steakhal wrote:
> Hi @steakhal , this change seems to have exposed by div/0 error in a very
> particular corner we came across after integrating this change. Could you try
> this case to see if can repro?
Yea, it seems to crash. I'll fix it once I have some time. Probably early next
week if I
vabridgers wrote:
Hi @steakhal , this change seems to have exposed by div/0 error in a very
particular corner we came across after integrating this change. Could you try
this case to see if can repro?
The div/0 is occurring at line 1093:
bool IncompleteLastElement = (NumBytesRead % Ele
@@ -907,6 +945,76 @@ void StreamChecker::preWrite(const FnDescription *Desc,
const CallEvent &Call,
C.addTransition(State);
}
+static std::optional getPointeeType(const MemRegion *R) {
+ if (!R)
+return std::nullopt;
+ if (const auto *ER = dyn_cast(R))
+return ER-
steakhal wrote:
Thanks for the green light!
> Another possible solution is that a generic invalidation support is added to
> `StdLibraryFunctionsChecker` that can be used for stream related and other
> functions.
Yes, that would be so nice. However, it's out of scope for me this time.
https:
https://github.com/steakhal closed
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
balazske wrote:
It should be possible in `StreamChecker` to perform the invalidations even if
the `StreamState` is not found (stream was not opened). Another possible
solution is that a generic invalidation support is added to
`StdLibraryFunctionsChecker` that can be used for stream related an
https://github.com/balazske approved this pull request.
It looks now OK at least to my knowledge.
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cf
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/93408
>From f9e841ddaa865d529c806b2d115d5ddbc7109243 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Sun, 26 May 2024 11:40:01 +0200
Subject: [PATCH 01/17] [analyzer] Refine invalidation caused by `fread`
This cha
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
steakhal wrote:
Let's do another round.
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/93408
>From f9e841ddaa865d529c806b2d115d5ddbc7109243 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Sun, 26 May 2024 11:40:01 +0200
Subject: [PATCH 01/16] [analyzer] Refine invalidation caused by `fread`
This cha
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/93408
>From f9e841ddaa865d529c806b2d115d5ddbc7109243 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Sun, 26 May 2024 11:40:01 +0200
Subject: [PATCH 01/16] [analyzer] Refine invalidation caused by `fread`
This cha
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
https://github.com/balazske edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,443 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
steakhal wrote:
Addressed all the feedback.
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/93408
Unicorn! · GitHub
body {
background-color: #f1f1f1;
margin: 0;
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
}
.container { margin: 50px au
@@ -907,6 +945,73 @@ void StreamChecker::preWrite(const FnDescription *Desc,
const CallEvent &Call,
C.addTransition(State);
}
+static std::optional getPointeeType(const MemRegion *R) {
+ if (!R)
+return std::nullopt;
+ if (const auto *ER = dyn_cast(R))
+return ER-
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -907,6 +945,73 @@ void StreamChecker::preWrite(const FnDescription *Desc,
const CallEvent &Call,
C.addTransition(State);
}
+static std::optional getPointeeType(const MemRegion *R) {
+ if (!R)
+return std::nullopt;
+ if (const auto *ER = dyn_cast(R))
+return ER-
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -907,6 +945,73 @@ void StreamChecker::preWrite(const FnDescription *Desc,
const CallEvent &Call,
C.addTransition(State);
}
+static std::optional getPointeeType(const MemRegion *R) {
+ if (!R)
+return std::nullopt;
+ if (const auto *ER = dyn_cast(R))
+return ER-
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -0,0 +1,412 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -triple x86_64-linux-gnu \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#include "Inputs/system-header-simulator-for-simple-stream.h"
@@ -907,6 +945,73 @@ void StreamChecker::preWrite(const FnDescription *Desc,
const CallEvent &Call,
C.addTransition(State);
}
+static std::optional getPointeeType(const MemRegion *R) {
+ if (!R)
+return std::nullopt;
+ if (const auto *ER = dyn_cast(R))
+return ER-
https://github.com/balazske edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/balazske commented:
It looks relatively good, I found only smaller issues.
