from:"Pavel Skripkin via cfe\-commits"

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-15 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > I think APINotes support attributes on param declarations Hm, cannot find it, but anyway will check if it's possible to extend APINotes. Thanks! https://github.com/llvm/llvm-project/pull/111588 ___ cfe-commits mailing list cfe-commit

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-14 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > Make the check recognize the syscalls and consider them annotated. I guess, this may confuse checker more, since not all syscalls actually consume handles. I will try and share my results =) Thanks! https://github.com/llvm/llvm-project/pull/111588

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-14 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > Is the problem that some calls cannot be annotated or is the problem that the > inlined bodies often have coding patterns that are to complicated for the > analyzer to understand? Oh, sorry I missed that comment. The problem in our code is that function that releases a handl

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-14 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > This is the main problem with evalCall, it does not really compose. I get it, but it seems very unlikely... Anyway, I don't have strong opinion, I just want to fix annoying false positives with ctu =) https://github.com/llvm/llvm-project/pull/111588 ___

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-14 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > I'd love to better understand what is the root cause for these weird > diagnostics when the functions are inlined The problem was in `if (C.wasInlined)` logic in old version. So checker was not modeling all inlined functions. If we drop that check and just allow modeling inli

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-13 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111588 >From a3805292ea37cf06d1cf227768034b30a42a685f Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Mon, 7 Oct 2024 23:01:24 +0300 Subject: [PATCH 1/6] wip: initial versio --- .../Checkers/FuchsiaHandleChecker.

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-10 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111588 >From a3805292ea37cf06d1cf227768034b30a42a685f Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Mon, 7 Oct 2024 23:01:24 +0300 Subject: [PATCH 1/6] wip: initial versio --- .../Checkers/FuchsiaHandleChecker.

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/111588 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111588 >From a3805292ea37cf06d1cf227768034b30a42a685f Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Mon, 7 Oct 2024 23:01:24 +0300 Subject: [PATCH 1/6] wip: initial versio --- .../Checkers/FuchsiaHandleChecker.

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

@@ -314,6 +329,193 @@ getFuchsiaHandleSymbols(QualType QT, SVal Arg, ProgramStateRef State) { return {}; } +FuchsiaHandleChecker::Note FuchsiaHandleChecker::createNote( +SymbolRef Sym, +std::function Message) const { + return [Sym, Message](BugReport &BR) -> std::s

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111588 >From a3805292ea37cf06d1cf227768034b30a42a685f Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Mon, 7 Oct 2024 23:01:24 +0300 Subject: [PATCH 1/5] wip: initial versio --- .../Checkers/FuchsiaHandleChecker.

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

@@ -314,6 +449,127 @@ getFuchsiaHandleSymbols(QualType QT, SVal Arg, ProgramStateRef State) { return {}; } +bool FuchsiaHandleChecker::needsInvalidate(const CallEvent &Call) const { + const FunctionDecl *FuncDecl = dyn_cast_or_null(Call.getDecl()); + + assert(FuncDecl &&

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

@@ -267,12 +286,128 @@ class FuchsiaHandleSymbolVisitor final : public SymbolVisitor { private: SmallVector Symbols; }; + +class FuchsiaBugVisitor final : public BugReporterVisitor { + // Handle that caused a problem. + SymbolRef Sym; + + bool IsLeak; + +public: + Fuchsi

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

@@ -99,6 +99,7 @@ #include "clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/Progr

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111588 >From a3805292ea37cf06d1cf227768034b30a42a685f Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Mon, 7 Oct 2024 23:01:24 +0300 Subject: [PATCH 1/4] wip: initial versio --- .../Checkers/FuchsiaHandleChecker.

