[clang] [llvm] Reapply "[analyzer] Accept C library functions from the `std` namespace" (#84926) (PR #84963)

[Balazs Benics via cfe-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/84963

Relands PR #84926, after resolving use-after-free of the AST of the unittest xD
Pretty silly bug, I must admit.

>From a88c479c8c1141af65887829e27194b2715ebfb2 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Tue, 12 Mar 2024 18:24:26 +0100
Subject: [PATCH 1/2] Reapply "[analyzer] Accept C library functions from the
 `std` namespace" (#84926)

This reverts commit f32b04d4ea91ad1018c25a1d4178cc4392d34968.
---
 .../Core/PathSensitive/CallDescription.h  |  8 +-
 .../StaticAnalyzer/Core/CheckerContext.cpp|  8 +-
 clang/unittests/StaticAnalyzer/CMakeLists.txt |  1 +
 .../StaticAnalyzer/IsCLibraryFunctionTest.cpp | 89 +++
 .../clang/unittests/StaticAnalyzer/BUILD.gn   |  1 +
 5 files changed, 98 insertions(+), 9 deletions(-)
 create mode 100644 clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp

diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h
index 3432d2648633c2..b4e1636130ca7c 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h
@@ -41,12 +41,8 @@ class CallDescription {
 ///  - We also accept calls where the number of arguments or parameters is
 ///greater than the specified value.
 /// For the exact heuristics, see CheckerContext::isCLibraryFunction().
-/// Note that functions whose declaration context is not a TU (e.g.
-/// methods, functions in namespaces) are not accepted as C library
-/// functions.
-/// FIXME: If I understand it correctly, this discards calls where C++ code
-/// refers a C library function through the namespace `std::` via headers
-/// like .
+/// (This mode only matches functions that are declared either directly
+/// within a TU or in the namespace `std`.)
 CLibrary,
 
 /// Matches "simple" functions that are not methods. (Static methods are
diff --git a/clang/lib/StaticAnalyzer/Core/CheckerContext.cpp 
b/clang/lib/StaticAnalyzer/Core/CheckerContext.cpp
index d6d4cec9dd3d4d..1a9bff529e9bb1 100644
--- a/clang/lib/StaticAnalyzer/Core/CheckerContext.cpp
+++ b/clang/lib/StaticAnalyzer/Core/CheckerContext.cpp
@@ -87,9 +87,11 @@ bool CheckerContext::isCLibraryFunction(const FunctionDecl 
*FD,
   if (!II)
 return false;
 
-  // Look through 'extern "C"' and anything similar invented in the future.
-  // If this function is not in TU directly, it is not a C library function.
-  if (!FD->getDeclContext()->getRedeclContext()->isTranslationUnit())
+  // C library functions are either declared directly within a TU (the common
+  // case) or they are accessed through the namespace `std` (when they are used
+  // in C++ via headers like ).
+  const DeclContext *DC = FD->getDeclContext()->getRedeclContext();
+  if (!(DC->isTranslationUnit() || DC->isStdNamespace()))
 return false;
 
   // If this function is not externally visible, it is not a C library 
function.
diff --git a/clang/unittests/StaticAnalyzer/CMakeLists.txt 
b/clang/unittests/StaticAnalyzer/CMakeLists.txt
index 775f0f8486b8f9..db56e77331b821 100644
--- a/clang/unittests/StaticAnalyzer/CMakeLists.txt
+++ b/clang/unittests/StaticAnalyzer/CMakeLists.txt
@@ -11,6 +11,7 @@ add_clang_unittest(StaticAnalysisTests
   CallEventTest.cpp
   ConflictingEvalCallsTest.cpp
   FalsePositiveRefutationBRVisitorTest.cpp
+  IsCLibraryFunctionTest.cpp
   NoStateChangeFuncVisitorTest.cpp
   ParamRegionTest.cpp
   RangeSetTest.cpp
diff --git a/clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp 
b/clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp
new file mode 100644
index 00..19c66cc6bee1eb
--- /dev/null
+++ b/clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp
@@ -0,0 +1,89 @@
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/Analysis/AnalysisDeclContext.h"
+#include "clang/Frontend/ASTUnit.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/Tooling/Tooling.h"
+#include "gtest/gtest.h"
+
+#include 
+
+using namespace clang;
+using namespace ento;
+using namespace ast_matchers;
+
+testing::AssertionResult extractFunctionDecl(StringRef Code,
+ const FunctionDecl *&Result) {
+  auto ASTUnit = tooling::buildASTFromCode(Code);
+  if (!ASTUnit)
+return testing::AssertionFailure() << "AST construction failed";
+
+  ASTContext &Context = ASTUnit->getASTContext();
+  if (Context.getDiagnostics().hasErrorOccurred())
+return testing::AssertionFailure() << "Compilation error";
+
+  auto Matches = ast_matchers::match(functionDecl().bind("fn"), Context);
+  if (Matches.empty())
+return testing::AssertionFailure() << "No function declaration found";
+
+  if (Matches.size() > 1)
+return 

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,Balazs Benics
 ,NagyDonat 
Message-ID:
In-Reply-To: 


steakhal wrote:

Thanks!
Indeed, it looks like valgrind also complains:
```
[ RUN  ] IsCLibraryFunctionTest.AcceptsGlobal
==999215== Invalid read of size 1
==999215==at 0x15420D0: hasAttrs (DeclBase.h:523)
==999215==by 0x15420D0: getAttr (DeclBase.h:579)
==999215==by 0x15420D0: clang::FunctionDecl::getBuiltinID(bool) const 
(???:3597)
==999215==by 0x1D20BE0: 
clang::ento::CheckerContext::isCLibraryFunction(clang::FunctionDecl const*, 
llvm::StringRef) (../../clang/lib/StaticAnalyzer/Core/CheckerContext.cpp:54)
==999215==by 0x117DACC: 
IsCLibraryFunctionTest_AcceptsGlobal_Test::TestBody() 
(../../clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp:40)
==999215==by 0x12D9778: HandleExceptionsInMethodIfSupported (gtest.cc:0)
==999215==by 0x12D9778: testing::Test::Run() (gtest.cc:2687)
==999215==by 0x12DAB6D: testing::TestInfo::Run() (gtest.cc:2836)
==999215==by 0x12DBE84: testing::TestSuite::Run() (gtest.cc:3015)
==999215==by 0x12EAA3D: testing::internal::UnitTestImpl::RunAllTests() 
(gtest.cc:5920)
==999215==by 0x12E9E6E: 
HandleExceptionsInMethodIfSupported 
(gtest.cc:0)
==999215==by 0x12E9E6E: testing::UnitTest::Run() (gtest.cc:5484)
==999215==by 0x12C71EC: RUN_ALL_TESTS (gtest.h:2317)
==999215==by 0x12C71EC: main (???:55)
```
I'll look into this.

https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatchers] Fix forEachArgumentWithParam* for deducing "this" operator calls (PR #84887)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/84887
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatchers] Fix forEachArgumentWithParam* for deducing "this" operator calls (PR #84887)

[Balazs Benics via cfe-commits]

@@ -5121,11 +5142,12 @@ AST_POLYMORPHIC_MATCHER_P2(forEachArgumentWithParamType,
   // argument of the method which should not be matched against a parameter, so
   // we skip over it here.
   BoundNodesTreeBuilder Matches;
-  unsigned ArgIndex = cxxOperatorCallExpr(callee(cxxMethodDecl()))
-  .matches(Node, Finder, &Matches)
-  ? 1
-  : 0;
-
+  unsigned ArgIndex =
+  cxxOperatorCallExpr(
+  callee(cxxMethodDecl(unless(isExplicitObjectMemberFunction()
+  .matches(Node, Finder, &Matches)
+  ? 1
+  : 0;

steakhal wrote:

I don't feel confident of making changes like that.
It appears to me that the `callee` matchers does a bit more than a couple 
`dyn_casts`, so unless strictly necessary, I'd opt out for doing that.

https://github.com/llvm/llvm-project/pull/84887
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatchers] Fix forEachArgumentWithParam* for deducing "this" operator calls (PR #84887)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/84887
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatchers] Fix forEachArgumentWithParam* for deducing "this" operator calls (PR #84887)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/84887
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatchers] Fix forEachArgumentWithParam* for deducing "this" operator calls (PR #84887)

[Balazs Benics via cfe-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/84887

This is a follow-up commit of #84446.
In this patch, I demonstrate that `forEachArgumentWithParam` and 
`forEachArgumentWithParamType` did not correctly handle the presence of the 
explicit object parameter for operator calls.

Prior to this patch, the matcher would skip the first (and only) argument of 
the operator call if the explicit object param was used.

Note that I had to move the definition of `isExplicitObjectMemberFunction`, to 
be declared before the matcher I fix to be visible.

I also had to do some gymnastics for passing the language standard version 
command-line flags to the invocation as `matchAndVerifyResultTrue` wasn't 
really considered for non-c++11 code. See the that it always prepends 
`-std=gnu++11` to the command-line arguments. I workarounded it by accepting 
extra args, which get appended, thus possibly overriding the hardcoded 
arguments.

I'm not sure if this qualifies for backporting to clang-18, but I figure it 
might be useful for some vendors (like us).
But we are also happy to cherry-pick this fix to downstream. Let me know if you 
want this to be backported or not.

>From 61f63a34f68661c12b63ba8d1a1a3e8b550ed076 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Tue, 12 Mar 2024 09:08:19 +0100
Subject: [PATCH] [clang][ASTMatchers] Fix forEachArgumentWithParam* for
 deducing "this" operator calls

This is a follow-up commit of #84446.
In this patch, I demonstrate that `forEachArgumentWithParam` and
`forEachArgumentWithParamType` did not correctly handle the presence of
the explicit object parameter for operator calls.

Prior to this patch, the matcher would skip the first (and only) argument
of the operator call if the explicit object param was used.

Note that I had to move the definition of `isExplicitObjectMemberFunction`,
to be declared before the matcher I fix to be visible.
---
 clang/docs/ReleaseNotes.rst   |  2 +
 clang/include/clang/ASTMatchers/ASTMatchers.h | 59 -
 clang/unittests/ASTMatchers/ASTMatchersTest.h | 36 +++
 .../ASTMatchers/ASTMatchersTraversalTest.cpp  | 63 +++
 4 files changed, 119 insertions(+), 41 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 88e552d5c46113..dcc0c2f2cc40c6 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -447,6 +447,8 @@ AST Matchers
 
 - ``isInStdNamespace`` now supports Decl declared with ``extern "C++"``.
 - Add ``isExplicitObjectMemberFunction``.
+- Fixed ``forEachArgumentWithParam`` and ``forEachArgumentWithParamType`` to
+  not skip the explicit object parameter for operator calls.
 
 clang-format
 
diff --git a/clang/include/clang/ASTMatchers/ASTMatchers.h 
b/clang/include/clang/ASTMatchers/ASTMatchers.h
index 96dbcdc344e131..2f71053d030f68 100644
--- a/clang/include/clang/ASTMatchers/ASTMatchers.h
+++ b/clang/include/clang/ASTMatchers/ASTMatchers.h
@@ -5032,6 +5032,25 @@ AST_POLYMORPHIC_MATCHER_P2(hasParameter,
   && InnerMatcher.matches(*Node.parameters()[N], Finder, Builder));
 }
 
