[cfe-dev] [analyzer] MallocChecker & checker dependencies

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Fri Mar 16 11:47:43 PDT 2018


Dynamic memory management is pretty much done at this point - we have 
very good support for malloc()-like stuff and reasonably good support 
for operator new() (support for operator new[]() is currently missing 
because it requires calling an indefinite number of constructors which 
is not yet implemented). There is also a known issue with custom 
operator new(...) returning null pointers - in this case we should not 
be calling the constructor but for now we evaluate the constructor 
conservatively.

Your real problem will be managing smart pointers themselves because 
they are C++ objects that have a myriad of methods, they can be copied, 
moved, assigned, move-assigned, they destroyed, they lifetime-extended, 
you need to keep all of this in mind when writing a checker. This is 
slowly getting easier because i'm currently working on that, but until 
recently it wasn't working correctly in the core, let alone checkers, 
which is why the few experimental C++ checkers that we currently have 
required heavy hacks to become possible. But for now you'd rather keep 
an eye on these problems.

On 16/03/2018 3:57 AM, Aleksei Sidorin via cfe-dev wrote:
> Hi Alexey!
>
> Could you share your ideas of checker design? It is possible that 
> problems you met can be solved in different (maybe even better) way if 
> we know the whole picture.
> Regarding your questions, you can find some answers below.
>
> 1. a) The first way for checker communication is to share their 
> program state trait. You can see an example of how state trait is 
> exported in GenericTaintChecker or MPIChecker. Generally, you just 
> create a named ProgramStateTrait in the header. You can take a look at 
> TaintManager.h and MPITypes.h and how they are used.
> b) To set a dependency from another checker, you can just register it 
> while registering your checker. An example can be found in 
> MallocChecker where register$Checker also calls 
> registerCStringCheckerBasic to register a checker it depends on.
> As you pointed, inter-checker communication can become a source of 
> some problems. Most of them are discussed in this conversation: 
> http://clang-developers.42468.n3.nabble.com/analyzer-RFC-Design-idea-separate-modelling-from-checking-td4059122.html
>
> 2. I think there is nothing bad in sharing RegionState across checkers 
> in the way shown in 1a.
>
> 3. Artem Dergachev has done some excellent work on improvement of 
> operator 'new' processing in CSA engine. Regarding checkers, I can see 
> some on https://clang-analyzer.llvm.org/potential_checkers.html: for 
> example, undefbehavior.AutoptrsOwnSameObj. You can search this list to 
> find more.
>
>
> 15.03.2018 23:54, Alexey Knyshev via cfe-dev пишет:
>> Hi there!
>>
>> While thinking about how it would be possible to implement various 
>> smart ptr related checkers I tried to review current state of 
>> MallocChecker and came up with that it would be great to have 
>> RegionState info available to other checkers. Could you please share 
>> your points of view and comments on the following statements / questions:
>>
>> 1. Is there any right way for chaining checkers? How they are 
>> expected to communicate between each other (excluding generation of 
>> nodes / ProgramStates). I've heard that there are couple of problems 
>> caused by inlining functions, constructors / descructors.
>> 2. What do you think about moving RegionState to the Core of CSA or 
>> providing optional extended info in MemRegion about the source of 
>> such region (new opearator / array new, malloc, alloca, etc). So it 
>> would be available to all checkers.
>> 3. Is there any roadmap for CSA and especially for dynamic memory 
>> management modeling & related checkers?
>>
>> Regards, Alexey K
>>
>> -- 
>> linkedin.com/profile 
>> <https://www.linkedin.com/profile/view?id=AAMAABn6oKQBDhBteiQnWsYm-S9yxT7wQkfWhSw>
>>
>> github.com/alexeyknyshev <http://github.com/alexeyknyshev>
>> bitbucket.org/alexeyknyshev <https://bitbucket.org/alexeyknyshev/>
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
> -- 
> Best regards,
> Aleksei Sidorin,
> SRR, Samsung Electronics
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev




More information about the cfe-dev mailing list