Author: Artem Dergachev Date: 2020-01-24T18:43:23+03:00 New Revision: 80fd37f9d66e49994eb06e2613a29a6d7016df6d
URL: https://github.com/llvm/llvm-project/commit/80fd37f9d66e49994eb06e2613a29a6d7016df6d DIFF: https://github.com/llvm/llvm-project/commit/80fd37f9d66e49994eb06e2613a29a6d7016df6d.diff LOG: [analyzer] PthreadLock: Fix return value modeling for XNU lock functions. Differential Revision: https://reviews.llvm.org/D37806 Added: Modified: clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp index 8649b8b96dd0..1597955a604a 100644 --- a/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/PthreadLockChecker.cpp @@ -226,12 +226,6 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE, if (sym) state = resolvePossiblyDestroyedMutex(state, lockR, sym); - SVal X = C.getSVal(CE); - if (X.isUnknownOrUndef()) - return; - - DefinedSVal retVal = X.castAs<DefinedSVal>(); - if (const LockState *LState = state->get<LockMap>(lockR)) { if (LState->isLocked()) { if (!BT_doublelock) @@ -254,25 +248,35 @@ void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE, ProgramStateRef lockSucc = state; if (isTryLock) { // Bifurcate the state, and allow a mode where the lock acquisition fails. - ProgramStateRef lockFail; - switch (semantics) { - case PthreadSemantics: - std::tie(lockFail, lockSucc) = state->assume(retVal); - break; - case XNUSemantics: - std::tie(lockSucc, lockFail) = state->assume(retVal); - break; - default: - llvm_unreachable("Unknown tryLock locking semantics"); + SVal RetVal = state->getSVal(CE, C.getLocationContext()); + if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) { + ProgramStateRef lockFail; + switch (semantics) { + case PthreadSemantics: + std::tie(lockFail, lockSucc) = state->assume(*DefinedRetVal); + break; + case XNUSemantics: + std::tie(lockSucc, lockFail) = state->assume(*DefinedRetVal); + break; + default: + llvm_unreachable("Unknown tryLock locking semantics"); + } + assert(lockFail && lockSucc); + C.addTransition(lockFail); } - assert(lockFail && lockSucc); - C.addTransition(lockFail); - + // We might want to handle the case when the mutex lock function was inlined + // and returned an Unknown or Undefined value. } else if (semantics == PthreadSemantics) { // Assume that the return value was 0. - lockSucc = state->assume(retVal, false); - assert(lockSucc); - + SVal RetVal = state->getSVal(CE, C.getLocationContext()); + if (auto DefinedRetVal = RetVal.getAs<DefinedSVal>()) { + // FIXME: If the lock function was inlined and returned true, + // we need to behave sanely - at least generate sink. + lockSucc = state->assume(*DefinedRetVal, false); + assert(lockSucc); + } + // We might want to handle the case when the mutex lock function was inlined + // and returned an Unknown or Undefined value. } else { // XNU locking semantics return void on non-try locks assert((semantics == XNUSemantics) && "Unknown locking semantics"); diff --git a/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h b/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h index b290ffe8d879..bf60daa4d732 100644 --- a/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h +++ b/clang/test/Analysis/Inputs/system-header-simulator-for-pthread-lock.h @@ -22,7 +22,9 @@ extern int pthread_mutex_unlock(pthread_mutex_t *); extern int pthread_mutex_trylock(pthread_mutex_t *); extern int pthread_mutex_destroy(pthread_mutex_t *); extern int pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *mutexattr); -extern int lck_mtx_lock(lck_mtx_t *); -extern int lck_mtx_unlock(lck_mtx_t *); -extern int lck_mtx_try_lock(lck_mtx_t *); + +typedef int boolean_t; +extern void lck_mtx_lock(lck_mtx_t *); +extern void lck_mtx_unlock(lck_mtx_t *); +extern boolean_t lck_mtx_try_lock(lck_mtx_t *); extern void lck_mtx_destroy(lck_mtx_t *lck, lck_grp_t *grp); _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
