Commit Graph

140 Commits

Author SHA1 Message Date
Endre Fülöp fd02a86260 [analyzer] Add system header simulator a symmetric random access iterator operator+
Summary:
Random access iterators must handle operator+, where the iterator is on the
RHS. The system header simulator library is extended with these operators.

Reviewers: Szelethus

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, Charusso, steakhal, martong, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D83226
2020-07-17 14:36:43 +02:00
Kirstóf Umann 023c4d400e [analyzer][AnalysisOrderChecker] Display the CallEvent type in preCall/postCall
Exactly what it says on the tin! The included testfile demonstrates why this is
important -- for C++ dynamic memory operators, we don't always recognize custom,
or even standard-specified new/delete operators as CXXAllocatorCall or
CXXDeallocatorCall.

Differential Revision: https://reviews.llvm.org/D77391
2020-04-09 16:41:07 +02:00
Joe Ranieri 5ee616a710 [analyzer] Fix SARIF column locations
Differential revision: https://reviews.llvm.org/D70689
2020-01-14 15:38:30 -05:00
Adam Balogh 23022b9329 [Analyzer][NFC] Separate white-box tests for iterator modelling from iterator checker tests
The recently committed debug.IteratorDebugging checker enables
standalone white-box testing of the modelling of containers and
iterators. For the three checkers based on iterator modelling only
simple tests are needed.

Differential Revision: https://reviews.llvm.org/D70123
2019-11-14 16:32:19 +01:00
Artem Dergachev b0914e7276 [analyzer] Specify the C++ standard in more tests.
Makes life easier for downstream developers with different default standard.

llvm-svn: 375308
2019-10-19 00:08:17 +00:00
Adam Balogh 12f5c7f0c3 [Analyzer] Iterator Checkers - Make range errors and invalidated access fatal
Range errors (dereferencing or incrementing the past-the-end iterator or
decrementing the iterator of the first element of the range) and access of
invalidated iterators lead to undefined behavior. There is no point to
continue the analysis after such an error on the same execution path, but
terminate it by a sink node (fatal error). This also improves the
performance and helps avoiding double reports (e.g. in case of nested
iterators).

Differential Revision: https://reviews.llvm.org/D62893

llvm-svn: 370314
2019-08-29 09:35:47 +00:00
Joe Ranieri fce4324f92 Update the SARIF exporter to SARIF 2.1
This updates the SARIF exporter to produce SARIF 2.1 output. The bulk of the diffs come from two changes to SARIF:
* https://github.com/oasis-tcs/sarif-spec/issues/309
* https://github.com/oasis-tcs/sarif-spec/issues/179

Differential Revision: https://reviews.llvm.org/D65211

llvm-svn: 370068
2019-08-27 14:43:54 +00:00
Joe Ranieri 3385c5cc4d Fix a SARIF exporter crash with macro expansions
Differential Revision: https://reviews.llvm.org/D65209

llvm-svn: 370061
2019-08-27 14:20:27 +00:00
Joe Ranieri 68a6a28ef8 Fix text range end columns in SARIF to be exclusive
According to the SARIF specification, "a text region does not include the character specified by endColumn".

Differential Revision: https://reviews.llvm.org/D65206

llvm-svn: 370060
2019-08-27 13:49:45 +00:00
Kristof Umann 0f9e530c0f [analyzer] Enable control dependency condition tracking by default
This patch concludes my GSoC'19 project by enabling track-conditions by default.

Differential Revision: https://reviews.llvm.org/D66381

llvm-svn: 369616
2019-08-22 03:08:48 +00:00
Kristof Umann 46929df723 [analyzer] Prune calls to functions with linear CFGs that return a non-zero constrained value
During the evaluation of D62883, I noticed a bunch of totally
meaningless notes with the pattern of "Calling 'A'" -> "Returning value"
-> "Returning from 'A'", which added no value to the report at all.

This patch (not only affecting tracked conditions mind you) prunes
diagnostic messages to functions that return a value not constrained to
be 0, and are also linear.

Differential Revision: https://reviews.llvm.org/D64232

llvm-svn: 368771
2019-08-13 23:22:33 +00:00
Adam Balogh 8557f17d88 [Analyzer] Iterator Checkers - Fix for Crash on Iterator Differences
Iterators differences were mistakenly handled as random decrements which
causes an assertion. This patch fixes this.

llvm-svn: 367802
2019-08-05 06:45:41 +00:00
Hubert Tong 64b60df99f [analyzer] SARIF: Add EOF newline; replace diff_sarif
Summary:
This patch applies a change similar to rC363069, but for SARIF files.