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

@@ -336,141 +592,55 @@ void FuchsiaHandleChecker::checkPreCall(const CallEvent &Call, SmallVector Handles = getFuchsiaHandleSymbols(PVD->getType(), Call.getArgSVal(Arg), State); -// Handled in checkPostCall. -if (hasFuchsiaAttr(PVD) || -hasFuchsiaA

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-09 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > In general, bug reporter visitors are complex tools that are good for complex > situations where you want to find arbitrary complicated patterns in the bug > report path, but should be avoided in simpler cases. Aha, Ok. I just saw it in various easy checkers like `ValistChecke

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-08 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: CI again looks unrelated ``` | Failed Tests (1): | LLVM :: Transforms/InstCombine/and-or-icmps.ll ``` https://github.com/llvm/llvm-project/pull/111588 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/c

[clang] [analyzer] Modernize FuchsiaHandleChecker (PR #111588)

2024-10-08 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/111588 This PR modernizes FuchsiaHandleChecker to fix real-world problem. Previous checker logic was modeling handles via `checkPreCall` and `checkPostCall`, which doesn't work well for CTU, since function body gets i

[clang] [analyzer] Fix wrong `builtin_*_overflow` return type (PR #111253)

2024-10-05 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: CI looks unrelated ``` bk;t=1728134304433Failed Tests (1): _bk;t=1728134304433 LLVM :: Transforms/InstCombine/and-or-icmps.ll ``` Should I re-trigger it just in case? https://github.com/llvm/llvm-project/pull/111253 ___ cfe-commi

[clang] [analyzer] Fix wrong `builtin_*_overflow` return type (PR #111253)

2024-10-05 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/111253 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Fix wrong `builtin_*_overflow` return type (PR #111253)

2024-10-05 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/111253 >From 4f5fc3e12747064b35c490e510c63702afc8a800 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Sat, 5 Oct 2024 15:58:15 +0300 Subject: [PATCH 1/2] clang/csa: fix wrong __builtin_*_overflow return type ---

[clang] [analyzer] Fix wrong `builtin_*_overflow` return type (PR #111253)

2024-10-05 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/111253 `builtin_*_overflow` functions return `_Bool` according to [1]. `BuiltinFunctionChecker` was using `makeTruthVal` for return type, which creates an `int` value, since it's the type of any compassion according t

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-10-04 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag closed https://github.com/llvm/llvm-project/pull/109838 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-10-04 Thread Pavel Skripkin via cfe-commits

@@ -40,7 +42,19 @@ void testInlineAsmMemcpyUninit(void) { int a[10], b[10] = {}, c; MyMemcpy(&a[1], &b[1], sizeof(b) - sizeof(b[1])); -c = a[0]; // expected-warning{{Assigned value is garbage or undefined}} +c = a[0]; // FIXME: should be warning about uninitiali

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-10-04 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/109838 >From dbec0e8368157684f9efc63a556037ba31d5f2ea Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 24 Sep 2024 20:18:30 +0300 Subject: [PATCH 1/3] clang/csa: use invalidateRegions() in VisitGCCAsmStmt ---

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-10-02 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 01/12] clang/csa: add initial support for builtin overflow ---

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-10-02 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Ah, this dangling reference to rvalue... I do remember why I bind `get{Min, Max}Value` to locals -- `ConcreteInt` takes a reference to `APSInt`, so it's not possible to pass result of these calls directly to constructor. https://github.com/llvm/llvm-project/pull/102602 _

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-10-02 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 01/11] clang/csa: add initial support for builtin overflow ---

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-28 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: gentle ping https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Suppress out of bounds reports after weak loop assumptions (PR #109804)

2024-09-27 Thread Pavel Skripkin via cfe-commits

=?utf-8?q?Donát?= Nagy Message-ID: In-Reply-To: pskrgag wrote: I didn't have a chance to look into details, but I'd like to share that FP rate is MUCH lower with this patch applied. On real (proprietary) code base I see about 95% less `ArrayBoundV2` reports and, I hope, we will be able to

