[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-24 Thread Balázs Benics via Phabricator via cfe-commits 
This revision was automatically updated to reflect the committed changes.
Closed by commit rG862b93a8095c: [analyzer][docs] Add CSA release notes 
(authored by steakhal).

Changed prior to commit:
  https://reviews.llvm.org/D155445?vs=541356=543390#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

Files:
  clang/docs/ReleaseNotes.rst


Index: clang/docs/ReleaseNotes.rst
===
--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -1002,10 +1002,73 @@
 
 Static Analyzer
 ---
+
 - Fix incorrect alignment attribute on the this parameter of certain
   non-complete destructors when using the Microsoft ABI.
   (`#60465 `_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  Use `-fstrict-flex-arrays=
+  
`_
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+
+- Fixed some bugs (including crashes) around the handling of constant global
+  arrays and their initializer expressions.
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the arguments of ``strcpy`` are
+  known to be of certain lengths and that are in-bounds.
+
+   .. code-block:: c++
+
+struct {
+  void *ptr;
+  char arr[4];
+} x;
+x.ptr = malloc(1);
+// extent of 'arr' is 4, and writing "hi\n" (4 characters),
+// thus no buffer overflow can happen
+strcpy(x.arr, "hi\n");
+free(x.ptr); // no longer reports memory leak here
+
+  Similarly, functions like ``strsep`` now won't invalidate the object
+  containing the destination buffer, because it can never overflow.
+  Note that, ``std::copy`` is still not modeled, and as such, it will still
+  invalidate the enclosing object on call.
+  (`#55019 `_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+  The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+  ``snprintf``.
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+  ``_Nullable`` including block pointers and literal objects.
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+  ``StdCLibraryFunctions``.
+  ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``,
+  ``SEEK_END``, ``SEEK_CUR`` arguments.
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+  the ``MallocChecker``.
+  (`#39713 `_)
+
+- Fixed the infamous unsigned index false-positives in the
+  ``ArrayBoundCheckerV2`` checker.
+  (`#44493 `_)
+
+- Now, taint propagations are tracked further back until the real taint source.
+  This improves all taint-related diagnostics.
+
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+
 .. _release-notes-sanitizers:
 
 Sanitizers


Index: clang/docs/ReleaseNotes.rst
===
--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -1002,10 +1002,73 @@
 
 Static Analyzer
 ---
+
 - Fix incorrect alignment attribute on the this parameter of certain
   non-complete destructors when using the Microsoft ABI.
   (`#60465 `_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  Use `-fstrict-flex-arrays=
+  `_
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+
+- Fixed some bugs (including crashes) around the handling of constant global
+  arrays and their initializer expressions.
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the arguments of ``strcpy`` are
+  known to be of certain lengths and that are in-bounds.
+
+   .. code-block:: c++
+
+struct {
+  void *ptr;
+  char arr[4];
+} x;
+x.ptr = malloc(1);
+// extent of 'arr' is 4, and writing "hi\n" (4 characters),
+// thus no buffer overflow can happen
+strcpy(x.arr, "hi\n");
+free(x.ptr); // no longer reports memory leak here
+
+  Similarly, functions

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-24 Thread Balázs Benics via Phabricator via cfe-commits 
steakhal added a comment.

After removing all commit refs, here is how it looks:
F28416948: image.png 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-19 Thread Balázs Kéri via Phabricator via cfe-commits 
balazske added inline comments.



Comment at: clang/docs/ReleaseNotes.rst:964
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+  (`4f0436dd1532 `_,

The checker checks for much more functions in POSIX mode.
These additional commits:
6dccf5b8d550911f06e492a3a75c640c05efdab3
f12808ab20369c85ddb602e5a78bab40d16bb83f
39670ae3b93470b2d29fe78e6d40c5d82a05e4a1


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-18 Thread Gábor Horváth via Phabricator via cfe-commits 
xazax.hun accepted this revision.
xazax.hun added inline comments.



