From 5e6c06bc7deaaefe130b730032a9acb9cd38bf0c Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Fri, 26 Apr 2013 21:42:55 +0000 Subject: [analyzer] Model casts to bool differently from other numbers. Casts to bool (and _Bool) are equivalent to checks against zero, not truncations to 1 bit or 8 bits. This improved reasoning does cause a change in the behavior of the alpha BoolAssignment checker. Previously, this checker complained about statements like "bool x = y" if 'y' was known not to be 0 or 1. Now it does not, since that conversion is well-defined. It's hard to say what the "best" behavior here is: this conversion is safe, but might be better written as an explicit comparison against zero. More usefully, besides improving our model of booleans, this fixes spurious warnings when returning the address of a local variable cast to bool. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180638 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/Analysis/stackaddrleak.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'test/Analysis/stackaddrleak.c') diff --git a/test/Analysis/stackaddrleak.c b/test/Analysis/stackaddrleak.c index 10564faff3..4f81f6623e 100644 --- a/test/Analysis/stackaddrleak.c +++ b/test/Analysis/stackaddrleak.c @@ -1,5 +1,7 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store region -verify %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -std=c99 -Dbool=_Bool %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -x c++ %s +typedef __INTPTR_TYPE__ intptr_t; char const *p; void f0() { @@ -15,7 +17,7 @@ void f1() { void f2() { p = (const char *) __builtin_alloca(12); -} // expected-warning{{Address of stack memory allocated by call to alloca() on line 17 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}} +} // expected-warning{{Address of stack memory allocated by call to alloca() on line 19 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}} // PR 7383 - previosly the stack address checker would crash on this example // because it would attempt to do a direct load from 'pr7383_list'. @@ -32,3 +34,25 @@ void test_multi_return() { a = &x; b = &x; } // expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'a' upon returning}} expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'b' upon returning}} + +intptr_t returnAsNonLoc() { + int x; + return (intptr_t)&x; // expected-warning{{Address of stack memory associated with local variable 'x' returned to caller}} +} + +bool returnAsBool() { + int x; + return &x; // no-warning +} + +void assignAsNonLoc() { + extern intptr_t ip; + int x; + ip = (intptr_t)&x; +} // expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'ip' upon returning}} + +void assignAsBool() { + extern bool b; + int x; + b = &x; +} // no-warning -- cgit v1.2.3-18-g5258 From 7e6b564d59df6c0594bc3a577f33536850290dec Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Mon, 29 Apr 2013 17:23:03 +0000 Subject: Revert "[analyzer] Model casts to bool differently from other numbers." This seems to be causing quite a slowdown on our internal analyzer bot, and I'm not sure why. Needs further investigation. This reverts r180638 / 9e161ea981f22ae017b6af09d660bfc3ddf16a09. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180714 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/Analysis/stackaddrleak.c | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) (limited to 'test/Analysis/stackaddrleak.c') diff --git a/test/Analysis/stackaddrleak.c b/test/Analysis/stackaddrleak.c index 4f81f6623e..10564faff3 100644 --- a/test/Analysis/stackaddrleak.c +++ b/test/Analysis/stackaddrleak.c @@ -1,7 +1,5 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -std=c99 -Dbool=_Bool %s -// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -x c++ %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store region -verify %s -typedef __INTPTR_TYPE__ intptr_t; char const *p; void f0() { @@ -17,7 +15,7 @@ void f1() { void f2() { p = (const char *) __builtin_alloca(12); -} // expected-warning{{Address of stack memory allocated by call to alloca() on line 19 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}} +} // expected-warning{{Address of stack memory allocated by call to alloca() on line 17 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}} // PR 7383 - previosly the stack address checker would crash on this example // because it would attempt to do a direct load from 'pr7383_list'. @@ -34,25 +32,3 @@ void test_multi_return() { a = &x; b = &x; } // expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'a' upon returning}} expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'b' upon returning}} - -intptr_t returnAsNonLoc() { - int x; - return (intptr_t)&x; // expected-warning{{Address of stack memory associated with local variable 'x' returned to caller}} -} - -bool returnAsBool() { - int x; - return &x; // no-warning -} - -void assignAsNonLoc() { - extern intptr_t ip; - int x; - ip = (intptr_t)&x; -} // expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'ip' upon returning}} - -void assignAsBool() { - extern bool b; - int x; - b = &x; -} // no-warning -- cgit v1.2.3-18-g5258 From 112344ab7f96cf482bce80530676712c282756d5 Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Wed, 1 May 2013 18:19:59 +0000 Subject: Re-apply "[analyzer] Model casts to bool differently from other numbers." This doesn't appear to be the cause of the slowdown. I'll have to try a manual bisect to see if there's really anything there, or if it's just the bot itself taking on additional load. Meanwhile, this change helps with correctness. This changes an assertion and adds a test case, then re-applies r180638, which was reverted in r180714. and PR15863 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180864 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/Analysis/stackaddrleak.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'test/Analysis/stackaddrleak.c') diff --git a/test/Analysis/stackaddrleak.c b/test/Analysis/stackaddrleak.c index 10564faff3..4f81f6623e 100644 --- a/test/Analysis/stackaddrleak.c +++ b/test/Analysis/stackaddrleak.c @@ -1,5 +1,7 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store region -verify %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -std=c99 -Dbool=_Bool %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -x c++ %s +typedef __INTPTR_TYPE__ intptr_t; char const *p; void f0() { @@ -15,7 +17,7 @@ void f1() { void f2() { p = (const char *) __builtin_alloca(12); -} // expected-warning{{Address of stack memory allocated by call to alloca() on line 17 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}} +} // expected-warning{{Address of stack memory allocated by call to alloca() on line 19 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}} // PR 7383 - previosly the stack address checker would crash on this example // because it would attempt to do a direct load from 'pr7383_list'. @@ -32,3 +34,25 @@ void test_multi_return() { a = &x; b = &x; } // expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'a' upon returning}} expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'b' upon returning}} + +intptr_t returnAsNonLoc() { + int x; + return (intptr_t)&x; // expected-warning{{Address of stack memory associated with local variable 'x' returned to caller}} +} + +bool returnAsBool() { + int x; + return &x; // no-warning +} + +void assignAsNonLoc() { + extern intptr_t ip; + int x; + ip = (intptr_t)&x; +} // expected-warning{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'ip' upon returning}} + +void assignAsBool() { + extern bool b; + int x; + b = &x; +} // no-warning -- cgit v1.2.3-18-g5258