[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-03 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/9] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-03 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-06 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/107572 As reported in https://github.com/llvm/llvm-project/pull/103714#issuecomment-2295769193. CSA crashes on trying to bind value to symbolic region with `void *`. This happens when such region gets passed as inlin

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-08 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: CC @steakhal @NagyDonat https://github.com/llvm/llvm-project/pull/107572 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/107572 >From 0e8db855a1bde0692260f5aa26c245328a358a50 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 6 Sep 2024 15:15:52 +0300 Subject: [PATCH 1/3] clang/csa: fix crash on bind to symbolic region with void *

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: added missing declarations. should fix the CI https://github.com/llvm/llvm-project/pull/107572 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/107572 >From 0e8db855a1bde0692260f5aa26c245328a358a50 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 6 Sep 2024 15:15:52 +0300 Subject: [PATCH 1/4] clang/csa: fix crash on bind to symbolic region with void *

[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)

2024-09-09 Thread Pavel Skripkin via cfe-commits
@@ -3,6 +3,9 @@ int clang_analyzer_eval(int); pskrgag wrote: fixed, thanks! https://github.com/llvm/llvm-project/pull/107572 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/m

[clang] clang/csa: add initial support for builtin overflow (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/102602 Add basic support for `builtin_*_overflow` primitives. These helps a lot for checking custom calloc-like functions with inlinable body. Without such support code like ```c #include #include static void *m

[clang] [clang] [Static analyzer]: add initial support for builtin overflow (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang] [Static analyzer]: add initial support for builtin overflow (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [clang] [Static analyzer]: add initial support for builtin overflow (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang] [Static analyzer]: add initial support for builtin overflow (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
@@ -21,16 +21,67 @@ #include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/Checker

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
@@ -278,6 +278,23 @@ int *mallocRegion(void) { return mem; } +int *custom_calloc(size_t a, size_t b) { + size_t res; + if (__builtin_mul_overflow(a, b, &res)) +return 0; + + return malloc(res); +} + +int *mallocRegionOverflow(void) { + int *mem = (int*)custom_calloc(

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 3e0fcffa8fbea5f89ab927fd897c451bcafd8e5e Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/2] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag deleted https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-09 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-10 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-11 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag deleted https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-11 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 3e0fcffa8fbea5f89ab927fd897c451bcafd8e5e Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/3] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-11 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 3e0fcffa8fbea5f89ab927fd897c451bcafd8e5e Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/4] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-11 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/4] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-12 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/5] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-12 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-12 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/6] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-12 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +101,44 @@ class BuiltinFunctionChecker : public Checker { } // namespace +void BuiltinFunctionChecker::HandleOverflowBuiltin(const CallEvent &Call, + CheckerContext &C, +

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-13 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: > Try using the Github merge workflow to avoid doing force-pushes. Those are > destructive for inline comments done for the PR. On force-push, GH can't > follow to which line it should migrate the existing inline comments, thus > drops them. > Sorry again for fp =(. I am getti

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-13 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/7] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

2024-08-14 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/103714 If pointer is passed as input operand for inline assembly, it's possible that asm block will change memory behind this pointer. So if pointer is passed inside inline asm block, it's better to not guess and assu

[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

2024-08-14 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/103714 >From e528b0ded1a9815195e33d141a9e8ce05fb26cd1 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Wed, 14 Aug 2024 10:50:24 +0300 Subject: [PATCH 1/2] clang/csa: stop reasoning about pointers passed inside inl

[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

2024-08-14 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Thank you for review! Deleted newline and renamed `O` -> `I`. > It's a pitty that ProgramState::invalidateRegions accepts an Expr instead of > a Stmt and then later inside it just conjures the result of the invalidation > for a Stmt I saw that API, but thought there was a rea

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-16 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Could you, please, check the lattest vestion, if you have time? https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-16 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Oh, sorry for ping then. PR is not urgent at all. Have a fun vacation! =) https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commi

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-16 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/104599 Current MalloChecker logic suppresses FP caused by refcounting only for C++ destructors. The same pattern occurs a lot in C in objects with intrusive refcounting. See #104229 for code example. To extend curren

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-16 Thread Pavel Skripkin via cfe-commits
@@ -0,0 +1,80 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s +// + +typedef unsigned long size_t; + +typedef enum memory_order { + memory_order_relaxed = __ATOMIC_RELAXED, +} memory_order; + +void *calloc(size_t, size_t); +void free(void *); + +struc

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-16 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/2] clang/csa: suspect all functions as those that may do refc

[clang] [clang][analyzer] Support `ownership_{returns,takes}` attributes (PR #98941)

2024-07-23 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/98941 >From c1746eec0e985bb394ecd604129cd0c30d5c66ca Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Wed, 17 Jul 2024 16:41:20 +0300 Subject: [PATCH 1/9] clang/sema: disallow more than one 'onweship_takes' with di

[clang] [clang][analyzer] Support `ownership_{returns,takes}` attributes (PR #98941)

2024-07-23 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Rebased on top of d89f3e8df3160b3afc07bc742c81aa4738ea9646 https://github.com/llvm/llvm-project/pull/98941 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-24 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/99564 >From 6b7ec7c95df16de5eb0fecf2d69befb5461d98a5 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Thu, 18 Jul 2024 18:48:47 +0300 Subject: [PATCH 1/4] clang/sema: disallow ownership_returns for functions that r

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-24 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Rebased on top of 2ce865d4905970c07477a9c4e37159664a785c81 https://github.com/llvm/llvm-project/pull/99564 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-24 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/99564 >From 6b7ec7c95df16de5eb0fecf2d69befb5461d98a5 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Thu, 18 Jul 2024 18:48:47 +0300 Subject: [PATCH 1/5] clang/sema: disallow ownership_returns for functions that r

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-27 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: @AaronBallman sorry for Saturday ping, but could you, please, take a look? https://github.com/llvm/llvm-project/pull/99564 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commit

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-27 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/99564 >From 6b7ec7c95df16de5eb0fecf2d69befb5461d98a5 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Thu, 18 Jul 2024 18:48:47 +0300 Subject: [PATCH 1/6] clang/sema: disallow ownership_returns for functions that r

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-27 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/99564 >From 6b7ec7c95df16de5eb0fecf2d69befb5461d98a5 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Thu, 18 Jul 2024 18:48:47 +0300 Subject: [PATCH 1/7] clang/sema: disallow ownership_returns for functions that r

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-29 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Applied style and spelling fixes, thank you for review! https://github.com/llvm/llvm-project/pull/99564 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-16 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Hello @steakhal, could you, please, take a look? I just found linked issue quite interesting and decided to give it a try. I am new to llvm world, so I would really appreciate your review https://github.com/llvm/llvm-project/pull/98941 _

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -14,6 +14,13 @@ void free(void *); void __attribute((ownership_takes(malloc, 1))) my_free(void *); +void __attribute((ownership_returns(malloc1))) *my_malloc1(size_t); +void __attribute((ownership_takes(malloc1, 1))) my_free1(void *); + +void __attribute((ownership_returns(

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -103,14 +103,46 @@ using namespace std::placeholders; namespace { // Used to check correspondence between allocators and deallocators. -enum AllocationFamily { +enum AllocationFamilyKind { AF_None, AF_Malloc, AF_CXXNew, AF_CXXNewArray, AF_IfNameIndex, AF_A

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -1918,26 +1982,54 @@ static bool printMemFnName(raw_ostream &os, CheckerContext &C, const Expr *E) { static void printExpectedAllocName(raw_ostream &os, AllocationFamily Family) { - switch(Family) { -case AF_Malloc: os << "malloc()"; return; -case AF_CXXNew: os <

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -60,6 +67,41 @@ void testMalloc8() { operator delete[](p); // expected-warning{{Memory allocated by malloc() should be deallocated by free(), not operator delete[]}} } +void testMalloc9() { + int *p = (int *)my_malloc(sizeof(int)); + my_free(p); // no warning +} + +voi

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -14,6 +14,13 @@ void free(void *); void __attribute((ownership_takes(malloc, 1))) my_free(void *); +void __attribute((ownership_returns(malloc1))) *my_malloc1(size_t); +void __attribute((ownership_takes(malloc1, 1))) my_free1(void *); + +void __attribute((ownership_returns(

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -60,6 +67,41 @@ void testMalloc8() { operator delete[](p); // expected-warning{{Memory allocated by malloc() should be deallocated by free(), not operator delete[]}} } +void testMalloc9() { + int *p = (int *)my_malloc(sizeof(int)); + my_free(p); // no warning +} + +voi

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -14,6 +14,13 @@ void free(void *); void __attribute((ownership_takes(malloc, 1))) my_free(void *); +void __attribute((ownership_returns(malloc1))) *my_malloc1(size_t); pskrgag wrote: Seems like it works fine. At least, new test case passes. I guess, clang

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/98941 >From 3d362cfb1e197713a51ce798996ff4308e7ab5aa Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Wed, 17 Jul 2024 16:41:20 +0300 Subject: [PATCH 1/6] clang/sema: disallow more than one 'onweship_takes' with di

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/98941 >From 3d362cfb1e197713a51ce798996ff4308e7ab5aa Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Wed, 17 Jul 2024 16:41:20 +0300 Subject: [PATCH 1/6] clang/sema: disallow more than one 'onweship_takes' with di

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -1122,7 +1157,7 @@ MallocChecker::performKernelMalloc(const CallEvent &Call, CheckerContext &C, if (TrueState && !FalseState) { SVal ZeroVal = C.getSValBuilder().makeZeroVal(Ctx.CharTy); return MallocMemAux(C, Call, Call.getArgExpr(0), ZeroVal, TrueState, -

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -103,14 +103,49 @@ using namespace std::placeholders; namespace { // Used to check correspondence between allocators and deallocators. -enum AllocationFamily { +enum AllocationFamilyKind { AF_None, AF_Malloc, AF_CXXNew, AF_CXXNewArray, AF_IfNameIndex, AF_A

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -103,14 +103,49 @@ using namespace std::placeholders; namespace { // Used to check correspondence between allocators and deallocators. -enum AllocationFamily { +enum AllocationFamilyKind { AF_None, AF_Malloc, AF_CXXNew, AF_CXXNewArray, AF_IfNameIndex, AF_A

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
@@ -24,3 +24,7 @@ void f15(int, int) void f16(int *i, int *j) __attribute__((ownership_holds(foo, 1))) __attribute__((ownership_holds(foo, 1))); // OK, same index void f17(void*) __attribute__((ownership_takes(__, 1))); void f18() __attribute__((ownership_takes(foo, 1))); //

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-17 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: > Do you want to extend the scope of this PR to add some minimal docs to the > attribute? > If not, that's also fine, we will create a separate ticket for adding them > later. I am would be happy to give it a try, but I think we need to fix couple of things to truly follow the

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-18 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/98941 >From 3d362cfb1e197713a51ce798996ff4308e7ab5aa Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Wed, 17 Jul 2024 16:41:20 +0300 Subject: [PATCH 1/7] clang/sema: disallow more than one 'onweship_takes' with di

[clang] [Clang SA]: add support for mismatched ownership_returns+ownership_takes calls for custom allocation classes (PR #98941)

2024-07-18 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Thank you for review! I've applied your suggestions and fixed test failures. Messed up a bit with shadowing in constructor. > Usually, GitHub PRs prefer "merges" over "force-pushes". Whenever you > force-push, all the inline remarks could get lost, as it fails to track the >

[clang] [clang][analyzer] Support `ownership_{returns,takes}` attributes (PR #98941)

2024-07-18 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: > and you can read the docs for the checker, and the attribute at the links. I can't find any docs for this attribute. As I mentioned, I will fill new issues to fix couple of frontend issues and after that we can write down correct semantics of these attrs. Do you mean that lin

[clang] [clang][analyzer] Support `ownership_{returns,takes}` attributes (PR #98941)

2024-07-18 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Added release note and added basic example to `clang/docs/analyzer/checkers/mismatched_deallocator_example.cpp` Thanks! I learned a lot about llvm workflow. https://github.com/llvm/llvm-project/pull/98941 ___ cfe-commits mailing list c

[clang] [clang][analyzer] Support `ownership_{returns,takes}` attributes (PR #98941)

2024-07-18 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/98941 >From bb8a806c919715637e9d4877d02a8fc735c488a6 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Wed, 17 Jul 2024 16:41:20 +0300 Subject: [PATCH 1/9] clang/sema: disallow more than one 'onweship_takes' with di

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-18 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag created https://github.com/llvm/llvm-project/pull/99564 `onwership_returns` works only with pointers, since it models user-defined memory allocation functions. Make semantics more clear and report an error if attribute is attached to wrong function. Closes #99501

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-19 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/99564 >From f517162e629535446f5a261b81aa11b3155de6ed Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Thu, 18 Jul 2024 18:48:47 +0300 Subject: [PATCH 1/4] clang/sema: disallow ownership_returns for functions that r

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-19 Thread Pavel Skripkin via cfe-commits
@@ -1481,6 +1481,17 @@ static void handleOwnershipAttr(Sema &S, Decl *D, const ParsedAttr &AL) { break; } + // Allow only pointers to be return type for functions with ownership_takes + // attribute. This matches with current OwnershipAttr::Takes semantics + if (K ==

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-19 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Fixed test and applied suggestions. Thank you for review! https://github.com/llvm/llvm-project/pull/99564 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [Clang][Sema] Disallow applying `onwership_returns` to functions that return non-pointers (PR #99564)

2024-07-22 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: I think, it would be even better to drop second argument for `ownership_returns`, since it mirrors the behavior of `alloc_size`. And also allow any return type. But I am not sure if it's possible to make such change directly. Maybe we should start with deprecation for couple of

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
@@ -67,19 +67,6 @@ void testGlobalNoThrowPlacementExprNewBeforeOverload() { int *p = new(std::nothrow) int; } // leak-warning{{Potential leak of memory pointed to by 'p'}} -//- Standard pointer placement operators -void testGlobalPointerPlacementNew() {

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family); } +ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C, +

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
@@ -1736,6 +1816,25 @@ MallocChecker::MallocMemReturnsAttr(CheckerContext &C, const CallEvent &Call, return MallocMemAux(C, Call, UnknownVal(), UndefinedVal(), State, Family); } +ProgramStateRef MallocChecker::MallocBindRetval(CheckerContext &C, +

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
@@ -2815,7 +2906,7 @@ MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call, // Get the from and to pointer symbols as in toPtr = realloc(fromPtr, size). SymbolRef FromPtr = arg0Val.getLocSymbolInBase(); -SVal RetVal = C.getSVal(CE); +SVal Ret

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/106081 >From 82e3d871766b132d0ce0b9e8e74371d8598d2431 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Tue, 6 Aug 2024 19:12:01 +0300 Subject: [PATCH 1/4] wip --- .../Core/PathSensitive/DynamicExtent.h|

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Thank you so much for review! After invalidating location in `FreeMemAux` everything started working as it should. Also changed `getConjuredHeapSymbolVal` to return `DefinedSVal`. https://github.com/llvm/llvm-project/pull/106081 ___ cf

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: Since all pipelines has successfully finished, I am changing state to normal pr https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe

[clang] [WIP] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag ready_for_review https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-28 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/106081 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-29 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: seems patch got lost CC: @steakhal @NagyDonat https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-29 Thread Pavel Skripkin via cfe-commits
@@ -58,14 +60,14 @@ void testFreeOpNew() { void *p = operator new(0); free(p); // mismatch-warning@-1{{Memory allocated by 'operator new' should be deallocated by 'delete', not 'free()'}} -} // leak-warning{{Potential leak of memory pointed to by 'p'}} +} ---

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-30 Thread Pavel Skripkin via cfe-commits
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-30 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Refactor MallocChecker to use `BindExpr` in `evalCall` (PR #106081)

2024-08-30 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: > To me, a switch from eval-call to post-call should be NFC for the most part. It is, but it causes `MallocChecker` to no longer look into body of the functions, because of `evalCall` semantics, which is breaking change. So I am not quite sure how to split this PR into two

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-30 Thread Pavel Skripkin via cfe-commits
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag edited https://github.com/llvm/llvm-project/pull/104599 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/3] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-08-31 Thread Pavel Skripkin via cfe-commits
pskrgag wrote: gentle ping https://github.com/llvm/llvm-project/pull/102602 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-01 Thread Pavel Skripkin via cfe-commits
@@ -0,0 +1,157 @@ +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \ +// RUN: -analyzer-checker=core,debug.ExprInspection + +#define __UINT_MAX__ (__INT_MAX__ * 2U + 1U) +#define __INT_MIN__ (-__INT_MAX__ - 1) + +void clang_analyzer_dump_int(int); +void cla

[clang] [analyzer] [MallocChecker] suspect all release functions as candite for supression (PR #104599)

2024-08-31 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/4] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-02 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-02 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/102602 >From 7b4f999b39f4308cab253204e6be41ea7a70f695 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 9 Aug 2024 14:37:47 +0300 Subject: [PATCH 1/8] clang/csa: add initial support for builtin overflow --- ..

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-02 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-02 Thread Pavel Skripkin via cfe-commits
https://github.com/pskrgag updated https://github.com/llvm/llvm-project/pull/104599 >From 913036ab795d6b91d6bb74d82aa2d329fe689535 Mon Sep 17 00:00:00 2001 From: Pavel Skripkin Date: Fri, 16 Aug 2024 17:45:57 +0300 Subject: [PATCH 1/5] clang/csa: suspect all functions as those that may do refc

[clang] [analyzer] [MallocChecker] suspect all release functions as candidate for suppression (PR #104599)

2024-09-02 Thread Pavel Skripkin via cfe-commits
@@ -3648,35 +3652,53 @@ PathDiagnosticPieceRef MallocBugVisitor::VisitNode(const ExplodedNode *N, return nullptr; } - // See if we're releasing memory while inlining a destructor - // (or one of its callees). This turns on various common - //

[clang] [analyzer] Model overflow builtins (PR #102602)

2024-09-03 Thread Pavel Skripkin via cfe-commits
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker { } // namespace +std::pair +BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal, + QualType Res) const { + ProgramStateRef State = C.getState(); + SValBu

  1   2   >