[PATCH] D35932: [clang-tidy] Add integer division check

rnkovacs updated this revision to Diff 109497. rnkovacs edited the summary of this revision. rnkovacs added a comment. Uploaded a more thought-out version of the check with more cases covered and hopefully clearer docs. It produces no hits on LLVM https://reviews.llvm.org/D35932 Files:

[PATCH] D36526: [Sema] Assign new flag -Wenum-compare-switch to switch-related parts of -Wenum-compare

rnkovacs created this revision. This patch assigns switch-related parts of the `-Wenum-compare` diagnostic to a new flag `-Wenum-compare-switch`. `-Wenum-compare-switch` is put into the same group as `-Wenum-compare` so that `-W(no-)enum-compare` affects both. https://reviews.llvm.org/D36526

[PATCH] D35932: [clang-tidy] Add integer division check

rnkovacs updated this revision to Diff 110539. rnkovacs marked 3 inline comments as done. rnkovacs edited the summary of this revision. rnkovacs added a comment. Thanks for the comments. I improved the docs and truncated the messages in the test file. We also had concerns about the nested

[PATCH] D32700: [clang-tidy] Add bugprone-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 106172. rnkovacs retitled this revision from "[clang-tidy] Add misc-suspicious-memset-usage check." to "[clang-tidy] Add bugprone-suspicious-memset-usage check.". rnkovacs edited the summary of this revision. rnkovacs added a comment. - Created new module

[PATCH] D35051: [clang-tidy] Add bugprone-undefined-memory-manipulation check.

rnkovacs updated this revision to Diff 106185. rnkovacs retitled this revision from "[clang-tidy] Add misc-undefined-memory-manipulation check." to "[clang-tidy] Add bugprone-undefined-memory-manipulation check.". rnkovacs edited the summary of this revision. rnkovacs added a comment. - Moved

[PATCH] D32700: [clang-tidy] Add bugprone-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 106381. https://reviews.llvm.org/D32700 Files: clang-tidy/CMakeLists.txt clang-tidy/bugprone/BugproneTidyModule.cpp clang-tidy/bugprone/CMakeLists.txt clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp

[PATCH] D32700: [clang-tidy] Add bugprone-suspicious-memset-usage check.

rnkovacs marked an inline comment as done. rnkovacs added inline comments. Comment at: docs/clang-tidy/checks/bugprone-suspicious-memset-usage.rst:10 + +**Case 1: Fill value is a character '0'** + whisperity wrote: > Shouldn't this `'0'` be enclosed within

[PATCH] D35051: [clang-tidy] Add bugprone-undefined-memory-manipulation check.

rnkovacs marked 2 inline comments as done. rnkovacs added inline comments. Comment at: clang-tidy/bugprone/UndefinedMemoryManipulationCheck.cpp:39 + // Check whether source object is not TriviallyCopyable. + // Only applicable to memcpy() and memmove(). + Finder->addMatcher(

[PATCH] D35051: [clang-tidy] Add bugprone-undefined-memory-manipulation check.

rnkovacs updated this revision to Diff 106234. rnkovacs added a comment. Herald added a subscriber: baloghadamsoftware. Removed redundant parens and stray semicolons. https://reviews.llvm.org/D35051 Files: clang-tidy/bugprone/BugproneTidyModule.cpp clang-tidy/bugprone/CMakeLists.txt

[PATCH] D32700: [clang-tidy] Add bugprone-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 106620. rnkovacs marked an inline comment as done. rnkovacs added a comment. Moved comments inside `if` bodies. https://reviews.llvm.org/D32700 Files: clang-tidy/CMakeLists.txt clang-tidy/bugprone/BugproneTidyModule.cpp

[PATCH] D35932: [clang-tidy] Add integer division check

rnkovacs created this revision. rnkovacs added a project: clang-tools-extra. Herald added subscribers: baloghadamsoftware, JDevlieghere, mgorny. Finds integer divisions in environments expecting floating-point values. Examples of possibly unintended precision loss: sin(7 / (2 + 3));