Comment at: clang/docs/ReleaseNotes.rst:908
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 `_)

steakhal wrote:
> xazax.hun wrote:
> > steakhal wrote:
> > > xazax.hun wrote:
> > > > I think we usually do not mention crash fixes in the changelog. We have 
> > > > them in almost every release and sometimes there are quite a few of 
> > > > them.
> > > I won't mention the explicit commit where it was fixed.
> > > However, downstream users might wanna know about crashes and fixes that 
> > > happened in this release.
> > > And speaking about past practices about release notes, I think we can 
> > > improve on that TBH.
> > > We can move it down on the list if you want, but I'd rather keep it.
> > Is this the only crash fix we had? Moving crash fixes to the bottom of the 
> > list sounds good to me. 
> No, it wasn't. We also had one for init-expr global variable initializers. [[ 
> https://github.com/llvm/llvm-project/commit/558b46fde2db | See ]] 
> I swept that fix under the carpet of "Fixed some bugs around the handling of 
> constant global arrays and their initializer expressions". I made it more 
> explicit now.
> 
> However, at this point, I think it's okay to simply omit the mention of the 
> null deref crash fix.
> Second thoughts?
I have no strong preference, I am fine with both :)


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-18 Thread Balázs Benics via Phabricator via cfe-commits 
steakhal added inline comments.



Comment at: clang/docs/ReleaseNotes.rst:922-923
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the argument of ``strcpy`` is known
+  to be of certain length and that is in-bounds.
+

OikawaKirie wrote:
> The lengths of both src and dst buffers need to be known.
Applied!



Comment at: clang/docs/ReleaseNotes.rst:937
+
+  Similarly, functions like ``strsep`` now won't invalidate the source buffer,
+  because it can never overflow.

OikawaKirie wrote:
> I think this may be a typo here, as we do not invalidate the source buffer 
> originally.
Exactly. Thanks!



Comment at: clang/docs/ReleaseNotes.rst:908
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 `_)

xazax.hun wrote:
> steakhal wrote:
> > xazax.hun wrote:
> > > I think we usually do not mention crash fixes in the changelog. We have 
> > > them in almost every release and sometimes there are quite a few of them.
> > I won't mention the explicit commit where it was fixed.
> > However, downstream users might wanna know about crashes and fixes that 
> > happened in this release.
> > And speaking about past practices about release notes, I think we can 
> > improve on that TBH.
> > We can move it down on the list if you want, but I'd rather keep it.
> Is this the only crash fix we had? Moving crash fixes to the bottom of the 
> list sounds good to me. 
No, it wasn't. We also had one for init-expr global variable initializers. [[ 
https://github.com/llvm/llvm-project/commit/558b46fde2db | See ]] 
I swept that fix under the carpet of "Fixed some bugs around the handling of 
constant global arrays and their initializer expressions". I made it more 
explicit now.

However, at this point, I think it's okay to simply omit the mention of the 
null deref crash fix.
Second thoughts?



Comment at: clang/docs/ReleaseNotes.rst:920-922
+- The ``CStringChecker`` will invalidate less if the copy operation is bounded.
+  (`1bd2d335b649 `_)
+  (`#55019 `_)

OikawaKirie wrote:
> One tiny change to the abstraction.
> The ``CStringChecker`` will invalidate less if the copy operation is 
> **inferable to be** bounded.
I decided to elaborate on this a bit. Let me know if it's too thorough now.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-18 Thread Balázs Benics via Phabricator via cfe-commits 
steakhal updated this revision to Diff 541356.
steakhal marked 2 inline comments as done.
steakhal added a comment.

In D155445#4508728 , @OikawaKirie 
wrote:

> LGTM for my part. Thx.
>
> Since I am not very familiar with other changes, I have no detailed 
> suggestions for the order.

Thanks for the feedback. Applied!

