndefinedBinaryOperatorResult report appear [perhaps unpredictable changes of graph traversal?] but it's technically a true positive.)
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D157104/new/
https://reviews.llvm.org/D157104
More information about the cfe-commits
mailing list