[cfe-dev] ConstraintManager reports different constraints if the checker is run as Plugin

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Mon Sep 6 14:03:07 PDT 2021 

I suspect that you're still running different sets of checks in 
different invocations. Typically you don't want to use direct/manual 
-cc1 invocations as they're completely unrepresentative of the actual 
behavior.

One way or another, you should dump the exploded graph to see where 
constraints originate and how they propagate 
(https://www.youtube.com/watch?v=g0Mqx1niUi0, 
https://clang-analyzer.llvm.org/checker_dev_manual.html#visualizing)

On 03.09.2021 13:33, Max Schrötter via cfe-dev wrote:
> Hi,
>
> I'm currently trying to write a static analyzer using llvm and started
> with a simple example, that checks if the return value of malloc/calloc
> was checked to be non-null before accessing it.
>
> While testing I noticed, that the ConstraintManager shows inconsistent
> behaviors. If the checker is compiled in-tree everything works as
> expected. But if the checker is compiled as Plugin and run with
> -analyzer-checker=core.NonNullParamChecker and -fgnuc-version=4.2.1
> enabled, the ConstraintManager returns different constraints.
>
> Example:
>
>      #include <stdio.h>
>      #include <stdlib.h>
>      #include <string.h>
>      
>      int main(int argc, char ** argv, char ** envp){
>          int z=8;
>          int *p = malloc(sizeof(int));
>          memcpy(p,&z,sizeof(int));
>          free(p);
>      }
>
> If compiled with llvm the ConstraintManager.isNull reports isUnderconstrained for the symbol p pre memcpy.
> If compiled as Plugin it returns true for isConstrainedFalse and isConstrained, but p can be null here.
>
> I have posted my code on Github if anyone wants to look at it: https://github.com/schrc3b6/simple-static-analyzer
>
> Is this a bug in my Code or am I misunderstanding something?
>
> Thanks
> Max
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210906/de8a5249/attachment.html>

More information about the cfe-dev mailing list