F28297746: image.png 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

Files:
  clang/docs/ReleaseNotes.rst


Index: clang/docs/ReleaseNotes.rst
===
--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -903,6 +903,89 @@
   non-complete destructors when using the Microsoft ABI.
   (`#60465 `_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  Use `-fstrict-flex-arrays= 
`_
+  (`7cd1f3ad22e4 `_)
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+  (`feafbb9fda57 `_)
+
+- Fixed some bugs (including crashes) around the handling of constant global
+  arrays and their initializer expressions.
+  (`ffcf214b5d27 `_,
+  `558b46fde2db `_)
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the arguments of ``strcpy`` are
+  known to be of certain lengths and that are in-bounds.
+
+   .. code-block:: c++
+
+struct {
+  void *ptr;
+  char arr[4];
+} x;
+x.ptr = malloc(1);
+// extent of 'arr' is 4, and writing "hi\n" (4 characters),
+// thus no buffer overflow can happen
+strcpy(x.arr, "hi\n");
+free(x.ptr); // no longer reports memory leak here
+
+  Similarly, functions like ``strsep`` now won't invalidate the object
+  containing the destination buffer, because it can never overflow.
+  Note that, ``std::copy`` is still not modeled, and as such, it will still
+  invalidate the enclosing object on call.
+  (`1bd2d335b649 `_)
+  (`#55019 `_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+  The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+  ``snprintf``.
+  (`ce97312d109b `_)
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+  ``_Nullable`` including block pointers and literal objects.
+  (`b22a5d46179b `_,
+  `77a599ae5828 `_,
+  `fa6b7dd520fc `_,
+  `993060e1d31d `_)
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+  ``StdCLibraryFunctions``.
+  ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``,
+  ``SEEK_END``, ``SEEK_CUR`` arguments.
+  (`2eefd19613b8 `_,
+  `2c60f9c8a4fd `_)
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+  (`4f0436dd1532 `_,
+  `6012cadc400f `_,
+  `258c9bebbdfa `_,
+  `ce1fb03db817 `_,
+  `ddc5d40dd285 `_)
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+  the ``MallocChecker``.
+  (`3b6a368d763e `_)
+  (`#39713 `_)
+
+- Fixed the infamous unsigned index false-positives in the
+  ``ArrayBoundCheckerV2`` checker.
+  (`8c22cbea87be `_,
+  `de2547329b41 `_)
+  (`#44493 `_)
+
+- Now, taint propagations are tracked further back until the real taint source.
+  This improves all

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Ella Ma via Phabricator via cfe-commits 
OikawaKirie accepted this revision.
OikawaKirie added a comment.

LGTM for my part. Thx.

Since I am not very familiar with other changes, I have no detailed suggestions 
for the order.




Comment at: clang/docs/ReleaseNotes.rst:922-923
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the argument of ``strcpy`` is known
+  to be of certain length and that is in-bounds.
+

The lengths of both src and dst buffers need to be known.



Comment at: clang/docs/ReleaseNotes.rst:937
+
+  Similarly, functions like ``strsep`` now won't invalidate the source buffer,
+  because it can never overflow.

I think this may be a typo here, as we do not invalidate the source buffer 
originally.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Balázs Benics via Phabricator via cfe-commits 
steakhal updated this revision to Diff 541175.
steakhal marked 4 inline comments as done.
steakhal added a comment.

Currentl look: F28285701: image.png 

let me know if you like it.
Feel free to propose changes.

I'm not sure about the relative ordering. We should consider some semantic 
ordering. Such as perceived impact on the regular user?

IMO the `taint tracking` and the `ArrayBoundCheckerV2` improvements were quite 
impactful, as both of those were up on the table for a really long time now.
Also, for a similar reason, I think `Objective-C` improvements definitely 
deserve the spotlight.

---

@balazske @donat.nagy WDYT about the `StreamChecker` and the 
`StdCLibraryFunctions` entries? I didn't follow those patches, thus I cannot 
write the notes for it either.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

Files:
  clang/docs/ReleaseNotes.rst


Index: clang/docs/ReleaseNotes.rst
===
--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -903,6 +903,89 @@
   non-complete destructors when using the Microsoft ABI.
   (`#60465 `_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  Use `-fstrict-flex-arrays= 
`_
+  (`7cd1f3ad22e4 `_)
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+  (`feafbb9fda57 `_)
+
+- Fixed some bugs (including crashes) around the handling of constant global
+  arrays and their initializer expressions.
+  (`ffcf214b5d27 `_,
+  `558b46fde2db `_)
+
+- The ``CStringChecker`` will invalidate less if the copy operation is
+  inferable to be bounded. For example, if the argument of ``strcpy`` is known
+  to be of certain length and that is in-bounds.
+
+   .. code-block:: c++
+
+struct {
+  void *ptr;
+  char arr[4];
+} x;
+x.ptr = malloc(1);
+// extent of 'arr' is 4, and writing "hi\n" (4 characters),
+// thus no buffer overflow can happen
+strcpy(x.arr, "hi\n");
+free(x.ptr); // no longer reports memory leak here
+
+  Similarly, functions like ``strsep`` now won't invalidate the source buffer,
+  because it can never overflow.
+  Note that, ``std::copy`` is still not modeled, and as such, it will still
+  invalidate the enclosing object on call.
+  (`1bd2d335b649 `_)
+  (`#55019 `_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+  The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+  ``snprintf``.
+  (`ce97312d109b `_)
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+  ``_Nullable`` including block pointers and literal objects.
+  (`b22a5d46179b `_,
+  `77a599ae5828 `_,
+  `fa6b7dd520fc `_,
+  `993060e1d31d `_)
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+  ``StdCLibraryFunctions``.
+  ``StreamChecker`` improved on the ``fseek`` modeling for the ``SEEK_SET``,
+  ``SEEK_END``, ``SEEK_CUR`` arguments.
+  (`2eefd19613b8 `_,
+  `2c60f9c8a4fd `_)
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+  (`4f0436dd1532 `_,
+  `6012cadc400f `_,
+  `258c9bebbdfa `_,
+  `ce1fb03db817 `_,
+  `ddc5d40dd285 `_)
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+  the ``MallocChecker``.
+  (`3b6a368d763e `_)
+  (`#39713 `_)
+
+- Fixed the infamous unsigned index false-positives in the
+