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-26 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > Looks correct to me. > Btw, do you think the invalidation should cause pointer escape? I have no > opinion. I rarely use this api. Wdyt? Maybe @NagyDonat or @Szelethus have an opinion on that https://github.com/llvm/llvm-project/pull/109838

[clang] [analyzer] [MallocChecker] Assume functions with `ownership_returns` return unknown memory (PR #110115)

2024-09-26 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag closed https://github.com/llvm/llvm-project/pull/110115 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] Assume functions with `ownership_returns` return unknown memory (PR #110115)

2024-09-26 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/110115 There is no good way to tell CSA if function with `ownership_returns` attribute returns initialized or not initialized memory. To make FP rate lower, let's assume that memory returned from such functions is un

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-24 Thread Pavel Skripkin via cfe-commits

@@ -40,7 +42,19 @@ void testInlineAsmMemcpyUninit(void) { int a[10], b[10] = {}, c; MyMemcpy(&a[1], &b[1], sizeof(b) - sizeof(b[1])); -c = a[0]; // expected-warning{{Assigned value is garbage or undefined}} +c = a[0]; // FIXME: should be warning about uninitiali

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-24 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/109838 >From dbec0e8368157684f9efc63a556037ba31d5f2ea Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 24 Sep 2024 20:18:30 +0300 Subject: [PATCH 1/2] clang/csa: use invalidateRegions() in VisitGCCAsmStmt ---

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-24 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Hm, in this particular case, I think, escaping does make sense, since we don't know what's going on inside inline assembly block. https://github.com/llvm/llvm-project/pull/109838 ___ cfe-commits mailing list cfe-commits@lists.llvm.org h

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-24 Thread Pavel Skripkin via cfe-commits

@@ -40,7 +42,19 @@ void testInlineAsmMemcpyUninit(void) { int a[10], b[10] = {}, c; MyMemcpy(&a[1], &b[1], sizeof(b) - sizeof(b[1])); -c = a[0]; // expected-warning{{Assigned value is garbage or undefined}} +c = a[0]; // FIXME: should be warning about uninitiali

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-24 Thread Pavel Skripkin via cfe-commits

@@ -40,7 +42,19 @@ void testInlineAsmMemcpyUninit(void) { int a[10], b[10] = {}, c; MyMemcpy(&a[1], &b[1], sizeof(b) - sizeof(b[1])); -c = a[0]; // expected-warning{{Assigned value is garbage or undefined}} +c = a[0]; // FIXME: should be warning about uninitiali

[clang] [analyzer] use `invalidateRegions()` in `VisitGCCAsmStmt` (PR #109838)

2024-09-24 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/109838 Since b1e4656e8ee3289dc5f3139fc8eb33152f96bfe6 it's possible to pass `Stmt` into `invalidateRegions`(). Use it in `VisitGCCAsmStmt` to invalidate regions passed as in and out arguments for inline assembly. Th

[clang] [NFC] [analyzer] Make `invalidateRegions` accept `Stmt` instead of `Expr` (PR #109792)

2024-09-24 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Hm, that looks very unrelated. > Memory access fault by GPU node-1 (Agent handle: 0x5613bf3d5ac0) on address > (nil). Reason: Page not present or supervisor privilege. https://github.com/llvm/llvm-project/pull/109792 ___ cfe-commits m

[clang] [NFC] [analyzer] Make `invalidateRegions` accept `Stmt` instead of `Expr` (PR #109792)

2024-09-24 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/109792 >From 16034884baf76bf60394423884e6c6b6cb6ae3f1 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 24 Sep 2024 15:31:11 +0300 Subject: [PATCH 1/4] clang/csa: change Expr to Stmt in invalidateRegions --- .

[clang] [NFC] [analyzer] Make `invalidateRegions` accept `Stmt` instead of `Expr` (PR #109792)

2024-09-24 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/109792 >From 16034884baf76bf60394423884e6c6b6cb6ae3f1 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 24 Sep 2024 15:31:11 +0300 Subject: [PATCH 1/3] clang/csa: change Expr to Stmt in invalidateRegions --- .

