[PATCH] D122841: [analyzer] Consider all addrspaces in null dereference check

Vince Bridgers via Phabricator via cfe-commits Thu, 31 Mar 2022 11:23:08 -0700

vabridgers created this revision.
vabridgers added reviewers: NoQ, steakhal, martong.
Herald added subscribers: manas, ASDenysPetrov, dkrupp, donat.nagy, Szelethus, 
mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, xazax.hun.
Herald added a project: All.
vabridgers requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.


This change enables the null dereference checker to consider all null
dereferences, even those with address space qualifiers. The original
checker did not check null dereferences with address space qualifiers
for some reason. There's no reason to not consider all null
dereferences.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D122841

Files:
  clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
  clang/test/Analysis/cast-value-notes.cpp
  clang/test/Analysis/null-deref-ps.c
  clang/test/Analysis/nullptr.cpp

Index: clang/test/Analysis/nullptr.cpp
===================================================================
--- clang/test/Analysis/nullptr.cpp
+++ clang/test/Analysis/nullptr.cpp
@@ -160,16 +160,19 @@
 public:
   int x;
   ~AS1() {
-    int AS_ATTRIBUTE *x = 0;
-    *x = 3; // no-warning
+    int AS_ATTRIBUTE *x = 0; // expected-note{{'x' initialized to a null pointer value}}
+    *x = 3;                  // expected-warning{{Dereference of null pointer}}
+                             // expected-note@-1{{Dereference of null pointer}}
   }
 };
 void test_address_space_field_access() {
-  AS1 AS_ATTRIBUTE *pa = 0;
-  pa->x = 0; // no-warning
+  AS1 AS_ATTRIBUTE *pa = 0; // expected-note{{'pa' initialized to a null pointer value}}
+  pa->x = 0;                // expected-warning{{Access to field 'x' results in a dereference of a null pointer (loaded from variable 'pa')}}
+                            // expected-note@-1{{Access to field 'x' results in a dereference of a null pointer (loaded from variable 'pa')}}
 }
 void test_address_space_bind() {
-  AS1 AS_ATTRIBUTE *pa = 0;
-  AS1 AS_ATTRIBUTE &r = *pa;
+  AS1 AS_ATTRIBUTE *pa = 0;  // expected-note{{'pa' initialized to a null pointer value}}
+  AS1 AS_ATTRIBUTE &r = *pa; // expected-warning{{Dereference of null pointer}}
+                             // expected-note@-1{{Dereference of null pointer}}
   r.x = 0; // no-warning
 }
Index: clang/test/Analysis/null-deref-ps.c
===================================================================
--- clang/test/Analysis/null-deref-ps.c
+++ clang/test/Analysis/null-deref-ps.c
@@ -315,17 +315,17 @@
 #define AS_ATTRIBUTE volatile __attribute__((address_space(256)))
 #define _get_base() ((void * AS_ATTRIBUTE *)0)
 void* test_address_space_array(unsigned long slot) {
-  return _get_base()[slot]; // no-warning
+  return _get_base()[slot]; // expected-warning{{Array access results in a null pointer dereference}}
 }
 void test_address_space_condition(int AS_ATTRIBUTE *cpu_data) {
    if (cpu_data == 0) {
-    *cpu_data = 3; // no-warning
+     *cpu_data = 3; // expected-warning{{Dereference of null pointer}}
   }
 }
 struct X { int member; };
 int test_address_space_member(void) {
   struct X AS_ATTRIBUTE *data = (struct X AS_ATTRIBUTE *)0UL;
   int ret;
-  ret = data->member; // no-warning
+  ret = data->member; // expected-warning{{Access to field 'member' results in a dereference of a null pointer}}
   return ret;
 }
Index: clang/test/Analysis/cast-value-notes.cpp
===================================================================
--- clang/test/Analysis/cast-value-notes.cpp
+++ clang/test/Analysis/cast-value-notes.cpp
@@ -1,6 +1,6 @@
-// RUN: %clang_analyze_cc1 -std=c++14 \
-// RUN:  -analyzer-checker=core,apiModeling.llvm.CastValue,debug.ExprInspection\
-// RUN:  -analyzer-output=text -verify -DDEFAULT_TRIPLE %s 2>&1 | FileCheck %s -check-prefix=DEFAULT-CHECK
+// R UN: %clang_analyze_cc1 -std=c++14 \
+// R UN:  -analyzer-checker=core,apiModeling.llvm.CastValue,debug.ExprInspection\
+// R UN:  -analyzer-output=text -verify -DDEFAULT_TRIPLE %s 2>&1 | FileCheck %s -check-prefix=DEFAULT-CHECK
 //
 // RUN: %clang_analyze_cc1 -std=c++14 -triple amdgcn-unknown-unknown \
 // RUN: -analyzer-checker=core,apiModeling.llvm.CastValue,debug.ExprInspection\
@@ -50,6 +50,9 @@
 #elif defined(AMDGCN_TRIPLE)
 void evalReferences(const Shape &S) {
   const auto &C = dyn_cast<DEVICE Circle>(S);
+  // expected-note@-1 {{Assuming 'S' is not a 'Circle'}}
+  // expected-note@-2 {{Dereference of null pointer}}
+  // expected-warning@-3 {{Dereference of null pointer}}
   clang_analyzer_printState();
   // AMDGCN-CHECK: "dynamic_types": [
   // AMDGCN-CHECK-NEXT: { "region": "SymRegion{reg_$0<const struct clang::Shape & S>}", "dyn_type": "const __attribute__((address_space(3))) class clang::Circle &", "sub_classable": true }
Index: clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -109,11 +109,6 @@
   return E;
 }
 
-static bool suppressReport(const Expr *E) {
-  // Do not report dereferences on memory in non-default address spaces.
-  return E->getType().hasAddressSpace();
-}
-
 static bool isDeclRefExprToReference(const Expr *E) {
   if (const auto *DRE = dyn_cast<DeclRefExpr>(E))
     return DRE->getDecl()->getType()->isReferenceType();
@@ -209,8 +204,7 @@
   // Check for dereference of an undefined value.
   if (l.isUndef()) {
     const Expr *DerefExpr = getDereferenceExpr(S);
-    if (!suppressReport(DerefExpr))
-      reportBug(DerefKind::UndefinedPointerValue, C.getState(), DerefExpr, C);
+    reportBug(DerefKind::UndefinedPointerValue, C.getState(), DerefExpr, C);
     return;
   }
 
@@ -230,10 +224,8 @@
       // We know that 'location' can only be null.  This is what
       // we call an "explicit" null dereference.
       const Expr *expr = getDereferenceExpr(S);
-      if (!suppressReport(expr)) {
-        reportBug(DerefKind::NullPointer, nullState, expr, C);
-        return;
-      }
+      reportBug(DerefKind::NullPointer, nullState, expr, C);
+      return;
     }
 
     // Otherwise, we have the case where the location could either be
@@ -272,10 +264,8 @@
   if (StNull) {
     if (!StNonNull) {
       const Expr *expr = getDereferenceExpr(S, /*IsBind=*/true);
-      if (!suppressReport(expr)) {
-        reportBug(DerefKind::NullPointer, StNull, expr, C);
-        return;
-      }
+      reportBug(DerefKind::NullPointer, StNull, expr, C);
+      return;
     }
 
     // At this point the value could be either null or non-null.

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D122841: [analyzer] Consider all addrspaces in null dereference check

Reply via email to