vrnithinkumar updated this revision to Diff 286868.
vrnithinkumar added a comment.
- Add assignment to nullptr case
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D86293/new/
https://reviews.llvm.org/D86293
Files:
clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
clang/test/Analysis/Inputs/system-header-simulator-cxx.h
clang/test/Analysis/smart-ptr-text-output.cpp
clang/test/Analysis/smart-ptr.cpp
Index: clang/test/Analysis/smart-ptr.cpp
===================================================================
--- clang/test/Analysis/smart-ptr.cpp
+++ clang/test/Analysis/smart-ptr.cpp
@@ -215,8 +215,7 @@
std::unique_ptr<A> P;
std::unique_ptr<A> Q;
Q = std::move(P);
- // TODO: Fix test with expecting warning after '=' operator overloading modeling.
- Q->foo(); // no-warning
+ Q->foo(); // expected-warning {{Dereference of null smart pointer 'Q' [alpha.cplusplus.SmartPtr]}}
}
}
@@ -252,3 +251,61 @@
P->foo(); // No warning.
PValid->foo(); // No warning.
}
+
+void derefOnMovedFromValidPtr() {
+ std::unique_ptr<A> PToMove(new A());
+ std::unique_ptr<A> P;
+ P = std::move(PToMove);
+ PToMove->foo(); // expected-warning {{Dereference of null smart pointer 'PToMove' [alpha.cplusplus.SmartPtr]}}
+}
+
+void derefOnMovedToNullPtr() {
+ std::unique_ptr<A> PToMove(new A());
+ std::unique_ptr<A> P;
+ P = std::move(PToMove); // No note.
+ P->foo(); // No warning.
+}
+
+void derefOnNullPtrGotMovedFromValidPtr() {
+ std::unique_ptr<A> P(new A());
+ std::unique_ptr<A> PToMove;
+ P = std::move(PToMove);
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+}
+
+void derefOnMovedFromUnknownPtr(std::unique_ptr<A> PToMove) {
+ std::unique_ptr<A> P;
+ P = std::move(PToMove);
+ P->foo(); // No warning.
+}
+
+void derefOnMovedUnknownPtr(std::unique_ptr<A> PToMove) {
+ std::unique_ptr<A> P;
+ P = std::move(PToMove);
+ PToMove->foo(); // expected-warning {{Dereference of null smart pointer 'PToMove' [alpha.cplusplus.SmartPtr]}}
+}
+
+void derefOnAssignedNullPtrToNullSmartPtr() {
+ std::unique_ptr<A> P;
+ P = nullptr;
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+}
+
+void derefOnAssignedZeroToNullSmartPtr() {
+ std::unique_ptr<A> P(new A());
+ P = 0;
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+}
+
+void derefOnAssignedNullToUnknowSmartPtr(std::unique_ptr<A> P) {
+ P = nullptr;
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+}
+
+std::unique_ptr<A> &&returnRValRefOfUniquePtr();
+
+void drefOnAssignedNullFromMethodPtrValidSmartPtr() {
+ std::unique_ptr<A> P(new A());
+ P = returnRValRefOfUniquePtr();
+ P->foo(); // No warning.
+}
Index: clang/test/Analysis/smart-ptr-text-output.cpp
===================================================================
--- clang/test/Analysis/smart-ptr-text-output.cpp
+++ clang/test/Analysis/smart-ptr-text-output.cpp
@@ -80,7 +80,7 @@
void derefOnStdSwappedNullPtr() {
std::unique_ptr<A> P; // expected-note {{Default constructed smart pointer 'P' is null}}
std::unique_ptr<A> PNull; // expected-note {{Default constructed smart pointer 'PNull' is null}}
- std::swap(P, PNull); // expected-note@Inputs/system-header-simulator-cxx.h:978 {{Swapped null smart pointer 'PNull' with smart pointer 'P'}}
+ std::swap(P, PNull); // expected-note@Inputs/system-header-simulator-cxx.h:979 {{Swapped null smart pointer 'PNull' with smart pointer 'P'}}
// expected-note@-1 {{Calling 'swap<A>'}}
// expected-note@-2 {{Returning from 'swap<A>'}}
P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
@@ -109,10 +109,49 @@
// expected-note@-1{{Dereference of null smart pointer 'P'}}
}
-void noNoteTagsForNonMatchingBugType() {
- std::unique_ptr<A> P; // No note.