The `%diff_sarif` lit substitution invokes `diff` with a non-portable
`-I` option. The intended effect can be achieved by normalizing the
inputs to `diff` beforehand. Such normalization can be done with
`grep -Ev`, which is also used by other tests.

Additionally, this patch updates the SARIF output to have a newline at
the end of the file. This makes it so that the SARIF file qualifies as a
POSIX text file, which increases the consumability of the generated file
in relation to various tools.

Reviewers: NoQ, sfertile, xingxue, jasonliu, daltenty, aaron.ballman

Reviewed By: aaron.ballman

Subscribers: xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, Charusso, jsji, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D62952

llvm-svn: 363822
2019-06-19 15:27:35 +00:00
Hubert Tong 122bd782d6 [analyzer][NFC][tests] Pre-normalize expected-sarif files
As discussed in the review for D62952, this patch pre-normalizes the
reference expected output sarif files by removing lines containing
fields for which we expect differences that should be ignored.

llvm-svn: 363788
2019-06-19 11:19:51 +00:00
Kristof Umann e20b388e2f [analyzer] Push correct version of 'Track indices of arrays'
Messed up the commit, oops.

llvm-svn: 363512
2019-06-16 15:41:25 +00:00
Kristof Umann 33b46a6df0 [analyzer] Track indices of arrays
Often times, when an ArraySubscriptExpr was reported as null or
undefined, the bug report was difficult to understand, because the
analyzer explained why arr[i] has that value, but didn't realize that in
fact i's value is very important as well. This patch fixes this by
tracking the indices of arrays.

Differential Revision: https://reviews.llvm.org/D63080

llvm-svn: 363510
2019-06-16 14:52:56 +00:00
Hubert Tong 61c848d254 Reapply r362994 & co "[analyzer][tests] Add normalize_plist to replace diff_plist"
Following r363007, which reverted r362998, r362996, and r362994,
reapply with adjustments for the CRLF differences encountered with
Windows. Namely, the `-b` option of `diff` is employed, and the `grep`
patterns have `$` replaced with `[[:space:]]*$`.

llvm-svn: 363069
2019-06-11 14:21:32 +00:00
Reid Kleckner e7ea1834f4 Revert r362994 & co "[analyzer][tests] Add normalize_plist to replace diff_plist"
Reverts r362998, r362996, and r362994 because the tests do not pass on
Windows due to CRLF changes. Adding back `-w` to diff is not enough, the
new grep substitution doesn't work on Windows, and fixing it is
non-trivial.

llvm-svn: 363007
2019-06-10 23:25:43 +00:00
Hubert Tong dbc85509ba [analyzer][tests] Use normalize_plist in place of diff_plist (`tail` cases)
Summary:
The `%diff_plist` lit substitution invokes `diff` with a non-portable
`-I` option. The intended effect can be achieved by normalizing the
inputs to `diff` beforehand. Such normalization can be done with
`grep -Ev`, which is also used by other tests.

This patch applies the change (adjusted for review comments) described
in http://lists.llvm.org/pipermail/cfe-dev/2019-April/061904.html
mechanically to the cases where the output file is piped to
`%diff_plist` via `tail`. `%diff_plist` is then, being unused, removed.

The changes were applied via a script.

Reviewers: NoQ, sfertile, xingxue, jasonliu, daltenty

Subscribers: xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, Charusso, jsji, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D62951

llvm-svn: 362998
2019-06-10 22:40:35 +00:00
Hubert Tong 65db5d4cb5 [analyzer][tests] Use normalize_plist in place of diff_plist (`cat` cases)
Summary:
The `%diff_plist` lit substitution invokes `diff` with a non-portable
`-I` option. The intended effect can be achieved by normalizing the
inputs to `diff` beforehand. Such normalization can be done with
`grep -Ev`, which is also used by other tests.

This patch applies the change (adjusted for review comments) described
in http://lists.llvm.org/pipermail/cfe-dev/2019-April/061904.html
mechanically to the cases where the output file is piped to
`%diff_plist` via `cat`.

The changes were applied via a script, except that
`clang/test/Analysis/NewDelete-path-notes.cpp` and
`clang/test/Analysis/plist-macros-with-expansion.cpp` were each adjusted
for the line-continuation on the relevant `RUN` step.

