Hi zaks.anna, krememek, jordan_rose, a.sidorin,
This is a revised version of the original proposal that can be found here:
http://reviews.llvm.org/D3967
The discussions on the mailing lists:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-October/039552.html
Changes since the original proposal:
- Option inheritance is now op-in
- Ability to query package options
- Updated to recent trunk
- Minor coding style fixes
- Replaced some std::string with StringRefs where appropriate
This patch may lack some regression tests but I wanted to get some input on the
changes, documentation, API before writing those.
http://reviews.llvm.org/D7905
Files:
include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
lib/StaticAnalyzer/Checkers/Checkers.td
lib/StaticAnalyzer/Checkers/MallocChecker.cpp
lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
test/Analysis/free.c
test/Analysis/malloc-annotations.c
test/Analysis/outofbound.c
test/Analysis/undef-buffers.c
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
Index: include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
===================================================================
--- include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
+++ include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
@@ -28,6 +28,10 @@
class Preprocessor;
class LangOptions;
+namespace ento {
+class CheckerBase;
+}
+
/// Analysis - Set of available source code analyses.
enum Analyses {
#define ANALYSIS(NAME, CMDFLAG, DESC, SCOPE) NAME,
@@ -176,6 +180,15 @@
/// \brief The mode of function selection used during inlining.
AnalysisInliningMode InliningMode;
+ /// \brief Describes the kind of the option.
+ enum class OptionKind {
+ Global,
+ Checker,
+ CheckerInherited,
+ Package,
+ PackageInherited
+ };
+
private:
/// \brief Describes the kinds for high-level analyzer mode.
enum UserModeKind {
@@ -252,17 +265,80 @@
/// \sa getMaxNodesPerTopLevelFunction
Optional<unsigned> MaxNodesPerTopLevelFunction;
+ /// A helper function that retrieves option for a given full-qualified
+ /// checker name.
+ /// Options for checkers can be specified via 'analyzer-config' command-line
+ /// option.
+ /// Example:
+ /// @code-analyzer-config unix.Malloc:OptionName=CheckerOptionValue @endcode
+ /// or @code-analyzer-config unix:OptionName=GroupOptionValue @endcode
+ /// for groups of checkers
+ /// @param [in] CheckerName Full-qualified checker name, like
+ /// alpha.unix.StreamChecker
+ /// @param [in] OptionName Name of the option to get
+ /// @param [in] Default Default value if no option is specified
+ /// @param [in] Kind This enum determines wether the option corresponds to the
+ /// static analyzer, the checker or a package. It also determines wether to
+ /// use inheritance.
+ /// @retval CheckerOptionValue An option for a checker if it was specified
+ /// @retval GroupOptionValue An option for group if it was specified and no
+ /// checker-specific options were found. The closer group to checker,
+ /// the more priority it has. For example, @c coregroup.subgroup has more
+ /// priority than @c coregroup for @c coregroup.subgroup.CheckerName checker
+ /// @retval Default If nor checker option, nor group option was found
+ StringRef getCheckerOption(StringRef CheckerName, StringRef OptionName,
+ StringRef Default,
+ OptionKind Kind = OptionKind::Global);
+
public:
/// Interprets an option's string value as a boolean.
///
/// Accepts the strings "true" and "false".
/// If an option value is not provided, returns the given \p DefaultVal.
+ /// @param [in] Name Name for option to retrieve
+ /// @param [in] DefaultVal Default value returned if no such option was
+ /// specified
+ /// @param [in] C Optional parameter that may be used to retrieve
+ /// checker-related option for a given checker
+ /// @param [in] Kind This enum determines wether the option corresponds to the
+ /// static analyzer, the checker or a package. It also determines wether to
+ /// use inheritance.
+ bool getBooleanOption(StringRef Name, bool DefaultVal,
+ const ento::CheckerBase *C,
+ OptionKind Kind = OptionKind::Checker);
bool getBooleanOption(StringRef Name, bool DefaultVal);
/// Variant that accepts a Optional value to cache the result.
