[analyzer] PthreadLock: Fix return value modeling for XNU lock functions.

Differential Revision: https://reviews.llvm.org/D37806
2020-01-24 17:52:41 +03:00 · 2020-01-24 17:52:41 +03:00 · 80fd37f9d6
parent 3fd5d1c6e7
commit 80fd37f9d6
2 changed files with 31 additions and 25 deletions
--- a/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp
@ -226,12 +226,6 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
  if (sym)
    state = resolvePossiblyDestroyedMutex(state, lockR, sym);
  SVal X = C.getSVal(CE);
  if (X.isUnknownOrUndef())
    return;
  DefinedSVal retVal = X.castAs<DefinedSVal>();
  if (const LockState *LState = state->get<LockMap>(lockR)) {
    if (LState->isLocked()) {
      if (!BT_doublelock)
@ -254,25 +248,35 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
  ProgramStateRef lockSucc = state;
  if (isTryLock) {
    // Bifurcate the state, and allow a mode where the lock acquisition fails.
    SVal RetVal = state->getSVal(CE, C.getLocationContext());
    if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) {
      ProgramStateRef lockFail;
      switch (semantics) {
      case PthreadSemantics:
-      std::tie(lockFail, lockSucc) = state->assume(retVal);
+        std::tie(lockFail, lockSucc) = state->assume(*DefinedRetVal);
        break;
      case XNUSemantics:
-      std::tie(lockSucc, lockFail) = state->assume(retVal);
+        std::tie(lockSucc, lockFail) = state->assume(*DefinedRetVal);
        break;
      default:
        llvm_unreachable("Unknown tryLock locking semantics");
      }
      assert(lockFail && lockSucc);
      C.addTransition(lockFail);
-
+    }
    // We might want to handle the case when the mutex lock function was inlined
    // and returned an Unknown or Undefined value.
  } else if (semantics == PthreadSemantics) {
    // Assume that the return value was 0.
-    lockSucc = state->assume(retVal, false);
+    SVal RetVal = state->getSVal(CE, C.getLocationContext());
    if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) {
      // FIXME: If the lock function was inlined and returned true,
      // we need to behave sanely - at least generate sink.
      lockSucc = state->assume(*DefinedRetVal, false);
      assert(lockSucc);
-
+    }
    // We might want to handle the case when the mutex lock function was inlined
    // and returned an Unknown or Undefined value.
  } else {
    // XNU locking semantics return void on non-try locks
    assert((semantics == XNUSemantics) && "Unknown locking semantics");
--- a/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h
+++ b/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h
@ -22,7 +22,9 @@ extern int pthread_mutex_unlock(pthread_mutex_t *);
 extern int pthread_mutex_trylock(pthread_mutex_t *);
 extern int pthread_mutex_destroy(pthread_mutex_t *);
 extern int pthread_mutex_init(pthread_mutex_t  *mutex, const pthread_mutexattr_t *mutexattr);
-extern int lck_mtx_lock(lck_mtx_t *);
+
-extern int lck_mtx_unlock(lck_mtx_t *);
+typedef int boolean_t;
-extern int lck_mtx_try_lock(lck_mtx_t *);
+extern void lck_mtx_lock(lck_mtx_t *);
 extern void lck_mtx_unlock(lck_mtx_t *);
 extern boolean_t lck_mtx_try_lock(lck_mtx_t *);
 extern void lck_mtx_destroy(lck_mtx_t *lck, lck_grp_t *grp);