[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/95129

This patch is a functional change.
https://discourse.llvm.org/t/analyzer-rfc-taming-z3-query-times/79520

As a result of this patch, individual Z3 queries in refutation will be
bound by 300ms. Every report equivalence class will be processed in
at most 1 second.

The heuristic should have only really marginal observable impact -
except for the cases when we had big report eqclasses with long-running
(15s) Z3 queries, where previously CSA effectively halted.
After this patch, CSA will tackle such extreme cases as well.



___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/95129


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/95129


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

I've tested this change on 200+ projects, and the overall effect is:
 - 0 new issues appear
 - 276 issues disappear (because we drop the report eqclass)
 
 The three most affected checker categories (all of them are spread across 
usually 20+ projects):
  - null-deref-like diagnostics (74)
 - OOBv2 (70)
 - uninit-read-like (55)
 
 This underpins the non-intrusive nature of this change.

https://github.com/llvm/llvm-project/pull/95129
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Ping. @NagyDonat @Xazax-hun @haoNoQ 

https://github.com/llvm/llvm-project/pull/95129
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

@@ -44,21 +47,43 @@ class Z3CrosscheckVisitor final : public BugReporterVisitor 
{
   /// Holds the constraints in a given path.
   ConstraintMap Constraints;
   Z3Result &Result;
+  const AnalyzerOptions &Opts;
 };
 
 /// The oracle will decide if a report should be accepted or rejected based on
-/// the results of the Z3 solver.
+/// the results of the Z3 solver and the statistics of the queries of a report
+/// equivalenece class.
 class Z3CrosscheckOracle {
 public:
+  explicit Z3CrosscheckOracle(const AnalyzerOptions &Opts) : Opts(Opts) {}
+
   enum Z3Decision {
-AcceptReport, // The report was SAT.
-RejectReport, // The report was UNSAT or UNDEF.
+AcceptReport,  // The report was SAT.
+RejectReport,  // The report was UNSAT or UNDEF.
+RejectEQClass, // The heuristic suggests to skip the current eqclass.
   };
 
-  /// Makes a decision for accepting or rejecting the report based on the
-  /// result of the corresponding Z3 query.
-  static Z3Decision
-  interpretQueryResult(const Z3CrosscheckVisitor::Z3Result &Query);
+  /// Updates the internal state with the new Z3Result and makes a decision how
+  /// to proceed:
+  /// - Accept the report if the Z3Result was SAT.
+  /// - Suggest dropping the report equvalence class based on the accumulated
+  ///   statistics.
+  /// - Otherwise, reject the report if the Z3Result was UNSAT or UNDEF.
+  ///
+  /// Conditions for dropping the equivalence class:
+  /// - Accumulative time spent in Z3 checks is more than 700ms in the eqclass.
+  /// - Hit the 300ms query timeout in the report eqclass.
+  /// - Hit the 400'000 rlimit in the report eqclass.
+  ///
+  /// Refer to
+  /// https://discourse.llvm.org/t/analyzer-rfc-taming-z3-query-times/79520 to
+  /// see why this heuristic was chosen.
+  Z3Decision interpretQueryResult(const Z3CrosscheckVisitor::Z3Result &Meta);
+
+private:
+  const AnalyzerOptions &Opts;
+  unsigned NumZ3QueriesDoneInEqClass = 0;

steakhal wrote:

Hmm, I dont think I use this anymore.

https://github.com/llvm/llvm-project/pull/95129
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/95129


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/95129


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Ah, it mixed the messages... Here it is:

- Removed unused `NumZ3QueriesDoneInEqClass`
- Added a new `crosscheck-with-z3-eqclass-timeout-threshold` config option.
- Removed misleading `// unsat` comment on return statement.
- Removed unnecessary `// sat` comment on return statement.
- Adjusted the name of the two last unit-tests. 

https://github.com/llvm/llvm-project/pull/95129
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/95129


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [analyzer] Harden safeguards for Z3 query times (PR #95129)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/95129


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[analyzer] Restore recognition of mutex methods" (PR #101651)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/101651

Before commit 705788c the checker alpha.unix.BlockInCriticalSection 
"recognized" the methods `std::mutex::lock` and `std::mutex::unlock` with an 
extremely trivial check that accepted any function (or method) named 
lock/unlock.

To avoid matching unrelated user-defined function, this was refined to a check 
that also requires the presence of "std" and "mutex" as distinct parts of the 
qualified name.

However, as #99628 reported, there are standard library implementations where 
some methods of `std::mutex` are inherited from an implementation detail base 
class and the new code wasn't able to recognize these methods, which led to 
emitting false positive reports.

As a workaround, this commit partially restores the old behavior by omitting 
the check for the class name.

In the future, it would be good to replace this hack with a solution which 
ensures that `CallDescription` understands inherited methods.

(cherry picked from commit 99ae2edc2592e602b0eb5a287f4d003aa3902440)

>From 18ad0209550ed258fc1a24e710613bc5e3e220af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?= 
Date: Fri, 2 Aug 2024 12:43:06 +0200
Subject: [PATCH] [analyzer] Restore recognition of mutex methods (#101511)

Before commit 705788c the checker alpha.unix.BlockInCriticalSection
"recognized" the methods `std::mutex::lock` and `std::mutex::unlock`
with an extremely trivial check that accepted any function (or method)
named lock/unlock.

To avoid matching unrelated user-defined function, this was refined to a
check that also requires the presence of "std" and "mutex" as distinct
parts of the qualified name.

However, as #99628 reported, there are standard library implementations
where some methods of `std::mutex` are inherited from an implementation
detail base class and the new code wasn't able to recognize these
methods, which led to emitting false positive reports.

As a workaround, this commit partially restores the old behavior by
omitting the check for the class name.

In the future, it would be good to replace this hack with a solution
which ensures that `CallDescription` understands inherited methods.

(cherry picked from commit 99ae2edc2592e602b0eb5a287f4d003aa3902440)
---
 .../BlockInCriticalSectionChecker.cpp | 16 +++---
 .../block-in-critical-section-inheritance.cpp | 31 +++
 2 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 
clang/test/Analysis/block-in-critical-section-inheritance.cpp

diff --git 
a/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
index 40f7e9cede1f1..4cd2f2802f30c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
@@ -147,10 +147,18 @@ using MutexDescriptor =
 class BlockInCriticalSectionChecker : public Checker {
 private:
   const std::array MutexDescriptors{
-  MemberMutexDescriptor({/*MatchAs=*/CDM::CXXMethod,
- /*QualifiedName=*/{"std", "mutex", "lock"},
- /*RequiredArgs=*/0},
-{CDM::CXXMethod, {"std", "mutex", "unlock"}, 0}),
+  // NOTE: There are standard library implementations where some methods
+  // of `std::mutex` are inherited from an implementation detail base
+  // class, and those aren't matched by the name specification {"std",
+  // "mutex", "lock"}.
+  // As a workaround here we omit the class name and only require the
+  // presence of the name parts "std" and "lock"/"unlock".
+  // TODO: Ensure that CallDescription understands inherited methods.
+  MemberMutexDescriptor(
+  {/*MatchAs=*/CDM::CXXMethod,
+   /*QualifiedName=*/{"std", /*"mutex",*/ "lock"},
+   /*RequiredArgs=*/0},
+  {CDM::CXXMethod, {"std", /*"mutex",*/ "unlock"}, 0}),
   FirstArgMutexDescriptor({CDM::CLibrary, {"pthread_mutex_lock"}, 1},
   {CDM::CLibrary, {"pthread_mutex_unlock"}, 1}),
   FirstArgMutexDescriptor({CDM::CLibrary, {"mtx_lock"}, 1},
diff --git a/clang/test/Analysis/block-in-critical-section-inheritance.cpp 
b/clang/test/Analysis/block-in-critical-section-inheritance.cpp
new file mode 100644
index 0..db20df8c60a5c
--- /dev/null
+++ b/clang/test/Analysis/block-in-critical-section-inheritance.cpp
@@ -0,0 +1,31 @@
+// RUN: %clang_analyze_cc1 \
+// RUN:   -analyzer-checker=unix.BlockInCriticalSection \
+// RUN:   -std=c++11 \
+// RUN:   -analyzer-output text \
+// RUN:   -verify %s
+
+unsigned int sleep(unsigned int seconds) {return 0;}
+namespace std {
+// There are some standard library implementations where some mutex methods
+// come from an implementation detail base class. We need to ensure that these
+// are matched correctly.
+class __mutex_base {
+public:
+  void lock(

[llvm-branch-commits] [clang] Backport "[analyzer] Restore recognition of mutex methods" (PR #101651)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/101651
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[analyzer] Restore recognition of mutex methods" (PR #101651)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/101651
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] 18ad020 - [analyzer] Restore recognition of mutex methods (#101511)

[Balazs Benics via llvm-branch-commits]

Author: Donát Nagy
Date: 2024-08-02T12:44:40+02:00
New Revision: 18ad0209550ed258fc1a24e710613bc5e3e220af

URL: 
https://github.com/llvm/llvm-project/commit/18ad0209550ed258fc1a24e710613bc5e3e220af
DIFF: 
https://github.com/llvm/llvm-project/commit/18ad0209550ed258fc1a24e710613bc5e3e220af.diff

LOG: [analyzer] Restore recognition of mutex methods (#101511)

Before commit 705788c the checker alpha.unix.BlockInCriticalSection
"recognized" the methods `std::mutex::lock` and `std::mutex::unlock`
with an extremely trivial check that accepted any function (or method)
named lock/unlock.

To avoid matching unrelated user-defined function, this was refined to a
check that also requires the presence of "std" and "mutex" as distinct
parts of the qualified name.

However, as #99628 reported, there are standard library implementations
where some methods of `std::mutex` are inherited from an implementation
detail base class and the new code wasn't able to recognize these
methods, which led to emitting false positive reports.

As a workaround, this commit partially restores the old behavior by
omitting the check for the class name.

In the future, it would be good to replace this hack with a solution
which ensures that `CallDescription` understands inherited methods.

(cherry picked from commit 99ae2edc2592e602b0eb5a287f4d003aa3902440)

Added: 
clang/test/Analysis/block-in-critical-section-inheritance.cpp

Modified: 
clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp

Removed: 




diff  --git 
a/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
index 40f7e9cede1f1..4cd2f2802f30c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
@@ -147,10 +147,18 @@ using MutexDescriptor =
 class BlockInCriticalSectionChecker : public Checker {
 private:
   const std::array MutexDescriptors{
-  MemberMutexDescriptor({/*MatchAs=*/CDM::CXXMethod,
- /*QualifiedName=*/{"std", "mutex", "lock"},
- /*RequiredArgs=*/0},
-{CDM::CXXMethod, {"std", "mutex", "unlock"}, 0}),
+  // NOTE: There are standard library implementations where some methods
+  // of `std::mutex` are inherited from an implementation detail base
+  // class, and those aren't matched by the name specification {"std",
+  // "mutex", "lock"}.
+  // As a workaround here we omit the class name and only require the
+  // presence of the name parts "std" and "lock"/"unlock".
+  // TODO: Ensure that CallDescription understands inherited methods.
+  MemberMutexDescriptor(
+  {/*MatchAs=*/CDM::CXXMethod,
+   /*QualifiedName=*/{"std", /*"mutex",*/ "lock"},
+   /*RequiredArgs=*/0},
+  {CDM::CXXMethod, {"std", /*"mutex",*/ "unlock"}, 0}),
   FirstArgMutexDescriptor({CDM::CLibrary, {"pthread_mutex_lock"}, 1},
   {CDM::CLibrary, {"pthread_mutex_unlock"}, 1}),
   FirstArgMutexDescriptor({CDM::CLibrary, {"mtx_lock"}, 1},

diff  --git a/clang/test/Analysis/block-in-critical-section-inheritance.cpp 
b/clang/test/Analysis/block-in-critical-section-inheritance.cpp
new file mode 100644
index 0..db20df8c60a5c
--- /dev/null
+++ b/clang/test/Analysis/block-in-critical-section-inheritance.cpp
@@ -0,0 +1,31 @@
+// RUN: %clang_analyze_cc1 \
+// RUN:   -analyzer-checker=unix.BlockInCriticalSection \
+// RUN:   -std=c++11 \
+// RUN:   -analyzer-output text \
+// RUN:   -verify %s
+
+unsigned int sleep(unsigned int seconds) {return 0;}
+namespace std {
+// There are some standard library implementations where some mutex methods
+// come from an implementation detail base class. We need to ensure that these
+// are matched correctly.
+class __mutex_base {
+public:
+  void lock();
+};
+class mutex : public __mutex_base{
+public:
+  void unlock();
+  bool try_lock();
+};
+} // namespace std
+
+void gh_99628() {
+  std::mutex m;
+  m.lock();
+  // expected-note@-1 {{Entering critical section here}}
+  sleep(10);
+  // expected-warning@-1 {{Call to blocking function 'sleep' inside of 
critical section}}
+  // expected-note@-2 {{Call to blocking function 'sleep' inside of critical 
section}}
+  m.unlock();
+}



___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[analyzer] Fix crash on using `bitcast(, )` as array subscript" (PR #101684)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/101684
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[analyzer] Fix crash on using `bitcast(, )` as array subscript" (PR #101684)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/101684

Current CSA logic does not expect `LazyCompoundValKind` as array index. This 
may happen if array is used as subscript to another, in case of bitcast to 
integer type.

Catch such cases and return `UnknownVal`, since CSA cannot model array -> int 
casts.

Closes #94496

(cherry picked from commit d96569ecc2807a13dab6495d8cc4e82775b00af1)

>From a9ef1edf0778a1702b2c8bb4027675238e032d79 Mon Sep 17 00:00:00 2001
From: Pavel Skripkin 
Date: Fri, 2 Aug 2024 18:04:57 +0300
Subject: [PATCH] [analyzer] Fix crash on using `bitcast(, )` as
 array subscript (#101647)

Current CSA logic does not expect `LazyCompoundValKind` as array index.
This may happen if array is used as subscript to another, in case of
bitcast to integer type.

Catch such cases and return `UnknownVal`, since CSA cannot model
array -> int casts.