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Ella Ma via Phabricator via cfe-commits 
OikawaKirie added a comment.

The key idea of my commit 1bd2d335b649 
:

- For string APIs that will not provide the copy length (`strcpy`), we will use 
the buffer decl and literal length to infer whether it overflows. If the copy 
operation does not overflow, we will now only invalidate the buffer string 
being copied to.
- For string APIs that never overflow (`strsep`), we will always invalidate the 
target buffer only.
- For those that we cannot correctly handle now (`std::copy`), we will also 
invalidate the base region and make all pointers in the base region escape.

Hence,
For `strcpy`s, we infer through buffer size and string literals.
For `strsep`, we believe it never overflows through its functionality 
specification. It is also an inference.

Whereas for `memcpy` where the copy length is given in arguments, the 
non-inferring circumstances, it was implemented previously in patch D12571 
, not a part of my changes.




Comment at: clang/docs/ReleaseNotes.rst:920-922
+- The ``CStringChecker`` will invalidate less if the copy operation is bounded.
+  (`1bd2d335b649 `_)
+  (`#55019 `_)

One tiny change to the abstraction.
The ``CStringChecker`` will invalidate less if the copy operation is 
**inferable to be** bounded.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Gábor Horváth via Phabricator via cfe-commits 
xazax.hun added inline comments.



Comment at: clang/docs/ReleaseNotes.rst:908
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 `_)

steakhal wrote:
> xazax.hun wrote:
> > I think we usually do not mention crash fixes in the changelog. We have 
> > them in almost every release and sometimes there are quite a few of them.
> I won't mention the explicit commit where it was fixed.
> However, downstream users might wanna know about crashes and fixes that 
> happened in this release.
> And speaking about past practices about release notes, I think we can improve 
> on that TBH.
> We can move it down on the list if you want, but I'd rather keep it.
Is this the only crash fix we had? Moving crash fixes to the bottom of the list 
sounds good to me. 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Balázs Benics via Phabricator via cfe-commits 
steakhal added inline comments.



Comment at: clang/docs/ReleaseNotes.rst:907
+  Any use of this flag will result in an error.
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.

xazax.hun wrote:
> I think we should mention  something like "Use -fstrict-flex-array= 
> instead if necessary."
Good point.



Comment at: clang/docs/ReleaseNotes.rst:908
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 `_)

xazax.hun wrote:
> I think we usually do not mention crash fixes in the changelog. We have them 
> in almost every release and sometimes there are quite a few of them.
I won't mention the explicit commit where it was fixed.
However, downstream users might wanna know about crashes and fixes that 
happened in this release.
And speaking about past practices about release notes, I think we can improve 
on that TBH.
We can move it down on the list if you want, but I'd rather keep it.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Gábor Horváth via Phabricator via cfe-commits 
xazax.hun accepted this revision.
xazax.hun added inline comments.
This revision is now accepted and ready to land.



Comment at: clang/docs/ReleaseNotes.rst:907
+  Any use of this flag will result in an error.
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.

I think we should mention  something like "Use -fstrict-flex-array= instead 
if necessary."