+ ///
+ /// @param [in,out] V Return value storage, returned if parameter contains
+ /// an existing valid option, else it is used to store a return value
+ /// @param [in] Name Name for option to retrieve
+ /// @param [in] DefaultVal Default value returned if no such option was
+ /// specified
+ /// @param [in] C Optional parameter that may be used to retrieve
+ /// checker-related option for a given checker
+ /// @param [in] Kind This enum determines wether the option corresponds to the
+ /// static analyzer, the checker or a package. It also determines wether to
+ /// use inheritance.
+ bool getBooleanOption(Optional<bool> &V, StringRef Name, bool DefaultVal,
+ const ento::CheckerBase *C,
+ OptionKind Kind = OptionKind::Checker);
bool getBooleanOption(Optional<bool> &V, StringRef Name, bool DefaultVal);
/// Interprets an option's string value as an integer value.
+ ///
+ /// If an option value is not provided, returns the given \p DefaultVal.
+ /// @param [in] Name Name for option to retrieve
+ /// @param [in] DefaultVal Default value returned if no such option was
+ /// specified
+ /// @param [in] C Optional parameter that may be used to retrieve
+ /// checker-related option for a given checker
+ /// @param [in] Kind This enum determines wether the option corresponds to the
+ /// static analyzer, the checker or a package. It also determines wether to
+ /// use inheritance.
+ int getOptionAsInteger(StringRef Name, int DefaultVal,
+ const ento::CheckerBase *C,
+ OptionKind Kind = OptionKind::Checker);
int getOptionAsInteger(StringRef Name, int DefaultVal);
/// \brief Retrieves and sets the UserMode. This is a high-level option,
Index: lib/StaticAnalyzer/Checkers/Checkers.td
===================================================================
--- lib/StaticAnalyzer/Checkers/Checkers.td
+++ lib/StaticAnalyzer/Checkers/Checkers.td
@@ -295,7 +295,7 @@
HelpText<"Check calls to various UNIX/Posix functions">,
DescFile<"UnixAPIChecker.cpp">;
-def MallocPessimistic : Checker<"Malloc">,
+def MallocChecker: Checker<"Malloc">,
HelpText<"Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free().">,
DescFile<"MallocChecker.cpp">;
@@ -315,10 +315,6 @@
HelpText<"Check improper use of chroot">,
DescFile<"ChrootChecker.cpp">;
-def MallocOptimistic : Checker<"MallocWithAnnotations">,
- HelpText<"Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free(). Assumes that all user-defined functions which might free a pointer are annotated.">,
- DescFile<"MallocChecker.cpp">;
-
def PthreadLockChecker : Checker<"PthreadLock">,
HelpText<"Simple lock -> unlock checker">,
DescFile<"PthreadLockChecker.cpp">;
Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -170,8 +170,7 @@
/// In pessimistic mode, the checker assumes that it does not know which
/// functions might free the memory.
enum CheckKind {
- CK_MallocPessimistic,
- CK_MallocOptimistic,
+ CK_MallocChecker,
CK_NewDeleteChecker,
CK_NewDeleteLeaksChecker,
CK_MismatchedDeallocatorChecker,
@@ -184,6 +183,8 @@
MOK_Any
};
+ DefaultBool IsOptimistic;
+
DefaultBool ChecksEnabled[CK_NumCheckKinds];
CheckName CheckNames[CK_NumCheckKinds];
typedef llvm::SmallVector<CheckKind, CK_NumCheckKinds> CKVecTy;
@@ -585,7 +586,7 @@
if (Family != AF_Malloc)
return false;
- if (ChecksEnabled[CK_MallocOptimistic] && FD->hasAttrs()) {
+ if (IsOptimistic && FD->hasAttrs()) {
for (const auto *I : FD->specific_attrs<OwnershipAttr>()) {
OwnershipAttr::OwnershipKind OwnKind = I->getOwnKind();
if(OwnKind == OwnershipAttr::Takes || OwnKind == OwnershipAttr::Holds) {
@@ -792,8 +793,7 @@
}
}
- if (ChecksEnabled[CK_MallocOptimistic] ||
- ChecksEnabled[CK_MismatchedDeallocatorChecker]) {
+ if (IsOptimistic || ChecksEnabled[CK_MismatchedDeallocatorChecker]) {
// Check all the attributes, if there are any.