+/// Matches if the given method declaration declares a member function with an
+/// explicit object parameter.
+///
+/// Given
+/// \code
+/// struct A {
+///  int operator-(this A, int);
+///  void fun(this A &&self);
+///  static int operator()(int);
+///  int operator+(int);
+/// };
+/// \endcode
+///
+/// cxxMethodDecl(isExplicitObjectMemberFunction()) matches the first two
+/// methods but not the last two.
+AST_MATCHER(CXXMethodDecl, isExplicitObjectMemberFunction) {
+  return Node.isExplicitObjectMemberFunction();
+}
+
 /// Matches all arguments and their respective ParmVarDecl.
 ///
 /// Given
@@ -5060,10 +5079,12 @@ AST_POLYMORPHIC_MATCHER_P2(forEachArgumentWithParam,
   // argument of the method which should not be matched against a parameter, so
   // we skip over it here.
   BoundNodesTreeBuilder Matches;
-  unsigned ArgIndex = cxxOperatorCallExpr(callee(cxxMethodDecl()))
-  .matches(Node, Finder, &Matches)
-  ? 1
-  : 0;
+  unsigned ArgIndex =
+  cxxOperatorCallExpr(
+  callee(cxxMethodDecl(unless(isExplicitObjectMemberFunction()
+  .matches(Node, Finder, &Matches)
+  ? 1
+  : 0;
   int ParamIndex = 0;
   bool Matched = false;
   for (; ArgIndex < Node.getNumArgs(); ++ArgIndex) {
@@ -5121,11 +5142,12 @@ AST_POLYMORPHIC_MATCHER_P2(forEachArgumentWithParamType,
   // argument of the method which should not be matched against a parameter, so
   // we skip over it here.
   BoundNodesTreeBuilder Matches;
-  unsigned ArgIndex = cxxOperatorCallExpr(callee(cxxMethodDecl()))
-  .matches(Node, Finder, &Matches)
-  ? 1
-  : 0;
-
+  unsigned ArgIndex =
+  cxxOperatorCallExpr(
+  callee(cxxMethodDecl(unl

[clang] [analyzer] Set and display CSA analysis entry points as notes on debugging (PR #84823)

[Balazs Benics via cfe-commits]

https://github.com/steakhal unassigned 
https://github.com/llvm/llvm-project/pull/84823
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Set and display CSA analysis entry points as notes on debugging (PR #84823)

[Balazs Benics via cfe-commits]

https://github.com/steakhal unassigned 
https://github.com/llvm/llvm-project/pull/84823
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Set and display CSA analysis entry points as notes on debugging (PR #84823)

[Balazs Benics via cfe-commits]

https://github.com/steakhal unassigned 
https://github.com/llvm/llvm-project/pull/84823
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Set and display CSA analysis entry points as notes on debugging (PR #84823)

[Balazs Benics via cfe-commits]

https://github.com/steakhal unassigned 
https://github.com/llvm/llvm-project/pull/84823
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Set and display CSA analysis entry points as notes on debugging (PR #84823)

[Balazs Benics via cfe-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/84823

When debugging CSA issues, sometimes it would be useful to have a dedicated 
note for the analysis entry point, aka. the function name you would need to 
pass as "-analyze-function=XYZ" to reproduce a specific issue.
One way we use (or will use) this downstream is to provide tooling on top of 
creduce to enhance to supercharge productivity by automatically reduce cases on 
crashes for example.

This will be added only if the "-analyzer-note-analysis-entry-points" is set or 
the "analyzer-display-progress" is on.

This additional entry point marker will be the first "note" if enabled, with 
the following message: "[invisible] analyzing from XYZ". They are prefixed by 
"[invisible]" to remind the CSA developer that this is only visible or meant to 
be visible for them.

CPP-5012

>From 94c6be96d92d8a25693ccbbffedf9edabfe79cc5 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Mon, 11 Mar 2024 21:18:30 +0100
Subject: [PATCH] [analyzer] Set and display CSA analysis entry points as notes
 on debugging

When debugging CSA issues, sometimes it would be useful to have a
dedicated note for the analysis entry point, aka. the function name you
would need to pass as "-analyze-function=XYZ" to reproduce a specific
issue.
One way we use (or will use) this downstream is to provide tooling on
top of creduce to enhance to supercharge prductivity by automatically
reduce cases on crashes for example.

This will be added only if the "-analyzer-note-analysis-entry-points"
is set or the "analyzer-display-progress" is on.

This additional entry point marker will be the first "note" if enabled,
with the following message: "[invisible] analyzing from XYZ".
They are prefixed by "[invisible]" to remind the CSA developer that this
is only visible or meant to be visible for them.

CPP-5012
---
 clang/include/clang/Analysis/PathDiagnostic.h |  8 +-
 clang/include/clang/Driver/Options.td |  3 +
 .../StaticAnalyzer/Core/AnalyzerOptions.h |  9 ++-
 .../Core/BugReporter/BugReporter.h| 12 +++
 .../Core/PathSensitive/ExprEngine.h   |  2 +
 clang/lib/Analysis/PathDiagnostic.cpp |  7 +-
 clang/lib/StaticAnalyzer/Core/BugReporter.cpp | 36 ++---
 .../Frontend/AnalysisConsumer.cpp |  4 +-
 .../Analysis/analyzer-display-progress.cpp| 42 ---
 .../test/Analysis/analyzer-display-progress.m | 31 +---
 .../analyzer-note-analysis-entry-points.cpp   | 75 +++
 11 files changed, 193 insertions(+), 36 deletions(-)
 create mode 100644 clang/test/Analysis/analyzer-note-analysis-entry-points.cpp

diff --git a/clang/include/clang/Analysis/PathDiagnostic.h 
b/clang/include/clang/Analysis/PathDiagnostic.h
index 90559e7efb06f0..5907df022e449d 100644
--- a/clang/include/clang/Analysis/PathDiagnostic.h
+++ b/clang/include/clang/Analysis/PathDiagnostic.h
@@ -780,6 +780,9 @@ class PathDiagnostic : public llvm::FoldingSetNode {
   PathDiagnosticLocation UniqueingLoc;
   const Decl *UniqueingDecl;
 
+  /// The top-level entry point from which this issue was discovered.
+  const Decl *AnalysisEntryPoint = nullptr;
+
   /// Lines executed in the path.
   std::unique_ptr ExecutedLines;
 
@@ -788,7 +791,7 @@ class PathDiagnostic : public llvm::FoldingSetNode {
   PathDiagnostic(StringRef CheckerName, const Decl *DeclWithIssue,
  StringRef bugtype, StringRef verboseDesc, StringRef shortDesc,
  StringRef category, PathDiagnosticLocation LocationToUnique,
- const Decl *DeclToUnique,
+ const Decl *DeclToUnique, const Decl *AnalysisEntryPoint,
  std::unique_ptr ExecutedLines);
   ~PathDiagnostic();
 
@@ -852,6 +855,9 @@ class PathDiagnostic : public llvm::FoldingSetNode {
 return *ExecutedLines;
   }
 
+  /// Get the top-level entry point from which this issue was discovered.
+  const Decl *getAnalysisEntryPoint() const { return AnalysisEntryPoint; }
+
   /// Return the semantic context where an issue occurred.  If the
   /// issue occurs along a path, this represents the "central" area
   /// where the bug manifests.
diff --git a/clang/include/clang/Driver/Options.td 
b/clang/include/clang/Driver/Options.td
index 5b3d366dbcf91b..55bfd1cc450809 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -6656,6 +6656,9 @@ def analyzer_opt_analyze_headers : Flag<["-"], 
"analyzer-opt-analyze-headers">,
 def analyzer_display_progress : Flag<["-"], "analyzer-display-progress">,
   HelpText<"Emit verbose output about the analyzer's progress">,
   MarshallingInfoFlag>;
+def analyzer_note_analysis_entry_points : Flag<["-"], 
"analyzer-note-analysis-entry-points">,
+  HelpText<"Add a note for each bug report to denote their analysis entry 
points">,
+  MarshallingInfoFlag>;
 def analyze_function : Separate<["-"], "analyze-function">,
   HelpText<"Run analysis on specific function (for C++ incl

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,Balazs Benics
 
Message-ID:
In-Reply-To: 


https://github.com/steakhal approved this pull request.


https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,Balazs Benics
 
Message-ID:
In-Reply-To: 



@@ -0,0 +1,89 @@
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/Analysis/AnalysisDeclContext.h"
+#include "clang/Frontend/ASTUnit.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/Tooling/Tooling.h"
+#include "gtest/gtest.h"
+
+#include 
+
+using namespace clang;
+using namespace ento;
+using namespace ast_matchers;
+
+testing::AssertionResult extractFunctionDecl(StringRef Code,
+ const FunctionDecl *&Result) {
+  auto ASTUnit = tooling::buildASTFromCode(Code);
+  if (!ASTUnit)
+return testing::AssertionFailure() << "AST construction failed";
+
+  ASTContext &Context = ASTUnit->getASTContext();
+  if (Context.getDiagnostics().hasErrorOccurred())
+return testing::AssertionFailure() << "Compilation error";
+
+  auto Matches = ast_matchers::match(functionDecl().bind("fn"), Context);
+  if (Matches.empty())
+return testing::AssertionFailure() << "No function declaration found";
+
+  if (Matches.size() > 1)
+return testing::AssertionFailure()
+   << "Multiple function declarations found";
+
+  Result = Matches[0].getNodeAs("fn");
+  return testing::AssertionSuccess();
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(void fun();)cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsExternCGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(extern "C" { void fun(); })cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsStaticGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(static void fun();)cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+  // FIXME: Shouldn't this be TRUE?
+}

steakhal wrote:

Yes, stdlib functions should be "extern".

https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,Balazs Benics
 
Message-ID:
In-Reply-To: 



@@ -0,0 +1,89 @@
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/Analysis/AnalysisDeclContext.h"
+#include "clang/Frontend/ASTUnit.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/Tooling/Tooling.h"
+#include "gtest/gtest.h"
+
+#include 
+
+using namespace clang;
+using namespace ento;
+using namespace ast_matchers;
+
+testing::AssertionResult extractFunctionDecl(StringRef Code,
+ const FunctionDecl *&Result) {
+  auto ASTUnit = tooling::buildASTFromCode(Code);
+  if (!ASTUnit)
+return testing::AssertionFailure() << "AST construction failed";
+
+  ASTContext &Context = ASTUnit->getASTContext();
+  if (Context.getDiagnostics().hasErrorOccurred())
+return testing::AssertionFailure() << "Compilation error";
+
+  auto Matches = ast_matchers::match(functionDecl().bind("fn"), Context);
+  if (Matches.empty())
+return testing::AssertionFailure() << "No function declaration found";
+
+  if (Matches.size() > 1)
+return testing::AssertionFailure()
+   << "Multiple function declarations found";
+
+  Result = Matches[0].getNodeAs("fn");
+  return testing::AssertionSuccess();
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(void fun();)cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsExternCGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(extern "C" { void fun(); })cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsStaticGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(static void fun();)cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+  // FIXME: Shouldn't this be TRUE?
+}

steakhal wrote:

AH, sure. It makes complete sense! Hm, can't stdlib functions have `inline`, is 
it disallowed?

https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,Balazs Benics
 
Message-ID:
In-Reply-To: 



@@ -0,0 +1,89 @@
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/Analysis/AnalysisDeclContext.h"
+#include "clang/Frontend/ASTUnit.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/Tooling/Tooling.h"
+#include "gtest/gtest.h"
+
+#include 
+
+using namespace clang;
+using namespace ento;
+using namespace ast_matchers;
+
+testing::AssertionResult extractFunctionDecl(StringRef Code,
+ const FunctionDecl *&Result) {
+  auto ASTUnit = tooling::buildASTFromCode(Code);
+  if (!ASTUnit)
+return testing::AssertionFailure() << "AST construction failed";
+
+  ASTContext &Context = ASTUnit->getASTContext();
+  if (Context.getDiagnostics().hasErrorOccurred())
+return testing::AssertionFailure() << "Compilation error";
+
+  auto Matches = ast_matchers::match(functionDecl().bind("fn"), Context);
+  if (Matches.empty())
+return testing::AssertionFailure() << "No function declaration found";
+
+  if (Matches.size() > 1)
+return testing::AssertionFailure()
+   << "Multiple function declarations found";
+
+  Result = Matches[0].getNodeAs("fn");
+  return testing::AssertionSuccess();
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(void fun();)cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsExternCGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(extern "C" { void fun(); })cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsStaticGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(static void fun();)cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+  // FIXME: Shouldn't this be TRUE?
+}

steakhal wrote:

What do you all think about this case?
I thought `static` means the same for `C` in this context, and as such it 
should be accepted by `isCLibraryFunction` - at least that's what I'd expect.
This behavior was likely broken before, thus I don't expect direct actions on 
this.

https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy ,Balazs Benics
 
Message-ID:
In-Reply-To: 


https://github.com/steakhal approved this pull request.

