forked from OSchip/llvm-project
[analyzer] PthreadLock: Fix return value modeling for XNU lock functions.
Differential Revision: https://reviews.llvm.org/D37806
This commit is contained in:
parent
3fd5d1c6e7
commit
80fd37f9d6
|
@ -226,12 +226,6 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
|
||||||
if (sym)
|
if (sym)
|
||||||
state = resolvePossiblyDestroyedMutex(state, lockR, sym);
|
state = resolvePossiblyDestroyedMutex(state, lockR, sym);
|
||||||
|
|
||||||
SVal X = C.getSVal(CE);
|
|
||||||
if (X.isUnknownOrUndef())
|
|
||||||
return;
|
|
||||||
|
|
||||||
DefinedSVal retVal = X.castAs<DefinedSVal>();
|
|
||||||
|
|
||||||
if (const LockState *LState = state->get<LockMap>(lockR)) {
|
if (const LockState *LState = state->get<LockMap>(lockR)) {
|
||||||
if (LState->isLocked()) {
|
if (LState->isLocked()) {
|
||||||
if (!BT_doublelock)
|
if (!BT_doublelock)
|
||||||
|
@ -254,25 +248,35 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
|
||||||
ProgramStateRef lockSucc = state;
|
ProgramStateRef lockSucc = state;
|
||||||
if (isTryLock) {
|
if (isTryLock) {
|
||||||
// Bifurcate the state, and allow a mode where the lock acquisition fails.
|
// Bifurcate the state, and allow a mode where the lock acquisition fails.
|
||||||
ProgramStateRef lockFail;
|
SVal RetVal = state->getSVal(CE, C.getLocationContext());
|
||||||
switch (semantics) {
|
if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) {
|
||||||
case PthreadSemantics:
|
ProgramStateRef lockFail;
|
||||||
std::tie(lockFail, lockSucc) = state->assume(retVal);
|
switch (semantics) {
|
||||||
break;
|
case PthreadSemantics:
|
||||||
case XNUSemantics:
|
std::tie(lockFail, lockSucc) = state->assume(*DefinedRetVal);
|
||||||
std::tie(lockSucc, lockFail) = state->assume(retVal);
|
break;
|
||||||
break;
|
case XNUSemantics:
|
||||||
default:
|
std::tie(lockSucc, lockFail) = state->assume(*DefinedRetVal);
|
||||||
llvm_unreachable("Unknown tryLock locking semantics");
|
break;
|
||||||
|
default:
|
||||||
|
llvm_unreachable("Unknown tryLock locking semantics");
|
||||||
|
}
|
||||||
|
assert(lockFail && lockSucc);
|
||||||
|
C.addTransition(lockFail);
|
||||||
}
|
}
|
||||||
assert(lockFail && lockSucc);
|
// We might want to handle the case when the mutex lock function was inlined
|
||||||
C.addTransition(lockFail);
|
// and returned an Unknown or Undefined value.
|
||||||
|
|
||||||
} else if (semantics == PthreadSemantics) {
|
} else if (semantics == PthreadSemantics) {
|
||||||
// Assume that the return value was 0.
|
// Assume that the return value was 0.
|
||||||
lockSucc = state->assume(retVal, false);
|
SVal RetVal = state->getSVal(CE, C.getLocationContext());
|
||||||
assert(lockSucc);
|
if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) {
|
||||||
|
// FIXME: If the lock function was inlined and returned true,
|
||||||
|
// we need to behave sanely - at least generate sink.
|
||||||
|
lockSucc = state->assume(*DefinedRetVal, false);
|
||||||
|
assert(lockSucc);
|
||||||
|
}
|
||||||
|
// We might want to handle the case when the mutex lock function was inlined
|
||||||
|
// and returned an Unknown or Undefined value.
|
||||||
} else {
|
} else {
|
||||||
// XNU locking semantics return void on non-try locks
|
// XNU locking semantics return void on non-try locks
|
||||||
assert((semantics == XNUSemantics) && "Unknown locking semantics");
|
assert((semantics == XNUSemantics) && "Unknown locking semantics");
|
||||||
|
|
|
@ -22,7 +22,9 @@ extern int pthread_mutex_unlock(pthread_mutex_t *);
|
||||||
extern int pthread_mutex_trylock(pthread_mutex_t *);
|
extern int pthread_mutex_trylock(pthread_mutex_t *);
|
||||||
extern int pthread_mutex_destroy(pthread_mutex_t *);
|
extern int pthread_mutex_destroy(pthread_mutex_t *);
|
||||||
extern int pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *mutexattr);
|
extern int pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *mutexattr);
|
||||||
extern int lck_mtx_lock(lck_mtx_t *);
|
|
||||||
extern int lck_mtx_unlock(lck_mtx_t *);
|
typedef int boolean_t;
|
||||||
extern int lck_mtx_try_lock(lck_mtx_t *);
|
extern void lck_mtx_lock(lck_mtx_t *);
|
||||||
|
extern void lck_mtx_unlock(lck_mtx_t *);
|
||||||
|
extern boolean_t lck_mtx_try_lock(lck_mtx_t *);
|
||||||
extern void lck_mtx_destroy(lck_mtx_t *lck, lck_grp_t *grp);
|
extern void lck_mtx_destroy(lck_mtx_t *lck, lck_grp_t *grp);
|
||||||
|
|
Loading…
Reference in New Issue