[PATCH] D33092: [analyzer] Add checker to model builtin functions

Gábor Horváth via Phabricator via cfe-commits Thu, 11 May 2017 02:57:11 -0700

xazax.hun created this revision.
Herald added subscribers: whisperity, mgorny.


I added a checker to model builtin functions. Only one builtin function is 
modelled so far. The motivation behind using `__builtin_assume` from the 
analyzers point of view is to add assumptions. The conventional way to express 
invariants is to use asserts (with correct annotations for noreturn functions). 
However on some platform the users do not want to pay the price of an assert, 
even in the debug build (especially in a hot code). This way we can express 
these invariants to the analyzer without runtime overhead.

What do you think?


Repository:
  rL LLVM

https://reviews.llvm.org/D33092

Files:
  include/clang/StaticAnalyzer/Checkers/Checkers.td
  lib/StaticAnalyzer/Checkers/CMakeLists.txt
  lib/StaticAnalyzer/Checkers/ModelBuiltinChecker.cpp
  test/Analysis/builtin-assume.c

Index: test/Analysis/builtin-assume.c
===================================================================
--- /dev/null
+++ test/Analysis/builtin-assume.c
@@ -0,0 +1,8 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+
+void clang_analyzer_eval(int);
+
+void f(int i) {
+  __builtin_assume(i < 10);
+  clang_analyzer_eval(i < 15); // expected-warning {{TRUE}}
+}
Index: lib/StaticAnalyzer/Checkers/ModelBuiltinChecker.cpp
===================================================================
--- /dev/null
+++ lib/StaticAnalyzer/Checkers/ModelBuiltinChecker.cpp
@@ -0,0 +1,59 @@
+//=== ModelBuiltinChecker.cpp --------- Model builtin functions -*- C++ -*-===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This checker improves modeling of a few builtin compiler functions.
+// It does not generate warnings.
+//
+//===----------------------------------------------------------------------===//
+
+#include "ClangSACheckers.h"
+#include "clang/StaticAnalyzer/Core/Checker.h"
+#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+
+using namespace clang;
+using namespace clang::ento;
+
+namespace {
+class ModelBuiltinsChecker : public Checker<eval::Call> {
+public:
+  bool evalCall(const CallExpr *CE, CheckerContext &C) const {
+    const FunctionDecl *FD =
+        dyn_cast_or_null<FunctionDecl>(CE->getCalleeDecl());
+    if (!FD)
+      return false;
+    if (!FD->getIdentifier())
+      return false;
+
+    StringRef Name = FD->getName();
+    if (Name.empty() || !C.isCLibraryFunction(FD, Name) ||
+        Name != "__builtin_assume")
+      return false;
+
+    ProgramStateRef State = C.getState();
+    const LocationContext *LC = C.getLocationContext();
+    SVal ArgSVal = State->getSVal(CE->getArg(0), LC);
+    if (ArgSVal.isUndef())
+      return false;
+
+    State = State->assume(ArgSVal.castAs<DefinedOrUnknownSVal>(), true);
+    // FIXME: do we want to warn here?
+    if (!State)
+      return false;
+
+    C.addTransition(State);
+    return true;
+  }
+};
+} // end of anonymous namespace
+
+void ento::registerModelBuiltinsChecker(CheckerManager &mgr) {
+  mgr.registerChecker<ModelBuiltinsChecker>();
+}
Index: lib/StaticAnalyzer/Checkers/CMakeLists.txt
===================================================================
--- lib/StaticAnalyzer/Checkers/CMakeLists.txt
+++ lib/StaticAnalyzer/Checkers/CMakeLists.txt
@@ -49,6 +49,7 @@
   MallocOverflowSecurityChecker.cpp
   MallocSizeofChecker.cpp
   MisusedMovedObjectChecker.cpp
+  ModelBuiltinChecker.cpp
   MPI-Checker/MPIBugReporter.cpp
   MPI-Checker/MPIChecker.cpp
   MPI-Checker/MPIFunctionClassifier.cpp
Index: include/clang/StaticAnalyzer/Checkers/Checkers.td
===================================================================
--- include/clang/StaticAnalyzer/Checkers/Checkers.td
+++ include/clang/StaticAnalyzer/Checkers/Checkers.td
@@ -99,6 +99,10 @@
   HelpText<"Check for dereferences of null pointers">,
   DescFile<"DereferenceChecker.cpp">;
 
+def ModelBuiltinsChecker : Checker<"ModelBuiltins">,
+  HelpText<"Model some compiler builtin functions">,
+  DescFile<"ModelBuiltinChecker.cpp">;
+
 def CallAndMessageChecker : Checker<"CallAndMessage">,
   HelpText<"Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)">,
   DescFile<"CallAndMessageChecker.cpp">;

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D33092: [analyzer] Add checker to model builtin functions

Reply via email to