[clang] [NFC] [analyzer] Make `invalidateRegions` accept `Stmt` instead of `Expr` (PR #109792)

2024-09-24 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/109792 >From 16034884baf76bf60394423884e6c6b6cb6ae3f1 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 24 Sep 2024 15:31:11 +0300 Subject: [PATCH 1/2] clang/csa: change Expr to Stmt in invalidateRegions --- .

[clang] [NFC] [analyzer] Make `invalidateRegions` accept `Stmt` instead of `Expr` (PR #109792)

2024-09-24 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/109792 As was reported [here](https://github.com/llvm/llvm-project/pull/103714#pullrequestreview-2238037812), `invalidateRegions` should accept `Stmt` instead of `Expr`. This conversion is possible, since `Expr` was

[clang] [analyzer] [MallocChecker] Fix Store modification in `checkPreCall` (PR #109337)

2024-09-19 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/109337 This is small follow-up for #106081 While trying to add sanity check for `Enviroment` and `Store` being consistent during `checkPostCall` and `checkPreCall` I found out that `MallocChecker` still violates that

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-16 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag closed https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-16 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Oh, thank you for suggestion! Seems like got access. So I will push this pr to test if it works. Thank you =) https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.or

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-16 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Thank you for review! No, I don't have https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-16 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: sorry to bother, but seems like this pr is stalled for 2 weeks https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-09-14 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > LGTM, feel free to merge this patch. Thank you for review! I have no rights to push to llvm-project. So you can merge if you think it's good time to do so =) https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing li

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-12 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 01/10] clang/csa: add initial support for builtin overflow ---

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-12 Thread Pavel Skripkin via cfe-commits

@@ -16,21 +16,93 @@ #include "clang/Basic/Builtins.h" #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" +#include "clang/StaticAnalyzer/Checkers/Taint.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h"

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-11 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Hello! Is there anything else that stops this PR? Thanks! https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits

@@ -3,6 +3,9 @@ int clang_analyzer_eval(int); pskrgag wrote: fixed, thanks! https://github.com/llvm/llvm-project/pull/107572 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/m

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/107572 >From 0e8db855a1bde0692260f5aa26c245328a358a50 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 6 Sep 2024 15:15:52 +0300 Subject: [PATCH 1/4] clang/csa: fix crash on bind to symbolic region with void *

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: added missing declarations. should fix the CI https://github.com/llvm/llvm-project/pull/107572 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/107572 >From 0e8db855a1bde0692260f5aa26c245328a358a50 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 6 Sep 2024 15:15:52 +0300 Subject: [PATCH 1/3] clang/csa: fix crash on bind to symbolic region with void *

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-08 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: CC @steakhal @NagyDonat https://github.com/llvm/llvm-project/pull/107572 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-06 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/107572 As reported in https://github.com/llvm/llvm-project/pull/103714#issuecomment-2295769193. CSA crashes on trying to bind value to symbolic region with `void *`. This happens when such region gets passed as inlin

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-03 Thread Pavel Skripkin via cfe-commits

@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-03 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/9] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-03 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/6] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-03 Thread Pavel Skripkin via cfe-commits

@@ -3648,35 +3655,54 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-03 Thread Pavel Skripkin via cfe-commits

@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-02 Thread Pavel Skripkin via cfe-commits

@@ -3648,35 +3652,53 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-02 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/5] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-02 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/8] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-02 Thread Pavel Skripkin via cfe-commits

@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-02 Thread Pavel Skripkin via cfe-commits

@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-01 Thread Pavel Skripkin via cfe-commits

@@ -0,0 +1,157 @@ +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \ +// RUN: -analyzer-checker=core,debug.ExprInspection + +#define __UINT_MAX__ (__INT_MAX__ * 2U + 1U) +#define __INT_MIN__ (-__INT_MAX__ - 1) + +void clang_analyzer_dump_int(int); +void cla

