Cherry picks to Stable/20221013 #2 #5840
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ziqingluo-90
force-pushed
the
stable/20221013-cherrypick-2
branch
from
f08fcd5 to
19721ad
Compare
ziqingluo-90
requested review from
haoNoQ,
jkorous-apple,
t-rasmud and
malavikasamak
It turns out we can reach the `Init.castAs<nonlock::CompoundVal>()` expression with other kinds of SVals. Such as by `nonloc::ConcreteInt` in this example: https://godbolt.org/z/s4fdxrcs9 ```lang=C++ int buffer[10]; void b(); void top() { b(&buffer); } void b(int *c) { *c = 42; // would crash } ``` In this example, we try to store `42` to the `Elem{buffer, 0}`. This situation can appear if the CallExpr refers to a function declaration without prototype. In such cases, the engine will pick the redecl of the referred function decl which has function body, hence has a function prototype. This weird situation will have an interesting effect to the AST, such as the argument at the callsite will miss a cast, which would cast the `int (*)[10]` expression into `int *`, which means that when we evaluate the `*c = 42` expression, we want to bind `42` to an array, causing the crash. Look at the AST of the callsite with and without the function prototype: https://godbolt.org/z/Gncebcbdb The only difference is that without the proper function prototype, we will not have the `ImplicitCastExpr` `BitCasting` from `int (*)[10]` to `int *` to match the expected type of the parameter declaration. In this patch, I'm proposing to emit a cast in the mentioned edge-case, to bind the argument value of the expected type to the parameter. I'm only proposing this if the runtime definition has exactly the same number of parameters as the callsite feeds it by arguments. If that's not the case, I believe, we are better off by binding `Unknown` to those parameters. Reviewed By: martong Differential Revision: https://reviews.llvm.org/D136162 (cherry picked from commit aa12a48)
This patch adds an initial implementation for sign analysis, with the following lattice (T: top, N: negative, Z: zero, P: positive, B: bottom): T / | \ N Z P \ | / B The lattice is implemented with `BoolValue` properties attached to other `Value`s. Differential Revision: https://reviews.llvm.org/D136668 (cherry picked from commit 93ce23a)
This patch introduces `transferBranch`, which Applies the analysis transfer function for a given edge from a CFG block of a conditional statement. RFC: https://discourse.llvm.org/t/rfc-clang-dataflow-signanalysis-edgetransfer-branchtransfer/65220 Differential Revision: https://reviews.llvm.org/D133698 (cherry picked from commit bb72d0d)
constraints In this patch I add a new NoteTag for each applied argument constraint. This way, any other checker that reports a bug - where the applied constraint is relevant - will display the corresponding note. With this change we provide more information for the users to understand some bug reports easier. Differential Revision: https://reviews.llvm.org/D101526 Reviewed By: NoQ (cherry picked from commit 82a5081)
Discourse mail: https://discourse.llvm.org/t/analyzer-why-do-we-suck-at-modeling-c-dynamic-memory/65667 malloc() returns a piece of uninitialized dynamic memory. We were (almost) always able to model this behaviour. Its C++ counterpart, operator new is a lot more complex, because it allows for initialization, the most complicated of which is the usage of constructors. We gradually became better in modeling constructors, but for some reason, most likely for reasons lost in history, we never actually modeled the case when the memory returned by operator new was just simply uninitialized. This patch (attempts) to fix this tiny little error. Differential Revision: https://reviews.llvm.org/D135375 (cherry picked from commit a504ddc)
…tor' This is to silence the warning: private field 'Analysis' is not used (cherry picked from commit 5bd142c)
(cherry picked from commit e125e6c)
(cherry picked from commit a5f368a)
The main goal of this work is to allow developers to express the need to place instances of a class or structure in the read-only part of the program memory. Such a placement is desirable to prevent any further modifications to the instances of a given structure, by leveraging the read-only run time protection. To achieve this, we are introducing a new attribute that can be attached to any record definition or a declaration. The compiler enforces that every instance of this type can be placed in the read-only segment of the program memory, provided the target triplet supports such a placement. If an instance of a given type bearing this attribute doesn’t satisfy such a placement, the compiler attaches an appropriate warning at suitable program locations. In other words, adding this attribute to a type requires every instance of this type to be a global const, which are placed in the read-only segments for most target triplets. However, this is *not a language feature* and it *need not* be true for *all target triplets*. The current patch emits a warning at global variable declaration sites of types bearing the attribute without const qualification and corresponding note attached to the type definition/declaration. Differential Revision: https://reviews.llvm.org/D135851 (cherry picked from commit 678ded0)
ziqingluo-90
force-pushed
the
stable/20221013-cherrypick-2
branch
from
19721ad to
399ca50
Compare
|
Rebased and added Malavika's patch. Plan to merge today. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the cherry-picking PR that follows #5839.