[analyzer] Allow recursive functions to be trivial. #91876
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llvmbot
added
clang
|
@llvm/pr-subscribers-clang-static-analyzer-1 @llvm/pr-subscribers-clang Author: Ryosuke Niwa (rniwa) ChangesFull diff: https://github.com/llvm/llvm-project/pull/91876.diff 2 Files Affected:
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
index ad493587affa0..dd930ea4b4ab5 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/PtrTypesSemantics.cpp
@@ -498,22 +498,22 @@ class TrivialFunctionAnalysisVisitor
bool TrivialFunctionAnalysis::isTrivialImpl(
const Decl *D, TrivialFunctionAnalysis::CacheTy &Cache) {
- // If the function isn't in the cache, conservatively assume that
- // it's not trivial until analysis completes. This makes every recursive
- // function non-trivial. This also guarantees that each function
- // will be scanned at most once.
- auto [It, IsNew] = Cache.insert(std::make_pair(D, false));
+ // Treat every recursive function as trivial until otherwise proven.
+ // This guarantees each function is evaluated at most once.
+ auto [It, IsNew] = Cache.insert(std::make_pair(D, true));
if (!IsNew)
return It->second;
const Stmt *Body = D->getBody();
- if (!Body)
- return false;
+ if (!Body) {
+ Cache[D] = false;
+ return false;
+ }
TrivialFunctionAnalysisVisitor V(Cache);
bool Result = V.Visit(Body);
- if (Result)
- Cache[D] = true;
+ if (!Result)
+ Cache[D] = false;
return Result;
}
diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-obj-arg.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-obj-arg.cpp
index 073f3252160ee..39bc76197d204 100644
--- a/clang/test/Analysis/Checkers/WebKit/uncounted-obj-arg.cpp
+++ b/clang/test/Analysis/Checkers/WebKit/uncounted-obj-arg.cpp
@@ -181,6 +181,8 @@ class RefCounted {
void method();
void someFunction();
int otherFunction();
+ unsigned recursiveFunction(int n) { return !n ? 1 : recursiveFunction(n - 1); }
+ unsigned recursiveComplexFunction(int n) { return !n ? otherFunction() : recursiveComplexFunction(n - 1); }
int trivial1() { return 123; }
float trivial2() { return 0.3; }
@@ -417,6 +419,10 @@ class UnrelatedClass {
RefCounted::singleton().trivial18(); // no-warning
RefCounted::singleton().someFunction(); // no-warning
+ getFieldTrivial().recursiveFunction(7); // no-warning
+ getFieldTrivial().recursiveComplexFunction(9);
+ // expected-warning@-1{{Call argument for 'this' parameter is uncounted and unsafe}}
+
getFieldTrivial().someFunction();
// expected-warning@-1{{Call argument for 'this' parameter is uncounted and unsafe}}
getFieldTrivial().nonTrivial1();
|
rniwa
force-pushed
the
allow-recursive-trivial-function
branch
from
aac9ea1 to
a4b877b
Compare
rniwa
changed the title
|
✅ With the latest revision this PR passed the C/C++ code formatter. |
|
You should add a test for mutually recursive functions. I suspect something like this doesn't work: int non_trivial();
int f(bool b) { return g(!b) + non_trivial(); }
int g(bool b) { return b ? f(b) : 1; }
getFieldTrivial().f(true); // expected-warning {{...}}
getFieldTrivial().g(true); // expected-warning {{...}}Since when analyzing If that is an issue, one way to do this "properly" would be to create a graph, and a function is non-trivial if it has a path to a non-trivial function (this might be too expensive to implement directly). Or we could special case simple recursion only, by changing |
Duh, of course. Thanks for pointing out the obvious flaw. |
added 5 commits
May 15, 2024 18:20
… functions. Instead of assuming every function to be initially trivial, we explicitly track the set of functions that we're currently visting. When one of the currently visited function is determined to be not trivial, we clear this set to signal that all mutually recursive functions are non-trivial. We conclude that a function is trivial when Visit() call on the function body returned true **AND** the set still contains the function. To implement this new algorithm, a new public function, IsFunctionTrivial, is introduced to TrivialFunctionAnalysisVisitor, and various Visit functions in TrivialFunctionAnalysisVisitor has been updated to use this function instead of TrivialFunctionAnalysis::isTrivialImpl, which is now a wrapper for the function.
…letion. Also fix a bug that IsFunctionTrivial would do a redundant traversal when a function had been determined to be non-trivial because it's indistinguishable if a given function had not been traversed or had been found to be non-trivial because we were using the absense of the function in the hash set to indicate the non-triviality of a function. Use a hash map of a function to a boolean instead to explicitly track whether a given function had been visited or not, and whether a given function had been determined to be non-trivial or not.
rniwa
force-pushed
the
allow-recursive-trivial-function
branch
from
6d46b0b to
f638d18
Compare
haoNoQ
reviewed
May 24, 2024
There was a problem hiding this comment.
If that is an issue, one way to do this "properly" would be to create a graph
Note that we do have a CallGraph class. The static analyzer uses it to identify top-level entry points. It doesn't look like it has a readily available solution for identifying recursive functions. But it may be a good idea to simply use the class and implement it there.
|
Thanks for the review! |
rniwa
added a commit
to rniwa/llvm-project
that referenced
this pull request
Feb 3, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.