[PATCH] D35932: [clang-tidy] Add integer division check

rnkovacs updated this revision to Diff 108605. rnkovacs edited the summary of this revision. https://reviews.llvm.org/D35932 Files: clang-tidy/bugprone/BugproneTidyModule.cpp clang-tidy/bugprone/CMakeLists.txt clang-tidy/bugprone/IntegerDivisionCheck.cpp

[PATCH] D35932: [clang-tidy] Add integer division check

rnkovacs added a comment. I run the check on LLVM-Clang, and got this one hit: /home/reka/codechecker_dev_env/llvm/lib/CodeGen/SelectionDAG/LegalizeVectorOps.cpp:1000:43: warning: integer division; possible precision loss [bugprone-integer-division] SDValue TWOHW = DAG.getConstantFP(1 <<

[PATCH] D35796: [analyzer] Misused polymorphic object checker

rnkovacs updated this revision to Diff 108226. https://reviews.llvm.org/D35796 Files: include/clang/StaticAnalyzer/Checkers/Checkers.td lib/StaticAnalyzer/Checkers/CMakeLists.txt lib/StaticAnalyzer/Checkers/MisusedPolymorphicObjectChecker.cpp test/Analysis/MisusedPolymorphicObject.cpp

[PATCH] D35796: [analyzer] Misused polymorphic object checker

rnkovacs added a comment. In https://reviews.llvm.org/D35796#819965, @NoQ wrote: > It seems that this check is more powerful because it works by knowing the > dynamic type of the object. However, i still suspect that > `-Wnon-virtual-dtor` (the other one, without `delete-`, that simply asks to

[PATCH] D35051: [clang-tidy] Add bugprone-undefined-memory-manipulation check.

rnkovacs added a comment. Dependent types seem to work, but we did manage to produce a crash on incomplete types. I created https://reviews.llvm.org/D35790 for that. I hope it's the same problem you encountered. Repository: rL LLVM https://reviews.llvm.org/D35051

[PATCH] D35790: [clang-tidy] Handle incomplete types in bugprone-undefined-memory-manipulation check.

rnkovacs created this revision. rnkovacs added a project: clang-tools-extra. Herald added subscribers: whisperity, JDevlieghere. `bugprone-undefined-memory-manipulation` check crashes on incomplete types. This diff fixes that by assuming they are `TriviallyCopyable` by default.

[PATCH] D35796: [analyzer] Misused polymorphic object checker

rnkovacs created this revision. Herald added subscribers: baloghadamsoftware, xazax.hun, whisperity, mgorny. This check warns if a derived type object is deleted through a base pointer with a non-virtual destructor in its base class. It also places a note at the last point where the

[PATCH] D32700: [clang-tidy] Add bugprone-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 106268. rnkovacs added a comment. Herald added a subscriber: baloghadamsoftware. - Added `char[]` exception along with a test case. There are no more false positives on LLVM. - Simplified fix-its by using `clang::tooling::fixit` functions.

[PATCH] D35051: [clang-tidy] Add misc-undefined-memory-manipulation check.

rnkovacs created this revision. rnkovacs added a project: clang-tools-extra. Herald added subscribers: whisperity, JDevlieghere, mgorny. Finds calls of memory manipulation functions `memset()`, `memcpy()` and `memmove()` on not TriviallyCopyable objects resulting in undefined behavior. Related

[PATCH] D32700: [clang-tidy] Add misc-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 105401. rnkovacs edited the summary of this revision. rnkovacs added a comment. - Merged in the `google-runtime-memset-zero-length` check. - Added a separate check for memory manipulation functions: `misc-undefined-memory-manipulation`

[PATCH] D36407: [Sema] Extend -Wenum-compare to handle mixed enum comparisons in switch statements

rnkovacs updated this revision to Diff 110219. rnkovacs marked 2 inline comments as done. rnkovacs added a comment. Uploaded the full diff and addressed comments. Added `const` qualifiers to `GetTypeBeforeIntegralPromotion()` function. https://reviews.llvm.org/D36407 Files:

[PATCH] D36407: [Sema] Extend -Wenum-compare to handle mixed enum comparisons in switch statements

rnkovacs created this revision. `-Wenum-compare` warns if two values with different enumeration types are compared in expressions with binary operators. This patch extends this diagnostic so that comparisons of mixed enumeration types are recognized in switch statements as well. Example:

[PATCH] D32700: [clang-tidy] Add misc-suspicious-memset-usage check.

rnkovacs added a comment. In https://reviews.llvm.org/D32700#743178, @malcolm.parsons wrote: > Can you change this to match any pointer to a class with a virtual function? Well, I have just found a clang flag `-Wdynamic-class-memaccess`

[PATCH] D32700: [clang-tidy] Add misc-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 97646. rnkovacs edited the summary of this revision. rnkovacs added a comment. - Fixed function call format in docs. - Added check to release notes. https://reviews.llvm.org/D32700 Files: clang-tidy/misc/CMakeLists.txt

[PATCH] D32700: [clang-tidy] Add misc-suspicious-memset-usage check.

rnkovacs created this revision. Herald added a subscriber: mgorny. This check finds memset calls with potential mistakes in their arguments. Cases covered: - Fill value is a character '0'. Integer 0 might have been intended. - Fill value is out of character range and gets truncated. - The

[PATCH] D32700: [clang-tidy] Add misc-suspicious-memset-usage check.

rnkovacs updated this revision to Diff 97917. rnkovacs edited the summary of this revision. rnkovacs added a comment. - Removed case related to virtual pointers as there is a diagnostic flag for that. - Added case warning for calls on classes with a constructor or destructor. Changed tests and

[PATCH] D32700: [clang-tidy] Add misc-suspicious-memset-usage check.

rnkovacs added a comment. The current proposition could be that we only keep the first two cases, possibly merging in the google check for a third case (with its old name evoking original functionality). Separately, another check could be written that warns when the below mentioned memory

[PATCH] D35796: [analyzer] Delete with non-virtual destructor check

rnkovacs updated this revision to Diff 115198. rnkovacs marked an inline comment as done. rnkovacs retitled this revision from "[analyzer] Misused polymorphic object checker" to "[analyzer] Delete with non-virtual destructor check". rnkovacs edited the summary of this revision. rnkovacs added a

[PATCH] D35796: [analyzer] Misused polymorphic object checker

rnkovacs marked 3 inline comments as done. rnkovacs added inline comments. Comment at: include/clang/StaticAnalyzer/Checkers/Checkers.td:296 +def MisusedPolymorphicObjectChecker: Checker<"MisusedPolymorphicObject">, + HelpText<"Reports deletions of polymorphic objects with

[PATCH] D35796: [analyzer] Delete with non-virtual destructor check

rnkovacs added a comment. In https://reviews.llvm.org/D35796#878200, @dcoughlin wrote: > This looks good to me! Do you have commit access, or do you need someone to > commit it for you? Thanks! I don't, so it would be nice if someone committed it for me. https://reviews.llvm.org/D35796

[PATCH] D35796: [analyzer] Delete with non-virtual destructor check

rnkovacs updated this revision to Diff 116060. rnkovacs added a comment. - Accidentally left-in comment removed. - Checker file clang-formatted. https://reviews.llvm.org/D35796 Files: include/clang/StaticAnalyzer/Checkers/Checkers.td lib/StaticAnalyzer/Checkers/CMakeLists.txt

[PATCH] D45517: [analyzer] WIP: False positive refutation with Z3

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:2342 +BugReport ) { + if (isInvalidated) +return nullptr; george.karpenkov wrote: > Is this field actually necessary? Do

[PATCH] D45517: [analyzer] WIP: False positive refutation with Z3

rnkovacs updated this revision to Diff 145762. rnkovacs marked 4 inline comments as done. rnkovacs edited the summary of this revision. rnkovacs added a comment. Expression chaining is fixed. The visitor now collects constraints that are about to disappear along the bug path and checks them once

[PATCH] D47135: [analyzer][WIP] A checker for dangling string pointers in C++

rnkovacs added a comment. Adding a preliminary test file. F6259981: tests.cpp Repository: rC Clang https://reviews.llvm.org/D47135 ___ cfe-commits mailing list cfe-commits@lists.llvm.org

[PATCH] D47135: [analyzer][WIP] A checker for dangling string pointers in C++

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity, mgorny. This check marks a raw pointer to a C++ string object's inner buffer "released" when the object itself is

[PATCH] D47135: [analyzer][WIP] A checker for dangling string pointers in C++

rnkovacs added a comment. Thanks for your comments! It would be nice if we could reach a consensus on the naming issue before I update the patch. I was wondering, as we plan to support stuff like `std::vector::data()`, which is not a string, and `std::string_view`, which is not strictly a

[PATCH] D47416: [analyzer] Clean up the program state map of DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 150625. rnkovacs marked an inline comment as done. rnkovacs edited the summary of this revision. rnkovacs added a comment. Herald added a subscriber: mikhail.ramalho. Fixed naming and added an extra pass for regions left behind by incomplete destructors.

[PATCH] D47416: [analyzer] Clean up the program state map of DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 150637. rnkovacs marked 3 inline comments as done. rnkovacs added a comment. Addressed comments. https://reviews.llvm.org/D47416 Files: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp Index:

[PATCH] D47135: [analyzer] A checker for dangling internal buffer pointers in C++

rnkovacs updated this revision to Diff 148827. rnkovacs added a comment. Added a check for `UnknownVal` and two FIXMEs (one for the `OriginExpr` and one for the new `CheckKind`). https://reviews.llvm.org/D47135 Files: include/clang/StaticAnalyzer/Checkers/Checkers.td

[PATCH] D47416: [analyzer] Clean up the program state map of DanglingInternalBufferChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. Symbols are cleaned up from the program state map when they go out of scope. (This will need to be done individually

[PATCH] D47417: [analyzer] Add missing state transition in IteratorChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov, baloghadamsoftware. Herald added subscribers: a.sidorin, dkrupp, szepet, whisperity. After cleaning up program state maps in `checkDeadSymbols()`, a transition should be added to generate the new state.

[PATCH] D47135: [analyzer] A checker for dangling internal buffer pointers in C++

rnkovacs updated this revision to Diff 148732. rnkovacs added a comment. Address (most) comments. https://reviews.llvm.org/D47135 Files: include/clang/StaticAnalyzer/Checkers/Checkers.td lib/StaticAnalyzer/Checkers/AllocationState.h lib/StaticAnalyzer/Checkers/CMakeLists.txt

[PATCH] D47135: [analyzer] A checker for dangling internal buffer pointers in C++

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1661 + case AF_CXXNewArray: + case AF_InternalBuffer: { if (IsALeakCheck) { Is tying this new family to NewDeleteChecker reasonable? I did it because it was

[PATCH] D47135: [analyzer] A checker for dangling internal buffer pointers in C++

rnkovacs updated this revision to Diff 148727. rnkovacs retitled this revision from "[analyzer][WIP] A checker for dangling string pointers in C++" to "[analyzer] A checker for dangling internal buffer pointers in C++". rnkovacs edited the summary of this revision. rnkovacs added a comment. -

[PATCH] D45517: [analyzer] False positive refutation with Z3

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:1249 +bool Z3ConstraintManager::isModelFeasible() { + return Solver.check() != Z3_L_FALSE; +} george.karpenkov wrote: > solver can also return "unknown", what happens

[PATCH] D45517: [analyzer] False positive refutation with Z3

rnkovacs added a comment. In https://reviews.llvm.org/D45517#1117898, @mikhail.ramalho wrote: > Just want to comment here and give thanks again for the first version of > the refutation code. It's being really helpful to develop the approach this > code as a base; things would definitely be

[PATCH] D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker

rnkovacs updated this revision to Diff 152719. rnkovacs added a comment. Fixed the constness of `c_str()` in the test file. https://reviews.llvm.org/D48522 Files: lib/StaticAnalyzer/Checkers/AllocationState.h lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp

[PATCH] D48532: [analyzer] Add support for std::basic_string::data() in DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 152737. rnkovacs marked an inline comment as done. https://reviews.llvm.org/D48532 Files: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp test/Analysis/dangling-internal-buffer.cpp Index: test/Analysis/dangling-internal-buffer.cpp

[PATCH] D48532: [analyzer] Add support for std::basic_string::data() in DanglingInternalBufferChecker

rnkovacs added inline comments. Comment at: test/Analysis/dangling-internal-buffer.cpp:10 const CharT *c_str(); + const CharT *data(); }; xazax.hun wrote: > Note that these methods are const according to the standard. Even if it does > not make any

[PATCH] D48532: [analyzer] Add support for std::basic_string::data() in DanglingInternalBufferChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov, dcoughlin. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. + Cleaned up test file a bit. Repository: rC Clang https://reviews.llvm.org/D48532

[PATCH] D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker

rnkovacs updated this revision to Diff 152627. rnkovacs marked an inline comment as done. rnkovacs added a comment. Fixed variable name inside the visitor. I also clang-formatted the file, sorry for any line number shifting. https://reviews.llvm.org/D48522 Files:

[PATCH] D48521: [analyzer] Highlight container object destruction in MallocChecker

rnkovacs updated this revision to Diff 152615. rnkovacs marked 7 inline comments as done. rnkovacs retitled this revision from "[analyzer] Highlight STL object destruction in MallocChecker" to "[analyzer] Highlight container object destruction in MallocChecker". rnkovacs added a comment. Thanks

[PATCH] D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker

rnkovacs updated this revision to Diff 152616. rnkovacs marked 4 inline comments as done. rnkovacs added a comment. Thanks! Addressed comments. https://reviews.llvm.org/D48522 Files: lib/StaticAnalyzer/Checkers/AllocationState.h lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp

[PATCH] D48521: [analyzer] Highlight STL object destruction in MallocChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov, dcoughlin. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. Extend `MallocBugVisitor` to place a note at the point where objects with

[PATCH] D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker

rnkovacs updated this revision to Diff 152604. rnkovacs marked an inline comment as done. rnkovacs added a comment. Um, sorry, I totally forgot about that. Added your case to the tests. https://reviews.llvm.org/D48522 Files: lib/StaticAnalyzer/Checkers/AllocationState.h

[PATCH] D48522: [analyzer] Highlight c_str() call in DanglingInternalBuffer checker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov, dcoughlin. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. Add a bug visitor to `DanglingInternalBuffer` checker that places a note at the point

[PATCH] D41816: [analyzer] Model and check unrepresentable left shifts

rnkovacs added a comment. In https://reviews.llvm.org/D41816#970845, @xazax.hun wrote: > Overall looks good to me, one comment inline. I think it is good to have > these checks to prevent the analyzer executing undefined behavior. Maybe this > would make it more feasible to run the analyzer

[PATCH] D41816: [analyzer] Model and check unrepresentable left shifts

rnkovacs updated this revision to Diff 129448. rnkovacs added a comment. I extended the warning message to include more information. What do you think? https://reviews.llvm.org/D41816 Files: lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp lib/StaticAnalyzer/Core/BasicValueFactory.cpp

[PATCH] D41816: [analyzer] Model and check unrepresentable left shifts

rnkovacs created this revision. rnkovacs added reviewers: NoQ, dcoughlin, xazax.hun. Herald added subscribers: a.sidorin, szepet, baloghadamsoftware, whisperity. Left shifting a signed positive value is undefined if the result is not representable in the unsigned version of the return type. The

[PATCH] D41816: [analyzer] Model and check unrepresentable left shifts

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp:150 +SB.getKnownValue(state, C.getSVal(B->getRHS())); +if ((unsigned) RHS->getZExtValue() > LHS->countLeadingZeros()) { + OS << "The result of the left

[PATCH] D41816: [analyzer] Model and check unrepresentable left shifts

rnkovacs updated this revision to Diff 129905. rnkovacs marked an inline comment as done. https://reviews.llvm.org/D41816 Files: lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp lib/StaticAnalyzer/Core/BasicValueFactory.cpp test/Analysis/bitwise-ops.c Index: test/Analysis/bitwise-ops.c

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs updated this revision to Diff 157809. rnkovacs marked an inline comment as done. https://reviews.llvm.org/D49656 Files: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/inner-pointer.cpp Index:

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:192 - if (Call.isCalled(CStrFn) || Call.isCalled(DataFn)) { -SVal RawPtr = Call.getReturnValue(); -if (SymbolRef Sym = RawPtr.getAsSymbol(/*IncludeBaseRegions=*/true)) { -

[PATCH] D50211: [analyzer] Fix displayed checker name for InnerPointerChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. For `InnerPointerChecker` to function properly, both the checker itself and `MallocChecker`'s

[PATCH] D49361: [analyzer] Detect pointers escaped after return statement execution in MallocChecker

rnkovacs updated this revision to Diff 157966. rnkovacs marked an inline comment as done. rnkovacs added a comment. De-duplicate & add comment. https://reviews.llvm.org/D49361 Files: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/inner-pointer.cpp

[PATCH] D49058: [analyzer] Move InnerPointerChecker out of alpha

rnkovacs updated this revision to Diff 157987. rnkovacs retitled this revision from "[analyzer] Move DanglingInternalBufferChecker out of alpha" to "[analyzer] Move InnerPointerChecker out of alpha". rnkovacs added a comment. Rebase. https://reviews.llvm.org/D49058 Files:

[PATCH] D49361: [analyzer] Detect pointers escaped after return statement execution in MallocChecker

rnkovacs updated this revision to Diff 157375. rnkovacs retitled this revision from "[analyzer][WIP] Detect pointers escaped after return statement execution in MallocChecker" to "[analyzer] Detect pointers escaped after return statement execution in MallocChecker". rnkovacs edited the summary

[PATCH] D50211: [analyzer] Fix displayed checker name for InnerPointerChecker

rnkovacs added a comment. In https://reviews.llvm.org/D50211#1186630, @NoQ wrote: > I see, so that's how it's done! > > I also noticed that checker name was weird in exploded graph dumps, i.e. it > was showing regular new/delete stuff as if it was done by InnerPointer > checker. I'll check if

[PATCH] D49811: [analyzer] Obtain a ReturnStmt from a CFGAutomaticObjDtor

rnkovacs updated this revision to Diff 158680. rnkovacs added a comment. In https://reviews.llvm.org/D49811#1175726, @NoQ wrote: > I guess you could write a test with `debug.AnalysisOrder` (by making its > `checkEndFunction` callback (that you'll have to define) print different > things

[PATCH] D49361: [analyzer] Detect pointers escaped after return statement execution in MallocChecker

rnkovacs updated this revision to Diff 158681. rnkovacs marked an inline comment as done. rnkovacs added a comment. Add helper function to be used in both callbacks. https://reviews.llvm.org/D49361 Files: lib/StaticAnalyzer/Checkers/MallocChecker.cpp test/Analysis/inner-pointer.cpp

[PATCH] D50211: [analyzer] Fix displayed checker name for InnerPointerChecker

rnkovacs updated this revision to Diff 159244. rnkovacs marked an inline comment as done. rnkovacs added a comment. Replace empty `Optional`s with `None`s. https://reviews.llvm.org/D50211 Files: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp

[PATCH] D49570: [analyzer] Improve warning messages and notes of DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 160193. rnkovacs marked 3 inline comments as done. rnkovacs added a comment. Address comments & rebase. https://reviews.llvm.org/D49570 Files: lib/StaticAnalyzer/Checkers/AllocationState.h lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp

[PATCH] D49570: [analyzer] Improve warning messages and notes of DanglingInternalBufferChecker

rnkovacs marked an inline comment as done. rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp:253 + allocation_state::getContainerObjRegion(N->getState(), PtrToBuf); + const auto *TypedRegion = dyn_cast(ObjRegion); +

[PATCH] D50211: [analyzer] Fix displayed checker name for InnerPointerChecker

rnkovacs added a comment. In https://reviews.llvm.org/D50211#1190146, @NoQ wrote: > Welcome to the club! :D Thanks, makes me feel better. https://reviews.llvm.org/D50211 ___ cfe-commits mailing list cfe-commits@lists.llvm.org

[PATCH] D50211: [analyzer] Fix displayed checker name for InnerPointerChecker

rnkovacs closed this revision. rnkovacs added a comment. Committed in r339067, I just messed up the revision-closing line in the commit message. https://reviews.llvm.org/D50211 ___ cfe-commits mailing list cfe-commits@lists.llvm.org

[PATCH] D51385: [analyzer] InnerPointerChecker: Fix a segfault.

rnkovacs added a comment. > Return value of `dyn_cast_or_null` should be checked before use. Otherwise we > may put a null pointer into the map as a key and eventually crash in > `checkDeadSymbols`. Hm, so with the last `CallDescription` patch we removed some code here that essentially

[PATCH] D48027: [analyzer] Improve `CallDescription` to handle c++ method.

rnkovacs accepted this revision. rnkovacs added a comment. In https://reviews.llvm.org/D48027#1203944, @MTC wrote: > However this approach has limit. Given the code below, we cannot distinguish > whether the `basic_string` is user-defined struct or namespace. That's means > when the user

[PATCH] D49570: [analyzer] Improve warning messages and notes of DanglingInternalBufferChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, dcoughlin, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. Following the discussion at https://reviews.llvm.org/D49360. Added two more test cases that

[PATCH] D49360: [analyzer] Add support for more basic_string API in DanglingInternalBufferChecker

rnkovacs added inline comments. Comment at: test/Analysis/dangling-internal-buffer.cpp:175 std::string s; - { -c = s.c_str(); - } - consume(c); // no-warning + c = s.c_str(); // expected-note {{Pointer to dangling buffer was obtained here}} + s.clear(); //

[PATCH] D49360: [analyzer] Add support for more basic_string API in DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 155944. rnkovacs marked 2 inline comments as done. rnkovacs added a reviewer: dcoughlin. rnkovacs added a comment. Note messages updated. https://reviews.llvm.org/D49360 Files: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp

[PATCH] D49058: [analyzer] Move DanglingInternalBufferChecker out of alpha

rnkovacs added a comment. Two more reports on Ceph that seem to be true positives (no other reports from this checker): 1. Here (or if it does not work, the bug is on L130 here ). 2. Here

[PATCH] D49058: [analyzer] Move DanglingInternalBufferChecker out of alpha

rnkovacs added a comment. In https://reviews.llvm.org/D49058#1159533, @george.karpenkov wrote: > @rnkovacs Do you have evaluation statistics handy for this checker? How many > bugs it finds, on which projects? How many of those are real bugs? In its present form, it does not produce many

[PATCH] D49387: [analyzer] Make checkEndFunction() give access to the return statement

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. Repository: rC Clang https://reviews.llvm.org/D49387 Files:

[PATCH] D49360: [analyzer] Add support for more basic_string API in DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 155770. rnkovacs marked an inline comment as done. rnkovacs edited the summary of this revision. rnkovacs added a comment. Added standard quote, marking the section about non-member functions that may also invalidate the buffer as a TODO. Also changed the

[PATCH] D49360: [analyzer] Add support for more basic_string API in DanglingInternalBufferChecker

rnkovacs added a comment. In https://reviews.llvm.org/D49360#1163113, @NoQ wrote: > Also we rarely commit to adding a test for every single supported API > function; bonus points for that, but usually 2-3 functions from a series of > similar functions is enough :) Um, okay, noted for next

[PATCH] D49361: [analyzer][WIP] Detect pointers escaped after return statement execution in MallocChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. Sometimes an object is destroyed right after the statement returning it is executed. This patch aims

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs updated this revision to Diff 156938. rnkovacs marked 11 inline comments as done. rnkovacs added a comment. Addressed comments & added two test cases for function pointers. https://reviews.llvm.org/D49656 Files: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:213 + if (const auto *FC = dyn_cast()) { +const FunctionDecl *FD = FC->getDecl(); +for (unsigned I = 0, E = FD->getNumParams(); I != E; ++I) { xazax.hun

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. According to the standard, pointers referring to the elements of a `basic_string` sequence may also

[PATCH] D49553: [analyzer] Rename DanglingInternalBufferChecker to InnerPointerChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, dcoughlin, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity, mgorny. Also, the `AF_InternalBuffer` allocation family is renamed to `AF_InnerBuffer`. I'm

[PATCH] D49568: [analyzer][WIP] Scan the program state map in the visitor only once in DanglingInternalBufferChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. In order to avoid scanning the map at each node in the bug reporter visitor, the `MemRegion`

[PATCH] D49360: [analyzer] Add support for more basic_string API in DanglingInternalBufferChecker

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. A pointer referring to the elements of a `basic_string` may be invalidated by calling a non-const

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs updated this revision to Diff 157278. rnkovacs marked 2 inline comments as done. rnkovacs added a comment. Fix note for function pointers & handle argument counting in member operator calls. I also refactored the code a little, because after moving things from `checkPreCall` to

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:207-208 + +for (unsigned I = 0, E = FD->getNumParams(); I != E; ++I) { + QualType ParamTy = FD->getParamDecl(I)->getType(); + if (!ParamTy->isReferenceType() ||

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs added inline comments. Comment at: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp:181 - auto *TypeDecl = ObjRegion->getValueType()->getAsCXXRecordDecl(); - if (TypeDecl->getName() != "basic_string") -return; +for (unsigned I = 0, E = FD->getNumParams();

[PATCH] D49656: [analyzer] Add support for more pointer invalidating functions in InnerPointerChecker

rnkovacs updated this revision to Diff 157286. rnkovacs marked an inline comment as done. rnkovacs added a comment. Tiny bit more re-structuring. https://reviews.llvm.org/D49656 Files: lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp lib/StaticAnalyzer/Checkers/MallocChecker.cpp

[PATCH] D49811: [analyzer] Obtain a ReturnStmt from a CFGAutomaticObjDtor

rnkovacs created this revision. rnkovacs added reviewers: NoQ, xazax.hun, george.karpenkov. Herald added subscribers: mikhail.ramalho, a.sidorin, dkrupp, szepet, baloghadamsoftware, whisperity. The `CoreEngine` only gives us a `ReturnStmt` if the last element in the `CFGBlock` is a `CFGStmt`,

[PATCH] D49811: [analyzer] Obtain a ReturnStmt from a CFGAutomaticObjDtor

rnkovacs added a comment. I'm not sure how to test this. I'll need it in https://reviews.llvm.org/D49361 when I update it to use the changed `checkEndFunction()` callback, and that will kind of test this too. Repository: rC Clang https://reviews.llvm.org/D49811

[PATCH] D49057: [analyzer] Track multiple raw pointer symbols in DanglingInternalBufferChecker

rnkovacs updated this revision to Diff 154520. rnkovacs marked an inline comment as done. https://reviews.llvm.org/D49057 Files: lib/StaticAnalyzer/Checkers/DanglingInternalBufferChecker.cpp test/Analysis/dangling-internal-buffer.cpp Index: test/Analysis/dangling-internal-buffer.cpp

  1   2   >