Closes #94496

(cherry picked from commit d96569ecc2807a13dab6495d8cc4e82775b00af1)
---
 clang/docs/ReleaseNotes.rst |  3 +++
 clang/lib/StaticAnalyzer/Core/Store.cpp | 12 +++-
 clang/test/Analysis/exercise-ps.c   | 20 ++--
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index c42cb9932f3f7..5cd398c22c946 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1372,6 +1372,9 @@ Crash and bug fixes
 - Fixed a crash when storing through an address that refers to the address of
   a label. (#GH89185)
 
+- Fixed a crash when using ``__builtin_bitcast(type, array)`` as an array
+  subscript. (#GH94496)
+
 - Z3 crosschecking (aka. Z3 refutation) is now bounded, and can't consume
   more total time than the eymbolic execution itself. (#GH97298)
 
diff --git a/clang/lib/StaticAnalyzer/Core/Store.cpp 
b/clang/lib/StaticAnalyzer/Core/Store.cpp
index 67ca61bb56ba2..b436dd746d21f 100644
--- a/clang/lib/StaticAnalyzer/Core/Store.cpp
+++ b/clang/lib/StaticAnalyzer/Core/Store.cpp
@@ -472,7 +472,17 @@ SVal StoreManager::getLValueElement(QualType elementType, 
NonLoc Offset,
   const auto *ElemR = dyn_cast(BaseRegion);
 
   // Convert the offset to the appropriate size and signedness.
-  Offset = svalBuilder.convertToArrayIndex(Offset).castAs();
+  auto Off = svalBuilder.convertToArrayIndex(Offset).getAs();
+  if (!Off) {
+// Handle cases when LazyCompoundVal is used for an array index.
+// Such case is possible if code does:
+//   char b[4];
+//   a[__builtin_bitcast(int, b)];
+// Return UnknownVal, since we cannot model it.
+return UnknownVal();
+  }
+
+  Offset = Off.value();
 
   if (!ElemR) {
 // If the base region is not an ElementRegion, create one.
diff --git a/clang/test/Analysis/exercise-ps.c 
b/clang/test/Analysis/exercise-ps.c
index d1e1771afddb5..50643d5b04687 100644
--- a/clang/test/Analysis/exercise-ps.c
+++ b/clang/test/Analysis/exercise-ps.c
@@ -1,10 +1,13 @@
-// RUN: %clang_analyze_cc1 %s -verify -Wno-error=implicit-function-declaration 
\
-// RUN:   -analyzer-checker=core,unix.Malloc \
+// RUN: %clang_analyze_cc1 %s -triple=x86_64-unknown-linux \
+// RUN:   -verify -Wno-error=implicit-function-declaration \
+// RUN:   -analyzer-checker=core,unix.Malloc,debug.ExprInspection \
 // RUN:   -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true
 //
 // Just exercise the analyzer on code that has at one point caused issues
 // (i.e., no assertions or crashes).
 
+void clang_analyzer_dump_int(int);
+
 static void f1(const char *x, char *y) {
   while (*x != 0) {
 *y++ = *x++;
@@ -30,3 +33,16 @@ void f3(void *dest) {
   void *src = __builtin_alloca(5);
   memcpy(dest, src, 1); // expected-warning{{2nd function call argument is a 
pointer to uninitialized value}}
 }
+
+// Reproduce crash from GH#94496. When array is used as subcript to another 
array, CSA cannot model it
+// and should just assume it's unknown and do not crash.
+void f4(char *array) {
+  char b[4] = {0};
+
+  _Static_assert(sizeof(int) == 4, "Wrong triple for the test");
+
+  clang_analyzer_dump_int(__builtin_bit_cast(int, b)); // expected-warning 
{{lazyCompoundVal}}
+  clang_analyzer_dump_int(array[__builtin_bit_cast(int, b)]); // 
expected-warning {{Unknown}}
+
+  array[__builtin_bit_cast(int, b)] = 0x10; // no crash
+}

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[analyzer] Fix crash on using `bitcast(, )` as array subscript" (PR #101684)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/101684
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[analyzer] Fix crash on using `bitcast(, )` as array subscript" (PR #101684)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Cherrypick + added release notes as this crash was present in clang-18 too.

https://github.com/llvm/llvm-project/pull/101684
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport taint analysis slowdown regression fix (PR #105516)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/105516

Same as the cherry-picked commit + the release notes.

>From 1d10df6937e914e610da9c5818ba09ff711beb05 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 21 Aug 2024 14:24:56 +0200
Subject: [PATCH 1/2] [analyzer] Limit `isTainted()` by skipping complicated
 symbols (#105493)

As discussed in

https://discourse.llvm.org/t/rfc-make-istainted-and-complex-symbols-friends/79570/10

Some `isTainted()` queries can blow up the analysis times, and
effectively halt the analysis under specific workloads.

We don't really have the time now to do a caching re-implementation of
`isTainted()`, so we need to workaround the case.

The workaround with the smallest blast radius was to limit what symbols
`isTainted()` does the query (by walking the SymExpr). So far, the
threshold 10 worked for us, but this value can be overridden using the
"max-tainted-symbol-complexity" config value.

This new option is "deprecated" from the getgo, as I expect this issue
to be fixed within the next few months and I don't want users to
override this value anyways. If they do, this message will let them know
that they are on their own, and the next release may break them (as we
no longer recognize this option if we drop it).

Mitigates #89720

CPP-5414

(cherry picked from commit 848658955a9d2d42ea3e319d191e2dcd5d76c837)
---
 .../StaticAnalyzer/Core/AnalyzerOptions.def   |  5 ++
 clang/lib/StaticAnalyzer/Checkers/Taint.cpp   |  7 +++
 clang/test/Analysis/analyzer-config.c |  1 +
 clang/test/Analysis/taint-generic.c   | 49 ++-
 4 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.def 
b/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.def
index 29aa6a3b8a16e7..737bc8e86cfb6a 100644
--- a/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.def
+++ b/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.def
@@ -407,6 +407,11 @@ ANALYZER_OPTION(
 ANALYZER_OPTION(unsigned, MaxSymbolComplexity, "max-symbol-complexity",
 "The maximum complexity of symbolic constraint.", 35)
 
+// 
HACK:https://discourse.llvm.org/t/rfc-make-istainted-and-complex-symbols-friends/79570
+// Ideally, we should get rid of this option soon.
+ANALYZER_OPTION(unsigned, MaxTaintedSymbolComplexity, 
"max-tainted-symbol-complexity",
+"[DEPRECATED] The maximum complexity of a symbol to carry 
taint", 9)
+
 ANALYZER_OPTION(unsigned, MaxTimesInlineLarge, "max-times-inline-large",
 "The maximum times a large function could be inlined.", 32)
 
diff --git a/clang/lib/StaticAnalyzer/Checkers/Taint.cpp 
b/clang/lib/StaticAnalyzer/Checkers/Taint.cpp
index 6362c82b009d72..0bb5739db4b756 100644
--- a/clang/lib/StaticAnalyzer/Checkers/Taint.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/Taint.cpp
@@ -12,6 +12,7 @@
 
 #include "clang/StaticAnalyzer/Checkers/Taint.h"
 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
 #include 
 
@@ -256,6 +257,12 @@ std::vector 
taint::getTaintedSymbolsImpl(ProgramStateRef State,
   if (!Sym)
 return TaintedSymbols;
 
+  // 
HACK:https://discourse.llvm.org/t/rfc-make-istainted-and-complex-symbols-friends/79570
+  if (const auto &Opts = State->getAnalysisManager().getAnalyzerOptions();
+  Sym->computeComplexity() > Opts.MaxTaintedSymbolComplexity) {
+return {};
+  }
+
   // Traverse all the symbols this symbol depends on to see if any are tainted.
   for (SymbolRef SubSym : Sym->symbols()) {
 if (!isa(SubSym))
diff --git a/clang/test/Analysis/analyzer-config.c 
b/clang/test/Analysis/analyzer-config.c
index 2a4c40005a4dc0..1ee0d8e4eecebd 100644
--- a/clang/test/Analysis/analyzer-config.c
+++ b/clang/test/Analysis/analyzer-config.c
@@ -96,6 +96,7 @@
 // CHECK-NEXT: max-inlinable-size = 100
 // CHECK-NEXT: max-nodes = 225000
 // CHECK-NEXT: max-symbol-complexity = 35
+// CHECK-NEXT: max-tainted-symbol-complexity = 9
 // CHECK-NEXT: max-times-inline-large = 32
 // CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14
 // CHECK-NEXT: mode = deep
diff --git a/clang/test/Analysis/taint-generic.c 
b/clang/test/Analysis/taint-generic.c
index b0df85f237298d..1c139312734bca 100644
--- a/clang/test/Analysis/taint-generic.c
+++ b/clang/test/Analysis/taint-generic.c
@@ -63,6 +63,7 @@ void clang_analyzer_isTainted_char(char);
 void clang_analyzer_isTainted_wchar(wchar_t);
 void clang_analyzer_isTainted_charp(char*);
 void clang_analyzer_isTainted_int(int);
+void clang_analyzer_dump_int(int);
 
 int coin();
 
@@ -459,7 +460,53 @@ unsigned radar11369570_hanging(const unsigned char *arr, 
int l) {
 longcmp(a, t, c);
 l -= 12;
   }
-  return 5/a; // expected-warning {{Division by a tainted value, possibly 
zero}}
+  return 5/a; // FIXME: Should be a "div by

[llvm-branch-commits] [clang] Backport taint analysis slowdown regression fix (PR #105516)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/105516
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport taint analysis slowdown regression fix (PR #105516)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/105516
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][docs] Admit that the cleanup attribute is not supported (PR #81834)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/81834

In fact, the cleanup attribute is only added to the CFG, but still unhandled by 
CSA.
I propose dropping this false "support" statement from the docs.

>From 9676ef916e3617e879bb3f498472754031b3310b Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Thu, 15 Feb 2024 09:33:07 +0100
Subject: [PATCH] [analyzer][docs] Admit that the cleanup attribute is not
 supported

In fact, the cleanup attribute is only added to the CFG, but still
unhandled by CSA.
I propose dropping this false "support" statement from the docs.
---
 clang/docs/ReleaseNotes.rst | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 95d44951ae7ee6..b4cbe18aa150a9 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1343,9 +1343,6 @@ New features
   of static analysis tools, such as the Clang Static Analyzer.
   `Documentation 
`__.
 
-- Added support for the ``cleanup`` attribute.
-  `Documentation 
`__.
-
 - Support "Deducing this" (P0847R7). (Worked out of the box)
   (`af4751738db8 
`__)
 

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][docs] Admit that the cleanup attribute is not supported (PR #81834)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/81834
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [Clang] Fixes to immediate-escalating functions (#82281) (PR #82609)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/82609
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [Clang] Fixes to immediate-escalating functions (#82281) (PR #82609)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/82609

* Consider that immediate escalating function can appear at global scope, 
fixing a crash

* Lambda conversion to function pointer was sometimes not performed in an 
immediate function context when it should be.

Fixes #82258

(cherry picked from commit baf6bd303bd58a521809d456dd9b179636982fc5)

>From 96303d3df997659bf964693517509d4545a1f82c Mon Sep 17 00:00:00 2001
From: cor3ntin 
Date: Wed, 21 Feb 2024 20:53:44 +0100
Subject: [PATCH] [Clang] Fixes to immediate-escalating functions (#82281)

* Consider that immediate escalating function can appear at global
scope, fixing a crash

* Lambda conversion to function pointer was sometimes not performed in
an immediate function context when it should be.

Fixes #82258

(cherry picked from commit baf6bd303bd58a521809d456dd9b179636982fc5)
---
 clang/docs/ReleaseNotes.rst   |  5 
 clang/include/clang/Sema/Sema.h   |  4 ++-
 clang/lib/Sema/SemaExpr.cpp   |  4 +--
 .../SemaCXX/cxx2b-consteval-propagate.cpp | 26 +++
 4 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 93a67e7a895592..8697f1f3bbe9c2 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1099,6 +1099,11 @@ Bug Fixes to C++ Support
 - Fix incorrect code generation caused by the object argument of ``static 
operator()`` and ``static operator[]`` calls not being evaluated.
   Fixes (`#67976 `_)
 
+- Fix crash when using an immediate-escalated function at global scope.
+  (`#82258 `_)
+- Correctly immediate-escalate lambda conversion functions.
+  (`#82258 `_)
+
 Bug Fixes to AST Handling
 ^
 - Fixed an import failure of recursive friend class template.
diff --git a/clang/include/clang/Sema/Sema.h b/clang/include/clang/Sema/Sema.h
index 1f1cbd11ff7358..6adb8fb7966b3f 100644
--- a/clang/include/clang/Sema/Sema.h
+++ b/clang/include/clang/Sema/Sema.h
@@ -1090,7 +1090,9 @@ class Sema final {
   if (FD) {
 FD->setWillHaveBody(true);
 S.ExprEvalContexts.back().InImmediateFunctionContext =
-FD->isImmediateFunction();
+FD->isImmediateFunction() ||
+S.ExprEvalContexts[S.ExprEvalContexts.size() - 2]
+.isConstantEvaluated();
 S.ExprEvalContexts.back().InImmediateEscalatingFunctionContext =
 S.getLangOpts().CPlusPlus20 && FD->isImmediateEscalating();
   } else
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 0d9c087ed0cd19..4cce0abc231505 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -18294,7 +18294,6 @@ void Sema::CheckUnusedVolatileAssignment(Expr *E) {
 }
 
 void Sema::MarkExpressionAsImmediateEscalating(Expr *E) {
-  assert(!FunctionScopes.empty() && "Expected a function scope");
   assert(getLangOpts().CPlusPlus20 &&
  ExprEvalContexts.back().InImmediateEscalatingFunctionContext &&
  "Cannot mark an immediate escalating expression outside of an "
@@ -18311,7 +18310,8 @@ void Sema::MarkExpressionAsImmediateEscalating(Expr *E) 
{
   } else {
 assert(false && "expected an immediately escalating expression");
   }
-  getCurFunction()->FoundImmediateEscalatingExpression = true;
+  if (FunctionScopeInfo *FI = getCurFunction())
+FI->FoundImmediateEscalatingExpression = true;
 }
 
 ExprResult Sema::CheckForImmediateInvocation(ExprResult E, FunctionDecl *Decl) 
{
diff --git a/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp 
b/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp
index 531a6262287335..4a75392045d05a 100644
--- a/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp
+++ b/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp
@@ -368,3 +368,29 @@ vector v{};
 // expected-note@-2 {{in call to 'vector()'}}
 
 }
+
+
+namespace GH82258 {
+
+template 
+constexpr auto none_of(R&& r, Pred pred) -> bool { return true; }
+
+struct info { int value; };
+consteval auto is_invalid(info i) -> bool { return false; }
+constexpr info types[] = { {1}, {3}, {5}};
+
+static_assert(none_of(
+types,
++[](info i) consteval {
+return is_invalid(i);
+}
+));
+
+static_assert(none_of(
+types,
+[]{
+return is_invalid;
+}()
+));
+
+}

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [Clang] Fixes to immediate-escalating functions (#82281) (PR #82609)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/82609

>From c96211c576d13c38edb5ea39da3b44b2e0f6feed Mon Sep 17 00:00:00 2001
From: cor3ntin 
Date: Wed, 21 Feb 2024 20:53:44 +0100
Subject: [PATCH] [Clang] Fixes to immediate-escalating functions (#82281)

* Consider that immediate escalating function can appear at global
scope, fixing a crash

* Lambda conversion to function pointer was sometimes not performed in
an immediate function context when it should be.