// There can be multiple of these attributes.
if (FD->hasAttrs())
@@ -1358,8 +1358,7 @@
case AF_IfNameIndex:
case AF_Alloca: {
// C checkers.
- if (CK == CK_MallocOptimistic ||
- CK == CK_MallocPessimistic) {
+ if (CK == CK_MallocChecker) {
return CK;
}
return Optional<MallocChecker::CheckKind>();
@@ -1512,8 +1511,7 @@
SourceRange Range,
const Expr *DeallocExpr) const {
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_NewDeleteChecker),
C, DeallocExpr);
if (!CheckKind.hasValue())
@@ -1555,8 +1553,7 @@
void MallocChecker::ReportFreeAlloca(CheckerContext &C, SVal ArgVal,
SourceRange Range) const {
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_MismatchedDeallocatorChecker),
AF_Alloca);
if (!CheckKind.hasValue())
@@ -1635,8 +1632,7 @@
const Expr *AllocExpr) const {
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_NewDeleteChecker),
C, AllocExpr);
if (!CheckKind.hasValue())
@@ -1688,8 +1684,7 @@
void MallocChecker::ReportUseAfterFree(CheckerContext &C, SourceRange Range,
SymbolRef Sym) const {
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_NewDeleteChecker),
C, Sym);
if (!CheckKind.hasValue())
@@ -1714,8 +1709,7 @@
bool Released, SymbolRef Sym,
SymbolRef PrevSym) const {
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_NewDeleteChecker),
C, Sym);
if (!CheckKind.hasValue())
@@ -1930,8 +1924,7 @@
void MallocChecker::reportLeak(SymbolRef Sym, ExplodedNode *N,
CheckerContext &C) const {
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_NewDeleteLeaksChecker),
C, Sym);
if (!CheckKind.hasValue())
@@ -2054,8 +2047,7 @@
return;
ASTContext &Ctx = C.getASTContext();
- if ((ChecksEnabled[CK_MallocOptimistic] ||
- ChecksEnabled[CK_MallocPessimistic]) &&
+ if (ChecksEnabled[CK_MallocChecker] &&
(isCMemFunction(FD, Ctx, AF_Malloc, MemoryOperationKind::MOK_Free) ||
isCMemFunction(FD, Ctx, AF_IfNameIndex,
MemoryOperationKind::MOK_Free)))
@@ -2547,8 +2539,7 @@
for (RegionStateTy::iterator I = RS.begin(), E = RS.end(); I != E; ++I) {
const RefState *RefS = State->get<RegionState>(I.getKey());
AllocationFamily Family = RefS->getAllocationFamily();
- auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocOptimistic,
- CK_MallocPessimistic,
+ auto CheckKind = getCheckIfTracked(MakeVecFromCK(CK_MallocChecker,
CK_NewDeleteChecker),
Family);
I.getKey()->dumpToStream(Out);
@@ -2564,6 +2555,9 @@
void ento::registerNewDeleteLeaksChecker(CheckerManager &mgr) {
registerCStringCheckerBasic(mgr);
MallocChecker *checker = mgr.registerChecker<MallocChecker>();
+ checker->IsOptimistic = mgr.getAnalyzerOptions().getBooleanOption(
+ "Optimistic", false, checker,
+ AnalyzerOptions::OptionKind::CheckerInherited);
checker->ChecksEnabled[MallocChecker::CK_NewDeleteLeaksChecker] = true;
checker->CheckNames[MallocChecker::CK_NewDeleteLeaksChecker] =
mgr.getCurrentCheckName();
@@ -2577,11 +2571,13 @@
void ento::register##name(CheckerManager &mgr) { \
registerCStringCheckerBasic(mgr); \
MallocChecker *checker = mgr.registerChecker<MallocChecker>(); \
+ checker->IsOptimistic = mgr.getAnalyzerOptions().getBooleanOption( \
+ "Optimistic", false, checker, \
+ AnalyzerOptions::OptionKind::CheckerInherited); \
checker->ChecksEnabled[MallocChecker::CK_##name] = true; \
checker->CheckNames[MallocChecker::CK_##name] = mgr.getCurrentCheckName(); \
}