Reviewers: NoQ, sfertile, xingxue, jasonliu, daltenty

Subscribers: xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, Charusso, jsji, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D62950

llvm-svn: 362996
2019-06-10 22:37:31 +00:00
Hubert Tong 15e3e95263 [analyzer][NFC][tests] Pre-normalize expected-plists
As suggested in the review for D62949, this patch pre-normalizes the
reference expected output plist files by removing lines containing
fields for which we expect differences that should be ignored.

llvm-svn: 362877
2019-06-08 13:51:37 +00:00
Csaba Dabis 2e896b8b39 [analyzer] ConditionBRVisitor: Boolean support
Summary: -

Reviewers: NoQ, george.karpenkov

Reviewed By: NoQ, george.karpenkov

Subscribers: cfe-commits, xazax.hun, baloghadamsoftware, szepet, a.sidorin,
             mikhail.ramalho, Szelethus, donat.nagy, dkrupp

Tags: #clang

Differential Revision: https://reviews.llvm.org/D58207

llvm-svn: 362027
2019-05-29 20:34:29 +00:00
Csaba Dabis d1f0ec3f64 [analyzer] ConditionBRVisitor: MemberExpr support
Summary: -

Reviewers: NoQ, george.karpenkov

Reviewed By: NoQ

Subscribers: cfe-commits, xazax.hun, baloghadamsoftware, szepet, a.sidorin,
             mikhail.ramalho, Szelethus, donat.nagy, dkrupp

Tags: #clang

Differential Revision: https://reviews.llvm.org/D58206

llvm-svn: 362026
2019-05-29 20:29:02 +00:00
Csaba Dabis 4b0184b2d3 [analyzer] ConditionBRVisitor: Enhance to write out more information
Summary:
Add extra messages to the bug report to inform the user why the analyzer
`Taking true/false branch`.

Reviewers: NoQ, george.karpenkov

Reviewed By: NoQ

Subscribers: gerazo, gsd, dkrupp, whisperity, baloghadamsoftware, xazax.hun,
             eraman, szepet, a.sidorin, mikhail.ramalho, Szelethus,
             donat.nagy, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D53076

llvm-svn: 362020
2019-05-29 20:06:09 +00:00
Artem Dergachev ef0aab3138 [analyzer] Add a prunable note for skipping vbase inits in subclasses.
When initialization of virtual base classes is skipped, we now tell the user
about it, because this aspect of C++ isn't very well-known.

The implementation is based on the new "note tags" feature (r358781).
In order to make use of it, allow note tags to produce prunable notes,
and move the note tag factory to CoreEngine.

Differential Revision: https://reviews.llvm.org/D61817

llvm-svn: 361682
2019-05-24 23:37:11 +00:00
Artem Dergachev 425e565783 [analyzer] NFC: Prevent multi-file plist test from spamming up the build folder.
It was producing an HTML report with a random name on every tests run
and never cleaned those up.

llvm-svn: 361592
2019-05-24 02:29:18 +00:00
Hubert Tong 46e0fc88cc [analyzer][tests] Use diff_plist, correct order of arguments for missed cases; NFC
For various files under `clang/test/Analysis`, D52036 applied
`%diff_plist` to replace `diff` invocations with certain options and
D56340 swapped the order of the arguments so that the reference file
comes first. The tests that used `tail` to filter the test output were
not modified accordingly. This patch applies the corresponding update
to those tests.

llvm-svn: 359691
2019-05-01 15:53:56 +00:00
Artem Dergachev a746f2b73c [analyzer] Fix macro names in diagnostics within bigger macros.
If macro "CHECK_X(x)" expands to something like "if (x != NULL) ...",
the "Assuming..." note no longer says "Assuming 'x' is equal to CHECK_X".

Differential Revision: https://reviews.llvm.org/D59121

llvm-svn: 359037
2019-04-23 21:30:30 +00:00
Artem Dergachev 388e19ff1f [analyzer] PR41239: Fix a crash on invalid source location in NoStoreFuncVisitor.
It turns out that SourceManager::isInSystemHeader() crashes when an invalid
source location is passed into it. Invalid source locations are relatively
common: not only they come from body farms, but also, say, any function in C
that didn't come with a forward declaration would have an implicit
forward declaration with invalid source locations.

There's a more comfy API for us to use in the Static Analyzer:
CallEvent::isInSystemHeader(), so just use that.

Differential Revision: https://reviews.llvm.org/D59901

llvm-svn: 357329
2019-03-29 22:57:49 +00:00
Csaba Dabis 9ea2f9079d [analyzer] ConditionBRVisitor: Unknown condition evaluation support
Summary:
If the constraint information is not changed between two program states the
analyzer has not learnt new information and made no report. But it is
possible to happen because we have no information at all. The new approach
evaluates the condition to determine if that is the case and let the user
know we just `Assuming...` some value.

