[cfe-dev] Clang GenericTaintChecker limitations
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Fri Aug 12 01:21:30 PDT 2016
On 8/12/16 10:57 AM, Divya Muthukumaran wrote:
>
>
> So, long story short, this code is already too complex for our
> analyzer. Our default options are tweaked for maximum
> bugs-per-second in general case, but maybe we could make an option
> to analyze deeply, no matter how much time it takes.
>
> Ah Ok. Thanks for looking into this. If I had to do this bespoke for
> analyzing my code, what would I have to change? Or is it too complex?
>
The attached patch highlights the code responsible for conservative
replay without inlining. It's not very complex, and i guess we could
make an option for tweaking this particular behavior.
-------------- next part --------------
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
index 39d88bf..9c9d019 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -813,35 +813,6 @@ bool ExprEngine::shouldInlineCall(const CallEvent &Call, const Decl *D,
if (!AMgr.shouldInlineCall())
return false;
- // Check if this function has been marked as non-inlinable.
- Optional<bool> MayInline = Engine.FunctionSummaries->mayInline(D);
- if (MayInline.hasValue()) {
- if (!MayInline.getValue())
- return false;
-
- } else {
- // We haven't actually checked the static properties of this function yet.
- // Do that now, and record our decision in the function summaries.
- if (mayInlineDecl(CalleeADC, Opts)) {
- Engine.FunctionSummaries->markMayInline(D);
- } else {
- Engine.FunctionSummaries->markShouldNotInline(D);
- return false;
- }
- }
-
- // Check if we should inline a call based on its kind.
- // FIXME: this checks both static and dynamic properties of the call, which
- // means we're redoing a bit of work that could be cached in the function
- // summary.
- CallInlinePolicy CIP = mayInlineCallKind(Call, Pred, Opts);
- if (CIP != CIP_Allowed) {
- if (CIP == CIP_DisallowedAlways) {
- assert(!MayInline.hasValue() || MayInline.getValue());
- Engine.FunctionSummaries->markShouldNotInline(D);
- }
- return false;
- }
const CFG *CalleeCFG = CalleeADC->getCFG();
@@ -904,11 +875,6 @@ void ExprEngine::defaultEvalCall(NodeBuilder &Bldr, ExplodedNode *Pred,
// this should still be safe even for CallEvents that don't come from exprs.
const Expr *E = Call->getOriginExpr();
- ProgramStateRef InlinedFailedState = getInlineFailedState(State, E);
- if (InlinedFailedState) {
- // If we already tried once and failed, make sure we don't retry later.
- State = InlinedFailedState;
- } else {
RuntimeDefinition RD = Call->getRuntimeDefinition();
const Decl *D = RD.getDecl();
if (shouldInlineCall(*Call, D, Pred)) {
@@ -932,7 +898,6 @@ void ExprEngine::defaultEvalCall(NodeBuilder &Bldr, ExplodedNode *Pred,
if (inlineCall(*Call, D, Bldr, Pred, State))
return;
}
- }
// If we can't inline it, handle the return value and invalidate the regions.
conservativeEvalCall(*Call, Bldr, Pred, State);
More information about the cfe-dev
mailing list