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-co
steakhal wrote:
Checkout the new implementation and the added "weird" fread tests.
FYI unfortunately our store interferes a bit, as you will see in the last test
(`test_unaligned_start_read`) when the store does not purge the previous
binding when we have an overlapping write to the store.
Cons
@@ -937,8 +990,21 @@ void StreamChecker::evalFreadFwrite(const FnDescription
*Desc,
// At read, invalidate the buffer in any case of error or success,
// except if EOF was already present.
- if (IsFread && !E.isStreamEof())
-State = escapeArgs(State, C, Call, {0});
+
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/93408
>From f9e841ddaa865d529c806b2d115d5ddbc7109243 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Sun, 26 May 2024 11:40:01 +0200
Subject: [PATCH 1/8] [analyzer] Refine invalidation caused by `fread`
This chang
steakhal wrote:
Fixed most NFC typos and suggestions.
Let's continue the discussion.
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/93408
>From f9e841ddaa865d529c806b2d115d5ddbc7109243 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Sun, 26 May 2024 11:40:01 +0200
Subject: [PATCH 1/6] [analyzer] Refine invalidation caused by `fread`
This chang
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -937,8 +990,21 @@ void StreamChecker::evalFreadFwrite(const FnDescription
*Desc,
// At read, invalidate the buffer in any case of error or success,
// except if EOF was already present.
- if (IsFread && !E.isStreamEof())
-State = escapeArgs(State, C, Call, {0});
+
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -937,8 +990,21 @@ void StreamChecker::evalFreadFwrite(const FnDescription
*Desc,
// At read, invalidate the buffer in any case of error or success,
// except if EOF was already present.
- if (IsFread && !E.isStreamEof())
-State = escapeArgs(State, C, Call, {0});
+
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,328 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#define EOF (-1)
+
+extern "C" {
+typedef __typeof(sizeof(int)) size_t;
+typedef struct _FILE FILE;
@@ -0,0 +1,328 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#define EOF (-1)
+
+extern "C" {
+typedef __typeof(sizeof(int)) size_t;
+typedef struct _FILE FILE;
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
@@ -937,8 +990,21 @@ void StreamChecker::evalFreadFwrite(const FnDescription
*Desc,
// At read, invalidate the buffer in any case of error or success,
// except if EOF was already present.
- if (IsFread && !E.isStreamEof())
-State = escapeArgs(State, C, Call, {0});
+
@@ -0,0 +1,328 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=debug.ExprInspection
+
+#define EOF (-1)
+
+extern "C" {
+typedef __typeof(sizeof(int)) size_t;
+typedef struct _FILE FILE;
@@ -717,18 +717,71 @@ const ExplodedNode
*StreamChecker::getAcquisitionSite(const ExplodedNode *N,
return nullptr;
}
+/// Invalidate only the requested elements instead of the whole buffer.
+/// This is basically a refinement of the more generic 'escapeArgs' or
+/// the pla
https://github.com/NagyDonat commented:
Thanks for publishing this commit, it's a nice refinement of the modelling
capabilities, and mostly LGTM.
In the inline comments I added some very minor remarks and one question about
the handling of a `fread` that reads into the beginning of an array re
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/steakhal edited
https://github.com/llvm/llvm-project/pull/93408
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
llvmbot wrote:
@llvm/pr-subscribers-clang-static-analyzer-1
Author: Balazs Benics (steakhal)
Changes
This change enables more accurate modeling of the write effects of `fread`. In
particular, instead of invalidating the whole buffer, in a best-effort basis,
we would try to invalidate the
https://github.com/steakhal created
https://github.com/llvm/llvm-project/pull/93408
This change enables more accurate modeling of the write effects of `fread`. In
particular, instead of invalidating the whole buffer, in a best-effort basis,
we would try to invalidate the actually accesses elem
64 matches
Mail list logo