Reviewers: NoQ, george.karpenkov

Reviewed By: NoQ

Subscribers: llvm-commits, xazax.hun, baloghadamsoftware, szepet, a.sidorin,
mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gsd, gerazo

Tags: #clang, #llvm

Differential Revision: https://reviews.llvm.org/D57410

llvm-svn: 356323
2019-03-16 13:47:55 +00:00
Csaba Dabis e282b30c58 Revert "[analyzer] ConditionBRVisitor: Unknown condition evaluation support"
This reverts commit 0fe67a61cd.

llvm-svn: 356320
2019-03-16 10:06:06 +00:00
Csaba Dabis 0fe67a61cd [analyzer] ConditionBRVisitor: Unknown condition evaluation support
Summary: If the constraint information is not changed between two program states the analyzer has not learnt new information and made no report. But it is possible to happen because we have no information at all. The new approach evaluates the condition to determine if that is the case and let the user know we just 'Assuming...' some value.

Reviewers: NoQ, george.karpenkov

Reviewed By: NoQ

Subscribers: xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gsd, gerazo

Tags: #clang

Differential Revision: https://reviews.llvm.org/D57410

llvm-svn: 356319
2019-03-16 09:24:30 +00:00
Kristof Umann 4962816e72 [analyzer] Fix an assertation failure for invalid sourcelocation, add a new debug checker
For a rather short code snippet, if debug.ReportStmts (added in this patch) was
enabled, a bug reporter visitor crashed:

struct h {
  operator int();
};

int k() {
  return h();
}

Ultimately, this originated from PathDiagnosticLocation::createMemberLoc, as it
didn't handle the case where it's MemberExpr typed parameter returned and
invalid SourceLocation for MemberExpr::getMemberLoc. The solution was to find
any related valid SourceLocaion, and Stmt::getBeginLoc happens to be just that.

Differential Revision: https://reviews.llvm.org/D58777

llvm-svn: 356161
2019-03-14 16:10:29 +00:00
Artem Dergachev 2ed0e79bb8 [analyzer] Make sure base-region and its sub-regions are either all alive or all dead.
SymbolReaper now realizes that our liveness analysis isn't sharp enough
to discriminate between liveness of, say, variables and their fields.
Surprisingly, this didn't quite work before: having a variable live only
through Environment (eg., calling a C++ method on a local variable
as the last action ever performed on that variable) would not keep the
region value symbol of a field of that variable alive.

It would have been broken in the opposite direction as well, but both
Environment and RegionStore use the scanReachableSymbols mechanism for finding
live symbols regions within their values, and due to that they accidentally
end up marking the whole chain of super-regions as live when at least one
sub-region is known to be live.

It is now a direct responsibility of SymbolReaper to maintain this invariant,
and a unit test was added in order to make sure it stays that way.

Differential Revision: https://reviews.llvm.org/D56632

rdar://problem/46914108

llvm-svn: 351499
2019-01-18 00:08:56 +00:00
James Y Knight 693d39dd12 Remove irrelevant references to legacy git repositories from
compiler identification lines in test-cases.

(Doing so only because it's then easier to search for references which
are actually important and need fixing.)

llvm-svn: 351200
2019-01-15 16:18:52 +00:00
Artem Dergachev fc72007f43 [analyzer] pr38838, pr39976: Fix crash on diagnosing before implicit destructor.
We need to be able to emit the diagnostic at PreImplicitCall,
and the patch implements this functionality.

However, for now the need for emitting such diagnostics is not all that great:
it is only necessary to not crash when emitting a false positive due to an
unrelated issue of having dead symbol collection not working properly.

Coming up with a non-false-positive test seems impossible with the current
set of checkers, though it is likely to be needed for good things as well
in the future.

Differential Revision: https://reviews.llvm.org/D56042

rdar://problem/46911462

llvm-svn: 350907
2019-01-10 23:44:44 +00:00
George Karpenkov 363dd8e4b8 [analyzer] [NFC] Reverse the argument order for "diff" in tests
The current argument order has "expected" and "actual" the wrong way around,
so that the diff shows the change from expected to actual, not from actual to expected.

Namely, if the expected diagnostics contains the string "foo", but the analyzer emits "bar",
we really want to see:

```
- foo
+ bar
```

not

```
- bar
+ foo
```

since adapting to most changes would require applying that diff to the expected output.