I'm good now.

https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [llvm] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy ,Balazs Benics
 
Message-ID:
In-Reply-To: 


https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


steakhal wrote:

> I want to avoid that some functions have null pointer checks in 
> `StreamChecker`, some not. If this change is merged then it would be good to 
> add null pointer checks to other functions like `fread` and `fwrite`. (Until 
> now only the NULL stream pointer was checked.)

I can really think of having these checks at both checkers, so that both 
parties are sort of happy - except for of course having this precondition 
checked at both places. But to me, the question is really as follow: is it 
better with this, or not?
I'm also open for suggestions for resolving this conflict, so let me know if 
you have ideas.

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Mention possibility of underflow in array overflow errors (PR #84201)

[Balazs Benics via cfe-commits]

=?utf-8?q?Don=C3=A1t?= Nagy ,NagyDonat
 
Message-ID:
In-Reply-To: 


https://github.com/steakhal approved this pull request.

I scrolled over, and it looks harmless, so LGTM.

https://github.com/llvm/llvm-project/pull/84201
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

@@ -194,11 +194,12 @@ class CoreEngine {
 };
 
 // TODO: Turn into a class.

steakhal wrote:

Remove this TODO, as its completed.

https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

https://github.com/steakhal commented:

Alright. So we can simply mark all the members private. I was surprised a bit.
LGTM, but remove the TODO comment you fix.

https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

https://github.com/steakhal requested changes to this pull request.

See my previous reply.

https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Turn NodeBuilderContext into a class (PR #84638)

[Balazs Benics via cfe-commits]

steakhal wrote:

Thanks for the PR.
I think it would make sense to not expose data members in a class' public api.
We might need some member functions along the way to make this possible.

https://github.com/llvm/llvm-project/pull/84638
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy 
Message-ID:
In-Reply-To: 


steakhal wrote:

> I feel that I'm getting bogged down in this area with changes that are more 
> general than what's strictly necessary and only tangentially related to my 
> real goals...
> 
> I'm not familiar with the unittest framework and if unittests were necessary 
> for this change, then I'd sooner abandon it, because it's not worth the 
> effort.
> 
> (Disclaimer: this comment reflects my current annoyance, and is not 
> necessarily aligned with my long-term opinion.)

No worries!
Note the `IsCLibraryFunctionTest.AcceptsStdNamespace` test case which would 
fail on llvm/main, but would pass with the PR.

Here is what I had in mind:
(I could not push to your branch, neither upload the patch file, so here is the 
verbatim content instead:
```
commit 1cfbeec724d758b136d36966696df29cf850ca5b
Author: Balazs Benics 
Date:   Fri Mar 8 17:26:49 2024 +0100

Add unittests

FYI IsCLibraryFunctionTest.AcceptsStdNamespace would have been FALSE
prior this PR.

diff --git a/clang/unittests/StaticAnalyzer/CMakeLists.txt 
b/clang/unittests/StaticAnalyzer/CMakeLists.txt
index 775f0f8486b8..db56e77331b8 100644
--- a/clang/unittests/StaticAnalyzer/CMakeLists.txt
+++ b/clang/unittests/StaticAnalyzer/CMakeLists.txt
@@ -11,6 +11,7 @@ add_clang_unittest(StaticAnalysisTests
   CallEventTest.cpp
   ConflictingEvalCallsTest.cpp
   FalsePositiveRefutationBRVisitorTest.cpp
+  IsCLibraryFunctionTest.cpp
   NoStateChangeFuncVisitorTest.cpp
   ParamRegionTest.cpp
   RangeSetTest.cpp
diff --git a/clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp 
b/clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp
new file mode 100644
index ..e1dea3458bc1
--- /dev/null
+++ b/clang/unittests/StaticAnalyzer/IsCLibraryFunctionTest.cpp
@@ -0,0 +1,89 @@
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/Analysis/AnalysisDeclContext.h"
+#include "clang/Frontend/ASTUnit.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/Tooling/Tooling.h"
+#include "gtest/gtest.h"
+
+#include 
+
+using namespace clang;
+using namespace ento;
+using namespace ast_matchers;
+
+testing::AssertionResult extractFunctionDecl(StringRef Code,
+ const FunctionDecl *&Result) {
+  auto ASTUnit = tooling::buildASTFromCode(Code);
+  if (!ASTUnit)
+return testing::AssertionFailure() << "AST construction failed";
+
+  ASTContext &Context = ASTUnit->getASTContext();
+  if (Context.getDiagnostics().hasErrorOccurred())
+return testing::AssertionFailure() << "Compilation error";
+
+  auto Matches = ast_matchers::match(functionDecl().bind("fn"), Context);
+  if (Matches.empty())
+return testing::AssertionFailure() << "No function declaration found";
+
+  if (Matches.size() > 1)
+return testing::AssertionFailure()
+   << "Multiple function declarations found";
+
+  Result = Matches[0].getNodeAs("fn");
+  return testing::AssertionSuccess();
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(void fun();)cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsExternCGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(extern "C" { void fun(); })cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsStaticGlobal) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(static void fun();)cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+  // FIXME: Shouldn't this be TRUE?
+}
+
+TEST(IsCLibraryFunctionTest, RejectsAnonymousNamespace) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(namespace { void fun(); })cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, AcceptsStdNamespace) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(namespace std { void fun(); })cpp", Result));
+  EXPECT_TRUE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, RejectsOtherNamespaces) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(namespace stdx { void fun(); })cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, RejectsClassStatic) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(
+  extractFunctionDecl(R"cpp(class A { static void fun(); };)cpp", Result));
+  EXPECT_FALSE(CheckerContext::isCLibraryFunction(Result));
+}
+
+TEST(IsCLibraryFunctionTest, RejectsClassMember) {
+  const FunctionDecl *Result;
+  ASSERT_TRUE(extractFunctionDecl(R"cpp(class A { void fun(); };)cpp", 
Result));
+  EXPECT_FALSE(CheckerContext::isCL

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


steakhal wrote:

> This functionality could be added to this checker, but to 
> `StdLibraryFunctionsChecker` too, and probably will be added at a time 
> (summary of `getdelim` is not accurate now in that checker). The same bug 
> condition is checked by two different checkers in that case. Otherwise I 
> prefer to add such checks (for NULL arguments) to 
> `StdLibraryFunctionsChecker`.

Thanks for the review! Awesome recommendations.
One note about why we would prefer to implement null checks in this checker is 
because we don't have `StdLibraryFunctionsChecker` enabled downstream and it 
would either force us to enable it (which we would only do after a really 
careful evaluation given the scope of that checker), or keep this patch 
downstream, which is also fine but we think it wouldn't be so wildly out of 
space here.

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 



@@ -1158,6 +1173,118 @@ void StreamChecker::evalUngetc(const FnDescription 
*Desc, const CallEvent &Call,
   C.addTransition(StateFailed);
 }
 
+ProgramStateRef
+StreamChecker::ensurePtrNotNull(SVal PtrVal, const Expr *PtrExpr,
+CheckerContext &C, ProgramStateRef State,
+const StringRef PtrDescr) const {
+  const auto Ptr = PtrVal.getAs();
+  if (!Ptr)
+return nullptr;
+
+  assert(PtrExpr && "Expected an argument");
+
+  const auto [PtrNotNull, PtrNull] = State->assume(*Ptr);
+  if (!PtrNotNull && PtrNull) {
+if (ExplodedNode *N = C.generateErrorNode(PtrNull)) {
+  auto R = std::make_unique(
+  BT_SizeNull, (PtrDescr + " pointer might be NULL.").str(), N);
+  bugreporter::trackExpressionValue(N, PtrExpr, *R);
+  C.emitReport(std::move(R));
+}
+return nullptr;
+  }
+
+  return PtrNotNull;
+}
+
+ProgramStateRef StreamChecker::ensureSizeZeroIfLineNull(
+SVal LinePtrPtrSVal, SVal SizePtrSVal, const Expr *LinePtrPtrExpr,
+const Expr *SizePtrExpr, CheckerContext &C, ProgramStateRef State) const {
+  static constexpr char SizeNotZeroMsg[] =
+  "Line pointer might be null while n value is not zero";
+
+  // We have a pointer to a pointer to the buffer, and a pointer to the size.
+  // We want what they point at.
+  auto LinePtrSVal = getPointeeDefVal(LinePtrPtrSVal, State);
+  auto NSVal = getPointeeDefVal(SizePtrSVal, State);
+  if (!LinePtrSVal || !NSVal)
+return nullptr;
+
+  assert(LinePtrPtrExpr &&
+ "Expected an argument with a pointer to a pointer to the buffer.");
+  assert(SizePtrExpr &&
+ "Expected an argument with a pointer to the buffer size.");

steakhal wrote:

I agree. We could just do the assertion without any string attached. It's clear 
what they express anyways.

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatcher] Add matchers for isExplicitObjectMemberFunction() (PR #84446)

[Balazs Benics via cfe-commits]

steakhal wrote:

I had to push a fixup commit, because I forgot about one switch-case. 
https://github.com/llvm/llvm-project/commit/f07157eb2e8212068cb9469d77f9bc3779ef2ea4
I pushed it already to fix the build bot, but let me know if you disagree with 
the fix.

https://github.com/llvm/llvm-project/pull/84446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] f07157e - Fixup 7457e2c1535acd54 by adding a switch case

[Balazs Benics via cfe-commits]

Author: Balazs Benics
Date: 2024-03-08T14:55:10+01:00
New Revision: f07157eb2e8212068cb9469d77f9bc3779ef2ea4

URL: 
https://github.com/llvm/llvm-project/commit/f07157eb2e8212068cb9469d77f9bc3779ef2ea4
DIFF: 
https://github.com/llvm/llvm-project/commit/f07157eb2e8212068cb9469d77f9bc3779ef2ea4.diff

LOG: Fixup 7457e2c1535acd54 by adding a switch case

This fixups 7457e2c1535acd548d2619dfb34eb93d27d15908 as I forgot one
switch to update, which then broke this build bot:
https://lab.llvm.org/buildbot/#/builders/57/builds/33272

Added: 


Modified: 
clang/unittests/AST/MatchVerifier.h

Removed: 




diff  --git a/clang/unittests/AST/MatchVerifier.h 
b/clang/unittests/AST/MatchVerifier.h
index 8bcf05642cb5bc..da1e351da4a096 100644
--- a/clang/unittests/AST/MatchVerifier.h
+++ b/clang/unittests/AST/MatchVerifier.h
@@ -116,6 +116,10 @@ MatchVerifier::match(const std::string &Code,
 Args.push_back("-std=c++20");
 FileName = "input.cc";
 break;
+  case Lang_CXX23:
+Args.push_back("-std=c++23");
+FileName = "input.cc";
+break;
   case Lang_OpenCL:
 Args.push_back("-cl-no-stdinc");
 FileName = "input.cl";



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=,
Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=,
Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=,
Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=,
Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=,
Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=
Message-ID:
In-Reply-To: 


https://github.com/steakhal approved this pull request.

I'm good with this change. Thanks.

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Mention possibility of underflow in array overflow errors (PR #84201)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy 
Message-ID:
In-Reply-To: 



@@ -109,6 +136,33 @@ int *potentialAfterTheEndPtr(int idx) {
   // &TenElements[idx].
 }
 
+int overflowOrUnderflow(int arg) {
+  // expected-note@+2 {{Assuming 'arg' is < 0}}
+  // expected-note@+1 {{Taking false branch}}
+  if (arg >= 0)
+return 0;
+
+  return TenElements[arg - 1];
+  // expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
+  // expected-note@-2 {{Access of 'TenElements' at a negative or overflowing 
index, while it holds only 10 'int' elements}}
+}
+
+char TwoElements[2] = {11, 22};
+char overflowOrUnderflowConcrete(int arg) {
+  // expected-note@+6 {{Assuming 'arg' is < 3}}
+  // expected-note@+5 {{Left side of '||' is false}}
+  // expected-note@+4 {{Assuming 'arg' is not equal to 0}}
+  // expected-note@+3 {{Left side of '||' is false}}
+  // expected-note@+2 {{Assuming 'arg' is not equal to 1}}
+  // expected-note@+1 {{Taking false branch}}
+  if (arg >= 3 || arg == 0 || arg == 1)

steakhal wrote:

```suggestion
  // expected-note@#cond {{Assuming 'arg' is < 3}}
  // expected-note@#cond {{Left side of '||' is false}}
  // expected-note@#cond {{Assuming 'arg' is not equal to 0}}
  // expected-note@#cond {{Left side of '||' is false}}
  // expected-note@#cond {{Assuming 'arg' is not equal to 1}}
  // expected-note@#cond {{Taking false branch}}
  if (arg >= 3 || arg == 0 || arg == 1) // #cond
```

https://github.com/llvm/llvm-project/pull/84201
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Accept C library functions from the `std` namespace (PR #84469)

[Balazs Benics via cfe-commits]

=?utf-8?q?Donát?= Nagy ,
=?utf-8?q?Donát?= Nagy 
Message-ID:
In-Reply-To: 


https://github.com/steakhal commented:

Looks good to me, but I'd be more eased if had seen some unittests for this 
matter.
You could use AST-matchers selecting different FunctionDecls and query them 
using this free-function. I think this deserves a test, thus I vote weak reject.

https://github.com/llvm/llvm-project/pull/84469
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call, CharKind CK) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  const LocationContext *LCtx = C.getLocationContext();

steakhal wrote:

This is only used once. I think you could directly use there 
`C.getLocationContext()`.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -529,3 +529,42 @@ void nocrash_on_locint_offset(void *addr, void* from, 
struct S s) {
   size_t iAdd = (size_t) addr;
   memcpy(((void *) &(s.f)), from, iAdd);
 }
+
+#if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+/* present in both glibc 2.25 and musl 1.1.20 */
+
+//===--===
+// getentropy()
+//===--===

steakhal wrote:

If you prefer to keep this header, make it 81 chars wide.
```suggestion
//===--===//
// getentropy()
//===--===//
```

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call, CharKind CK) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  const LocationContext *LCtx = C.getLocationContext();
+  SValBuilder &Builder = C.getSValBuilder();

steakhal wrote:

```suggestion
  SValBuilder &SVB = C.getSValBuilder();
```
We usually call this `SVB`.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -219,6 +221,7 @@ class CStringChecker : public Checker< eval::Call,
   void evalSnprintf(CheckerContext &C, const CallEvent &Call) const;
   void evalSprintfCommon(CheckerContext &C, const CallEvent &Call,
  bool IsBounded, bool IsBuiltin) const;
+  void evalGetentropy(CheckerContext &C, const CallEvent &Call, CharKind CK) 
const;

steakhal wrote:

```suggestion
  void evalGetentropy(CheckerContext &C, const CallEvent &Call) const;
```

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call, CharKind CK) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  const LocationContext *LCtx = C.getLocationContext();
+  SValBuilder &Builder = C.getSValBuilder();
+  SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy);
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  if (StateZeroSize) {
+StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx,
+  Builder.makeZeroVal(C.getASTContext().IntTy));
+C.addTransition(StateZeroSize);
+return;
+  }
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+return;
+
+  QualType cmpTy = C.getSValBuilder().getConditionType();
+  ProgramStateRef bufferTooLong, bufferNotTooLong;
+  std::tie(bufferTooLong, bufferNotTooLong) = State->assume(
+Builder
+   .evalBinOpNN(State, BO_GT, *SizeVal.getAs(), 
*MaxLength.getAs(), cmpTy)
+   .castAs());
+  if (bufferTooLong) {

steakhal wrote:

We would take this branch (and report `size is greater than 256`), if we could 
not prove that it must be smaller then or equal to 256. We usually report 
diagnostics if the error condition must be violated in a given execution path.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  constexpr int BufferMaxSize = 256;
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+return;
+
+  State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write);
+  if (!State)
+return;
+
+  auto SizeLoc = SizeVal.getAs();
+  auto size = SizeLoc->getValue().getExtValue();
+
+  if (size > BufferMaxSize) {
+ErrorMessage Message;
+llvm::raw_svector_ostream Os(Message);
+Os << " destination buffer size is greater than " << BufferMaxSize;
+emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message);
+return;
+  }

steakhal wrote:

I see, now you comment makes sense!

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call, CharKind CK) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  const LocationContext *LCtx = C.getLocationContext();
+  SValBuilder &Builder = C.getSValBuilder();
+  SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy);
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  if (StateZeroSize) {
+StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx,
+  Builder.makeZeroVal(C.getASTContext().IntTy));
+C.addTransition(StateZeroSize);
+return;
+  }
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+return;
+
+  QualType cmpTy = C.getSValBuilder().getConditionType();
+  ProgramStateRef bufferTooLong, bufferNotTooLong;
+  std::tie(bufferTooLong, bufferNotTooLong) = State->assume(
+Builder
+   .evalBinOpNN(State, BO_GT, *SizeVal.getAs(), 
*MaxLength.getAs(), cmpTy)
+   .castAs());
+  if (bufferTooLong) {
+ErrorMessage Message;
+llvm::raw_svector_ostream Os(Message);
+Os << "size is greater than 256";
+emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, Message);

steakhal wrote:

```suggestion
emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, "size is greater 
than 256");
```

But actually, I don't think an "out of bounds" error is appropriate here; and 
the provided message could be rephrased to "the 'length' argument to 
'getentropy' must be smaller than or equal to 256". This hints the user how to 
fix this. @haoNoQ WDYT of reporting this as an out-of-bounds access?

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call, CharKind CK) const {

steakhal wrote:

```suggestion
void CStringChecker::evalGetentropy(CheckerContext &C, const CallEvent &Call) 
const {
```

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -529,3 +529,42 @@ void nocrash_on_locint_offset(void *addr, void* from, 
struct S s) {
   size_t iAdd = (size_t) addr;
   memcpy(((void *) &(s.f)), from, iAdd);
 }
+
+#if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+/* present in both glibc 2.25 and musl 1.1.20 */

steakhal wrote:

We add the declaration in the test, so I don't think we should conditionally 
include this test.
```suggestion
```

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -165,6 +165,8 @@ class CStringChecker : public Checker< eval::Call,
   {{CDM::CLibrary, {"explicit_bzero"}, 2}, &CStringChecker::evalBzero},
   {{CDM::CLibrary, {"sprintf"}, 2}, &CStringChecker::evalSprintf},
   {{CDM::CLibrary, {"snprintf"}, 2}, &CStringChecker::evalSnprintf},
+  {{CDM::CLibrary, {"getentropy"}, 2},
+   std::bind(&CStringChecker::evalGetentropy, _1, _2, _3, CK_Regular)},

steakhal wrote:

```suggestion
  {{CDM::CLibrary, {"getentropy"}, 2}, CStringChecker::evalGetentropy},
```

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

https://github.com/steakhal requested changes to this pull request.


https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatcher] Add matchers for isExplicitObjectMemberFunction() (PR #84446)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/84446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatcher] Add matchers for isExplicitObjectMemberFunction() (PR #84446)

[Balazs Benics via cfe-commits]

steakhal wrote:

Thanks for the prompt review @PiotrZSL!
I plan to merge it by the end of the day, unless someone objects.

https://github.com/llvm/llvm-project/pull/84446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatcher] Add matchers for isExplicitObjectMemberFunction() (PR #84446)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/84446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][ASTMatcher] Add matchers for isExplicitObjectMemberFunction() (PR #84446)

[Balazs Benics via cfe-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/84446

Note that this patch will be necessary to fix `forEachArgumentWithParam()` and 
`forEachArgumentWithParamType()` matchers for deducing "this"; which is my true 
motivation.

>From 9ffc1b9ec60a9638c5b07cb25574ddb2420b77a2 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Thu, 7 Mar 2024 19:23:48 +0100
Subject: [PATCH] [clang][ASTMatcher] Add matchers for
 isExplicitObjectMemberFunction()

---
 clang/docs/LibASTMatchersReference.html   | 15 +++
 clang/docs/ReleaseNotes.rst   |  1 +
 clang/include/clang/ASTMatchers/ASTMatchers.h | 19 +++
 clang/include/clang/Testing/CommandLineArgs.h |  1 +
 clang/include/clang/Testing/TestClangConfig.h | 16 +++-
 clang/lib/ASTMatchers/Dynamic/Registry.cpp|  1 +
 clang/lib/Testing/CommandLineArgs.cpp |  7 +++
 .../ASTMatchers/ASTMatchersNarrowingTest.cpp  | 14 ++
 .../ASTMatchers/ASTMatchersNodeTest.cpp   |  2 +-
 clang/unittests/ASTMatchers/ASTMatchersTest.h | 14 ++
 10 files changed, 80 insertions(+), 10 deletions(-)

diff --git a/clang/docs/LibASTMatchersReference.html 
b/clang/docs/LibASTMatchersReference.html
index 8a06084955aa6b..bb1b68f6671b1a 100644
--- a/clang/docs/LibASTMatchersReference.html
+++ b/clang/docs/LibASTMatchersReference.html
@@ -3546,6 +3546,21 @@ Narrowing Matchers
 
 
 
+MatcherCXXMethodDecl>isExplicitObjectMemberFunction
+Matches if the given method 
declaration declares a member function with an explicit object parameter.
+
+Given
+struct A {
+  int operator-(this A, int);
+  void fun(this A &&self);
+  static int operator()(int);
+  int operator+(int);
+};
+
+cxxMethodDecl(isExplicitObjectMemberFunction()) matches the first two methods 
but not the last two.
+
+
+
 MatcherCXXMethodDecl>isCopyAssignmentOperator
 Matches if 
the given method declaration declares a copy assignment
 operator.
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 942820a5268576..898380f94b7956 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -415,6 +415,7 @@ AST Matchers
 
 
 - ``isInStdNamespace`` now supports Decl declared with ``extern "C++"``.
+- Add ``isExplicitObjectMemberFunction``.
 
 clang-format
 
diff --git a/clang/include/clang/ASTMatchers/ASTMatchers.h 
b/clang/include/clang/ASTMatchers/ASTMatchers.h
index ced89ff127ab3e..96dbcdc344e131 100644
--- a/clang/include/clang/ASTMatchers/ASTMatchers.h
+++ b/clang/include/clang/ASTMatchers/ASTMatchers.h
@@ -6366,6 +6366,25 @@ AST_MATCHER(CXXMethodDecl, isConst) {
   return Node.isConst();
 }
 
+/// Matches if the given method declaration declares a member function with an
+/// explicit object parameter.
+///
+/// Given
+/// \code
+/// struct A {
+///  int operator-(this A, int);
+///  void fun(this A &&self);
+///  static int operator()(int);
+///  int operator+(int);
+/// };
+/// \endcode
+///
+/// cxxMethodDecl(isExplicitObjectMemberFunction()) matches the first two
+/// methods but not the last two.
+AST_MATCHER(CXXMethodDecl, isExplicitObjectMemberFunction) {
+  return Node.isExplicitObjectMemberFunction();
+}
+
 /// Matches if the given method declaration declares a copy assignment
 /// operator.
 ///
diff --git a/clang/include/clang/Testing/CommandLineArgs.h 
b/clang/include/clang/Testing/CommandLineArgs.h
index 4dd28718dfa67c..e71907e8bbd0c6 100644
--- a/clang/include/clang/Testing/CommandLineArgs.h
+++ b/clang/include/clang/Testing/CommandLineArgs.h
@@ -28,6 +28,7 @@ enum TestLanguage {
   Lang_CXX14,
   Lang_CXX17,
   Lang_CXX20,
+  Lang_CXX23,
   Lang_OpenCL,
   Lang_OBJC,
   Lang_OBJCXX
diff --git a/clang/include/clang/Testing/TestClangConfig.h 
b/clang/include/clang/Testing/TestClangConfig.h
index 92d5cc3cff994f..1b4efca80e9d47 100644
--- a/clang/include/clang/Testing/TestClangConfig.h
+++ b/clang/include/clang/Testing/TestClangConfig.h
@@ -34,24 +34,30 @@ struct TestClangConfig {
   bool isCXX() const {
 return Language == Lang_CXX03 || Language == Lang_CXX11 ||
Language == Lang_CXX14 || Language == Lang_CXX17 ||
-   Language == Lang_CXX20;
+   Language == Lang_CXX20 || Language == Lang_CXX23;
   }
 
   bool isCXX11OrLater() const {
 return Language == Lang_CXX11 || Language == Lang_CXX14 ||
-   Language == Lang_CXX17 || Language == Lang_CXX20;
+   Language == Lang_CXX17 || Language == Lang_CXX20 ||
+   Language == Lang_CXX23;
   }
 
   bool isCXX14OrLater() const {
 return Language == Lang_CXX14 || Language == Lang_CXX17 ||
-   Language == Lang_CXX20;
+   Language == Lang_CXX20 || Language == Lang_CXX23;
   }
 
   bool isCXX17OrLater() const {
-return Language == Lang_CXX17 || Language == Lang_CXX20;
+return Language ==

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Fix StreamChecker `ftell` and `fgetpos` at indeterminate file position. (PR #84191)

[Balazs Benics via cfe-commits]

https://github.com/steakhal approved this pull request.

I haven't gone deep into this PR, but it looks good to me.
Please wait for someone else to sign it too.

https://github.com/llvm/llvm-project/pull/84191
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 



@@ -1158,6 +1173,123 @@ void StreamChecker::evalUngetc(const FnDescription 
*Desc, const CallEvent &Call,
   C.addTransition(StateFailed);
 }
 
+ProgramStateRef
+StreamChecker::ensurePtrNotNull(SVal PtrVal, const Expr *PtrExpr,
+CheckerContext &C, ProgramStateRef State,
+const StringRef PtrDescr) const {
+  const auto Ptr = PtrVal.getAs();
+  if (!Ptr)
+return nullptr;
+
+  assert(PtrExpr && "Expected an argument");
+
+  const auto [PtrNotNull, PtrNull] = State->assume(*Ptr);
+  if (!PtrNotNull && PtrNull) {
+if (ExplodedNode *N = C.generateErrorNode(PtrNull)) {
+  SmallString<256> buf;
+  llvm::raw_svector_ostream os(buf);
+  os << PtrDescr << " pointer might be NULL.";
+
+  auto R = std::make_unique(BT_SizeNull, buf, N);

steakhal wrote:

```suggestion
  auto R = std::make_unique(BT_SizeNull, (PtrDescr 
+ " pointer might be NULL.").str(), N);
```

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 



@@ -1158,6 +1173,123 @@ void StreamChecker::evalUngetc(const FnDescription 
*Desc, const CallEvent &Call,
   C.addTransition(StateFailed);
 }
 
+ProgramStateRef
+StreamChecker::ensurePtrNotNull(SVal PtrVal, const Expr *PtrExpr,
+CheckerContext &C, ProgramStateRef State,
+const StringRef PtrDescr) const {
+  const auto Ptr = PtrVal.getAs();
+  if (!Ptr)
+return nullptr;
+
+  assert(PtrExpr && "Expected an argument");
+
+  const auto [PtrNotNull, PtrNull] = State->assume(*Ptr);
+  if (!PtrNotNull && PtrNull) {
+if (ExplodedNode *N = C.generateErrorNode(PtrNull)) {
+  SmallString<256> buf;
+  llvm::raw_svector_ostream os(buf);
+  os << PtrDescr << " pointer might be NULL.";
+
+  auto R = std::make_unique(BT_SizeNull, buf, N);
+  bugreporter::trackExpressionValue(N, PtrExpr, *R);
+  C.emitReport(std::move(R));
+}
+return nullptr;
+  }
+
+  return PtrNotNull;
+}
+
+ProgramStateRef StreamChecker::ensureSizeZeroIfLineNull(
+SVal LinePtrPtrSVal, SVal SizePtrSVal, const Expr *LinePtrPtrExpr,
+const Expr *SizePtrExpr, CheckerContext &C, ProgramStateRef State) const {
+  static constexpr char SizeNotZeroMsg[] =
+  "Line pointer might be null while n value is not zero";
+
+  // We have a pointer to a pointer to the buffer, and a pointer to the size.
+  // We want what they point at.
+  auto LinePtrSVal = getPointeeDefVal(LinePtrPtrSVal, State);
+  auto NSVal = getPointeeDefVal(SizePtrSVal, State);
+  if (!LinePtrSVal || !NSVal)
+return nullptr;
+
+  assert(LinePtrPtrExpr &&
+ "Expected an argument with a pointer to a pointer to the buffer.");
+  assert(SizePtrExpr &&
+ "Expected an argument with a pointer to the buffer size.");
+
+  // If the line pointer is null, and n is > 0, there is UB.
+  const auto [LinePtrNotNull, LinePtrNull] = State->assume(*LinePtrSVal);
+  if (LinePtrNull && !LinePtrNotNull) {
+const auto [NIsNotZero, NIsZero] = LinePtrNull->assume(*NSVal);
+if (NIsNotZero && !NIsZero) {
+  if (ExplodedNode *N = C.generateErrorNode(NIsNotZero)) {
+auto R = std::make_unique(BT_SizeNotZero,
+  SizeNotZeroMsg, N);
+bugreporter::trackExpressionValue(N, SizePtrExpr, *R);
+bugreporter::trackExpressionValue(N, LinePtrPtrExpr, *R);
+C.emitReport(std::move(R));
+  }
+  return nullptr;
+}
+return NIsZero;
+  }
+  return LinePtrNotNull;
+}
+
+void StreamChecker::preGetdelim(const FnDescription *Desc,
+const CallEvent &Call,
+CheckerContext &C) const {
+  ProgramStateRef State = C.getState();
+  SVal StreamVal = getStreamArg(Desc, Call);
+
+  auto AddTransitionOnReturn = llvm::make_scope_exit([&] {
+if (State != nullptr) {
+  C.addTransition(State);
+}
+  });
+
+  State = ensureStreamNonNull(StreamVal, Call.getArgExpr(Desc->StreamArgNo), C,
+  State);
+  if (!State)
+return;
+  State = ensureStreamOpened(StreamVal, C, State);
+  if (!State)
+return;
+  State = ensureNoFilePositionIndeterminate(StreamVal, C, State);
+  if (!State)
+return;
+
+  // The parameter `n` must not be NULL.
+  SVal SizePtrSval = Call.getArgSVal(1);
+  State = ensurePtrNotNull(SizePtrSval, Call.getArgExpr(1), C, State, "Size");
+  if (!State)
+return;
+
+  // The parameter `lineptr` must not be NULL.
+  SVal LinePtrPtrSVal = Call.getArgSVal(0);
+  State =
+  ensurePtrNotNull(LinePtrPtrSVal, Call.getArgExpr(0), C, State, "Line");
+  if (!State)
+return;
+
+  // If `lineptr` points to a NULL pointer, `*n` must be 0.
+  State =
+  ensureSizeZeroIfLineNull(LinePtrPtrSVal, SizePtrSval, Call.getArgExpr(0),
+   Call.getArgExpr(1), C, State);
+  if (!State)
+return;
+
+  SymbolRef Sym = StreamVal.getAsSymbol();
+  if (Sym && State->get(Sym)) {
+const StreamState *SS = State->get(Sym);
+if (SS->ErrorState & ErrorFEof)
+  reportFEofWarning(Sym, C, State);
+  } else {
+C.addTransition(State);
+  }

steakhal wrote:

```suggestion
  }
```
You add this transition anyways via the scope_exit.

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 



@@ -1196,6 +1342,11 @@ void StreamChecker::evalGetdelim(const FnDescription 
*Desc,
   E.isStreamEof() ? ErrorFEof : ErrorFEof | ErrorFError;
   StateFailed = E.setStreamState(
   StateFailed, StreamState::getOpened(Desc, NewES, !NewES.isFEof()));
+  // On failure, the content of the buffer is undefined.
+  if (auto NewLinePtr = getPointeeDefVal(Call.getArgSVal(0), State)) {
+StateFailed = StateFailed->bindLoc(*NewLinePtr, UndefinedVal(),
+   C.getLocationContext());
+  }

steakhal wrote:

Did you test that reading from the line buffer after a `getdelim` fails, would 
trigger a "garbage read" sink?

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 



@@ -1183,6 +1315,20 @@ void StreamChecker::evalGetdelim(const FnDescription 
*Desc,
 State->BindExpr(E.CE, C.getLocationContext(), RetVal);
 StateNotFailed =
 E.assumeBinOpNN(StateNotFailed, BO_GE, RetVal, E.getZeroVal(Call));
+// The buffer size `*n` must be enough to hold the whole line, and
+// greater than the return value, since it has to account for '\0'.
+auto SizePtrSval = Call.getArgSVal(1);
+auto NVal = getPointeeDefVal(SizePtrSval, State);
+if (NVal) {
+  StateNotFailed = StateNotFailed->assume(
+  E.SVB
+  .evalBinOp(StateNotFailed, BinaryOperator::Opcode::BO_GT, *NVal,
+ RetVal, E.SVB.getConditionType())
+  .castAs(),
+  true);

steakhal wrote:

```suggestion
  StateNotFailed = StateNotFailed->assume(
  E.SVB
  .evalBinOp(StateNotFailed, BO_GT, *NVal, RetVal, 
E.SVB.getConditionType())
  .castAs(),
  true);
```
I'm worried a bit that we already constrained retVal: `0 <= retVal`, with the 
previous assumption.
And here `NVal` comes from user code, which we use as an upperbound: `retVal < 
NVal`, which we assume `true`.
This makes me wonder if we could make them contradict and return us a null 
state; which we then unconditionally dereference.

Could you have a test for like this?
```
size_t n = -1;
getline(&buffer, &n, F1); // no-crash
```

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=
Message-ID:
In-Reply-To: 


https://github.com/steakhal requested changes to this pull request.


https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Fix StreamChecker `ftell` and `fgetpos` at indeterminate file position. (PR #84191)

[Balazs Benics via cfe-commits]

@@ -880,6 +883,24 @@ void StreamChecker::preReadWrite(const FnDescription *Desc,
   }
 }
 
+void StreamChecker::preWrite(const FnDescription *Desc, const CallEvent &Call,

steakhal wrote:

Let me share my experience with `std::bind` and with this checker.
Unfortunately, we also have/had a couple (<10) conflicting patches to this 
checker, and I had to rebase 16 times to clang-18. This is fine, but when I 
this many `std::binds`, and sometimes changes where the railing "bool" flag 
meaning was changed, I really had to be on my toes when resolving syntactic & 
semantic conflicts.
I feel the `std::bind` usage got out of hand here, and I now regret not pushing 
back.

The bottom line is, that I think having dedicated handlers dispatching to 
common implementations, or just copy-pasting their implementation while 
specializing it leads to cleaner code than using `std::bind` and directly 
binding to the generic implementation.

https://github.com/llvm/llvm-project/pull/84191
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Avoid a crash in a debug printout function (PR #79446)

[Balazs Benics via cfe-commits]

steakhal wrote:

I'm thinking of backporting this to clang-18, but given that it's only 
developer-facing, I don't think it worth it.
WDYT @NagyDonat?

https://github.com/llvm/llvm-project/pull/79446
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/83585
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model allocation behavior or getdelim/geline (PR #83138)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?=,
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/83138
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][NFC] Trim license header comments to 81 characters (PR #82919)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/82919
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Demonstrate superfluous unsigned >= 0 assumption (PR #78442)

[Balazs Benics via cfe-commits]

=?utf-8?q?Don=C3=A1t?= Nagy ,
=?utf-8?q?Don=C3=A1t?= Nagy 
Message-ID:
In-Reply-To: 


https://github.com/steakhal approved this pull request.

Still looks good.

https://github.com/llvm/llvm-project/pull/78442
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

@@ -0,0 +1,327 @@
+// RUN: %clang_analyze_cc1 
-analyzer-checker=core,alpha.unix.Stream,debug.ExprInspection -verify %s
+
+#include "Inputs/system-header-simulator.h"
+#include "Inputs/system-header-simulator-for-malloc.h"
+#include "Inputs/system-header-simulator-for-valist.h"
+
+void clang_analyzer_eval(int);
+void clang_analyzer_dump_int(int);
+extern void clang_analyzer_dump_ptr(void*);
+extern void clang_analyzer_warnIfReached();

steakhal wrote:

Why do you have these `extern` while not the rest?

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

@@ -13,6 +13,9 @@
 #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_CHECKERHELPERS_H
 #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_CHECKERHELPERS_H
 
+#include "ProgramState_Fwd.h"
+#include "SVals.h"
+

steakhal wrote:

```suggestion

```

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)

[Balazs Benics via cfe-commits]

@@ -1158,6 +1173,123 @@ void StreamChecker::evalUngetc(const FnDescription 
*Desc, const CallEvent &Call,
   C.addTransition(StateFailed);
 }
 
+ProgramStateRef
+StreamChecker::ensurePtrNotNull(SVal PtrVal, const Expr *PtrExpr,
+CheckerContext &C, ProgramStateRef State,
+const StringRef PtrDescr) const {
+  const auto Ptr = PtrVal.getAs();
+  if (!Ptr)
+return nullptr;
+
+  assert(PtrExpr && "Expected an argument");
+
+  const auto [PtrNotNull, PtrNull] = State->assume(*Ptr);
+  if (!PtrNotNull && PtrNull) {
+if (ExplodedNode *N = C.generateErrorNode(PtrNull)) {
+  SmallString<256> buf;
+  llvm::raw_svector_ostream os(buf);
+  os << PtrDescr << " pointer might be NULL.";
+
+  auto R = std::make_unique(BT_SizeNull, buf, N);
+  bugreporter::trackExpressionValue(N, PtrExpr, *R);
+  C.emitReport(std::move(R));
+}
+return nullptr;
+  }
+
+  return PtrNotNull;
+}
+
+ProgramStateRef StreamChecker::ensureSizeZeroIfLineNull(
+SVal LinePtrPtrSVal, SVal SizePtrSVal, const Expr *LinePtrPtrExpr,
+const Expr *SizePtrExpr, CheckerContext &C, ProgramStateRef State) const {
+  static constexpr char SizeNotZeroMsg[] =
+  "Line pointer might be null while n value is not zero";
+
+  // We have a pointer to a pointer to the buffer, and a pointer to the size.
+  // We want what they point at.
+  auto LinePtrSVal = getPointeeDefVal(LinePtrPtrSVal, State);
+  auto NSVal = getPointeeDefVal(SizePtrSVal, State);
+  if (!LinePtrSVal || !NSVal)
+return nullptr;
+
+  assert(LinePtrPtrExpr &&
+ "Expected an argument with a pointer to a pointer to the buffer.");
+  assert(SizePtrExpr &&
+ "Expected an argument with a pointer to the buffer size.");
+
+  // If the line pointer is null, and n is > 0, there is UB.
+  const auto [LinePtrNotNull, LinePtrNull] = State->assume(*LinePtrSVal);
+  if (LinePtrNull && !LinePtrNotNull) {
+const auto [NIsNotZero, NIsZero] = LinePtrNull->assume(*NSVal);
+if (NIsNotZero && !NIsZero) {
+  if (ExplodedNode *N = C.generateErrorNode(NIsNotZero)) {
+auto R = std::make_unique(BT_SizeNotZero,
+  SizeNotZeroMsg, N);
+bugreporter::trackExpressionValue(N, SizePtrExpr, *R);
+bugreporter::trackExpressionValue(N, LinePtrPtrExpr, *R);
+C.emitReport(std::move(R));
+  }
+  return nullptr;
+}
+return NIsZero;
+  }
+  return LinePtrNotNull;
+}
+
+void StreamChecker::preGetdelim(const FnDescription *Desc,
+const CallEvent &Call,
+CheckerContext &C) const {
+  ProgramStateRef State = C.getState();
+  SVal StreamVal = getStreamArg(Desc, Call);
+
+  auto AddTransitionOnReturn = llvm::make_scope_exit([&] {
+if (State != nullptr) {
+  C.addTransition(State);
+}
+  });
+
+  State = ensureStreamNonNull(StreamVal, Call.getArgExpr(Desc->StreamArgNo), C,
+  State);
+  if (!State)
+return;
+  State = ensureStreamOpened(StreamVal, C, State);
+  if (!State)
+return;
+  State = ensureNoFilePositionIndeterminate(StreamVal, C, State);
+  if (!State)
+return;
+
+  // n must not be NULL

steakhal wrote:

We use capitalized and punctuated comments in LLVM.
Check the rest of the new comments as well.

https://github.com/llvm/llvm-project/pull/83027
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

[Balazs Benics via cfe-commits]

https://github.com/steakhal approved this pull request.


https://github.com/llvm/llvm-project/pull/83585
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][NFC] Trim license header comments to 81 characters (PR #82919)

[Balazs Benics via cfe-commits]

@@ -1,10 +1,10 @@
-//===- unittest/ASTMatchers/Dynamic/VariantValueTest.cpp - VariantValue unit 
tests -===//
+// unittest/ASTMatchers/Dynamic/VariantValueTest.cpp - VariantValue unit tests

steakhal wrote:

Fixed.

https://github.com/llvm/llvm-project/pull/82919
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][NFC] Trim license header comments to 81 characters (PR #82919)

[Balazs Benics via cfe-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/82919

>From 319329630e0d2a86b22dd435985026ea236f8e56 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Sun, 25 Feb 2024 12:48:06 +0100
Subject: [PATCH 1/2] [clang][NFC] Trim license header comments to 81
 characters

clang-format would format these headers poorly by splitting it into
multiple lines.