Comment at: clang/docs/ReleaseNotes.rst:908
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 `_)

I think we usually do not mention crash fixes in the changelog. We have them in 
almost every release and sometimes there are quite a few of them.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D155445/new/

https://reviews.llvm.org/D155445

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D155445: [analyzer][docs] Add CSA release notes

2023-07-17 Thread Balázs Benics via Phabricator via cfe-commits 
steakhal created this revision.
steakhal added reviewers: NoQ, xazax.hun, Szelethus, donat.nagy, balazske, 
gamesh411, tripleCC, tomasz-kaminski-sonarsource, OikawaKirie.
Herald added subscribers: manas, ASDenysPetrov, martong, dkrupp, 
mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware.
Herald added a project: All.
steakhal requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

We'll soon branch off, and start releasing clang-17.
Here is a patch, adjusting the release notes for what we achieved since
the last release.

I used this command to inspect the interesting commits:

  git log --oneline llvmorg-16.0.0..llvm/main \
clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | \
grep -v NFC | grep -v -i revert

This filters in CSA directories and filters out NFC and revert commits.

Given that in the release-notes, we usually don't put links to commits,
I'll remove them from this patch as well. I just put them there to make
it easier to review for you.

I tried to group the changes into meaningful chunks, and dropped some of
the uninteresting commits.
I've also dropped the commits that were backported to clang-16.

Check out how it looks, and propose changes like usual.

---

FYI the `ninja docs-clang-html` produces the html docs, including the 
`ReleaseNotes`.
And the produced artifact will be at 
`build/tools/clang/docs/html/ReleaseNotes.html`.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D155445

Files:
  clang/docs/ReleaseNotes.rst


Index: clang/docs/ReleaseNotes.rst
===
--- clang/docs/ReleaseNotes.rst
+++ clang/docs/ReleaseNotes.rst
@@ -901,6 +901,68 @@
   non-complete destructors when using the Microsoft ABI.
   (`#60465 `_)
 
+- Removed the deprecated
+  ``consider-single-element-arrays-as-flexible-array-members`` analyzer option.
+  Any use of this flag will result in an error.
+  (`7cd1f3ad22e4 `_)
+- Fixed a null-pointer dereference crash inside the ``MoveChecker``.
+  (`d172b65ef001 `_)
+
+- Better modeling of lifetime-extended memory regions. As a result, the
+  ``MoveChecker`` raises more true-positive reports.
+  (`feafbb9fda57 `_)
+
+- Fixed some bugs around the handling of constant global arrays and their
+  initializer expressions.
+  (`ffcf214b5d27 `_,
+  `558b46fde2db `_)
+
+- The ``CStringChecker`` will invalidate less if the copy operation is bounded.
+  (`1bd2d335b649 `_)
+  (`#55019 `_)
+
+- Implement ``BufferOverlap`` check for ``sprint``/``snprintf``
+  The ``CStringChecker`` checks for buffer overlaps for ``sprintf`` and
+  ``snprintf``.
+  (`ce97312d109b `_)
+
+- Objective-C support was improved around checking ``_Nonnull`` and
+  ``_Nullable`` including block pointers and literal objects.
+  (`b22a5d46179b `_,
+  `77a599ae5828 `_,
+  `fa6b7dd520fc `_,
+  `993060e1d31d `_)
+
+- Let the ``StreamChecker`` detect ``NULL`` streams instead of by
+  ``StdCLibraryFunctions``.
+  ``StreamChecker`` improved on the fseek modeling for the ``SEEK_SET``,
+  ``SEEK_END``, ``SEEK_CUR`` arguments.
+  (`2eefd19613b8 `_,
+  `2c60f9c8a4fd `_)
+
+- ``StdCLibraryFunctionArgs`` was merged into the ``StdCLibraryFunctions``.
+  The diagnostics of the ``StdCLibraryFunctions`` was improved.
+  (`4f0436dd1532 `_,
+  `6012cadc400f `_,
+  `258c9bebbdfa `_,
+  `ce1fb03db817 `_,
+  `ddc5d40dd285 `_)
+
+- ``QTimer::singleShot`` now doesn't raise false-positives for memory leaks by
+  the ``MallocChecker``.
+  (`3b6a368d763e `_)
+  (`#39713 `_)
+
+- Fixed the infamous unsigned index false-positives in the
+  ``ArrayBoundCheckerV2`` checker.
+  (`8c22cbea87be `_,
+