- std::unique_ptr<A> P1; // No note.
- P1 = std::move(P); // expected-note {{Smart pointer 'P' of type 'std::unique_ptr' is reset to null when moved from}}
- P->foo(); // expected-warning {{Dereference of null smart pointer 'P' of type 'std::unique_ptr' [cplusplus.Move]}}
- // expected-note@-1 {{Dereference of null smart pointer 'P' of type 'std::unique_ptr'}}
+void derefOnMovedFromValidPtr() {
+ std::unique_ptr<A> PToMove(new A()); // expected-note {{Smart pointer 'PToMove' is constructed}}
+ // FIXME: above note should go away once we fix marking region not interested.
+ std::unique_ptr<A> P;
+ P = std::move(PToMove); // expected-note {{Smart pointer 'PToMove' is null after moved to 'P'}}
+ PToMove->foo(); // expected-warning {{Dereference of null smart pointer 'PToMove' [alpha.cplusplus.SmartPtr]}}
+ // expected-note@-1 {{Dereference of null smart pointer 'PToMove'}}
+}
+
+void derefOnMovedToNullPtr() {
+ std::unique_ptr<A> PToMove(new A());
+ std::unique_ptr<A> P;
+ P = std::move(PToMove); // No note.
+ P->foo(); // No warning.
+}
+
+void derefOnNullPtrGotMovedFromValidPtr() {
+ std::unique_ptr<A> P(new A()); // expected-note {{Smart pointer 'P' is constructed}}
+ // FIXME: above note should go away once we fix marking region not interested.
+ std::unique_ptr<A> PToMove; // expected-note {{Default constructed smart pointer 'PToMove' is null}}
+ P = std::move(PToMove); // expected-note {{Smart pointer 'P' is null after a null value moved from 'PToMove'}}
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+ // expected-note@-1 {{Dereference of null smart pointer 'P'}}
+}
+
+void derefOnMovedUnknownPtr(std::unique_ptr<A> PToMove) {
+ std::unique_ptr<A> P;
+ P = std::move(PToMove); // expected-note {{Smart pointer 'PToMove' is null after moved and assigned to 'P'}}
+ PToMove->foo(); // expected-warning {{Dereference of null smart pointer 'PToMove' [alpha.cplusplus.SmartPtr]}}
+ // expected-note@-1 {{Dereference of null smart pointer 'PToMove'}}
+}
+
+void derefOnAssignedNullPtrToNullSmartPtr() {
+ std::unique_ptr<A> P; // expected-note {{Default constructed smart pointer 'P' is null}}
+ P = nullptr; // expected-note {{Smart pointer 'P' is assigned to null}}
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+ // expected-note@-1 {{Dereference of null smart pointer 'P'}}
+}
+
+void derefOnAssignedZeroToNullSmartPtr() {
+ std::unique_ptr<A> P(new A()); // expected-note {{Smart pointer 'P' is constructed}}
+ // FIXME: above note should go away once we fix marking region not interested.
+ P = 0; // expected-note {{Smart pointer 'P' is assigned to null}}
+ P->foo(); // expected-warning {{Dereference of null smart pointer 'P' [alpha.cplusplus.SmartPtr]}}
+ // expected-note@-1 {{Dereference of null smart pointer 'P'}}
}
Index: clang/test/Analysis/Inputs/system-header-simulator-cxx.h
===================================================================
--- clang/test/Analysis/Inputs/system-header-simulator-cxx.h
+++ clang/test/Analysis/Inputs/system-header-simulator-cxx.h
@@ -970,6 +970,7 @@
T *operator->() const noexcept;
operator bool() const noexcept;
unique_ptr<T> &operator=(unique_ptr<T> &&p) noexcept;
+ unique_ptr<T> &operator=(nullptr_t) noexcept;
};
// TODO :: Once the deleter parameter is added update with additional template parameter.