Fixes #82258

(cherry picked from commit baf6bd303bd58a521809d456dd9b179636982fc5)
---
 clang/docs/ReleaseNotes.rst   |  5 
 clang/include/clang/Sema/Sema.h   |  4 ++-
 clang/lib/Sema/SemaExpr.cpp   |  4 +--
 .../SemaCXX/cxx2b-consteval-propagate.cpp | 26 +++
 4 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 93a67e7a895592..8697f1f3bbe9c2 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1099,6 +1099,11 @@ Bug Fixes to C++ Support
 - Fix incorrect code generation caused by the object argument of ``static 
operator()`` and ``static operator[]`` calls not being evaluated.
   Fixes (`#67976 `_)
 
+- Fix crash when using an immediate-escalated function at global scope.
+  (`#82258 `_)
+- Correctly immediate-escalate lambda conversion functions.
+  (`#82258 `_)
+
 Bug Fixes to AST Handling
 ^
 - Fixed an import failure of recursive friend class template.
diff --git a/clang/include/clang/Sema/Sema.h b/clang/include/clang/Sema/Sema.h
index 1f1cbd11ff7358..6adb8fb7966b3f 100644
--- a/clang/include/clang/Sema/Sema.h
+++ b/clang/include/clang/Sema/Sema.h
@@ -1090,7 +1090,9 @@ class Sema final {
   if (FD) {
 FD->setWillHaveBody(true);
 S.ExprEvalContexts.back().InImmediateFunctionContext =
-FD->isImmediateFunction();
+FD->isImmediateFunction() ||
+S.ExprEvalContexts[S.ExprEvalContexts.size() - 2]
+.isConstantEvaluated();
 S.ExprEvalContexts.back().InImmediateEscalatingFunctionContext =
 S.getLangOpts().CPlusPlus20 && FD->isImmediateEscalating();
   } else
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 0d9c087ed0cd19..4cce0abc231505 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -18294,7 +18294,6 @@ void Sema::CheckUnusedVolatileAssignment(Expr *E) {
 }
 
 void Sema::MarkExpressionAsImmediateEscalating(Expr *E) {
-  assert(!FunctionScopes.empty() && "Expected a function scope");
   assert(getLangOpts().CPlusPlus20 &&
  ExprEvalContexts.back().InImmediateEscalatingFunctionContext &&
  "Cannot mark an immediate escalating expression outside of an "
@@ -18311,7 +18310,8 @@ void Sema::MarkExpressionAsImmediateEscalating(Expr *E) 
{
   } else {
 assert(false && "expected an immediately escalating expression");
   }
-  getCurFunction()->FoundImmediateEscalatingExpression = true;
+  if (FunctionScopeInfo *FI = getCurFunction())
+FI->FoundImmediateEscalatingExpression = true;
 }
 
 ExprResult Sema::CheckForImmediateInvocation(ExprResult E, FunctionDecl *Decl) 
{
diff --git a/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp 
b/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp
index 531a6262287335..4a75392045d05a 100644
--- a/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp
+++ b/clang/test/SemaCXX/cxx2b-consteval-propagate.cpp
@@ -368,3 +368,29 @@ vector v{};
 // expected-note@-2 {{in call to 'vector()'}}
 
 }
+
+
+namespace GH82258 {
+
+template 
+constexpr auto none_of(R&& r, Pred pred) -> bool { return true; }
+
+struct info { int value; };
+consteval auto is_invalid(info i) -> bool { return false; }
+constexpr info types[] = { {1}, {3}, {5}};
+
+static_assert(none_of(
+types,
++[](info i) consteval {
+return is_invalid(i);
+}
+));
+
+static_assert(none_of(
+types,
+[]{
+return is_invalid;
+}()
+));
+
+}

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport fix for crash reported in #88181 (PR #89022)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/89022
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport fix for crash reported in #88181 (PR #89022)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/89022

Fixes #88181

(cherry picked from commit e096c144921daba59963f15e89d2ca6fb32d3a78)

The user requested the backport 
[here](https://github.com/llvm/llvm-project/pull/88536#issuecomment-2052237181).

>From ebe4abe49354d8f42fe403b8d0e6487f0febcf50 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 17 Apr 2024 08:02:49 +0200
Subject: [PATCH] [analyzer] Fix a security.cert.env.InvalidPtr crash

Fixes #88181

(cherry picked from commit e096c144921daba59963f15e89d2ca6fb32d3a78)
---
 clang/docs/ReleaseNotes.rst|  4 
 .../StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp |  6 +-
 clang/test/Analysis/invalid-ptr-checker.cpp| 10 ++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 clang/test/Analysis/invalid-ptr-checker.cpp

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index ce7e615d878944..1e88b58725bd95 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1474,6 +1474,10 @@ Crash and bug fixes
 - Fix false positive in mutation check when using pointer to member function.
   (`#66204 `_)
 
+- Fixed a crash in ``security.cert.env.InvalidPtr`` checker when accidentally
+  matched user-defined ``strerror`` and similar library functions.
+  (`#88181 `_)
+
 Improvements
 
 
diff --git a/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp
index e5dd907c660d8e..b2947f590c4ec1 100644
--- a/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp
@@ -205,8 +205,12 @@ void InvalidPtrChecker::postPreviousReturnInvalidatingCall(
   CE, LCtx, CE->getType(), C.blockCount());
   State = State->BindExpr(CE, LCtx, RetVal);
 
+  const auto *SymRegOfRetVal =
+  dyn_cast_or_null(RetVal.getAsRegion());
+  if (!SymRegOfRetVal)
+return;
+
   // Remember to this region.
-  const auto *SymRegOfRetVal = cast(RetVal.getAsRegion());
   const MemRegion *MR = SymRegOfRetVal->getBaseRegion();
   State = State->set(FD, MR);
 
diff --git a/clang/test/Analysis/invalid-ptr-checker.cpp 
b/clang/test/Analysis/invalid-ptr-checker.cpp
new file mode 100644
index 00..58bb45e0fb8421
--- /dev/null
+++ b/clang/test/Analysis/invalid-ptr-checker.cpp
@@ -0,0 +1,10 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.cert.env.InvalidPtr 
-verify %s
+
+// expected-no-diagnostics
+
+namespace other {
+int strerror(int errnum); // custom strerror
+void no_crash_on_custom_strerror() {
+  (void)strerror(0); // no-crash
+}
+} // namespace other

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer] Backport performace regression fix (PR #89725)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/89725
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport fix for crash reported in #88181 (PR #89022)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

> Hi @steakhal (or anyone else). If you would like to add a note about this fix 
> in the release notes (completely optional). Please reply to this comment with 
> a one or two sentence description of the fix. When you are done, please add 
> the release:note label to this PR.

I think what I added to the `clang/docs/ReleaseNotes.rst` in this PR should 
also work for you. Quote:
```
Fixed a crash in ``security.cert.env.InvalidPtr`` checker when accidentally
  matched user-defined ``strerror`` and similar library functions.
  (`#88181 `_)
```

https://github.com/llvm/llvm-project/pull/89022
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer] Backport performace regression fix (PR #89725)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

> Hi @steakhal (or anyone else). If you would like to add a note about this fix 
> in the release notes (completely optional). Please reply to this comment with 
> a one or two sentence description of the fix. When you are done, please add 
> the release:note label to this PR.

I think this would work: "In previous dot releases, we had a critical slowdown 
on analyzing code hashing or doing many array accesses. This bug did not affect 
previous major releases. See the details at issue #89045."

https://github.com/llvm/llvm-project/pull/89725
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport taint analysis slowdown regression fix (PR #105516)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

@Xazax-hun 

https://github.com/llvm/llvm-project/pull/105516
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[clang][analyzer] Fix #embed crash (#107764)" (PR #107841)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/107841
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[clang][analyzer] Fix #embed crash (#107764)" (PR #107841)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/107841

Backports the fix for #107724.

(cherry picked from commit d84d9559bdc7aeb4ce14c251f6a3490c66db8d3a)

>From f791ef134479616ced3d90c5321ecb878c5b6efc Mon Sep 17 00:00:00 2001
From: Nicolas van Kempen 
Date: Mon, 9 Sep 2024 07:12:46 -0400
Subject: [PATCH] [clang][analyzer] Fix #embed crash (#107764)

Fix #107724.

(cherry picked from commit d84d9559bdc7aeb4ce14c251f6a3490c66db8d3a)
---
 clang/lib/StaticAnalyzer/Core/ExprEngine.cpp |  5 +
 clang/test/Analysis/embed.c  | 12 
 2 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 clang/test/Analysis/embed.c

diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp 
b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
index 62a240ecbc6003..c11468a08ae5ca 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1928,6 +1928,7 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
 case Stmt::CXXRewrittenBinaryOperatorClass:
 case Stmt::RequiresExprClass:
 case Expr::CXXParenListInitExprClass:
+case Stmt::EmbedExprClass:
   // Fall through.
 
 // Cases we intentionally don't evaluate, since they don't need
@@ -2430,10 +2431,6 @@ void ExprEngine::Visit(const Stmt *S, ExplodedNode *Pred,
   Bldr.addNodes(Dst);
   break;
 }
-
-case Stmt::EmbedExprClass:
-  llvm::report_fatal_error("Support for EmbedExpr is not implemented.");
-  break;
   }
 }
 
diff --git a/clang/test/Analysis/embed.c b/clang/test/Analysis/embed.c
new file mode 100644
index 00..32f6c130325740
--- /dev/null
+++ b/clang/test/Analysis/embed.c
@@ -0,0 +1,12 @@
+// RUN: %clang_analyze_cc1 -std=c23 
-analyzer-checker=core,debug.ExprInspection -verify %s
+
+void clang_analyzer_dump_ptr(const unsigned char *ptr);
+void clang_analyzer_dump(unsigned char val);
+
+int main() {
+const unsigned char SelfBytes[] = {
+#embed "embed.c"
+};
+clang_analyzer_dump_ptr(SelfBytes); // expected-warning 
{{&Element{SelfBytes,0 S64b,unsigned char}}}
+clang_analyzer_dump(SelfBytes[0]); // expected-warning {{Unknown}} FIXME: 
This should be the `/` character.
+}

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[clang][analyzer] Fix #embed crash (#107764)" (PR #107841)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/107841
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport "[clang][analyzer] Fix #embed crash (#107764)" (PR #107841)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

There is no need to update the release notes as `#embed` is a new feature, so 
the crash is not a regression that needs to be highlighted.

https://github.com/llvm/llvm-project/pull/107841
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] ee073c7 - [analyzer][StdLibraryFunctionsChecker] Fix typos in summaries of mmap and mmap64

[Balazs Benics via llvm-branch-commits]

Author: Balazs Benics
Date: 2020-11-30T18:06:28+01:00
New Revision: ee073c798515e56b23463391a7b40d5ee6527337

URL: 
https://github.com/llvm/llvm-project/commit/ee073c798515e56b23463391a7b40d5ee6527337
DIFF: 
https://github.com/llvm/llvm-project/commit/ee073c798515e56b23463391a7b40d5ee6527337.diff

LOG: [analyzer][StdLibraryFunctionsChecker] Fix typos in summaries of mmap and 
mmap64

The fd parameter of
```
void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset)
```
should be constrained to the range [0, IntMax] as that is of type int.
Constraining to the range [0, Off_tMax] would result in a crash as that is
of a signed type with the value of 0xff..f (-1).

The crash would happen when we try to apply the arg constraints.
At line 583: assert(Min <= Max), as 0 <= -1 is not satisfied

The mmap64 is fixed for the same reason.

Reviewed By: martong, vsavchenko

Differential Revision: https://reviews.llvm.org/D92307

Added: 
clang/test/Analysis/std-c-library-posix-crash.c

Modified: 
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Removed: 




diff  --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index 10011effe039..f8eafde3218d 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -1722,7 +1722,6 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
 "ftello", Signature(ArgTypes{FilePtrTy}, RetType{Off_tTy}),
 Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0;
 
-Optional Off_tMax = getMaxValue(Off_tTy);
 // void *mmap(void *addr, size_t length, int prot, int flags, int fd,
 // off_t offset);
 addToFunctionSummaryMap(
@@ -1732,10 +1731,9 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
 Summary(NoEvalCall)
 .ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, 
SizeMax)))
 .ArgConstraint(
-ArgumentCondition(4, WithinRange, Range(0, Off_tMax;
+ArgumentCondition(4, WithinRange, Range(0, IntMax;
 
 Optional Off64_tTy = lookupTy("off64_t");
-Optional Off64_tMax = getMaxValue(Off_tTy);
 // void *mmap64(void *addr, size_t length, int prot, int flags, int fd,
 // off64_t offset);
 addToFunctionSummaryMap(
@@ -1745,7 +1743,7 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
 Summary(NoEvalCall)
 .ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, 
SizeMax)))
 .ArgConstraint(
-ArgumentCondition(4, WithinRange, Range(0, Off64_tMax;
+ArgumentCondition(4, WithinRange, Range(0, IntMax;
 
 // int pipe(int fildes[2]);
 addToFunctionSummaryMap(

diff  --git a/clang/test/Analysis/std-c-library-posix-crash.c 
b/clang/test/Analysis/std-c-library-posix-crash.c
new file mode 100644
index ..23321d548d6d
--- /dev/null
+++ b/clang/test/Analysis/std-c-library-posix-crash.c
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 \
+// RUN:   -analyzer-checker=core,apiModeling.StdCLibraryFunctions \
+// RUN:   -analyzer-config apiModeling.StdCLibraryFunctions:ModelPOSIX=true \
+// RUN:   -verify %s
+//
+// expected-no-diagnostics
+
+typedef long off_t;
+typedef long long off64_t;
+typedef unsigned long size_t;
+
+void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t 
offset);
+void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t 
offset);
+
+void test(long len) {
+  mmap(0, len, 2, 1, 0, 0);   // no-crash
+  mmap64(0, len, 2, 1, 0, 0); // no-crash
+}



___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][docs] CSA release notes for clang-20 (PR #124798)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/124798
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][docs] CSA release notes for clang-20 (PR #124798)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Rebased to target the recently split release/20.x.
No changes were made to the content of the PR.

https://github.com/llvm/llvm-project/pull/124798
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());

steakhal wrote:

I see now. That was the source of the miscommunication here.

https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal ready_for_review 
https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

@@ -514,9 +514,12 @@ class MemRegionVal : public Loc {
 
 class ConcreteInt : public Loc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : Loc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : Loc(ConcreteIntKind, V.get()) {}

steakhal wrote:

I guess this one is resolved now. Is it?
Anything else blocking this PR?

https://github.com/llvm/llvm-project/pull/120437
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());

steakhal wrote:

A union make this void pointer trickery marginally safer at the expense of 
declaring all the types we typepun this poor void storage pointer.
Maybe this is something to consider.

https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());

steakhal wrote:

Basicall it all boils down to the fact that an sval has a single void pointer 
as a storage. I'm currently okay casting a pointer to and from void pointer of 
this storage. But I'd be uncomfortable bitcasting an APSIntPtr object into a 
void pointer storage, even if it only holds a single pointer inside. This is 
why I preferred unboxing the pointer and holding that inside the SVal.

Maybe I overlooked some other techniques. Let me know if you have something in 
mind.

https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

@@ -514,9 +514,12 @@ class MemRegionVal : public Loc {
 
 class ConcreteInt : public Loc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : Loc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : Loc(ConcreteIntKind, V.get()) {}

steakhal wrote:

In short, I don't think. See 
https://github.com/llvm/llvm-project/pull/120436#discussion_r1890504894.

https://github.com/llvm/llvm-project/pull/120437
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());

steakhal wrote:

Currently the infrastructure is set up for holding raw-pointers.
I don't know of a better way achieving this other than boxing/unboxing like 
done so.
I can't hold a pointer to a `APSIntPtr` object, if that's not exactly the 
object held by the factory.
In the factory, I can't allocate this, because this is just a view (a 
raw-pointer) - so its conceptually different.

The ergonomics would be better on one side if I had `APSIntRef` wrapping a 
reference, but then I'd lose copy and assign operations that come really handy 
in a lot of places. So these were the factors I considered when designing this 
type.

https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/120436

None

>From bda84413e146d2e39a704a73694fb777249be799 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:55:27 +0100
Subject: [PATCH] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr
 (2/4)

---
 .../Core/PathSensitive/MemRegion.h|  2 +-
 .../StaticAnalyzer/Core/PathSensitive/SVals.h |  8 +++--
 .../Checkers/ArrayBoundCheckerV2.cpp  | 14 -
 .../Checkers/BasicObjCFoundationChecks.cpp|  2 +-
 .../Checkers/BitwiseShiftChecker.cpp  |  8 ++---
 .../Checkers/BuiltinFunctionChecker.cpp   |  8 +++--
 .../Checkers/CheckPlacementNew.cpp|  2 +-
 .../lib/StaticAnalyzer/Checkers/Iterator.cpp  | 14 -
 .../Checkers/IteratorModeling.cpp |  4 +--
 .../Checkers/MmapWriteExecChecker.cpp |  2 +-
 .../StaticAnalyzer/Checkers/StreamChecker.cpp |  2 +-
 .../Core/BugReporterVisitors.cpp  |  2 +-
 clang/lib/StaticAnalyzer/Core/MemRegion.cpp   |  8 ++---
 .../lib/StaticAnalyzer/Core/ProgramState.cpp  |  6 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp |  2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp   | 10 +++
 .../Core/SimpleConstraintManager.cpp  |  2 +-
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp | 30 ++-
 18 files changed, 65 insertions(+), 61 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
index 0d9566285f5d4e..f88bf70d72398c 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
@@ -1206,7 +1206,7 @@ class ElementRegion : public TypedValueRegion {
   : TypedValueRegion(sReg, ElementRegionKind), ElementType(elementType),
 Index(Idx) {
 assert((!isa(Idx) ||
-Idx.castAs().getValue().isSigned()) &&
+Idx.castAs().getValue()->isSigned()) &&
"The index must be signed");
 assert(!elementType.isNull() && !elementType->isVoidType() &&
"Invalid region type!");
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index a054a819a15a85..57d7514280f10f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -17,6 +17,7 @@
 #include "clang/AST/Expr.h"
 #include "clang/AST/Type.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
 #include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/FoldingSet.h"
@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp 
b/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
index 3f837564cf47c4..6422933c8828a9 100644
--- a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
@@ -22,6 +22,7 @@
 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
+#include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/SmallString.h"
 #include "llvm/Support/FormatVariadic.h"
 #include "llvm/Support/raw_ostream.h"
@@ -241,26 +242,25 @@ computeOffset(ProgramStateRef State, SValBuilder &SVB, 
SVal Location) {
 static std::pair
 getSimplifiedOffsets(NonLoc offset, nonloc::ConcreteInt extent,
  SValBuilder &svalBuilder) {
+  const llvm::APSInt &extentVal = extent.getValue();
   std::optional SymVal = offset.getAs();
   if (SymVal && SymVal->isExpression()) {
 if (const SymIntExpr *SIE = dyn_cast(SymVal->getSymbol())) {
-  llvm::APSInt constant =
-  APSIntType(extent.getValue()).convert(SIE->getRHS());
+  llvm::APSInt constant = APSIntType(extentVal).convert(SIE->getRHS());
   switch (SIE->getOpcode()) {
   case BO_Mul:
 // The constant should never be 0 here, becasue multiplication by zero
 // is simplified by the engine.
-if ((extent.getValue() % constant) != 0)
+if ((extentVal % constant) != 0)
   return std::pair(offset, exte

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

> [!WARNING]
> This pull request is not mergeable via GitHub because a downstack PR is 
> open. Once all requirements are satisfied, merge this PR as a stack  href="https://app.graphite.dev/github/pr/llvm/llvm-project/120436?utm_source=stack-comment-downstack-mergeability-warning";
>  >on Graphite.
> https://graphite.dev/docs/merge-pull-requests";>Learn more

* **#120438** https://app.graphite.dev/github/pr/llvm/llvm-project/120438?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* **#120437** https://app.graphite.dev/github/pr/llvm/llvm-project/120437?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* **#120436** https://app.graphite.dev/github/pr/llvm/llvm-project/120436?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/> 👈 https://app.graphite.dev/github/pr/llvm/llvm-project/120436?utm_source=stack-comment-view-in-graphite";
 target="_blank">(View in Graphite)
* **#120435** https://app.graphite.dev/github/pr/llvm/llvm-project/120435?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* `main`




This stack of pull requests is managed by https://graphite.dev?utm-source=stack-comment";>Graphite. Learn 
more about https://stacking.dev/?utm_source=stack-comment";>stacking.


https://github.com/llvm/llvm-project/pull/120436
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/120438

None

>From ffda1054d5a3e8f4ce42c3bedfc29cc8a0c69df1 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:59:23 +0100
Subject: [PATCH] [analyzer][NFC] Migrate {SymInt,IntSym}Expr to use APSIntPtr
 (4/4)

---
 .../Core/PathSensitive/SMTConstraintManager.h|  4 ++--
 .../Core/PathSensitive/SValBuilder.h |  7 +++
 .../Core/PathSensitive/SymbolManager.h   | 16 +++-
 .../Checkers/ExprInspectionChecker.cpp   |  4 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp|  8 ++--
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp|  2 +-
 clang/lib/StaticAnalyzer/Core/SymbolManager.cpp  |  8 +++-
 7 files changed, 20 insertions(+), 29 deletions(-)

diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
index 72038b92f8edfe..7cfb24e5e649db 100644
--- 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
+++ 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
@@ -175,9 +175,9 @@ class SMTConstraintManager : public 
clang::ento::SimpleConstraintManager {
   const llvm::APSInt *LHS, *RHS;
   if (const SymIntExpr *SIE = dyn_cast(BSE)) {
 LHS = getSymVal(State, SIE->getLHS());
-RHS = &SIE->getRHS();
+RHS = SIE->getRHS().get();
   } else if (const IntSymExpr *ISE = dyn_cast(BSE)) {
-LHS = &ISE->getLHS();
+LHS = ISE->getLHS().get();
 RHS = getSymVal(State, ISE->getRHS());
   } else if (const SymSymExpr *SSM = dyn_cast(BSE)) {
 // Early termination to avoid expensive call
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
index ec2b2b24569480..54430d426a82a8 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
@@ -329,11 +329,10 @@ class SValBuilder {
   }
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-   const llvm::APSInt &rhs, QualType type);
+   APSIntPtr rhs, QualType type);
 
-  nonloc::SymbolVal makeNonLoc(const llvm::APSInt &rhs,
-   BinaryOperator::Opcode op, const SymExpr *lhs,
-   QualType type);
+  nonloc::SymbolVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
+   const SymExpr *lhs, QualType type);
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
const SymExpr *rhs, QualType type);
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
index 3b64d38ee2b233..73732d532f630f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
@@ -18,6 +18,7 @@
 #include "clang/AST/Type.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
@@ -410,9 +411,7 @@ class BinarySymExpr : public SymExpr {
 return 1;
   }
 
-  static const llvm::APSInt *getPointer(const llvm::APSInt &Value) {
-return &Value;
-  }
+  static const llvm::APSInt *getPointer(APSIntPtr Value) { return Value.get(); 
}
   static const SymExpr *getPointer(const SymExpr *Value) { return Value; }
 
   static void dumpToStreamImpl(raw_ostream &os, const SymExpr *Value);
@@ -468,11 +467,11 @@ class BinarySymExprImpl : public BinarySymExpr {
 };
 
 /// Represents a symbolic expression like 'x' + 3.
-using SymIntExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 3 - 'x'.
-using IntSymExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 'x' + 'y'.
@@ -537,15 +536,14 @@ class SymbolManager {
   QualType From, QualType To);
 
   const SymIntExpr *getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t);
+  APSIntPtr rhs, QualType t);
 
   const SymIntExpr *getSymIntExpr(const SymExpr &lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t) {
+  APSIntPtr rhs, QualType t) {
 return getSymIntExpr(&lhs, op, rhs, t);
   }
 
-  const IntSymExpr *getIntSymExpr(const llvm::APSInt& lhs,
- 

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/120437

None

>From 81c7a2837ca2da2436613f4411e3b3cd37289051 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:57:26 +0100
Subject: [PATCH] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr
 (3/4)

---
 .../clang/StaticAnalyzer/Core/PathSensitive/SVals.h| 7 +--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp  | 2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp| 6 +++---
 clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp| 2 +-
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index 57d7514280f10f..aeb57b28077c61 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -514,9 +514,12 @@ class MemRegionVal : public Loc {
 
 class ConcreteInt : public Loc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : Loc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : Loc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
index 5741fff0cc12f7..6fbdc956313d57 100644
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -671,7 +671,7 @@ class EvalCastVisitor : public SValVisitor {
   SVal VisitConcreteInt(loc::ConcreteInt V) {
 // Pointer to bool.
 if (CastTy->isBooleanType())
-  return VB.makeTruthVal(V.getValue().getBoolValue(), CastTy);
+  return VB.makeTruthVal(V.getValue()->getBoolValue(), CastTy);
 
 // Pointer to integer.
 if (CastTy->isIntegralOrEnumerationType()) {
diff --git a/clang/lib/StaticAnalyzer/Core/SVals.cpp 
b/clang/lib/StaticAnalyzer/Core/SVals.cpp
index ec88f52a2b3c58..3ab01a04dcec4c 100644
--- a/clang/lib/StaticAnalyzer/Core/SVals.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SVals.cpp
@@ -113,7 +113,7 @@ const llvm::APSInt *SVal::getAsInteger() const {
   if (auto CI = getAs())
 return CI->getValue().get();
   if (auto CI = getAs())
-return &CI->getValue();
+return CI->getValue().get();
   return nullptr;
 }
 
@@ -249,7 +249,7 @@ bool SVal::isConstant() const {
 
 bool SVal::isConstant(int I) const {
   if (std::optional LV = getAs())
-return LV->getValue() == I;
+return *LV->getValue().get() == I;
   if (std::optional NV = getAs())
 return *NV->getValue().get() == I;
   return false;
@@ -380,7 +380,7 @@ void NonLoc::dumpToStream(raw_ostream &os) const {
 void Loc::dumpToStream(raw_ostream &os) const {
   switch (getKind()) {
   case loc::ConcreteIntKind:
-os << castAs().getValue().getZExtValue() << " (Loc)";
+os << castAs().getValue()->getZExtValue() << " (Loc)";
 break;
   case loc::GotoLabelKind:
 os << "&&" << castAs().getLabel()->getName();
diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index d2e6870ad17079..136b1729c94691 100644
--- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -1210,7 +1210,7 @@ const llvm::APSInt 
*SimpleSValBuilder::getConstValue(ProgramStateRef state,
 
 const llvm::APSInt *SimpleSValBuilder::getConcreteValue(SVal V) {
   if (std::optional X = V.getAs())
-return &X->getValue();
+return X->getValue().get();
 
   if (std::optional X = V.getAs())
 return X->getValue().get();

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

> [!WARNING]
> This pull request is not mergeable via GitHub because a downstack PR is 
> open. Once all requirements are satisfied, merge this PR as a stack  href="https://app.graphite.dev/github/pr/llvm/llvm-project/120438?utm_source=stack-comment-downstack-mergeability-warning";
>  >on Graphite.
> https://graphite.dev/docs/merge-pull-requests";>Learn more

* **#120438** https://app.graphite.dev/github/pr/llvm/llvm-project/120438?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/> 👈 https://app.graphite.dev/github/pr/llvm/llvm-project/120438?utm_source=stack-comment-view-in-graphite";
 target="_blank">(View in Graphite)
* **#120437** https://app.graphite.dev/github/pr/llvm/llvm-project/120437?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* **#120436** https://app.graphite.dev/github/pr/llvm/llvm-project/120436?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* **#120435** https://app.graphite.dev/github/pr/llvm/llvm-project/120435?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* `main`




This stack of pull requests is managed by https://graphite.dev?utm-source=stack-comment";>Graphite. Learn 
more about https://stacking.dev/?utm_source=stack-comment";>stacking.


https://github.com/llvm/llvm-project/pull/120438
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

> [!WARNING]
> This pull request is not mergeable via GitHub because a downstack PR is 
> open. Once all requirements are satisfied, merge this PR as a stack  href="https://app.graphite.dev/github/pr/llvm/llvm-project/120437?utm_source=stack-comment-downstack-mergeability-warning";
>  >on Graphite.
> https://graphite.dev/docs/merge-pull-requests";>Learn more

* **#120438** https://app.graphite.dev/github/pr/llvm/llvm-project/120438?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* **#120437** https://app.graphite.dev/github/pr/llvm/llvm-project/120437?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/> 👈 https://app.graphite.dev/github/pr/llvm/llvm-project/120437?utm_source=stack-comment-view-in-graphite";
 target="_blank">(View in Graphite)
* **#120436** https://app.graphite.dev/github/pr/llvm/llvm-project/120436?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* **#120435** https://app.graphite.dev/github/pr/llvm/llvm-project/120435?utm_source=stack-comment-icon";
 target="_blank">https://static.graphite.dev/graphite-32x32-black.png"; alt="Graphite" 
width="10px" height="10px"/>
* `main`




This stack of pull requests is managed by https://graphite.dev?utm-source=stack-comment";>Graphite. Learn 
more about https://stacking.dev/?utm_source=stack-comment";>stacking.


https://github.com/llvm/llvm-project/pull/120437
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal ready_for_review 
https://github.com/llvm/llvm-project/pull/120437
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal ready_for_review 
https://github.com/llvm/llvm-project/pull/120438
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120437

>From e82a47f0efe7cba42891b14889ac41a4140b Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:57:26 +0100
Subject: [PATCH] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr
 (3/4)

---
 .../clang/StaticAnalyzer/Core/PathSensitive/SVals.h| 7 +--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp  | 2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp| 6 +++---
 clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp| 2 +-
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index 57d7514280f10f..aeb57b28077c61 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -514,9 +514,12 @@ class MemRegionVal : public Loc {
 
 class ConcreteInt : public Loc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : Loc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : Loc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
index 5741fff0cc12f7..6fbdc956313d57 100644
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -671,7 +671,7 @@ class EvalCastVisitor : public SValVisitor {
   SVal VisitConcreteInt(loc::ConcreteInt V) {
 // Pointer to bool.
 if (CastTy->isBooleanType())
-  return VB.makeTruthVal(V.getValue().getBoolValue(), CastTy);
+  return VB.makeTruthVal(V.getValue()->getBoolValue(), CastTy);
 
 // Pointer to integer.
 if (CastTy->isIntegralOrEnumerationType()) {
diff --git a/clang/lib/StaticAnalyzer/Core/SVals.cpp 
b/clang/lib/StaticAnalyzer/Core/SVals.cpp
index ec88f52a2b3c58..3ab01a04dcec4c 100644
--- a/clang/lib/StaticAnalyzer/Core/SVals.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SVals.cpp
@@ -113,7 +113,7 @@ const llvm::APSInt *SVal::getAsInteger() const {
   if (auto CI = getAs())
 return CI->getValue().get();
   if (auto CI = getAs())
-return &CI->getValue();
+return CI->getValue().get();
   return nullptr;
 }
 
@@ -249,7 +249,7 @@ bool SVal::isConstant() const {
 
 bool SVal::isConstant(int I) const {
   if (std::optional LV = getAs())
-return LV->getValue() == I;
+return *LV->getValue().get() == I;
   if (std::optional NV = getAs())
 return *NV->getValue().get() == I;
   return false;
@@ -380,7 +380,7 @@ void NonLoc::dumpToStream(raw_ostream &os) const {
 void Loc::dumpToStream(raw_ostream &os) const {
   switch (getKind()) {
   case loc::ConcreteIntKind:
-os << castAs().getValue().getZExtValue() << " (Loc)";
+os << castAs().getValue()->getZExtValue() << " (Loc)";
 break;
   case loc::GotoLabelKind:
 os << "&&" << castAs().getLabel()->getName();
diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index d2e6870ad17079..136b1729c94691 100644
--- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -1210,7 +1210,7 @@ const llvm::APSInt 
*SimpleSValBuilder::getConstValue(ProgramStateRef state,
 
 const llvm::APSInt *SimpleSValBuilder::getConcreteValue(SVal V) {
   if (std::optional X = V.getAs())
-return &X->getValue();
+return X->getValue().get();
 
   if (std::optional X = V.getAs())
 return X->getValue().get();

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120438

>From 1f31cdcbf265be767ef5ae4a44f1e28002faba8f Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:59:23 +0100
Subject: [PATCH] [analyzer][NFC] Migrate {SymInt,IntSym}Expr to use APSIntPtr
 (4/4)

---
 .../Core/PathSensitive/SMTConstraintManager.h|  4 ++--
 .../Core/PathSensitive/SValBuilder.h |  7 +++
 .../Core/PathSensitive/SymbolManager.h   | 16 +++-
 .../Checkers/ExprInspectionChecker.cpp   |  4 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp|  8 ++--
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp|  2 +-
 clang/lib/StaticAnalyzer/Core/SymbolManager.cpp  |  8 +++-
 7 files changed, 20 insertions(+), 29 deletions(-)

diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
index 72038b92f8edfe..7cfb24e5e649db 100644
--- 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
+++ 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
@@ -175,9 +175,9 @@ class SMTConstraintManager : public 
clang::ento::SimpleConstraintManager {
   const llvm::APSInt *LHS, *RHS;
   if (const SymIntExpr *SIE = dyn_cast(BSE)) {
 LHS = getSymVal(State, SIE->getLHS());
-RHS = &SIE->getRHS();
+RHS = SIE->getRHS().get();
   } else if (const IntSymExpr *ISE = dyn_cast(BSE)) {
-LHS = &ISE->getLHS();
+LHS = ISE->getLHS().get();
 RHS = getSymVal(State, ISE->getRHS());
   } else if (const SymSymExpr *SSM = dyn_cast(BSE)) {
 // Early termination to avoid expensive call
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
index ec2b2b24569480..54430d426a82a8 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
@@ -329,11 +329,10 @@ class SValBuilder {
   }
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-   const llvm::APSInt &rhs, QualType type);
+   APSIntPtr rhs, QualType type);
 
-  nonloc::SymbolVal makeNonLoc(const llvm::APSInt &rhs,
-   BinaryOperator::Opcode op, const SymExpr *lhs,
-   QualType type);
+  nonloc::SymbolVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
+   const SymExpr *lhs, QualType type);
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
const SymExpr *rhs, QualType type);
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
index 3b64d38ee2b233..73732d532f630f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
@@ -18,6 +18,7 @@
 #include "clang/AST/Type.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
@@ -410,9 +411,7 @@ class BinarySymExpr : public SymExpr {
 return 1;
   }
 
-  static const llvm::APSInt *getPointer(const llvm::APSInt &Value) {
-return &Value;
-  }
+  static const llvm::APSInt *getPointer(APSIntPtr Value) { return Value.get(); 
}
   static const SymExpr *getPointer(const SymExpr *Value) { return Value; }
 
   static void dumpToStreamImpl(raw_ostream &os, const SymExpr *Value);
@@ -468,11 +467,11 @@ class BinarySymExprImpl : public BinarySymExpr {
 };
 
 /// Represents a symbolic expression like 'x' + 3.
-using SymIntExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 3 - 'x'.
-using IntSymExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 'x' + 'y'.
@@ -537,15 +536,14 @@ class SymbolManager {
   QualType From, QualType To);
 
   const SymIntExpr *getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t);
+  APSIntPtr rhs, QualType t);
 
   const SymIntExpr *getSymIntExpr(const SymExpr &lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t) {
+  APSIntPtr rhs, QualType t) {
 return getSymIntExpr(&lhs, op, rhs, t);
   }
 
-  const IntSymExpr *getIntSymExpr(const llvm::APSInt& lhs,
-   

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120436

>From 09aa29dd6cb4e22e5541ed7c1aaeb715772c3393 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:55:27 +0100
Subject: [PATCH] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr
 (2/4)

---
 .../Core/PathSensitive/MemRegion.h|  2 +-
 .../StaticAnalyzer/Core/PathSensitive/SVals.h |  8 +++--
 .../Checkers/ArrayBoundCheckerV2.cpp  | 14 -
 .../Checkers/BasicObjCFoundationChecks.cpp|  2 +-
 .../Checkers/BitwiseShiftChecker.cpp  |  8 ++---
 .../Checkers/BuiltinFunctionChecker.cpp   |  8 +++--
 .../Checkers/CheckPlacementNew.cpp|  2 +-
 .../lib/StaticAnalyzer/Checkers/Iterator.cpp  | 14 -
 .../Checkers/IteratorModeling.cpp |  4 +--
 .../Checkers/MmapWriteExecChecker.cpp |  2 +-
 .../StaticAnalyzer/Checkers/StreamChecker.cpp |  2 +-
 .../Core/BugReporterVisitors.cpp  |  2 +-
 clang/lib/StaticAnalyzer/Core/MemRegion.cpp   |  8 ++---
 .../lib/StaticAnalyzer/Core/ProgramState.cpp  |  6 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp |  2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp   | 10 +++
 .../Core/SimpleConstraintManager.cpp  |  2 +-
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp | 30 ++-
 18 files changed, 65 insertions(+), 61 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
index 0d9566285f5d4e..f88bf70d72398c 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
@@ -1206,7 +1206,7 @@ class ElementRegion : public TypedValueRegion {
   : TypedValueRegion(sReg, ElementRegionKind), ElementType(elementType),
 Index(Idx) {
 assert((!isa(Idx) ||
-Idx.castAs().getValue().isSigned()) &&
+Idx.castAs().getValue()->isSigned()) &&
"The index must be signed");
 assert(!elementType.isNull() && !elementType->isVoidType() &&
"Invalid region type!");
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index a054a819a15a85..57d7514280f10f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -17,6 +17,7 @@
 #include "clang/AST/Expr.h"
 #include "clang/AST/Type.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
 #include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/FoldingSet.h"
@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp 
b/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
index 3f837564cf47c4..6422933c8828a9 100644
--- a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
@@ -22,6 +22,7 @@
 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
+#include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/SmallString.h"
 #include "llvm/Support/FormatVariadic.h"
 #include "llvm/Support/raw_ostream.h"
@@ -241,26 +242,25 @@ computeOffset(ProgramStateRef State, SValBuilder &SVB, 
SVal Location) {
 static std::pair
 getSimplifiedOffsets(NonLoc offset, nonloc::ConcreteInt extent,
  SValBuilder &svalBuilder) {
+  const llvm::APSInt &extentVal = extent.getValue();
   std::optional SymVal = offset.getAs();
   if (SymVal && SymVal->isExpression()) {
 if (const SymIntExpr *SIE = dyn_cast(SymVal->getSymbol())) {
-  llvm::APSInt constant =
-  APSIntType(extent.getValue()).convert(SIE->getRHS());
+  llvm::APSInt constant = APSIntType(extentVal).convert(SIE->getRHS());
   switch (SIE->getOpcode()) {
   case BO_Mul:
 // The constant should never be 0 here, becasue multiplication by zero
 // is simplified by the engine.
-if ((extent.getValue() % constant) != 0)
+if ((extentVal % constant) != 0)
   return std::pair(offset, extent);
 

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120437

>From 0daf63ef3f8607dcc9f290c94db210cf462cc75f Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:57:26 +0100
Subject: [PATCH] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr
 (3/4)

---
 .../clang/StaticAnalyzer/Core/PathSensitive/SVals.h| 7 +--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp  | 2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp| 6 +++---
 clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp| 2 +-
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index 57d7514280f10f..aeb57b28077c61 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -514,9 +514,12 @@ class MemRegionVal : public Loc {
 
 class ConcreteInt : public Loc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : Loc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : Loc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
index 5741fff0cc12f7..6fbdc956313d57 100644
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -671,7 +671,7 @@ class EvalCastVisitor : public SValVisitor {
   SVal VisitConcreteInt(loc::ConcreteInt V) {
 // Pointer to bool.
 if (CastTy->isBooleanType())
-  return VB.makeTruthVal(V.getValue().getBoolValue(), CastTy);
+  return VB.makeTruthVal(V.getValue()->getBoolValue(), CastTy);
 
 // Pointer to integer.
 if (CastTy->isIntegralOrEnumerationType()) {
diff --git a/clang/lib/StaticAnalyzer/Core/SVals.cpp 
b/clang/lib/StaticAnalyzer/Core/SVals.cpp
index ec88f52a2b3c58..3ab01a04dcec4c 100644
--- a/clang/lib/StaticAnalyzer/Core/SVals.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SVals.cpp
@@ -113,7 +113,7 @@ const llvm::APSInt *SVal::getAsInteger() const {
   if (auto CI = getAs())
 return CI->getValue().get();
   if (auto CI = getAs())
-return &CI->getValue();
+return CI->getValue().get();
   return nullptr;
 }
 
@@ -249,7 +249,7 @@ bool SVal::isConstant() const {
 
 bool SVal::isConstant(int I) const {
   if (std::optional LV = getAs())
-return LV->getValue() == I;
+return *LV->getValue().get() == I;
   if (std::optional NV = getAs())
 return *NV->getValue().get() == I;
   return false;
@@ -380,7 +380,7 @@ void NonLoc::dumpToStream(raw_ostream &os) const {
 void Loc::dumpToStream(raw_ostream &os) const {
   switch (getKind()) {
   case loc::ConcreteIntKind:
-os << castAs().getValue().getZExtValue() << " (Loc)";
+os << castAs().getValue()->getZExtValue() << " (Loc)";
 break;
   case loc::GotoLabelKind:
 os << "&&" << castAs().getLabel()->getName();
diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index d2e6870ad17079..136b1729c94691 100644
--- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -1210,7 +1210,7 @@ const llvm::APSInt 
*SimpleSValBuilder::getConstValue(ProgramStateRef state,
 
 const llvm::APSInt *SimpleSValBuilder::getConcreteValue(SVal V) {
   if (std::optional X = V.getAs())
-return &X->getValue();
+return X->getValue().get();
 
   if (std::optional X = V.getAs())
 return X->getValue().get();

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120438

>From d9346f24cbc8930baefb8f17bb88745bc63f0e7e Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:59:23 +0100
Subject: [PATCH] [analyzer][NFC] Migrate {SymInt,IntSym}Expr to use APSIntPtr
 (4/4)

---
 .../Core/PathSensitive/SMTConstraintManager.h|  4 ++--
 .../Core/PathSensitive/SValBuilder.h |  7 +++
 .../Core/PathSensitive/SymbolManager.h   | 16 +++-
 .../Checkers/ExprInspectionChecker.cpp   |  4 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp|  8 ++--
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp|  2 +-
 clang/lib/StaticAnalyzer/Core/SymbolManager.cpp  |  8 +++-
 7 files changed, 20 insertions(+), 29 deletions(-)

diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
index 72038b92f8edfe..7cfb24e5e649db 100644
--- 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
+++ 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
@@ -175,9 +175,9 @@ class SMTConstraintManager : public 
clang::ento::SimpleConstraintManager {
   const llvm::APSInt *LHS, *RHS;
   if (const SymIntExpr *SIE = dyn_cast(BSE)) {
 LHS = getSymVal(State, SIE->getLHS());
-RHS = &SIE->getRHS();
+RHS = SIE->getRHS().get();
   } else if (const IntSymExpr *ISE = dyn_cast(BSE)) {
-LHS = &ISE->getLHS();
+LHS = ISE->getLHS().get();
 RHS = getSymVal(State, ISE->getRHS());
   } else if (const SymSymExpr *SSM = dyn_cast(BSE)) {
 // Early termination to avoid expensive call
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
index ec2b2b24569480..54430d426a82a8 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
@@ -329,11 +329,10 @@ class SValBuilder {
   }
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-   const llvm::APSInt &rhs, QualType type);
+   APSIntPtr rhs, QualType type);
 
-  nonloc::SymbolVal makeNonLoc(const llvm::APSInt &rhs,
-   BinaryOperator::Opcode op, const SymExpr *lhs,
-   QualType type);
+  nonloc::SymbolVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
+   const SymExpr *lhs, QualType type);
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
const SymExpr *rhs, QualType type);
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
index 3b64d38ee2b233..73732d532f630f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
@@ -18,6 +18,7 @@
 #include "clang/AST/Type.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
@@ -410,9 +411,7 @@ class BinarySymExpr : public SymExpr {
 return 1;
   }
 
-  static const llvm::APSInt *getPointer(const llvm::APSInt &Value) {
-return &Value;
-  }
+  static const llvm::APSInt *getPointer(APSIntPtr Value) { return Value.get(); 
}
   static const SymExpr *getPointer(const SymExpr *Value) { return Value; }
 
   static void dumpToStreamImpl(raw_ostream &os, const SymExpr *Value);
@@ -468,11 +467,11 @@ class BinarySymExprImpl : public BinarySymExpr {
 };
 
 /// Represents a symbolic expression like 'x' + 3.
-using SymIntExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 3 - 'x'.
-using IntSymExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 'x' + 'y'.
@@ -537,15 +536,14 @@ class SymbolManager {
   QualType From, QualType To);
 
   const SymIntExpr *getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t);
+  APSIntPtr rhs, QualType t);
 
   const SymIntExpr *getSymIntExpr(const SymExpr &lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t) {
+  APSIntPtr rhs, QualType t) {
 return getSymIntExpr(&lhs, op, rhs, t);
   }
 
-  const IntSymExpr *getIntSymExpr(const llvm::APSInt& lhs,
-   

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr (2/4) (PR #120436)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120436

>From d9ce18fd77617480703c677ad7053516fb2c68f9 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:55:27 +0100
Subject: [PATCH] [analyzer][NFC] Migrate nonloc::ConcreteInt to use APSIntPtr
 (2/4)

---
 .../Core/PathSensitive/MemRegion.h|  2 +-
 .../StaticAnalyzer/Core/PathSensitive/SVals.h |  8 +++--
 .../Checkers/ArrayBoundCheckerV2.cpp  | 14 -
 .../Checkers/BasicObjCFoundationChecks.cpp|  2 +-
 .../Checkers/BitwiseShiftChecker.cpp  |  8 ++---
 .../Checkers/BuiltinFunctionChecker.cpp   |  8 +++--
 .../Checkers/CheckPlacementNew.cpp|  2 +-
 .../lib/StaticAnalyzer/Checkers/Iterator.cpp  | 14 -
 .../Checkers/IteratorModeling.cpp |  4 +--
 .../Checkers/MmapWriteExecChecker.cpp |  2 +-
 .../StaticAnalyzer/Checkers/StreamChecker.cpp |  2 +-
 .../Core/BugReporterVisitors.cpp  |  2 +-
 clang/lib/StaticAnalyzer/Core/MemRegion.cpp   |  8 ++---
 .../lib/StaticAnalyzer/Core/ProgramState.cpp  |  6 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp |  2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp   | 10 +++
 .../Core/SimpleConstraintManager.cpp  |  2 +-
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp | 30 ++-
 18 files changed, 65 insertions(+), 61 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
index 0d9566285f5d4e..f88bf70d72398c 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h
@@ -1206,7 +1206,7 @@ class ElementRegion : public TypedValueRegion {
   : TypedValueRegion(sReg, ElementRegionKind), ElementType(elementType),
 Index(Idx) {
 assert((!isa(Idx) ||
-Idx.castAs().getValue().isSigned()) &&
+Idx.castAs().getValue()->isSigned()) &&
"The index must be signed");
 assert(!elementType.isNull() && !elementType->isVoidType() &&
"Invalid region type!");
diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index a054a819a15a85..57d7514280f10f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -17,6 +17,7 @@
 #include "clang/AST/Expr.h"
 #include "clang/AST/Type.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
 #include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/FoldingSet.h"
@@ -298,9 +299,12 @@ class SymbolVal : public NonLoc {
 /// Value representing integer constant.
 class ConcreteInt : public NonLoc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : NonLoc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : NonLoc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp 
b/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
index 3f837564cf47c4..6422933c8828a9 100644
--- a/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
@@ -22,6 +22,7 @@
 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
+#include "llvm/ADT/APSInt.h"
 #include "llvm/ADT/SmallString.h"
 #include "llvm/Support/FormatVariadic.h"
 #include "llvm/Support/raw_ostream.h"
@@ -241,26 +242,25 @@ computeOffset(ProgramStateRef State, SValBuilder &SVB, 
SVal Location) {
 static std::pair
 getSimplifiedOffsets(NonLoc offset, nonloc::ConcreteInt extent,
  SValBuilder &svalBuilder) {
+  const llvm::APSInt &extentVal = extent.getValue();
   std::optional SymVal = offset.getAs();
   if (SymVal && SymVal->isExpression()) {
 if (const SymIntExpr *SIE = dyn_cast(SymVal->getSymbol())) {
-  llvm::APSInt constant =
-  APSIntType(extent.getValue()).convert(SIE->getRHS());
+  llvm::APSInt constant = APSIntType(extentVal).convert(SIE->getRHS());
   switch (SIE->getOpcode()) {
   case BO_Mul:
 // The constant should never be 0 here, becasue multiplication by zero
 // is simplified by the engine.
-if ((extent.getValue() % constant) != 0)
+if ((extentVal % constant) != 0)
   return std::pair(offset, extent);
 

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120438

>From 45c13070865e7474a13f1d843d13f5eb4ceafa29 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:59:23 +0100
Subject: [PATCH] [analyzer][NFC] Migrate {SymInt,IntSym}Expr to use APSIntPtr
 (4/4)

---
 .../Core/PathSensitive/SMTConstraintManager.h|  4 ++--
 .../Core/PathSensitive/SValBuilder.h |  7 +++
 .../Core/PathSensitive/SymbolManager.h   | 16 +++-
 .../Checkers/ExprInspectionChecker.cpp   |  4 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp|  8 ++--
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp|  2 +-
 clang/lib/StaticAnalyzer/Core/SymbolManager.cpp  |  8 +++-
 7 files changed, 20 insertions(+), 29 deletions(-)

diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
index 72038b92f8edfe..7cfb24e5e649db 100644
--- 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
+++ 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
@@ -175,9 +175,9 @@ class SMTConstraintManager : public 
clang::ento::SimpleConstraintManager {
   const llvm::APSInt *LHS, *RHS;
   if (const SymIntExpr *SIE = dyn_cast(BSE)) {
 LHS = getSymVal(State, SIE->getLHS());
-RHS = &SIE->getRHS();
+RHS = SIE->getRHS().get();
   } else if (const IntSymExpr *ISE = dyn_cast(BSE)) {
-LHS = &ISE->getLHS();
+LHS = ISE->getLHS().get();
 RHS = getSymVal(State, ISE->getRHS());
   } else if (const SymSymExpr *SSM = dyn_cast(BSE)) {
 // Early termination to avoid expensive call
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
index ec2b2b24569480..54430d426a82a8 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
@@ -329,11 +329,10 @@ class SValBuilder {
   }
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-   const llvm::APSInt &rhs, QualType type);
+   APSIntPtr rhs, QualType type);
 
-  nonloc::SymbolVal makeNonLoc(const llvm::APSInt &rhs,
-   BinaryOperator::Opcode op, const SymExpr *lhs,
-   QualType type);
+  nonloc::SymbolVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
+   const SymExpr *lhs, QualType type);
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
const SymExpr *rhs, QualType type);
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
index 3b64d38ee2b233..73732d532f630f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
@@ -18,6 +18,7 @@
 #include "clang/AST/Type.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
@@ -410,9 +411,7 @@ class BinarySymExpr : public SymExpr {
 return 1;
   }
 
-  static const llvm::APSInt *getPointer(const llvm::APSInt &Value) {
-return &Value;
-  }
+  static const llvm::APSInt *getPointer(APSIntPtr Value) { return Value.get(); 
}
   static const SymExpr *getPointer(const SymExpr *Value) { return Value; }
 
   static void dumpToStreamImpl(raw_ostream &os, const SymExpr *Value);
@@ -468,11 +467,11 @@ class BinarySymExprImpl : public BinarySymExpr {
 };
 
 /// Represents a symbolic expression like 'x' + 3.
-using SymIntExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 3 - 'x'.
-using IntSymExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 'x' + 'y'.
@@ -537,15 +536,14 @@ class SymbolManager {
   QualType From, QualType To);
 
   const SymIntExpr *getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t);
+  APSIntPtr rhs, QualType t);
 
   const SymIntExpr *getSymIntExpr(const SymExpr &lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t) {
+  APSIntPtr rhs, QualType t) {
 return getSymIntExpr(&lhs, op, rhs, t);
   }
 
-  const IntSymExpr *getIntSymExpr(const llvm::APSInt& lhs,
-   

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr (3/4) (PR #120437)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120437

>From 9841a76e62ad9d9bcdea3ff8c066c19f113c2615 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:57:26 +0100
Subject: [PATCH] [analyzer][NFC] Migrate loc::ConcreteInt to use APSIntPtr
 (3/4)

---
 .../clang/StaticAnalyzer/Core/PathSensitive/SVals.h| 7 +--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp  | 2 +-
 clang/lib/StaticAnalyzer/Core/SVals.cpp| 6 +++---
 clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp| 2 +-
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
index 57d7514280f10f..aeb57b28077c61 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h
@@ -514,9 +514,12 @@ class MemRegionVal : public Loc {
 
 class ConcreteInt : public Loc {
 public:
-  explicit ConcreteInt(const llvm::APSInt &V) : Loc(ConcreteIntKind, &V) {}
+  explicit ConcreteInt(APSIntPtr V) : Loc(ConcreteIntKind, V.get()) {}
 
-  const llvm::APSInt &getValue() const { return *castDataAs(); }
+  APSIntPtr getValue() const {
+// This is safe because in the ctor we take a safe APSIntPtr.
+return APSIntPtr::unsafeConstructor(castDataAs());
+  }
 
   static bool classof(SVal V) { return V.getKind() == ConcreteIntKind; }
 };
diff --git a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
index 5741fff0cc12f7..6fbdc956313d57 100644
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -671,7 +671,7 @@ class EvalCastVisitor : public SValVisitor {
   SVal VisitConcreteInt(loc::ConcreteInt V) {
 // Pointer to bool.
 if (CastTy->isBooleanType())
-  return VB.makeTruthVal(V.getValue().getBoolValue(), CastTy);
+  return VB.makeTruthVal(V.getValue()->getBoolValue(), CastTy);
 
 // Pointer to integer.
 if (CastTy->isIntegralOrEnumerationType()) {
diff --git a/clang/lib/StaticAnalyzer/Core/SVals.cpp 
b/clang/lib/StaticAnalyzer/Core/SVals.cpp
index ec88f52a2b3c58..3ab01a04dcec4c 100644
--- a/clang/lib/StaticAnalyzer/Core/SVals.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SVals.cpp
@@ -113,7 +113,7 @@ const llvm::APSInt *SVal::getAsInteger() const {
   if (auto CI = getAs())
 return CI->getValue().get();
   if (auto CI = getAs())
-return &CI->getValue();
+return CI->getValue().get();
   return nullptr;
 }
 
@@ -249,7 +249,7 @@ bool SVal::isConstant() const {
 
 bool SVal::isConstant(int I) const {
   if (std::optional LV = getAs())
-return LV->getValue() == I;
+return *LV->getValue().get() == I;
   if (std::optional NV = getAs())
 return *NV->getValue().get() == I;
   return false;
@@ -380,7 +380,7 @@ void NonLoc::dumpToStream(raw_ostream &os) const {
 void Loc::dumpToStream(raw_ostream &os) const {
   switch (getKind()) {
   case loc::ConcreteIntKind:
-os << castAs().getValue().getZExtValue() << " (Loc)";
+os << castAs().getValue()->getZExtValue() << " (Loc)";
 break;
   case loc::GotoLabelKind:
 os << "&&" << castAs().getLabel()->getName();
diff --git a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp 
b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index d2e6870ad17079..136b1729c94691 100644
--- a/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -1210,7 +1210,7 @@ const llvm::APSInt 
*SimpleSValBuilder::getConstValue(ProgramStateRef state,
 
 const llvm::APSInt *SimpleSValBuilder::getConcreteValue(SVal V) {
   if (std::optional X = V.getAs())
-return &X->getValue();
+return X->getValue().get();
 
   if (std::optional X = V.getAs())
 return X->getValue().get();

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer][NFC] Migrate {SymInt, IntSym}Expr to use APSIntPtr (4/4) (PR #120438)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/120438

>From 9bd5b4a297899aeae6bd6ce6373319e1933fc7d8 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Wed, 18 Dec 2024 15:59:23 +0100
Subject: [PATCH] [analyzer][NFC] Migrate {SymInt,IntSym}Expr to use APSIntPtr
 (4/4)

---
 .../Core/PathSensitive/SMTConstraintManager.h|  4 ++--
 .../Core/PathSensitive/SValBuilder.h |  7 +++
 .../Core/PathSensitive/SymbolManager.h   | 16 +++-
 .../Checkers/ExprInspectionChecker.cpp   |  4 ++--
 clang/lib/StaticAnalyzer/Core/SValBuilder.cpp|  8 ++--
 .../StaticAnalyzer/Core/SimpleSValBuilder.cpp|  2 +-
 clang/lib/StaticAnalyzer/Core/SymbolManager.cpp  |  8 +++-
 7 files changed, 20 insertions(+), 29 deletions(-)

diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
index 72038b92f8edfe..7cfb24e5e649db 100644
--- 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
+++ 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h
@@ -175,9 +175,9 @@ class SMTConstraintManager : public 
clang::ento::SimpleConstraintManager {
   const llvm::APSInt *LHS, *RHS;
   if (const SymIntExpr *SIE = dyn_cast(BSE)) {
 LHS = getSymVal(State, SIE->getLHS());
-RHS = &SIE->getRHS();
+RHS = SIE->getRHS().get();
   } else if (const IntSymExpr *ISE = dyn_cast(BSE)) {
-LHS = &ISE->getLHS();
+LHS = ISE->getLHS().get();
 RHS = getSymVal(State, ISE->getRHS());
   } else if (const SymSymExpr *SSM = dyn_cast(BSE)) {
 // Early termination to avoid expensive call
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
index ec2b2b24569480..54430d426a82a8 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h
@@ -329,11 +329,10 @@ class SValBuilder {
   }
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
-   const llvm::APSInt &rhs, QualType type);
+   APSIntPtr rhs, QualType type);
 
-  nonloc::SymbolVal makeNonLoc(const llvm::APSInt &rhs,
-   BinaryOperator::Opcode op, const SymExpr *lhs,
-   QualType type);
+  nonloc::SymbolVal makeNonLoc(APSIntPtr rhs, BinaryOperator::Opcode op,
+   const SymExpr *lhs, QualType type);
 
   nonloc::SymbolVal makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op,
const SymExpr *rhs, QualType type);
diff --git 
a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h 
b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
index 3b64d38ee2b233..73732d532f630f 100644
--- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
+++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h
@@ -18,6 +18,7 @@
 #include "clang/AST/Type.h"
 #include "clang/Analysis/AnalysisDeclContext.h"
 #include "clang/Basic/LLVM.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntPtr.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/StoreRef.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
@@ -410,9 +411,7 @@ class BinarySymExpr : public SymExpr {
 return 1;
   }
 
-  static const llvm::APSInt *getPointer(const llvm::APSInt &Value) {
-return &Value;
-  }
+  static const llvm::APSInt *getPointer(APSIntPtr Value) { return Value.get(); 
}
   static const SymExpr *getPointer(const SymExpr *Value) { return Value; }
 
   static void dumpToStreamImpl(raw_ostream &os, const SymExpr *Value);
@@ -468,11 +467,11 @@ class BinarySymExprImpl : public BinarySymExpr {
 };
 
 /// Represents a symbolic expression like 'x' + 3.
-using SymIntExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 3 - 'x'.
-using IntSymExpr = BinarySymExprImpl;
 
 /// Represents a symbolic expression like 'x' + 'y'.
@@ -537,15 +536,14 @@ class SymbolManager {
   QualType From, QualType To);
 
   const SymIntExpr *getSymIntExpr(const SymExpr *lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t);
+  APSIntPtr rhs, QualType t);
 
   const SymIntExpr *getSymIntExpr(const SymExpr &lhs, BinaryOperator::Opcode 
op,
-  const llvm::APSInt& rhs, QualType t) {
+  APSIntPtr rhs, QualType t) {
 return getSymIntExpr(&lhs, op, rhs, t);
   }
 
-  const IntSymExpr *getIntSymExpr(const llvm::APSInt& lhs,
-   

[llvm-branch-commits] [clang] [analyzer][docs] CSA release notes for clang-20 (PR #124798)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/124798

>From 65f0bce634bce28430fa2c722ee0a396a8935bba Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Tue, 28 Jan 2025 18:26:37 +0100
Subject: [PATCH 1/2] [analyzer][docs] Release notes for clang-20

The commits were gathered using:
```sh
git log --reverse --oneline llvmorg-20-init..llvm/main \
  clang/{lib/StaticAnalyzer,include/clang/StaticAnalyzer} | grep -v NFC | grep 
-v OpenACC | grep -v -i revert
```

After this I categorized the changes and dropped the less user-facing
commits.

FYI, I also ignored Webkit changes because I assue it's fairly specific
for them, and they likely already know what they ship xD.

I used the `LLVM_ENABLE_SPHINX=ON` and `LLVM_ENABLE_DOXYGEN=ON` cmake
options to enable the `docs-clang-html` build target, which generates
the html into `build/tools/clang/docs/html/ReleaseNotes.html` of which I
attach the screenshots to let you judge if it looks all good or not.

I also used Grammarly this time to check for blatant typos.
---
 clang/docs/ReleaseNotes.rst | 106 +++-
 1 file changed, 93 insertions(+), 13 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index d8a94703bd9c57..9a25694b3bd867 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1356,30 +1356,62 @@ Static Analyzer
 New features
 
 
-- Now CSA models `__builtin_*_overflow` functions. (#GH102602)
+- The ``__builtin_*_overflow`` functions are now properly modeled. (#GH102602)
 
-- MallocChecker now checks for ``ownership_returns(class, idx)`` and 
``ownership_takes(class, idx)``
-  attributes with class names different from "malloc". Clang static analyzer 
now reports an error
-  if class of allocation and deallocation function mismatches.
+- ``unix.Malloc`` now checks for ``ownership_returns(class, idx)`` and 
``ownership_takes(class, idx)``
+  attributes with class names different from "malloc". It now reports an error
+  if the class of allocation and deallocation function mismatches.
   `Documentation 
`__.
 
 - Function effects, e.g. the ``nonblocking`` and ``nonallocating`` 
"performance constraint"
   attributes, are now verified. For example, for functions declared with the 
``nonblocking``
-  attribute, the compiler can generate warnings about the use of any language 
features, or calls to
+  attribute, the compiler can generate warnings about the use of any language 
features or calls to
   other functions, which may block.
 
 - Introduced ``-warning-suppression-mappings`` flag to control diagnostic
-  suppressions per file. See `documentation 
_` for details.
+  suppressions per file. See `documentation 
`__ for details.
+
+- Started to model GCC asm statements in some basic way. (#GH103714, #GH109838)
 
 Crash and bug fixes
 ^^^
 
 - In loops where the loop condition is opaque (i.e. the analyzer cannot
   determine whether it's true or false), the analyzer will no longer assume
-  execution paths that perform more that two iterations. These unjustified
+  execution paths that perform more than two iterations. These unjustified
   assumptions caused false positive reports (e.g. 100+ out-of-bounds reports in
   the FFMPEG codebase) in loops where the programmer intended only two or three
   steps but the analyzer wasn't able to understand that the loop is limited.
+  Read the `RFC 
`_
+  for details. (#GH119388)
+
+- In clang-19, the ``crosscheck-with-z3-timeout-threshold`` was set to 300ms,
+  but it is now reset back to 15000, aka. 15 seconds. This is to reduce the
+  number of flaky diagnostics due to Z3 query timeouts.
+  If you are affected, read the details at #GH118291 carefully.
+
+- Same as the previous point, but for ``crosscheck-with-z3-rlimit-threshold``
+  and ``crosscheck-with-z3-eqclass-timeout-threshold``.
+  This option is now set to zero, aka. disabled by default. (#GH118291)
+
+- Fixed a crash in the ``unix.Stream`` checker when modeling ``fread``. 
(#GH108393)
+
+- Fixed a crash in the ``core.StackAddressEscape`` checker related to 
``alloca``.
+  Fixes (#GH107852).
+
+- Fixed a crash when invoking a function pointer cast from some non-function 
pointer. (#GH111390)
+
+- Fixed a crash when modeling some ``ArrayInitLoopExpr``. Fixes (#GH112813).
+
+- Fixed a crash in loop unrolling. Fixes (#GH121201).
+
+- The iteration orders of some internal representations of symbols were changed
+  to make their internal ordering more stable. This should improve determinism.
+  This also reduces the number of flaky reports exposed by the Z3 query 
timeouts.
+  (#GH121749)
+
+- The ``unix.BlockInCriticalSection`` now recognizes the

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/136589
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Since I did the update to this PR the way I wanted, I invite another code owner 
to approve. /cc @Xazax-hun 

https://github.com/llvm/llvm-project/pull/136589
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal updated 
https://github.com/llvm/llvm-project/pull/136589

>From 66feeb003ccf9f6009d739d3d076f62cf54859e6 Mon Sep 17 00:00:00 2001
From: Pavel Skripkin 
Date: Sun, 20 Apr 2025 10:14:41 -0400
Subject: [PATCH] [clang][analyzer] Fix error path of builtin overflow
 (#136345)

According to
https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins,
result of builtin_*_overflow functions will be initialized even in case
of overflow. Align analyzer logic to docs and always initialize 3rd
argument of such builtins.

Closes #136292

(cherry picked from commit 060f9556a2f6ef4669f1c2cd8c4a4d76748a440f)
---
 .../Checkers/BuiltinFunctionChecker.cpp   | 86 +++
 clang/test/Analysis/builtin_overflow.c|  6 +-
 clang/test/Analysis/builtin_overflow_notes.c  | 10 ++-
 3 files changed, 58 insertions(+), 44 deletions(-)

diff --git a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
index cfdd3c9faa360..bcc4ca77f5887 100644
--- a/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
@@ -97,10 +97,14 @@ class BuiltinFunctionChecker : public Checker {
   void handleOverflowBuiltin(const CallEvent &Call, CheckerContext &C,
  BinaryOperator::Opcode Op,
  QualType ResultType) const;
-  const NoteTag *createBuiltinNoOverflowNoteTag(CheckerContext &C,
-bool BothFeasible, SVal Arg1,
-SVal Arg2, SVal Result) const;
-  const NoteTag *createBuiltinOverflowNoteTag(CheckerContext &C) const;
+  const NoteTag *createBuiltinOverflowNoteTag(CheckerContext &C,
+  bool BothFeasible, SVal Arg1,
+  SVal Arg2, SVal Result) const;
+  ProgramStateRef initStateAftetBuiltinOverflow(CheckerContext &C,
+ProgramStateRef State,
+const CallEvent &Call,
+SVal RetCal,
+bool IsOverflow) const;
   std::pair checkOverflow(CheckerContext &C, SVal RetVal,
   QualType Res) const;
 
@@ -122,30 +126,24 @@ class BuiltinFunctionChecker : public Checker 
{
 
 } // namespace
 
-const NoteTag *BuiltinFunctionChecker::createBuiltinNoOverflowNoteTag(
-CheckerContext &C, bool BothFeasible, SVal Arg1, SVal Arg2,
-SVal Result) const {
-  return C.getNoteTag([Result, Arg1, Arg2, BothFeasible](
-  PathSensitiveBugReport &BR, llvm::raw_ostream &OS) {
+const NoteTag *BuiltinFunctionChecker::createBuiltinOverflowNoteTag(
+CheckerContext &C, bool overflow, SVal Arg1, SVal Arg2, SVal Result) const 
{
+  return C.getNoteTag([Result, Arg1, Arg2, overflow](PathSensitiveBugReport 
&BR,
+ llvm::raw_ostream &OS) {
 if (!BR.isInteresting(Result))
   return;
 
-// Propagate interestingness to input argumets if result is interesting.
+// Propagate interestingness to input arguments if result is interesting.
 BR.markInteresting(Arg1);
 BR.markInteresting(Arg2);
 
-if (BothFeasible)
+if (overflow)
+  OS << "Assuming overflow";
+else
   OS << "Assuming no overflow";
   });
 }
 
-const NoteTag *
-BuiltinFunctionChecker::createBuiltinOverflowNoteTag(CheckerContext &C) const {
-  return C.getNoteTag([](PathSensitiveBugReport &BR,
- llvm::raw_ostream &OS) { OS << "Assuming overflow"; },
-  /*isPrunable=*/true);
-}
-
 std::pair
 BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal,
   QualType Res) const {
@@ -175,6 +173,29 @@ BuiltinFunctionChecker::checkOverflow(CheckerContext &C, 
SVal RetVal,
   return {MayOverflow || MayUnderflow, MayNotOverflow && MayNotUnderflow};
 }
 
+ProgramStateRef BuiltinFunctionChecker::initStateAftetBuiltinOverflow(
+CheckerContext &C, ProgramStateRef State, const CallEvent &Call,
+SVal RetVal, bool IsOverflow) const {
+  SValBuilder &SVB = C.getSValBuilder();
+  SVal Arg1 = Call.getArgSVal(0);
+  SVal Arg2 = Call.getArgSVal(1);
+  auto BoolTy = C.getASTContext().BoolTy;
+
+  ProgramStateRef NewState =
+  State->BindExpr(Call.getOriginExpr(), C.getLocationContext(),
+  SVB.makeTruthVal(IsOverflow, BoolTy));
+
+  if (auto L = Call.getArgSVal(2).getAs()) {
+NewState = NewState->bindLoc(*L, RetVal, C.getLocationContext());
+
+// Propagate taint if any of the arguments were tainted
+if (isTainted(State, Arg1) || isTainted(State, Arg2))
+  NewState = addTaint(NewState, *L);
+  }
+
+  return NewState;
+}
+
 void BuiltinFunct

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

I've updated the commit description to have the desired cherry pick marker 
line, referring to the commit hash picked.
It's ready to go now.

https://github.com/llvm/llvm-project/pull/136589
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal edited 
https://github.com/llvm/llvm-project/pull/136589
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Please checkout the release branch, reset hard to reset to that one. Then issue 
the "git cherry-pick -x HASH" command and force push to your branch.
This should get us a nice cherry picked from comment in the message.

I think only the release manager can accept merges, so its not your fault.
Maintainers like me are expected to review and accept backports to take 
responsibility.

https://github.com/llvm/llvm-project/pull/136589
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] Backport to 20.x "[clang][analyzer] Fix error path of builtin overflow (#136345)" (PR #136589)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

Make sure after the force push you sync zhe PR summary with the commit message.

https://github.com/llvm/llvm-project/pull/136589
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer] Workaround for slowdown spikes (unintended scope increase) (#136720) (PR #139597)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/139597
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer] Workaround for slowdown spikes (unintended scope increase) (#136720) (PR #139597)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/139597

Recently some users reported that they observed large increases of runtime (up 
to +600% on some translation units) when they upgraded to a more recent 
(slightly patched, internal) clang version. Bisection revealed that the bulk of 
this increase was probably caused by my earlier commit 
bb27d5e5c6b194a1440b8ac4e5ace68d0ee2a849 ("Don't assume third iteration in 
loops").

As I evaluated that earlier commit on several open source project, it turns out 
that on average it's runtime-neutral (or slightly helpful: it reduced the total 
analysis time by 1.5%) but it can cause runtime spikes on some code: in 
particular it more than doubled the time to analyze `tmux` (one of the smaller 
test projects).

Further profiling and investigation proved that these spikes were caused by an 
_increase of analysis scope_ because there was an heuristic that placed 
functions on a "don't inline this" blacklist if they reached the 
`-analyzer-max-loop` limit (anywhere, on any one execution path) -- which 
became significantly rarer when my commit ensured the analyzer no longer "just 
assumes" four iterations. (With more inlining significantly more entry points 
use up their allocated budgets, which leads to the increased runtime.)

I feel that this heuristic for the "don't inline" blacklist is unjustified and 
arbitrary, because reaching the "retry without inlining" limit on one path does 
not imply that inlining the function won't be valuable on other paths -- so I 
hope that we can eventually replace it with more "natural" limits of the 
analysis scope.

However, the runtime increases are annoying for the users whose project is 
affected, so I created this quick workaround commit that approximates the 
"don't inline" blacklist effects of ambiguous loops (where the analyzer doesn't 
understand the loop condition) without fully reverting the "Don't assume third 
iteration" commit (to avoid reintroducing the false positives that were 
eliminated by it).

Investigating this issue was a team effort: I'm grateful to Endre Fülöp 
(gamesh411) who did the bisection and shared his time measurement setup, and 
Gábor Tóthvári (tigbr) who helped me in profiling.

(cherry picked from commit 9600a12f0de233324b559f60997b9c2db153fede)



  



Rate limit · GitHub


  body {
background-color: #f6f8fa;
color: #24292e;
font-family: -apple-system,BlinkMacSystemFont,Segoe 
UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;
font-size: 14px;
line-height: 1.5;
margin: 0;
  }

  .container { margin: 50px auto; max-width: 600px; text-align: center; 
padding: 0 24px; }

  a { color: #0366d6; text-decoration: none; }
  a:hover { text-decoration: underline; }

  h1 { line-height: 60px; font-size: 48px; font-weight: 300; margin: 0px; 
text-shadow: 0 1px 0 #fff; }
  p { color: rgba(0, 0, 0, 0.5); margin: 20px 0 40px; }

  ul { list-style: none; margin: 25px 0; padding: 0; }
  li { display: table-cell; font-weight: bold; width: 1%; }

  .logo { display: inline-block; margin-top: 35px; }
  .logo-img-2x { display: none; }
  @media
  only screen and (-webkit-min-device-pixel-ratio: 2),
  only screen and (   min--moz-device-pixel-ratio: 2),
  only screen and ( -o-min-device-pixel-ratio: 2/1),
  only screen and (min-device-pixel-ratio: 2),
  only screen and (min-resolution: 192dpi),
  only screen and (min-resolution: 2dppx) {
.logo-img-1x { display: none; }
.logo-img-2x { display: inline-block; }
  }

  #suggestions {
margin-top: 35px;
color: #ccc;
  }
  #suggestions a {
color: #66;
font-weight: 200;
font-size: 14px;
margin: 0 10px;
  }


  
  



  Whoa there!
  You have exceeded a secondary rate limit.
Please wait a few minutes before you try again;
in some cases this may take up to an hour.
  
  
https://support.github.com/contact";>Contact Support —
https://githubstatus.com";>GitHub Status —
https://twitter.com/githubstatus";>@githubstatus
  

  

  

  

  

  


___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [clang][analysis] Fix flaky clang/test/Analysis/live-stmts.cpp test (2nd attempt) (#127406) (PR #139591)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/139591
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [clang][analysis] Fix flaky clang/test/Analysis/live-stmts.cpp test (2nd attempt) (#127406) (PR #139591)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/139591

In my previous attempt (#126913) of fixing the flaky case was on a good track 
when I used the begin locations as a stable ordering. However, I forgot to 
consider the case when the begin locations are the same among the Exprs.

In an `EXPENSIVE_CHECKS` build, arrays are randomly shuffled prior to sorting 
them. This exposed the flaky behavior much more often basically breaking the 
"stability" of the vector - as it should. Because of this, I had to revert the 
previous fix attempt in #127034.

To fix this, I use this time `Expr::getID` for a stable ID for an Expr.

Hopefully fixes #126619
Hopefully fixes #126804

(cherry picked from commit f378e52ed3c6f8da4973f97f1ef043c2eb0da721)

>From 55ae8021c331c36d5286e86969fd7a24cc8e2da9 Mon Sep 17 00:00:00 2001
From: Balazs Benics 
Date: Mon, 17 Feb 2025 11:12:55 +0100
Subject: [PATCH] [clang][analysis] Fix flaky
 clang/test/Analysis/live-stmts.cpp test (2nd attempt) (#127406)

In my previous attempt (#126913) of fixing the flaky case was on a good
track when I used the begin locations as a stable ordering. However, I
forgot to consider the case when the begin locations are the same among
the Exprs.

In an `EXPENSIVE_CHECKS` build, arrays are randomly shuffled prior to
sorting them. This exposed the flaky behavior much more often basically
breaking the "stability" of the vector - as it should.
Because of this, I had to revert the previous fix attempt in #127034.

To fix this, I use this time `Expr::getID` for a stable ID for an Expr.

Hopefully fixes #126619
Hopefully fixes #126804

(cherry picked from commit f378e52ed3c6f8da4973f97f1ef043c2eb0da721)
---
 clang/lib/Analysis/LiveVariables.cpp | 11 +--
 clang/test/Analysis/live-stmts.cpp   |  2 ++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/clang/lib/Analysis/LiveVariables.cpp 
b/clang/lib/Analysis/LiveVariables.cpp
index 481932ee59c8e..5fb5ee767a683 100644
--- a/clang/lib/Analysis/LiveVariables.cpp
+++ b/clang/lib/Analysis/LiveVariables.cpp
@@ -662,12 +662,19 @@ void LiveVariables::dumpExprLiveness(const SourceManager 
&M) {
 }
 
 void LiveVariablesImpl::dumpExprLiveness(const SourceManager &M) {
+  const ASTContext &Ctx = analysisContext.getASTContext();
+  auto ByIDs = [&Ctx](const Expr *L, const Expr *R) {
+return L->getID(Ctx) < R->getID(Ctx);
+  };
+
   // Don't iterate over blockEndsToLiveness directly because it's not sorted.
   for (const CFGBlock *B : *analysisContext.getCFG()) {
-
 llvm::errs() << "\n[ B" << B->getBlockID()
  << " (live expressions at block exit) ]\n";
-for (const Expr *E : blocksEndToLiveness[B].liveExprs) {
+std::vector LiveExprs;
+llvm::append_range(LiveExprs, blocksEndToLiveness[B].liveExprs);
+llvm::sort(LiveExprs, ByIDs);
+for (const Expr *E : LiveExprs) {
   llvm::errs() << "\n";
   E->dump();
 }
diff --git a/clang/test/Analysis/live-stmts.cpp 
b/clang/test/Analysis/live-stmts.cpp
index c60f522588e39..ca2ff6da8b133 100644
--- a/clang/test/Analysis/live-stmts.cpp
+++ b/clang/test/Analysis/live-stmts.cpp
@@ -44,6 +44,8 @@ int testThatDumperWorks(int x, int y, int z) {
 // CHECK-NEXT: ImplicitCastExpr {{.*}} 
 // CHECK-NEXT: `-ImplicitCastExpr {{.*}} 
 // CHECK-NEXT:   `-DeclRefExpr {{.*}} 'x' 'int'
+// CHECK-EMPTY:
+// CHECK-EMPTY:
 // CHECK: [ B4 (live expressions at block exit) ]
 // CHECK-EMPTY:
 // CHECK-NEXT: DeclRefExpr {{.*}} 'y' 'int'

___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [clang][analysis] Fix flaky clang/test/Analysis/live-stmts.cpp test (2nd attempt) (#127406) (PR #139591)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

We decided to backport in 
https://github.com/llvm/llvm-project/pull/127406#issuecomment-2683679225

https://github.com/llvm/llvm-project/pull/139591
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer] Workaround for slowdown spikes (unintended scope increase) (#136720) (PR #139597)

[Balazs Benics via llvm-branch-commits]

@@ -0,0 +1,200 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection 
-verify=expected,default %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection 
-analyzer-config inline-functions-with-ambiguous-loops=true 
-verify=expected,enabled %s
+
+// This file tests some heuristics in the engine that put functions on a
+// "do not inline" list if their analyisis reaches the `analyzer-max-loop`
+// limit (by default 4 iterations) in a loop. This was almost surely intended
+// as memoization optimization for the "retry without inlining" fallback (if we
+// had to retry once, next time don't even try inlining), but aggressively
+// oversteps the "natural" scope: reaching 4 iterations on _one particular_
+// execution path does not imply that each path would need "retry without
+// inlining" especially if a different call receives different arguments.
+//
+// This heuristic significantly affects the scope/depth of the analysis (and
+// therefore the execution time) because without this limitation on the
+// inlining significantly more entry points would be able to exhaust their
+// `max-nodes` quota. (Trivial thin wrappers around big complex functions are
+// common in many projects.)
+//
+// Unfortunately, this arbitrary heuristic strongly relies on the current loop
+// handling model and its many limitations, so improvements in loop handling
+// can cause surprising slowdowns by reducing the "do not inline" blacklist.
+// In the tests "FIXME-BUT-NEEDED" comments mark "problematic" (aka buggy)
+// analyzer behavior which cannot be fixed without also improving the
+// heuristics for (not) inlining large functions.
+
+  int getNum(void); // Get an unknown symbolic number.

steakhal wrote:

I'm deliberately not touching this. I want to keep this as close to the 
original one as possible.

https://github.com/llvm/llvm-project/pull/139597
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [analyzer] Workaround for slowdown spikes (unintended scope increase) (#136720) (PR #139597)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

This is a manual backport of #136720.

https://github.com/llvm/llvm-project/pull/139597
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #139909)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal created 
https://github.com/llvm/llvm-project/pull/139909

As reported in #135665, C++20 parenthesis initializer list expressions are not 
handled correctly and were causing crashes. This commit attempts to fix the 
issue by handing parenthesis initializer lists along side existing initializer 
lists.

(cherry picked from commit 13d4ea6b0fb61ad27f596edbdf7daf20921f6989)

>From dc4c960f515890ca2cbf2ea944b5c38249741165 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou 
Date: Wed, 16 Apr 2025 22:51:36 +0100
Subject: [PATCH] [clang][analyzer] Handle CXXParenInitListExpr alongside
 InitListExpr

As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.

(cherry picked from commit 13d4ea6b0fb61ad27f596edbdf7daf20921f6989)
---
 clang/docs/ReleaseNotes.rst |  2 ++
 .../Checkers/DynamicTypePropagation.cpp | 10 ++
 clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 11 +++
 clang/test/Analysis/PR135665.cpp| 17 +
 4 files changed, 32 insertions(+), 8 deletions(-)
 create mode 100644 clang/test/Analysis/PR135665.cpp

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 47ef2f80ac3f2..ffc46d9d75b68 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -1467,6 +1467,8 @@ Crash and bug fixes
 - The ``unix.BlockInCriticalSection`` now recognizes the ``lock()`` member 
function
   as expected, even if it's inherited from a base class. Fixes (#GH104241).
 
+- Fixed a crash when using the overloaded lambda pattern. Fixes (#GH135665, 
#139789).
+
 Improvements
 
 
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp 
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const 
CallEvent &Call,
 // aggregates, and in such case no top-frame constructor will be 
called.
 // Figure out if we need to do anything in this case.
 // FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this 
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
   return;
 
 recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp 
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index f7020da2e6da2..cf7a4f9b12048 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -637,9 +637,11 @@ void ExprEngine::handleConstructor(const Expr *E,
 // FIXME: For now this code essentially bails out. We need to find the
 // correct target region and set it.
 // FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
   MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
   Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
   CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1010,7 +1012,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, 
ExplodedNode *Pred,
   // values are properly placed inside the required region, however if an
   // initializer list is used, this doesn't happen automatically.
   auto *Init = CNE->getInitializer();
-  bool isInitList = isa_and_nonnull(Init);
+  bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
 
   QualType ObjTy =
   isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..07848d9a590f5
--- /dev/null
+++ 

[llvm-branch-commits] [clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #139909)

[Balazs Benics via llvm-branch-commits]

https://github.com/steakhal milestoned 
https://github.com/llvm/llvm-project/pull/139909
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #139909)

[Balazs Benics via llvm-branch-commits]

steakhal wrote:

I already amended the patch to add this fix to the release notes of clang. 
That's the only change I made to the picked commit.

https://github.com/llvm/llvm-project/pull/139909
___
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits