Skip to content

Adapted MemRegion::getDescriptiveName to handle ElementRegions #85104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Mar 21, 2024
Merged

Adapted MemRegion::getDescriptiveName to handle ElementRegions #85104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
0f96412
Adapted MemRegion::getDescriptiveName to handle ElementRegions
Mar 13, 2024
ebe3ebc
Revert unnecessary clang-format
steakhal Mar 13, 2024
ae1c1b2
Refine uses of auto
steakhal Mar 13, 2024
6009aeb
Fix license comment
steakhal Mar 13, 2024
578108b
Cleanup unittest includes
steakhal Mar 13, 2024
f0c3fc4
Rework testing
steakhal Mar 13, 2024
bb4ee4c
Rename unittest file
steakhal Mar 13, 2024
9c7a822
Cleanup redundant code
steakhal Mar 13, 2024
31f5ddc
clang-format
steakhal Mar 13, 2024
c1caaea
Extended else branch to handle symbolics in a better way & added corr…
Mar 15, 2024
ed80a81
Added test case that leads to an incorrect index due to the use of ge…
Mar 18, 2024
0f2f226
Adapted format
Mar 18, 2024
f8176be
Merge branch 'main' into memregion_bug
T-Gruber Mar 18, 2024
6f0bed9
Merge branch 'main' into memregion_bug
steakhal Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions clang/lib/StaticAnalyzer/Core/MemRegion.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -720,13 +720,21 @@ std::string MemRegion::getDescriptiveName(bool UseQuotes) const {
CI->getValue().toString(Idx);
ArrayIndices = (llvm::Twine("[") + Idx.str() + "]" + ArrayIndices).str();
}
// If not a ConcreteInt, try to obtain the variable
// name by calling 'getDescriptiveName' recursively.
// Index is symbolic, but may have a descriptive name.
else {
std::string Idx = ER->getDescriptiveName(false);
if (!Idx.empty()) {
ArrayIndices = (llvm::Twine("[") + Idx + "]" + ArrayIndices).str();
}
auto SI = ER->getIndex().getAs<nonloc::SymbolVal>();
if (!SI)
return "";

const MemRegion *OR = SI->getAsSymbol()->getOriginRegion();
if (!OR)
return "";

std::string Idx = OR->getDescriptiveName(false);
if (Idx.empty())
return "";

ArrayIndices = (llvm::Twine("[") + Idx + "]" + ArrayIndices).str();
}
R = ER->getSuperRegion();
}
Expand Down
1 change: 1 addition & 0 deletions clang/unittests/StaticAnalyzer/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ add_clang_unittest(StaticAnalysisTests
CallEventTest.cpp
ConflictingEvalCallsTest.cpp
FalsePositiveRefutationBRVisitorTest.cpp
MemRegionDescriptiveNameTest.cpp
NoStateChangeFuncVisitorTest.cpp
ParamRegionTest.cpp
RangeSetTest.cpp
Expand Down
145 changes: 145 additions & 0 deletions clang/unittests/StaticAnalyzer/MemRegionDescriptiveNameTest.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
//===- MemRegionDescriptiveNameTest.cpp -----------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//

#include "CheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
#include "gtest/gtest.h"
#include <fstream>

using namespace clang;
using namespace ento;

namespace {

class DescriptiveNameChecker : public Checker<check::PreCall> {
public:
void checkPreCall(const CallEvent &Call, CheckerContext &C) const {
if (!HandlerFn.matches(Call))
return;

const MemRegion *ArgReg = Call.getArgSVal(0).getAsRegion();
assert(ArgReg && "expecting a location as the first argument");

auto DescriptiveName = ArgReg->getDescriptiveName(/*UseQuotes=*/false);
if (ExplodedNode *Node = C.generateNonFatalErrorNode(C.getState())) {
auto Report =
std::make_unique<PathSensitiveBugReport>(Bug, DescriptiveName, Node);
C.emitReport(std::move(Report));
}
}

private:
const BugType Bug{this, "DescriptiveNameBug"};
const CallDescription HandlerFn = {{"reportDescriptiveName"}, 1};
};

void addDescriptiveNameChecker(AnalysisASTConsumer &AnalysisConsumer,
AnalyzerOptions &AnOpts) {
AnOpts.CheckersAndPackages = {{"DescriptiveNameChecker", true}};
AnalysisConsumer.AddCheckerRegistrationFn([](CheckerRegistry &Registry) {
Registry.addChecker<DescriptiveNameChecker>("DescriptiveNameChecker",
"Desc", "DocsURI");
});
}

bool runChecker(StringRef Code, std::string &Output) {
return runCheckerOnCode<addDescriptiveNameChecker>(Code.str(), Output,
/*OnlyEmitWarnings=*/true);
}

TEST(MemRegionDescriptiveNameTest, ConcreteIntElementRegionIndex) {
StringRef Code = R"cpp(
void reportDescriptiveName(int *p);
const unsigned int index = 1;
extern int array[3];
void top() {
reportDescriptiveName(&array[index]);
})cpp";

std::string Output;
ASSERT_TRUE(runChecker(Code, Output));
EXPECT_EQ(Output, "DescriptiveNameChecker: array[1]\n");
}

TEST(MemRegionDescriptiveNameTest, SymbolicElementRegionIndex) {
StringRef Code = R"cpp(
void reportDescriptiveName(int *p);
extern unsigned int index;
extern int array[3];
void top() {
reportDescriptiveName(&array[index]);
})cpp";

std::string Output;
ASSERT_TRUE(runChecker(Code, Output));
EXPECT_EQ(Output, "DescriptiveNameChecker: array[index]\n");
}

TEST(MemRegionDescriptiveNameTest, SymbolicElementRegionIndexSymbolValFails) {
StringRef Code = R"cpp(
void reportDescriptiveName(int *p);
extern int* ptr;
extern int array[3];
void top() {
reportDescriptiveName(&array[(long)ptr]);
})cpp";

std::string Output;
ASSERT_TRUE(runChecker(Code, Output));
EXPECT_EQ(Output, "DescriptiveNameChecker: \n");
}

TEST(MemRegionDescriptiveNameTest, SymbolicElementRegionIndexOrigRegionFails) {
StringRef Code = R"cpp(
void reportDescriptiveName(int *p);
extern int getInt(void);
extern int array[3];
void top() {
reportDescriptiveName(&array[getInt()]);
})cpp";

std::string Output;
ASSERT_TRUE(runChecker(Code, Output));
EXPECT_EQ(Output, "DescriptiveNameChecker: \n");
}

TEST(MemRegionDescriptiveNameTest, SymbolicElementRegionIndexDescrNameFails) {
StringRef Code = R"cpp(
void reportDescriptiveName(int *p);
extern int *ptr;
extern int array[3];
void top() {
reportDescriptiveName(&array[*ptr]);
})cpp";

std::string Output;
ASSERT_TRUE(runChecker(Code, Output));
EXPECT_EQ(Output, "DescriptiveNameChecker: \n");
}

TEST(MemRegionDescriptiveNameTest,
SymbolicElementRegionIndexIncorrectSymbolName) {
StringRef Code = R"cpp(
void reportDescriptiveName(int *p);
extern int x, y;
extern int array[3];
void top() {
y = x;
reportDescriptiveName(&array[y]);
})cpp";

std::string Output;
ASSERT_TRUE(runChecker(Code, Output));
// FIXME: Should return array[y], but returns array[x] (OriginRegion).
EXPECT_EQ(Output, "DescriptiveNameChecker: array[x]\n");
}

} // namespace
1 change: 1 addition & 0 deletions llvm/utils/gn/secondary/clang/unittests/StaticAnalyzer/BUILD.gn
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ unittest("StaticAnalysisTests") {
"CallEventTest.cpp",
"ConflictingEvalCallsTest.cpp",
"FalsePositiveRefutationBRVisitorTest.cpp",
"MemRegionDescriptiveNameTest.cpp",
"NoStateChangeFuncVisitorTest.cpp",
"ParamRegionTest.cpp",
"RangeSetTest.cpp",
Expand Down