```regex
//=.{78,}
```
---
 clang/include/clang/AST/DeclOpenMP.h  | 2 +-
 clang/include/clang/AST/ParentMapContext.h| 2 +-
 clang/include/clang/Basic/OpenCLExtensionTypes.def| 2 +-
 clang/include/clang/Basic/RISCVVTypes.def | 8 
 clang/include/clang/Basic/arm_neon_incl.td| 2 +-
 .../include/clang/Serialization/PCHContainerOperations.h  | 2 +-
 .../clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h   | 2 +-
 clang/lib/ARCMigrate/TransGCAttrs.cpp | 2 +-
 clang/lib/AST/Interp/ByteCodeEmitter.h| 2 +-
 clang/lib/AST/Interp/FunctionPointer.h| 2 +-
 clang/lib/AST/Interp/PrimType.h   | 2 +-
 clang/lib/Driver/ToolChains/Arch/Mips.h   | 2 +-
 clang/lib/Driver/ToolChains/Arch/Sparc.h  | 2 +-
 clang/lib/Headers/llvm_libc_wrappers/assert.h | 2 +-
 clang/lib/Sema/AnalysisBasedWarnings.cpp  | 2 +-
 clang/lib/Sema/SemaChecking.cpp   | 2 +-
 .../lib/StaticAnalyzer/Checkers/DirectIvarAssignment.cpp  | 2 +-
 .../Checkers/ObjCAutoreleaseWriteChecker.cpp  | 2 +-
 .../lib/StaticAnalyzer/Checkers/STLAlgorithmModeling.cpp  | 2 +-
 clang/lib/StaticAnalyzer/Checkers/SimpleStreamChecker.cpp | 2 +-
 clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp  | 2 +-
 clang/lib/Tooling/Refactoring/AtomicChange.cpp| 2 +-
 clang/test/Analysis/misc-ps-region-store.mm   | 4 ++--
 clang/test/Rewriter/rewrite-modern-class.mm   | 2 +-
 .../tools/clang-fuzzer/proto-to-llvm/loop_proto_to_llvm.h | 2 +-
 clang/tools/diagtool/DiagTool.cpp | 2 +-
 clang/unittests/AST/ASTImporterODRStrategiesTest.cpp  | 2 +-
 clang/unittests/ASTMatchers/Dynamic/RegistryTest.cpp  | 4 ++--
 clang/unittests/ASTMatchers/Dynamic/VariantValueTest.cpp  | 4 ++--
 .../CXXOperatorCallExprTraverser.cpp  | 2 +-
 .../RecursiveASTVisitorTests/CallbacksBinaryOperator.cpp  | 4 ++--
 .../CallbacksCompoundAssignOperator.cpp   | 2 +-
 .../RecursiveASTVisitorTests/CallbacksUnaryOperator.cpp   | 4 ++--
 .../InitListExprPostOrderNoQueue.cpp  | 2 +-
 .../InitListExprPreOrderNoQueue.cpp   | 2 +-
 .../TemplateArgumentLocTraverser.cpp  | 2 +-
 36 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/clang/include/clang/AST/DeclOpenMP.h 
b/clang/include/clang/AST/DeclOpenMP.h
index 73725e6e85666a..8fdfddb6c1fd74 100644
--- a/clang/include/clang/AST/DeclOpenMP.h
+++ b/clang/include/clang/AST/DeclOpenMP.h
@@ -1,4 +1,4 @@
-//===- DeclOpenMP.h - Classes for representing OpenMP directives -*- C++ 
-*-===//
+//===- DeclOpenMP.h - Classes for representing OpenMP directives -*- C++ 
-*-==//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
diff --git a/clang/include/clang/AST/ParentMapContext.h 
b/clang/include/clang/AST/ParentMapContext.h
index d3b2e3986a9935..6f79038627d9e1 100644
--- a/clang/include/clang/AST/ParentMapContext.h
+++ b/clang/include/clang/AST/ParentMapContext.h
@@ -1,4 +1,4 @@
-//===- ParentMapContext.h - Map of parents using DynTypedNode ---*- C++ 
-*-===//
+//===- ParentMapContext.h - Map of parents using DynTypedNode ---*- C++ 
-*-===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
diff --git a/clang/include/clang/Basic/OpenCLExtensionTypes.def 
b/clang/include/clang/Basic/OpenCLExtensionTypes.def
index 17c72d69a02065..50ea826c18a77c 100644
--- a/clang/include/clang/Basic/OpenCLExtensionTypes.def
+++ b/clang/include/clang/Basic/OpenCLExtensionTypes.def
@@ -1,4 +1,4 @@
-//===-- OpenCLExtensionTypes.def - Metadata about BuiltinTypes --*- C++ 
-*-===//
+//===-- OpenCLExtensionTypes.def - Metadata about BuiltinTypes --*- C++ 
-*-===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
diff --git a/clang/include/clang/Basic/RISCVVTypes.def 
b/clang/include/clang/Basic/RISCVVTypes.def
index 6620de8ad50e01..ccb8cb39068e2b 100644
--- a/clang/include/clang/Basic/RISCVVTypes.def
+++ b/clang/include/clang/Basic/RISCVVTypes.def
@@ -383,7 +383,7 @@ RVV_VECTOR_TYPE_INT("__rvv_uint64m2x4_t", RvvUint64m2x4, 
RvvUint64m2x4Ty, 2, 64,
 
 RVV_VECTOR_TYPE_INT("__rvv_uint64m4x2_t", RvvUint64m4x

[clang] [analyzer][NFC] Document check::ASTCodeBody checker callback (PR #84160)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/84160
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Document check::ASTCodeBody checker callback (PR #84160)

[Balazs Benics via cfe-commits]

@@ -33,30 +33,33 @@ namespace ento {
 /// checking.
 ///
 /// \sa CheckerContext
-class CheckerDocumentation : public Checker< check::PreStmt,
-   check::PostStmt,
-   check::PreObjCMessage,
-   check::PostObjCMessage,
-   check::ObjCMessageNil,
-   check::PreCall,
-   check::PostCall,
-   check::BranchCondition,
-   check::NewAllocator,
-   check::Location,
-   check::Bind,
-   check::DeadSymbols,
-   check::BeginFunction,
-   check::EndFunction,
-   check::EndAnalysis,
-   check::EndOfTranslationUnit,
-   eval::Call,
-   eval::Assume,
-   check::LiveSymbols,
-   check::RegionChanges,
-   check::PointerEscape,
-   check::ConstPointerEscape,
-   check::Event,
-   check::ASTDecl > {
+class CheckerDocumentation : public Checker<   //
+ check::ASTCodeBody,   //
+ check::ASTDecl, //
+ check::BeginFunction, //
+ check::Bind,  //
+ check::BranchCondition,   //
+ check::ConstPointerEscape,//
+ check::DeadSymbols,   //
+ check::EndAnalysis,   //
+ check::EndFunction,   //
+ check::EndOfTranslationUnit,  //
+ check::Event, //
+ check::LiveSymbols,   //
+ check::Location,  //
+ check::NewAllocator,  //
+ check::ObjCMessageNil,//
+ check::PointerEscape, //
+ check::PostCall,  //
+ check::PostObjCMessage,   //
+ check::PostStmt,//
+ check::PreCall,   //
+ check::PreObjCMessage,//
+ check::PreStmt,   //
+ check::RegionChanges, //
+ eval::Assume, //
+ eval::Call//

steakhal wrote:

Fixed.

https://github.com/llvm/llvm-project/pull/84160
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Document check::ASTCodeBody checker callback (PR #84160)

[Balazs Benics via cfe-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/84160

>From a3da80aa7114d938e9cc3f03ec7941c91fbf Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 6 Mar 2024 13:05:44 +0100
Subject: [PATCH 1/2] [analyzer][NFC] Document check::ASTCodeBody checker
 callback

Fixes #73764

With this patch, now all the callbacks are demonstrated here.
---
 .../Checkers/CheckerDocumentation.cpp | 58 +++
 1 file changed, 34 insertions(+), 24 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp 
b/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
index 01e0bed54cc6ed..ba66a2254cc777 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
@@ -33,30 +33,33 @@ namespace ento {
 /// checking.
 ///
 /// \sa CheckerContext
-class CheckerDocumentation : public Checker< check::PreStmt,
-   check::PostStmt,
-   check::PreObjCMessage,
-   check::PostObjCMessage,
-   check::ObjCMessageNil,
-   check::PreCall,
-   check::PostCall,
-   check::BranchCondition,
-   check::NewAllocator,
-   check::Location,
-   check::Bind,
-   check::DeadSymbols,
-   check::BeginFunction,
-   check::EndFunction,
-   check::EndAnalysis,
-   check::EndOfTranslationUnit,
-   eval::Call,
-   eval::Assume,
-   check::LiveSymbols,
-   check::RegionChanges,
-   check::PointerEscape,
-   check::ConstPointerEscape,
-   check::Event,
-   check::ASTDecl > {
+class CheckerDocumentation : public Checker<   //
+ check::ASTCodeBody,   //
+ check::ASTDecl, //
+ check::BeginFunction, //
+ check::Bind,  //
+ check::BranchCondition,   //
+ check::ConstPointerEscape,//
+ check::DeadSymbols,   //
+ check::EndAnalysis,   //
+ check::EndFunction,   //
+ check::EndOfTranslationUnit,  //
+ check::Event, //
+ check::LiveSymbols,   //
+ check::Location,  //
+ check::NewAllocator,  //
+ check::ObjCMessageNil,//
+ check::PointerEscape, //
+ check::PostCall,  //
+ check::PostObjCMessage,   //
+ check::PostStmt,//
+ check::PreCall,   //
+ check::PreObjCMessage,//
+ check::PreStmt,   //
+ check::RegionChanges, //
+ eval::Assume, //
+ eval::Call//
+ > {
 public:
   /// Pre-visit the Statement.
   ///
@@ -321,6 +324,13 @@ class CheckerDocumentation : public Checker< 
check::PreStmt,
   void checkASTDecl(const FunctionDecl *D,
 AnalysisManager &Mgr,
 BugReporter &BR) const {}
+
+  /// Check every declaration that has a statement body in the AST.
+  ///
+  /// As AST traversal callback, which should only be used when the checker is
+  /// not path sensitive. It will be called for every Declaration in the AST.
+  void checkASTCodeBody(const Decl *D, AnalysisManager &Mgr,
+BugReporter &BR) const {}
 };
 
 void CheckerDocumentation::checkPostStmt(const DeclStmt *DS,

>From e7ee37d91774d2add3901cb1c5da81a3a9a824ed Mon Sep 

[clang] [analyzer][NFC] Document check::ASTCodeBody checker callback (PR #84160)

[Balazs Benics via cfe-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/84160

Fixes #73764

With this patch, now all the callbacks are demonstrated here.

>From a3da80aa7114d938e9cc3f03ec7941c91fbf Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 6 Mar 2024 13:05:44 +0100
Subject: [PATCH] [analyzer][NFC] Document check::ASTCodeBody checker callback

Fixes #73764

With this patch, now all the callbacks are demonstrated here.
---
 .../Checkers/CheckerDocumentation.cpp | 58 +++
 1 file changed, 34 insertions(+), 24 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp 
b/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
index 01e0bed54cc6ed..ba66a2254cc777 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
@@ -33,30 +33,33 @@ namespace ento {
 /// checking.
 ///
 /// \sa CheckerContext
-class CheckerDocumentation : public Checker< check::PreStmt,
-   check::PostStmt,
-   check::PreObjCMessage,
-   check::PostObjCMessage,
-   check::ObjCMessageNil,
-   check::PreCall,
-   check::PostCall,
-   check::BranchCondition,
-   check::NewAllocator,
-   check::Location,
-   check::Bind,
-   check::DeadSymbols,
-   check::BeginFunction,
-   check::EndFunction,
-   check::EndAnalysis,
-   check::EndOfTranslationUnit,
-   eval::Call,
-   eval::Assume,
-   check::LiveSymbols,
-   check::RegionChanges,
-   check::PointerEscape,
-   check::ConstPointerEscape,
-   check::Event,
-   check::ASTDecl > {
+class CheckerDocumentation : public Checker<   //
+ check::ASTCodeBody,   //
+ check::ASTDecl, //
+ check::BeginFunction, //
+ check::Bind,  //
+ check::BranchCondition,   //
+ check::ConstPointerEscape,//
+ check::DeadSymbols,   //
+ check::EndAnalysis,   //
+ check::EndFunction,   //
+ check::EndOfTranslationUnit,  //
+ check::Event, //
+ check::LiveSymbols,   //
+ check::Location,  //
+ check::NewAllocator,  //
+ check::ObjCMessageNil,//
+ check::PointerEscape, //
+ check::PostCall,  //
+ check::PostObjCMessage,   //
+ check::PostStmt,//
+ check::PreCall,   //
+ check::PreObjCMessage,//
+ check::PreStmt,   //
+ check::RegionChanges, //
+ eval::Assume, //
+ eval::Call//
+ > {
 public:
   /// Pre-visit the Statement.
   ///
@@ -321,6 +324,13 @@ class CheckerDocumentation : public Checker< 
check::PreStmt,
   void checkASTDecl(const FunctionDecl *D,
 AnalysisManager &Mgr,
 BugReporter &BR) const {}
+
+  /// Check every declaration that has a statement body in the AST.
+  ///
+  /// As AST traversal callback, which should only be used when the checker is
+  /// not path sensitive. It will be called for every Declaration in the AST.
+  void checkASTCodeBody(const Decl *D, AnalysisManager &Mgr,
+BugReporter &BR) const {}
 };
 
 void CheckerDocumentation::checkPostStmt(cons

[clang] Reapply "[clang][analyzer] StreamChecker: Model getc, vfscanf, putc, … (PR #83281)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/83281
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] Reapply "[clang][analyzer] StreamChecker: Model getc, vfscanf, putc, … (PR #83281)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: 


https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/83281

>From a9419bc3ffa3d383a9373f0a116795162632dd40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20=C3=81lvarez=20Ayll=C3=B3n?=
 
Date: Wed, 28 Feb 2024 16:49:35 +0100
Subject: [PATCH 1/2] Reapply "[clang][analyzer] StreamChecker: Model getc,
 vfscanf, putc, vfprintf (#82476)"

This reverts commit 570bc5d291f92e19f6264262b02ddff1a2f2e09b
---
 .../StaticAnalyzer/Checkers/StreamChecker.cpp | 34 ---
 ...ystem-header-simulator-for-simple-stream.h |  2 +-
 .../system-header-simulator-for-valist.h  |  6 +++
 .../Analysis/Inputs/system-header-simulator.h |  3 ++
 clang/test/Analysis/stream-invalidate.c   | 42 +++
 clang/test/Analysis/stream.c  | 39 -
 6 files changed, 119 insertions(+), 7 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
index 65bdc4cac30940..f9928e1325c53d 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
@@ -348,18 +348,30 @@ class StreamChecker : public CheckergetType();
-  if (!T->isIntegralOrEnumerationType() && !T->isPointerType())
+  if (!T->isIntegralOrEnumerationType() && !T->isPointerType() &&
+  T.getCanonicalType() != VaListType)
 return nullptr;
 }
 
@@ -600,6 +615,11 @@ class StreamChecker : public CheckerPreFn)
@@ -1038,10 +1059,13 @@ void StreamChecker::evalFscanf(const FnDescription 
*Desc, const CallEvent &Call,
 if (!StateNotFailed)
   return;
 
-SmallVector EscArgs;
-for (auto EscArg : llvm::seq(2u, Call.getNumArgs()))
-  EscArgs.push_back(EscArg);
-StateNotFailed = escapeArgs(StateNotFailed, C, Call, EscArgs);
+if (auto const *Callee = Call.getCalleeIdentifier();
+!Callee || !Callee->getName().equals("vfscanf")) {
+  SmallVector EscArgs;
+  for (auto EscArg : llvm::seq(2u, Call.getNumArgs()))
+EscArgs.push_back(EscArg);
+  StateNotFailed = escapeArgs(StateNotFailed, C, Call, EscArgs);
+}
 
 if (StateNotFailed)
   C.addTransition(StateNotFailed);
diff --git 
a/clang/test/Analysis/Inputs/system-header-simulator-for-simple-stream.h 
b/clang/test/Analysis/Inputs/system-header-simulator-for-simple-stream.h
index 098a2208fecbe9..c26d3582149120 100644
--- a/clang/test/Analysis/Inputs/system-header-simulator-for-simple-stream.h
+++ b/clang/test/Analysis/Inputs/system-header-simulator-for-simple-stream.h
@@ -5,7 +5,7 @@
 // suppressed.
 #pragma clang system_header
 
-typedef struct __sFILE {
+typedef struct _FILE {
   unsigned char *_p;
 } FILE;
 FILE *fopen(const char *restrict, const char *restrict) __asm("_" "fopen" );
diff --git a/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h 
b/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h
index 7299b61353d460..720944abb8ad47 100644
--- a/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h
+++ b/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h
@@ -10,6 +10,8 @@
 #define restrict /*restrict*/
 #endif
 
+typedef struct _FILE FILE;
+
 typedef __builtin_va_list va_list;
 
 #define va_start(ap, param) __builtin_va_start(ap, param)
@@ -21,6 +23,10 @@ int vprintf (const char *restrict format, va_list arg);
 
 int vsprintf (char *restrict s, const char *restrict format, va_list arg);
 
+int vfprintf(FILE *stream, const char *format, va_list ap);
+
+int vfscanf(FILE *stream, const char *format, va_list ap);
+
 int some_library_function(int n, va_list arg);
 
 // No warning from system header.
diff --git a/clang/test/Analysis/Inputs/system-header-simulator.h 
b/clang/test/Analysis/Inputs/system-header-simulator.h
index 15986984802c0e..8fd51449ecc0a4 100644
--- a/clang/test/Analysis/Inputs/system-header-simulator.h
+++ b/clang/test/Analysis/Inputs/system-header-simulator.h
@@ -73,6 +73,9 @@ int ferror(FILE *stream);
 int fileno(FILE *stream);
 int fflush(FILE *stream);
 
+
+int getc(FILE *stream);
+
 size_t strlen(const char *);
 
 char *strcpy(char *restrict, const char *restrict);
diff --git a/clang/test/Analysis/stream-invalidate.c 
b/clang/test/Analysis/stream-invalidate.c
index 6745d11a2fe701..5046a356d0583d 100644
--- a/clang/test/Analysis/stream-invalidate.c
+++ b/clang/test/Analysis/stream-invalidate.c
@@ -4,6 +4,7 @@
 // RUN: -analyzer-checker=debug.ExprInspection
 
 #include "Inputs/system-header-simulator.h"
+#include "Inputs/system-header-simulator-for-valist.h"
 
 void clang_analyzer_eval(int);
 void clang_analyzer_dump(int);
@@ -145,3 +146,44 @@ void test_fgetpos() {
 
   fclose(F);
 }
+
+void test_fprintf() {
+  FILE *F1 = tmpfile();
+  if (!F1)
+return;
+
+  unsigned a = 42;
+  char *output = "HELLO";
+  int r = fprintf(F1, "%s\t%u\n", output, a);
+  // fprintf does not invalidate any of its input
+  // 69 is asci

[clang] Reapply "[clang][analyzer] StreamChecker: Model getc, vfscanf, putc, … (PR #83281)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=
Message-ID:
In-Reply-To: 


https://github.com/steakhal approved this pull request.


https://github.com/llvm/llvm-project/pull/83281
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Demonstrate superfluous unsigned >= 0 assumption (PR #78442)

[Balazs Benics via cfe-commits]

https://github.com/steakhal approved this pull request.


https://github.com/llvm/llvm-project/pull/78442
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Fix crash in loop unrolling (PR #82089)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/82089
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Crash on loop unrolling mode (PR #82089)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/82089
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Crash on loop unrolling mode (PR #82089)

[Balazs Benics via cfe-commits]

https://github.com/steakhal approved this pull request.

LGTM

https://github.com/llvm/llvm-project/pull/82089
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] Reapply "[clang][analyzer] StreamChecker: Model getc, vfscanf, putc, … (PR #83281)

[Balazs Benics via cfe-commits]

Alejandro =?utf-8?q?=C3=81lvarez_Ayll=C3=B3n?=
Message-ID:
In-Reply-To: 


steakhal wrote:

@alejandro-alvarez-sonarsource Should we merge this, and give it a try?

https://github.com/llvm/llvm-project/pull/83281
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

[Balazs Benics via cfe-commits]

@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -std=c++23 -verify %s
+// expected-no-diagnostics
+
+struct S {
+  bool operator==(this auto, S) {
+return true;
+  }
+};
+int use_deducing_this() {
+  return S{} == S{};

steakhal wrote:

```suggestion
  return S{} == S{}; // no-crash
```

https://github.com/llvm/llvm-project/pull/83585
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83585
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

[Balazs Benics via cfe-commits]

https://github.com/steakhal commented:

The patch looks a lot better this way. Thanks!

I'd recommend adding this test to the existing 
`clang/test/Analysis/cxx2b-deducing-this.cpp` test file to have all deducing 
this testcases at a common place.

https://github.com/llvm/llvm-project/pull/83585
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  constexpr int BufferMaxSize = 256;
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+return;
+
+  State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write);
+  if (!State)
+return;
+
+  auto SizeLoc = SizeVal.getAs();
+  auto size = SizeLoc->getValue().getExtValue();
+
+  if (size > BufferMaxSize) {
+ErrorMessage Message;
+llvm::raw_svector_ostream Os(Message);
+Os << " destination buffer size is greater than " << BufferMaxSize;
+emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message);
+return;
+  }

steakhal wrote:

Inside `checkBufferAccess` there should be a part where the `size-1` index is 
checked for buffers; thus it should cover the case you mentioned.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Improve documentation of StreamChecker (NFC). (PR #83858)

[Balazs Benics via cfe-commits]

=?utf-8?q?Balázs_Kéri?= 
Message-ID:
In-Reply-To: 



@@ -3020,44 +3020,82 @@ Check for misuses of stream APIs. Check for misuses of 
stream APIs: ``fopen, fcl
 
 alpha.unix.Stream (C)
 "
-Check stream handling functions: ``fopen, tmpfile, fclose, fread, fwrite, 
fseek, ftell, rewind, fgetpos,``
-``fsetpos, clearerr, feof, ferror, fileno``.
+Check C stream handling functions:
+``fopen, fdopen, freopen, tmpfile, fclose, fread, fwrite, fgetc, fgets, fputc, 
fputs, fprintf, fscanf, ungetc, getdelim, getline, fseek, fseeko, ftell, 
ftello, fflush, rewind, fgetpos, fsetpos, clearerr, feof, ferror, fileno``.
+
+The checker maintains information about the C stream objects (``FILE *``) and
+can detect error conditions related to use of streams. The following conditions
+are detected:
+
+* The ``FILE *`` pointer passed to the function is NULL (the single exception 
is
+  ``fflush`` where NULL is allowed).
+* Use of stream after close.
+* Opened stream is not closed.
+* Read from a stream after end-of-file. (This is not a fatal error but reported
+  by the checker. Stream remains in EOF state and the read operation fails.)

steakhal wrote:

I can see `NULL` and `EOF` (maybe others) spelled in the docs without double 
backticks.
Do you think we should escape those to have verbatim code highlighting?

https://github.com/llvm/llvm-project/pull/83858
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Bring cplusplus.ArrayDelete out of alpha (PR #83985)

[Balazs Benics via cfe-commits]

steakhal wrote:

I'm fine with the change.

https://github.com/llvm/llvm-project/pull/83985
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Make CheckerDocumentation checker in-sync with actual checker callbacks (PR #83973)

[Balazs Benics via cfe-commits]

https://github.com/steakhal closed 
https://github.com/llvm/llvm-project/pull/83973
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Make CheckerDocumentation checker in-sync with actual checker callbacks (PR #83973)

[Balazs Benics via cfe-commits]

steakhal wrote:

> LGTM.
> 
> Minor remark: "signatires" is misspelled in the commit message.

Fixed the typos. Thanks!

https://github.com/llvm/llvm-project/pull/83973
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Make CheckerDocumentation checker in-sync with actual checker callbacks (PR #83973)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83973
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  constexpr int BufferMaxSize = 256;
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+return;
+
+  State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write);
+  if (!State)
+return;
+
+  auto SizeLoc = SizeVal.getAs();
+  auto size = SizeLoc->getValue().getExtValue();
+
+  if (size > BufferMaxSize) {
+ErrorMessage Message;
+llvm::raw_svector_ostream Os(Message);
+Os << " destination buffer size is greater than " << BufferMaxSize;
+emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message);
+return;
+  }

steakhal wrote:

```suggestion
```
This hunk seems to be unnecessary as `CheckBufferAccess` supposed to check both 
ends of the buffer.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  constexpr int BufferMaxSize = 256;
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+return;
+
+  State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write);
+  if (!State)
+return;
+
+  auto SizeLoc = SizeVal.getAs();
+  auto size = SizeLoc->getValue().getExtValue();
+
+  if (size > BufferMaxSize) {
+ErrorMessage Message;
+llvm::raw_svector_ostream Os(Message);
+Os << " destination buffer size is greater than " << BufferMaxSize;
+emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message);
+return;
+  }
+
+  State = invalidateDestinationBufferBySize(C, State, Buffer.Expression,
+C.getSVal(Buffer.Expression),
+SizeVal, SizeTy);
+
+  C.addTransition(State);

steakhal wrote:

I think you did not evaluate the return value for this eval call. You must bind 
a value as the call expression in eval call.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  constexpr int BufferMaxSize = 256;
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);

steakhal wrote:

I think you forgot to bail out if `StateZeroSize && StateNonZeroSize`.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+const CallEvent &Call) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  constexpr int BufferMaxSize = 256;
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+  assumeZero(C, State, SizeVal, SizeTy);
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);

steakhal wrote:

`StateNonZeroSize` might be null here; see my previous comment.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

https://github.com/steakhal requested changes to this pull request.

Thanks for the PR!

At first I was hesitant if this checker is the right place for this API.
But actually, it should be fine to have it here.
Maybe the stdlibraryfunctionschecker would be a better place in long term, but 
I don't think that has DSL for buffer accesses, like we have here. Maybe 
@balazske has some opinion on this.

Anyways, I'd like to see tests for about any aspects of this API.
 - Under what conditions it writes to the buffer (aka. length > 0).
 - When can the checker issue a diagnostic (null buffer, small buffer)
 - What if `length` is symbolic and constrained to be really large (e.g. 
`length > 300`)
 - What if the `length` and the `buffer` is symbolic (unconstrained), did we 
infer that `length <= 256` after the call?
 - etc, could be more cases, but I only named what came in my mind.

https://github.com/llvm/llvm-project/pull/83675
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer][NFC] Make CheckerDocumentation checker in-sync with actual checker callbacks (PR #83973)

[Balazs Benics via cfe-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/83973

In PR #83677 I was surprised to see that outdated checker callback signatures 
are a problem. It turns out, we need the `registerChecker...` function to 
invoke the `Mgr.registerChecker<>()` which would instantiate the `_register` 
calls, that would take the address of the defined checker callbacks. 
Consequently, if the expected signatires mismatch, it won't complie from now 
on, so we have static guarantee that this issue never pops up again.

Given we need the `register` call, at this point we could just hook this 
checker into the `debug` package and make it never registered. It shouldn't 
hurt anyone :)

>From 8d6e6fe68663d9788a994a214c8f29c5f4e2a958 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Tue, 5 Mar 2024 09:29:19 +0100
Subject: [PATCH] [analyzer][NFC] Make CheckerDocumentation checker in-sync
 with actual checker callbacks

In PR #83677 I was surprised to see that outdated checker callback
signatures are a problem. It turns out, we need the `registerChecker...`
function to invoke the `Mgr.registerChecker<>()` which would instantiate
the `_register` calls, that would take the address of the defined
checker callbacks. Consequently, if the expected signatires mismatch, it
won't complie from now on, so we have static guarantee that this issue
never pops up again.

Given we need the `register` call, at this point we could just hook this
checker into the `debug` package and make it never registered.
It shouldn't hurt anyone :)
---
 .../clang/StaticAnalyzer/Checkers/Checkers.td   |  4 
 .../Checkers/CheckerDocumentation.cpp   | 13 +
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td 
b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
index a224b81c33a624..686e5e99f4a62c 100644
--- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
+++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
@@ -1654,6 +1654,10 @@ def StdCLibraryFunctionsTesterChecker : 
Checker<"StdCLibraryFunctionsTester">,
   WeakDependencies<[StdCLibraryFunctionsChecker]>,
   Documentation;
 
+def CheckerDocumentationChecker : Checker<"CheckerDocumentation">,
+  HelpText<"Defines an empty checker callback for all possible handlers.">,
+  Documentation;
+
 } // end "debug"
 
 
diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp 
b/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
index 0ca0c487b64550..01e0bed54cc6ed 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CheckerDocumentation.cpp
@@ -137,10 +137,7 @@ class CheckerDocumentation : public Checker< 
check::PreStmt,
   /// (2) and (3). Post-call for the allocator is called after step (1).
   /// Pre-statement for the new-expression is called on step (4) when the value
   /// of the expression is evaluated.
-  /// \param NE The C++ new-expression that triggered the allocation.
-  /// \param Target The allocated region, casted to the class type.
-  void checkNewAllocator(const CXXNewExpr *NE, SVal Target,
- CheckerContext &) const {}
+  void checkNewAllocator(const CXXAllocatorCall &, CheckerContext &) const {}
 
   /// Called on a load from and a store to a location.
   ///
@@ -330,5 +327,13 @@ void CheckerDocumentation::checkPostStmt(const DeclStmt 
*DS,
  CheckerContext &C) const {
 }
 
+void registerCheckerDocumentationChecker(CheckerManager &Mgr) {
+  Mgr.registerChecker();
+}
+
+bool shouldRegisterCheckerDocumentationChecker(const CheckerManager &) {
+  return false;
+}
+
 } // end namespace ento
 } // end namespace clang

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits