Commit Graph

34 Commits

Author SHA1 Message Date
Kristóf Umann efd1a8e66e [analyzer][MallocChecker] Make NewDeleteLeaks depend on DynamicMemoryModeling rather than NewDelete
If you remember the mail [1] I sent out about how I envision the future of the
already existing checkers to look dependencywise, one my main points was that no
checker that emits diagnostics should be a dependency. This is more problematic
for some checkers (ahem, RetainCount [2]) more than for others, like this one.

The MallocChecker family is a mostly big monolithic modeling class some small
reporting checkers that only come to action when we are constructing a warning
message, after the actual bug was detected. The implication of this is that
NewDeleteChecker doesn't really do anything to depend on, so this change was
relatively simple.

The only thing that complicates this change is that FreeMemAux (MallocCheckers
method that models general memory deallocation) returns after calling a bug
reporting method, regardless whether the report was ever emitted (which may not
always happen, for instance, if the checker responsible for the report isn't
enabled). This return unfortunately happens before cleaning up the maps in the
GDM keeping track of the state of symbols (whether they are released, whether
that release was successful, etc). What this means is that upon disabling some
checkers, we would never clean up the map and that could've lead to false
positives, e.g.:

error: 'warning' diagnostics seen but not expected:
  File clang/test/Analysis/NewDelete-intersections.mm Line 66: Potential leak of memory pointed to by 'p'
  File clang/test/Analysis/NewDelete-intersections.mm Line 73: Potential leak of memory pointed to by 'p'
  File clang/test/Analysis/NewDelete-intersections.mm Line 77: Potential leak of memory pointed to by 'p'

error: 'warning' diagnostics seen but not expected:
  File clang/test/Analysis/NewDelete-checker-test.cpp Line 111: Undefined or garbage value returned to caller
  File clang/test/Analysis/NewDelete-checker-test.cpp Line 200: Potential leak of memory pointed to by 'p'

error: 'warning' diagnostics seen but not expected:
  File clang/test/Analysis/new.cpp Line 137: Potential leak of memory pointed to by 'x'
There two possible approaches I had in mind:

Make bug reporting methods of MallocChecker returns whether they succeeded, and
proceed with the rest of FreeMemAux if not,
Halt execution with a sink node upon failure. I decided to go with this, as
described in the code.
As you can see from the removed/changed test files, before the big checker
dependency effort landed, there were tests to check for all the weird
configurations of enabled/disabled checkers and their messy interactions, I
largely repurposed these.

[1] http://lists.llvm.org/pipermail/cfe-dev/2019-August/063070.html
[2] http://lists.llvm.org/pipermail/cfe-dev/2019-August/063205.html

Differential Revision: https://reviews.llvm.org/D77474
2020-05-27 00:03:53 +02:00
Kristof Umann 8fd74ebfc0 [analyzer] Reimplement dependencies between checkers
Unfortunately, up until now, the fact that certain checkers depended on one
another was known, but how these actually unfolded was hidden deep within the
implementation. For example, many checkers (like RetainCount, Malloc or CString)
modelled a certain functionality, and exposed certain reportable bug types to
the user. For example, while MallocChecker models many many different types of
memory handling, the actual "unix.MallocChecker" checker the user was exposed to
was merely and option to this modeling part.

Other than this being an ugly mess, this issue made resolving the checker naming
issue almost impossible. (The checker naming issue being that if a checker
registered more than one checker within its registry function, both checker
object recieved the same name) Also, if the user explicitly disabled a checker
that was a dependency of another that _was_ explicitly enabled, it implicitly,
without "telling" the user, reenabled it.

Clearly, changing this to a well structured, declarative form, where the
handling of dependencies are done on a higher level is very much preferred.

This patch, among the detailed things later, makes checkers declare their
dependencies within the TableGen file Checkers.td, and exposes the same
functionality to plugins and statically linked non-generated checkers through
CheckerRegistry::addDependency. CheckerRegistry now resolves these dependencies,
makes sure that checkers are added to CheckerManager in the correct order,
and makes sure that if a dependency is disabled, so will be every checker that
depends on it.

In detail:

* Add a new field to the Checker class in CheckerBase.td called Dependencies,
which is a list of Checkers.
* Move unix checkers before cplusplus, as there is no forward declaration in
tblgen :/
* Add the following new checkers:
  - StackAddrEscapeBase
  - StackAddrEscapeBase
  - CStringModeling
  - DynamicMemoryModeling (base of the MallocChecker family)
  - IteratorModeling (base of the IteratorChecker family)
  - ValistBase
  - SecuritySyntaxChecker (base of bcmp, bcopy, etc...)
  - NSOrCFErrorDerefChecker (base of NSErrorChecker and  CFErrorChecker)
  - IvarInvalidationModeling (base of IvarInvalidation checker family)
  - RetainCountBase (base of RetainCount and OSObjectRetainCount)
* Clear up and registry functions in MallocChecker, happily remove old FIXMEs.
* Add a new addDependency function to CheckerRegistry.
* Neatly format RUN lines in files I looked at while debugging.

Big thanks to Artem Degrachev for all the guidance through this project!

Differential Revision: https://reviews.llvm.org/D54438

llvm-svn: 352287
2019-01-26 20:06:54 +00:00
Kristof Umann 09e86e77c9 Revert rC349281 '[analyzer][MallocChecker][NFC] Document and reorganize some functions'
llvm-svn: 349340
2018-12-17 12:07:57 +00:00
Kristof Umann a82810c56b [analyzer][MallocChecker] Improve warning messages on double-delete errors
Differential Revision: https://reviews.llvm.org/D54834

llvm-svn: 349283
2018-12-15 18:41:37 +00:00
Artem Dergachev d3c54313ab [analyzer] NFC: Run many existing C++ tests with a custom operator new().
In order to provide more test coverage for inlined operator new(), add more
run-lines to existing test cases, which would trigger our fake header
to provide a body for operator new(). Most of the code should still behave
reasonably. When behavior intentionally changes, #ifs are provided.

Differential Revision: https://reviews.llvm.org/D42221

llvm-svn: 323376
2018-01-24 21:24:10 +00:00
Artem Dergachev 1084de520b [analyzer] operator new: Fix memory space for the returned region.
Make sure that with c++-allocator-inlining=true we have the return value of
conservatively evaluated operator new() in the correct memory space (heap).
This is a regression/omission that worked well in c++-allocator-inlining=false.

Heap regions are superior to regular symbolic regions because they have
stricter aliasing constraints: heap regions do not alias each other or global
variables.

Differential Revision: https://reviews.llvm.org/D41266
rdar://problem/12180598

llvm-svn: 322780
2018-01-17 22:58:35 +00:00
Daniel Marjamaki 3d8d6ed01f [analyzer] Clarify 'uninitialized function argument' messages
Differential Revision: https://reviews.llvm.org/D30341

llvm-svn: 297283
2017-03-08 15:22:24 +00:00
Dominic Chen 184c6242fa Reland 4: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296895
2017-03-03 18:02:02 +00:00
Dominic Chen 09d66f7528 Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468.

llvm-svn: 296841
2017-03-02 23:30:53 +00:00
Dominic Chen feaf9ff5ee Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296837
2017-03-02 23:05:45 +00:00
Dominic Chen 4a90bf8c3f Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit f93343c099fff646a2314cc7f4925833708298b1.

llvm-svn: 296836
2017-03-02 22:58:06 +00:00
Dominic Chen 1cb0256a3c Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296835
2017-03-02 22:45:24 +00:00
Dominic Chen 00355a51d0 Revert "Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830.

llvm-svn: 296422
2017-02-28 01:50:23 +00:00
Dominic Chen 59cd893320 Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296414
2017-02-28 00:02:36 +00:00
Dominic Chen 8589e10c30 Revert "[analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787.

llvm-svn: 296317
2017-02-27 03:29:25 +00:00
Dominic Chen 02064a3076 [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296312
2017-02-27 02:36:15 +00:00
Gabor Horvath 44583ce65a [analyzer] Model base to derived casts more precisely.
Dynamic casts are handled relatively well by the static analyzer.
BaseToDerived casts however are treated conservatively. This can cause some
false positives with the NewDeleteLeaks checker.

This patch alters the behavior of BaseToDerived casts. In case a dynamic cast
would succeed use the same semantics. Otherwise fall back to the conservative
approach.

Differential Revision: https://reviews.llvm.org/D23014

llvm-svn: 277989
2016-08-08 09:22:59 +00:00
Anton Yartsev b50f4ba461 [analyzer] This implements potential undefbehavior.ZeroAllocDereference checker.
TODO: support realloc(). Currently it is not possible due to the present realloc() handling. Currently RegionState is not being attached to realloc() in case of a zero Size argument. 
llvm-svn: 234889
2015-04-14 14:18:04 +00:00
Anton Yartsev 5b5c7cec08 [analyzer] Different handling of alloca().
+ separate bug report for "Free alloca()" error to be able to customize checkers responsible for this error.
+ Muted "Free alloca()" error for NewDelete checker that is not responsible for c-allocated memory, turned on for unix.MismatchedDeallocator checker.
+ RefState for alloca() - to be able to detect usage of zero-allocated memory by upcoming ZeroAllocDereference checker.
+ AF_Alloca family to handle alloca() consistently - keep proper family in RefState, handle 'alloca' by getCheckIfTracked() facility, etc.
+ extra tests.