-REGISTER_CHECKER(MallocPessimistic)
-REGISTER_CHECKER(MallocOptimistic)
+REGISTER_CHECKER(MallocChecker)
REGISTER_CHECKER(NewDeleteChecker)
REGISTER_CHECKER(MismatchedDeallocatorChecker)
Index: lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
===================================================================
--- lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
+++ lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
@@ -13,6 +13,7 @@
//===----------------------------------------------------------------------===//
#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h"
+#include "clang/StaticAnalyzer/Core/Checker.h"
#include "llvm/ADT/SmallString.h"
#include "llvm/ADT/StringSwitch.h"
#include "llvm/Support/ErrorHandling.h"
@@ -19,6 +20,7 @@
#include "llvm/Support/raw_ostream.h"
using namespace clang;
+using namespace ento;
using namespace llvm;
AnalyzerOptions::UserModeKind AnalyzerOptions::getUserMode() {
@@ -100,6 +102,37 @@
static StringRef toString(bool b) { return b ? "true" : "false"; }
+StringRef AnalyzerOptions::getCheckerOption(StringRef CheckerName,
+ StringRef OptionName,
+ StringRef Default,
+ OptionKind Kind) {
+ if (Kind == OptionKind::Global) {
+ return Config.insert(std::make_pair(OptionName, Default)).first->second;
+ }
+
+ if (Kind == OptionKind::Package || Kind == OptionKind::PackageInherited) {
+ size_t Pos = CheckerName.rfind('.');
+ assert(Pos != StringRef::npos && "Checker without package.");
+ CheckerName = CheckerName.substr(0, Pos);
+ }
+
+ // Search for a category option if option for checker is not specified and
+ // inheritance is enabled.
+ ConfigTable::const_iterator E = Config.end();
+ do {
+ ConfigTable::const_iterator I =
+ Config.find((Twine(CheckerName) + ":" + OptionName).str());
+ if (I != E)
+ return StringRef(I->getValue());
+ size_t Pos = CheckerName.rfind('.');
+ if (Pos == StringRef::npos)
+ return Default;
+ CheckerName = CheckerName.substr(0, Pos);
+ } while (!CheckerName.empty() && (Kind == OptionKind::CheckerInherited ||
+ Kind == OptionKind::PackageInherited));
+ return Default;
+}
+
bool AnalyzerOptions::getBooleanOption(StringRef Name, bool DefaultVal) {
// FIXME: We should emit a warning here if the value is something other than
// "true", "false", or the empty string (meaning the default value),
@@ -112,6 +145,17 @@
.Default(DefaultVal);
}
+bool AnalyzerOptions::getBooleanOption(StringRef Name, bool DefaultVal,
+ const CheckerBase *C, OptionKind Kind) {
+ assert(C);
+ StringRef Default = toString(DefaultVal);
+ StringRef V = getCheckerOption(C->getTagDescription(), Name, Default, Kind);
+ return llvm::StringSwitch<bool>(V)
+ .Case("true", true)
+ .Case("false", false)
+ .Default(DefaultVal);
+}
+
bool AnalyzerOptions::getBooleanOption(Optional<bool> &V, StringRef Name,
bool DefaultVal) {
if (!V.hasValue())
@@ -119,6 +163,14 @@
return V.getValue();
}
+bool AnalyzerOptions::getBooleanOption(Optional<bool> &V, StringRef Name,
+ bool DefaultVal, const CheckerBase *C,
+ OptionKind Kind) {
+ if (!V.hasValue())
+ V = getBooleanOption(Name, DefaultVal, C, Kind);
+ return V.getValue();
+}
+
bool AnalyzerOptions::includeTemporaryDtorsInCFG() {
return getBooleanOption(IncludeTemporaryDtorsInCFG,
"cfg-temporary-dtors",
@@ -205,6 +257,7 @@
OS << DefaultVal;
StringRef V = Config.insert(std::make_pair(Name, OS.str())).first->second;
+
int Res = DefaultVal;
bool b = V.getAsInteger(10, Res);
assert(!b && "analyzer-config option should be numeric");
@@ -212,6 +265,22 @@
return Res;
}
+int AnalyzerOptions::getOptionAsInteger(StringRef Name, int DefaultVal,
+ const CheckerBase *C, OptionKind Kind) {
+ assert(C);
+ SmallString<10> StrBuf;
+ llvm::raw_svector_ostream OS(StrBuf);
+ OS << DefaultVal;
+
+ StringRef V = getCheckerOption(C->getTagDescription(), Name, OS.str(), Kind);
+
+ int Res = DefaultVal;
+ bool b = V.getAsInteger(10, Res);
+ assert(!b && "analyzer-config option should be numeric");
+ (void)b;
+ return Res;
+}
+
unsigned AnalyzerOptions::getAlwaysInlineSize() {
if (!AlwaysInlineSize.hasValue())
AlwaysInlineSize = getOptionAsInteger("ipa-always-inline-size", 3);
@@ -281,4 +350,3 @@
bool AnalyzerOptions::shouldConditionalizeStaticInitializers() {
return getBooleanOption("cfg-conditional-static-initializers", true);
}
-
Index: test/Analysis/free.c
===================================================================
--- test/Analysis/free.c
+++ test/Analysis/free.c
@@ -1,5 +1,5 @@
// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,unix.Malloc -fblocks -verify %s
-// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,alpha.unix.MallocWithAnnotations -fblocks -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-store=region -analyzer-checker=core,unix.Malloc -fblocks -verify -analyzer-config unix.Malloc:Optimistic=true %s
typedef __typeof(sizeof(int)) size_t;
void free(void *);
void *alloca(size_t);
Index: test/Analysis/malloc-annotations.c
===================================================================
--- test/Analysis/malloc-annotations.c
+++ test/Analysis/malloc-annotations.c
@@ -1,4 +1,5 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,alpha.unix.MallocWithAnnotations -analyzer-store=region -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc -analyzer-store=region -verify -analyzer-config unix:Optimistic=true %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc -analyzer-store=region -verify -analyzer-config unix.Malloc:Optimistic=true %s
typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t);
void free(void *);
Index: test/Analysis/outofbound.c
===================================================================
--- test/Analysis/outofbound.c
+++ test/Analysis/outofbound.c
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-checker=core,alpha.unix,alpha.security.ArrayBound -analyzer-store=region -verify %s
+// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-checker=core,unix,alpha.security.ArrayBound -analyzer-store=region -verify -analyzer-config unix:Optimistic=true %s
typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t);
Index: test/Analysis/undef-buffers.c
===================================================================
--- test/Analysis/undef-buffers.c
+++ test/Analysis/undef-buffers.c
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.unix,core.uninitialized -analyzer-store=region -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix,core.uninitialized -analyzer-store=region -verify -analyzer-config unix:Optimistic=true %s
typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t);
void free(void *);
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