Index: clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
+++ clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp
@@ -56,6 +56,7 @@
void handleReset(const CallEvent &Call, CheckerContext &C) const;
void handleRelease(const CallEvent &Call, CheckerContext &C) const;
void handleSwap(const CallEvent &Call, CheckerContext &C) const;
+ bool handleEqOp(const CallEvent &Call, CheckerContext &C) const;
using SmartPtrMethodHandlerFn =
void (SmartPtrModeling::*)(const CallEvent &Call, CheckerContext &) const;
@@ -132,7 +133,6 @@
bool SmartPtrModeling::evalCall(const CallEvent &Call,
CheckerContext &C) const {
-
ProgramStateRef State = C.getState();
if (!smartptr::isStdSmartPtrCall(Call))
return false;
@@ -204,6 +204,9 @@
return true;
}
+ if (handleEqOp(Call, C))
+ return true;
+
const SmartPtrMethodHandlerFn *Handler = SmartPtrMethodHandlers.lookup(Call);
if (!Handler)
return false;
@@ -345,6 +348,86 @@
}));
}
+bool SmartPtrModeling::handleEqOp(const CallEvent &Call,
+ CheckerContext &C) const {
+ ProgramStateRef State = C.getState();
+ const auto *OC = dyn_cast<CXXMemberOperatorCall>(&Call);
+ if (!OC)
+ return false;
+ OverloadedOperatorKind OOK = OC->getOverloadedOperator();
+ if (OOK != OO_Equal)
+ return false;
+ const MemRegion *ThisRegion = OC->getCXXThisVal().getAsRegion();
+ if (!ThisRegion)
+ return false;
+
+ const MemRegion *ArgRegion = OC->getArgSVal(0).getAsRegion();
+ // In case of 'nullptr' or '0' assigned
+ if (!ArgRegion) {
+ bool AssignedNull = Call.getArgSVal(0).isZeroConstant();
+ if (!AssignedNull)
+ return false;
+ auto NullVal = C.getSValBuilder().makeNull();
+ State = State->set<TrackedRegionMap>(ThisRegion, NullVal);
+ C.addTransition(State, C.getNoteTag([ThisRegion](PathSensitiveBugReport &BR,
+ llvm::raw_ostream &OS) {
+ if (&BR.getBugType() != smartptr::getNullDereferenceBugType() ||
+ !BR.isInteresting(ThisRegion))
+ return;
+ OS << "Smart pointer ";
+ ThisRegion->printPretty(OS);
+ OS << " is assigned to null";
+ }));
+ return true;
+ }
+
+ const auto *ArgRegionVal = State->get<TrackedRegionMap>(ArgRegion);
+ if (ArgRegionVal) {
+ State = State->set<TrackedRegionMap>(ThisRegion, *ArgRegionVal);
+ auto NullVal = C.getSValBuilder().makeNull();
+ State = State->set<TrackedRegionMap>(ArgRegion, NullVal);
+ bool IsArgValNull = ArgRegionVal->isZeroConstant();
+
+ C.addTransition(State, C.getNoteTag([ThisRegion, ArgRegion, IsArgValNull](
+ PathSensitiveBugReport &BR,
+ llvm::raw_ostream &OS) {
+ if (&BR.getBugType() != smartptr::getNullDereferenceBugType())
+ return;
+ if (BR.isInteresting(ArgRegion)) {
+ OS << "Smart pointer ";
+ ArgRegion->printPretty(OS);
+ OS << " is null after moved to ";
+ ThisRegion->printPretty(OS);
+ }
+ if (BR.isInteresting(ThisRegion) && IsArgValNull) {
+ OS << "Smart pointer ";
+ ThisRegion->printPretty(OS);
+ OS << " is null after a null value moved from ";
+ ArgRegion->printPretty(OS);
+ BR.markInteresting(ArgRegion);
+ }
+ }));
+ } else {
+ // In case we dont know anything about value we are moving from
+ // remove the entry from map for which smart pointer got moved to.
+ auto NullVal = C.getSValBuilder().makeNull();
+ State = State->remove<TrackedRegionMap>(ThisRegion);
+ State = State->set<TrackedRegionMap>(ArgRegion, NullVal);
+ C.addTransition(
+ State, C.getNoteTag([ArgRegion, ThisRegion](PathSensitiveBugReport &BR,
+ llvm::raw_ostream &OS) {
+ if (&BR.getBugType() != smartptr::getNullDereferenceBugType() ||
+ !BR.isInteresting(ArgRegion))
+ return;
+ OS << "Smart pointer ";
+ ArgRegion->printPretty(OS);
+ OS << " is null after moved and assigned to ";
+ ThisRegion->printPretty(OS);
+ }));
+ }
+ return true;
+}
+
void ento::registerSmartPtrModeling(CheckerManager &Mgr) {
auto *Checker = Mgr.registerChecker<SmartPtrModeling>();
Checker->ModelSmartPtrDereference =
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