llvm-svn: 229850
2015-02-19 13:36:20 +00:00
Anton Yartsev 6ca45c92a9 [analyzer] Move the NewDeleteLeaks checker from CplusplusAlpha to Cplusplus package.
llvm-svn: 220289
2014-10-21 12:41:36 +00:00
Jordan Rose 656fdd55dd [analyzer] Warn about double-delete in C++ at the second delete...
...rather somewhere in the destructor when we try to access something and
realize the object has already been deleted. This is necessary because
the destructor is processed before the 'delete' itself.

Patch by Karthik Bhat!

llvm-svn: 198779
2014-01-08 18:46:55 +00:00
Jordan Rose 1ccc43d50e [analyzer] Handle destructors for the argument to C++ 'delete'.
Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destructor interface
currently used for local, member, and base destructors. Also, check for when
the value is known to be null, in which case no destructor is actually run.

This does not yet handle destructors for deleted /arrays/, which may need
more CFG work. It also causes a slight regression in the location of
double delete warnings; the double delete is detected at the destructor
call, which is implicit, and so is reported on the first access within the
destructor instead of at the 'delete' statement. This will be fixed soon.

Patch by Karthik Bhat!

llvm-svn: 191381
2013-09-25 16:06:17 +00:00
Jordan Rose 867b185e63 [analyzer] Warn when using 'delete' on an uninitialized variable.
Patch by Karthik Bhat, modified slightly by me.

llvm-svn: 188043
2013-08-09 00:55:47 +00:00
Jordan Rose fbe4d85035 [analyzer] Don't inline ~shared_ptr.
The analyzer can't see the reference count for shared_ptr, so it doesn't
know whether a given destruction is going to delete the referenced object.
This leads to spurious leak and use-after-free warnings.

For now, just ban destructors named '~shared_ptr', which catches
std::shared_ptr, std::tr1::shared_ptr, and boost::shared_ptr.

PR15987

llvm-svn: 182071
2013-05-17 02:16:49 +00:00
Anton Yartsev 7af0aa86dd [analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.
llvm-svn: 179428
2013-04-12 23:25:40 +00:00
Anton Yartsev 8fc29db312 [analyzer] +Testcase: several used-after-free args passed to a function.
llvm-svn: 179232
2013-04-10 22:36:16 +00:00
Anton Yartsev cb2ccd6b79 [analyzer] Switched to checkPreCall interface for detecting usage after free.
Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer.

llvm-svn: 179230
2013-04-10 22:21:41 +00:00
Anna Zaks a1de8567fc [analyzer] Shorten the malloc checker’s leak message
As per Ted’s suggestion!

llvm-svn: 178938
2013-04-06 00:41:36 +00:00
Jordan Rose 10ad081fc6 [analyzer] Re-enable cplusplus.NewDelete (but not NewDeleteLeaks).
As mentioned in the previous commit message, the use-after-free and
double-free warnings for 'delete' are worth enabling even while the
leak warnings still have false positives.

llvm-svn: 178891
2013-04-05 17:55:07 +00:00
Jordan Rose 26330563f2 [analyzer] Split new/delete checker into use-after-free and leaks parts.
This splits the leak-checking part of alpha.cplusplus.NewDelete into a
separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the
difficult false positives we've seen with the new/delete checker have been
spurious leak warnings; the use-after-free warnings and mismatched
deallocator warnings, while rare, have always been valid.

<rdar://problem/6194569>

llvm-svn: 178890
2013-04-05 17:55:00 +00:00
Anton Yartsev e3377fbca2 [analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp
This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new.
Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna).

Additional changes: 
improved test coverage for checker correlations;
refactoring: BadDealloc -> MismatchedDealloc

llvm-svn: 178814
2013-04-04 23:46:29 +00:00
Anton Yartsev 01acbcebbb [analyzer] Moving cplusplus.NewDelete to alpha.* for now.
llvm-svn: 178529
2013-04-02 05:59:24 +00:00
Anton Yartsev 3dfc33e3ac [analyzer] Enabled unix.Malloc checker.
+ Refactoring.

llvm-svn: 178388
2013-03-30 00:50:37 +00:00
Anton Yartsev fa637577f9 [analyzer] Tests for intersections with other checkers from MallocChecker.cpp factored out to NewDelete-intersections.mm
llvm-svn: 178387
2013-03-30 00:43:02 +00:00