Differential Revision: https://reviews.llvm.org/D56340

llvm-svn: 350866
2019-01-10 18:15:44 +00:00
Aaron Ballman 2c49462725 Correct the spelling of helpURI to helpUri.
JSON is case sensitive and the SARIF spec uses the corrected spelling.

llvm-svn: 350817
2019-01-10 13:19:48 +00:00
Aaron Ballman 2f234cbfb0 Allow direct navigation to static analysis checker documentation through SARIF exports.
This adds anchors to all of the documented checks so that you can directly link to a check by a stable name. This is useful because the SARIF file format has a field for specifying a URI to documentation for a rule and some viewers, like CodeSonar, make use of this information. These links are then exposed through the SARIF exporter.

llvm-svn: 349812
2018-12-20 20:20:20 +00:00
Artem Dergachev 11cadc3e6b [analyzer] MoveChecker Pt.6: Suppress the warning for the move-safe STL classes.
Some C++ standard library classes provide additional guarantees about their
state after move. Suppress warnings on such classes until a more precise
behavior is implemented. Warnings for locals are not suppressed anyway
because it's still most likely a bug.

Differential Revision: https://reviews.llvm.org/D55307

llvm-svn: 349191
2018-12-14 20:52:57 +00:00
Aaron Ballman 3ccec59ec2 Update our SARIF support from 10-10 to 11-28.
Functional changes include:

* The run.files property is now an array instead of a mapping.
* fileLocation objects now have a fileIndex property specifying the array index into run.files.
* The resource.rules property is now an array instead of a mapping.
* The result object was given a ruleIndex property that is an index into the resource.rules array.
* rule objects now have their "id" field filled out in addition to the name field.
* Updated the schema and spec version numbers to 11-28.

llvm-svn: 349188
2018-12-14 20:34:23 +00:00
Fangrui Song 6f6731b36e [analyzer] Fix diagnostics/explicit-suppression.cpp
*OI++ = *II++ is on line 670, not 668

llvm-svn: 345992
2018-11-02 16:23:37 +00:00
Kristof Umann 391b19c78a [analyzer] Put llvm.Conventions back in alpha
Interestingly, this many year old (when I last looked I remember 2010ish)
checker was committed without any tests, so I thought I'd implement them, but I
was shocked to see how I barely managed to get it working. The code is severely
outdated, I'm not even sure it has ever been used, so I'd propose to move it
back into alpha, and possibly even remove it.

Differential Revision: https://reviews.llvm.org/D53856

llvm-svn: 345990
2018-11-02 16:02:10 +00:00
Aaron Ballman 2c0febe3e6 Output "rule" information in SARIF exports.
SARIF allows you to export descriptions about rules that are present in the SARIF log. Expose the help text table generated into Checkers.inc as the rule's "full description" and export all of the rules present in the analysis output. This information is useful for analysis result viewers like CodeSonar.

llvm-svn: 345874
2018-11-01 18:57:38 +00:00
Aaron Ballman fa28f335b8 Update to the 10-10 SARIF spec.
This removes the Step property (which can be calculated by consumers trivially), and updates the schema and version numbers accordingly.

llvm-svn: 345823
2018-11-01 11:52:07 +00:00
Artem Dergachev e21aff2b22 [analyzer] SARIF: Suppress version testing in a more downstream-friendly manner.
No functional change intended.

llvm-svn: 345807
2018-11-01 01:27:01 +00:00
Aaron Ballman f6e3d147e9 Changing the command line parameters sent to diff for this test.
On some systems, -U 1 was being interpreted as -U -1. Trying -U1 to see if that's the universally accepted approach instead.

llvm-svn: 345649
2018-10-30 20:55:18 +00:00
Aaron Ballman fa03c690bd Speculatively attempt to fix a failing testbot.
A testbot (	http://green.lab.llvm.org/green/job/clang-stage1-cmake-RA-incremental/54690/) was failing with a complaint about an obsolete option that wasn't present in the command line in the first place. This replaces my guess at the "obsolete option" with a different spelling that will hopefully be more acceptable to this bot without breaking other bots.

llvm-svn: 345635
2018-10-30 19:49:17 +00:00
Aaron Ballman e2b1a9c789 Add the ability to output static analysis results to SARIF.
This allows users to specify SARIF (https://github.com/oasis-tcs/sarif-spec) as the output from the clang static analyzer so that the results can be read in by other tools, such as extensions to Visual Studio and VSCode, as well as static analyzers like CodeSonar.

llvm-svn: 345628
2018-10-30 18:55:38 +00:00
Artem Dergachev 31f81399bd [analyzer] [tests] [quickfix] Make more test more resilient for non-defaut -std.
It is important to specify the version of the standard because tests should
test the same thing regardless of the current default version of the standard.

llvm-svn: 343736
2018-10-03 22:48:00 +00:00