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-31 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: gentle ping https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/4] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/3] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits

@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-30 Thread Pavel Skripkin via cfe-commits

@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-30 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: > To me, a switch from eval-call to post-call should be NFC for the most part. It is, but it causes `MallocChecker` to no longer look into body of the functions, because of `evalCall` semantics, which is breaking change. So I am not quite sure how to split this PR into two

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-30 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-30 Thread Pavel Skripkin via cfe-commits

@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-29 Thread Pavel Skripkin via cfe-commits

@@ -58,14 +60,14 @@ void testFreeOpNew() { void *p = operator new(0); free(p); // mismatch-warning@-1{{Memory allocated by 'operator new' should be deallocated by 'delete', not 'free()'}} -} // leak-warning{{Potential leak of memory pointed to by 'p'}} +} ---

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-29 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: seems patch got lost CC: @steakhal @NagyDonat https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag ready_for_review https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Since all pipelines has successfully finished, I am changing state to normal pr https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: Thank you so much for review! After invalidating location in `FreeMemAux` everything started working as it should. Also changed `getConjuredHeapSymbolVal` to return `DefinedSVal`. https://github.com/llvm/llvm-project/pull/106081 ___ cf

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/106081 >From 82e3d871766b132d0ce0b9e8e74371d8598d2431 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 6 Aug 2024 19:12:01 +0300 Subject: [PATCH 1/4] wip --- .../Core/PathSensitive/DynamicExtent.h|

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

@@ -2815,7 +2906,7 @@ MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call, // Get the from and to pointer symbols as in toPtr = realloc(fromPtr, size). SymbolRef FromPtr = arg0Val.getLocSymbolInBase(); -SVal RetVal = C.getSVal(CE); +SVal Ret

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family); } +ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C, +

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family); } +ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C, +

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits

@@ -67,19 +67,6 @@ void testGlobalNoThrowPlacementExprNewBeforeOverload() { int *p = new(std::nothrow) int; } // leak-warning{{Potential leak of memory pointed to by 'p'}} -//- Standard pointer placement operators -void testGlobalPointerPlacementNew() {

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-26 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [WIP] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-26 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: So I just wanted to share progress on this. I have only 2 failing tests now: ``` Clang :: Analysis/NewDelete+MismatchedDeallocator_intersections.cpp Clang :: Analysis/NewDelete-intersections.m ``` The problem with those is that now CSA reports read of undefined value obtained

[clang] [WIP] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-26 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag converted_to_draft https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [WIP] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-26 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/106081 PR refactors `MallocChecker` to not violate invariant of `BindExpr`, which should be called only during `evalCall` to avoid conflicts. To achieve this, most of `postCall` logic was moved to `evalCall` with addi

[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

2024-08-19 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: This is tricky one. So crash happens in `getElementRegion`, since we try to bind to first element of the symbolic region with type `void`. Why did inline asm input become symbolic? Since on input there is a Lvalue -> Rvalue cast, CSA invokes `evalCast` and then inside `Reg

[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

2024-08-19 Thread Pavel Skripkin via cfe-commits

pskrgag wrote: @mikaelholmen Thanks for the report! Will take a look today later. https://github.com/llvm/llvm-project/pull/103714 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-16 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/2] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-16 Thread Pavel Skripkin via cfe-commits

@@ -0,0 +1,80 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s +// + +typedef unsigned long size_t; + +typedef enum memory_order { + memory_order_relaxed = __ATOMIC_RELAXED, +} memory_order; + +void *calloc(size_t, size_t); +void free(void *); + +struc

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-16 Thread Pavel Skripkin via cfe-commits

https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/104599 Current MalloChecker logic suppresses FP caused by refcounting only for C++ destructors. The same pattern occurs a lot in C in objects with intrusive refcounting. See #104229 for code example. To extend curren

1 2 >

1 - 100 of 172 matches

Mail list logo