2021-06-18 14:16:18 +03:00
|
|
|
//===- unittests/StaticAnalyzer/SvalTest.cpp ------------------------------===//
|
|
|
|
|
//
|
|
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
|
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
#include "CheckerRegistration.h"
|
|
|
|
|
|
|
|
|
|
#include "clang/AST/ASTContext.h"
|
|
|
|
|
#include "clang/AST/Decl.h"
|
|
|
|
|
#include "clang/AST/DeclGroup.h"
|
|
|
|
|
#include "clang/AST/RecursiveASTVisitor.h"
|
|
|
|
|
#include "clang/AST/Stmt.h"
|
|
|
|
|
#include "clang/AST/Type.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Core/Checker.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Frontend/CheckerRegistry.h"
|
[analyzer]Skip unstable CSA tests failing on several platforms
Clang static analyzer uses bitwidth to infer the integer value type, that is, any 32-bit integer is considered of type `int`, and any 64-bit integer is considered of type `long`. This isn't always true, for instance, in ILP32 (e.g., 32-bit AIX), 32-bit could be `long`, and in LP64 (e.g., 64-bit wasm64), 64-bit could be `long long`.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D114454
2021-12-02 18:29:43 -05:00
|
|
|
#include "clang/Testing/TestClangConfig.h"
|
2021-06-18 14:16:18 +03:00
|
|
|
#include "clang/Tooling/Tooling.h"
|
|
|
|
|
#include "llvm/ADT/STLExtras.h"
|
|
|
|
|
#include "llvm/ADT/StringRef.h"
|
|
|
|
|
#include "llvm/Support/Casting.h"
|
|
|
|
|
#include "llvm/Support/raw_ostream.h"
|
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
|
|
|
|
|
|
namespace clang {
|
|
|
|
|
|
|
|
|
|
// getType() tests include whole bunch of type comparisons,
|
|
|
|
|
// so when something is wrong, it's good to have gtest telling us
|
|
|
|
|
// what are those types.
|
|
|
|
|
LLVM_ATTRIBUTE_UNUSED std::ostream &operator<<(std::ostream &OS,
|
|
|
|
|
const QualType &T) {
|
|
|
|
|
return OS << T.getAsString();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LLVM_ATTRIBUTE_UNUSED std::ostream &operator<<(std::ostream &OS,
|
|
|
|
|
const CanQualType &T) {
|
|
|
|
|
return OS << QualType{T};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
namespace ento {
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Testing framework implementation
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
/// A simple map from variable names to symbolic values used to init them.
|
|
|
|
|
using SVals = llvm::StringMap<SVal>;
|
|
|
|
|
|
|
|
|
|
/// SValCollector is the barebone of all tests.
|
|
|
|
|
///
|
|
|
|
|
/// It is implemented as a checker and reacts to binds, so we find
|
|
|
|
|
/// symbolic values of interest, and to end analysis, where we actually
|
|
|
|
|
/// can test whatever we gathered.
|
|
|
|
|
class SValCollector : public Checker<check::Bind, check::EndAnalysis> {
|
|
|
|
|
public:
|
|
|
|
|
void checkBind(SVal Loc, SVal Val, const Stmt *S, CheckerContext &C) const {
|
|
|
|
|
// Skip instantly if we finished testing.
|
|
|
|
|
// Also, we care only for binds happening in variable initializations.
|
|
|
|
|
if (Tested || !isa<DeclStmt>(S))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (const auto *VR = llvm::dyn_cast_or_null<VarRegion>(Loc.getAsRegion())) {
|
|
|
|
|
CollectedSVals[VR->getDescriptiveName(false)] = Val;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void checkEndAnalysis(ExplodedGraph &G, BugReporter &B,
|
|
|
|
|
ExprEngine &Engine) const {
|
|
|
|
|
if (!Tested) {
|
|
|
|
|
test(Engine, Engine.getContext());
|
|
|
|
|
Tested = true;
|
|
|
|
|
CollectedSVals.clear();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Helper function for tests to access bound symbolic values.
|
|
|
|
|
SVal getByName(StringRef Name) const { return CollectedSVals[Name]; }
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
/// Entry point for tests.
|
|
|
|
|
virtual void test(ExprEngine &Engine, const ASTContext &Context) const = 0;
|
|
|
|
|
|
|
|
|
|
mutable bool Tested = false;
|
|
|
|
|
mutable SVals CollectedSVals;
|
|
|
|
|
};
|
|
|
|
|
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
static void expectSameSignAndBitWidth(QualType ExpectedTy, QualType ActualTy,
|
|
|
|
|
const ASTContext &Context) {
|
|
|
|
|
EXPECT_EQ(ExpectedTy->isUnsignedIntegerType(),
|
|
|
|
|
ActualTy->isUnsignedIntegerType());
|
|
|
|
|
EXPECT_EQ(Context.getTypeSize(ExpectedTy), Context.getTypeSize(ActualTy));
|
|
|
|
|
}
|
|
|
|
|
|
[analyzer]Skip unstable CSA tests failing on several platforms
Clang static analyzer uses bitwidth to infer the integer value type, that is, any 32-bit integer is considered of type `int`, and any 64-bit integer is considered of type `long`. This isn't always true, for instance, in ILP32 (e.g., 32-bit AIX), 32-bit could be `long`, and in LP64 (e.g., 64-bit wasm64), 64-bit could be `long long`.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D114454
2021-12-02 18:29:43 -05:00
|
|
|
// Fixture class for parameterized SValTest
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
class SValTest : public testing::TestWithParam<TestClangConfig> {};
|
[analyzer]Skip unstable CSA tests failing on several platforms
Clang static analyzer uses bitwidth to infer the integer value type, that is, any 32-bit integer is considered of type `int`, and any 64-bit integer is considered of type `long`. This isn't always true, for instance, in ILP32 (e.g., 32-bit AIX), 32-bit could be `long`, and in LP64 (e.g., 64-bit wasm64), 64-bit could be `long long`.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D114454
2021-12-02 18:29:43 -05:00
|
|
|
|
2021-06-18 14:16:18 +03:00
|
|
|
// SVAL_TEST is a combined way of providing a short code snippet and
|
|
|
|
|
// to test some programmatic predicates on symbolic values produced by the
|
|
|
|
|
// engine for the actual code.
|
|
|
|
|
//
|
|
|
|
|
// Each test has a NAME. One can think of it as a name for normal gtests.
|
|
|
|
|
//
|
|
|
|
|
// Each test should provide a CODE snippet. Code snippets might contain any
|
|
|
|
|
// valid C/C++, but have ONLY ONE defined function. There are no requirements
|
|
|
|
|
// about function's name or parameters. It can even be a class method. The
|
|
|
|
|
// body of the function must contain a set of variable declarations. Each
|
|
|
|
|
// variable declaration gets bound to a symbolic value, so for the following
|
|
|
|
|
// example:
|
|
|
|
|
//
|
|
|
|
|
// int x = <expr>;
|
|
|
|
|
//
|
|
|
|
|
// `x` will be bound to whatever symbolic value the engine produced for <expr>.
|
|
|
|
|
// LIVENESS and REASSIGNMENTS don't affect this binding.
|
|
|
|
|
//
|
|
|
|
|
// During the test the actual values can be accessed via `getByName` function,
|
|
|
|
|
// and, for the `x`-bound value, one must use "x" as its name.
|
|
|
|
|
//
|
|
|
|
|
// Example:
|
|
|
|
|
// SVAL_TEST(SimpleSValTest, R"(
|
|
|
|
|
// void foo() {
|
|
|
|
|
// int x = 42;
|
|
|
|
|
// })") {
|
|
|
|
|
// SVal X = getByName("x");
|
|
|
|
|
// EXPECT_TRUE(X.isConstant(42));
|
|
|
|
|
// }
|
|
|
|
|
#define SVAL_TEST(NAME, CODE) \
|
|
|
|
|
class NAME##SValCollector final : public SValCollector { \
|
|
|
|
|
public: \
|
|
|
|
|
void test(ExprEngine &Engine, const ASTContext &Context) const override; \
|
|
|
|
|
}; \
|
|
|
|
|
\
|
|
|
|
|
void add##NAME##SValCollector(AnalysisASTConsumer &AnalysisConsumer, \
|
|
|
|
|
AnalyzerOptions &AnOpts) { \
|
|
|
|
|
AnOpts.CheckersAndPackages = {{"test.##NAME##SValCollector", true}}; \
|
|
|
|
|
AnalysisConsumer.AddCheckerRegistrationFn([](CheckerRegistry &Registry) { \
|
|
|
|
|
Registry.addChecker<NAME##SValCollector>("test.##NAME##SValCollector", \
|
|
|
|
|
"Description", ""); \
|
|
|
|
|
}); \
|
|
|
|
|
} \
|
|
|
|
|
\
|
[analyzer]Skip unstable CSA tests failing on several platforms
Clang static analyzer uses bitwidth to infer the integer value type, that is, any 32-bit integer is considered of type `int`, and any 64-bit integer is considered of type `long`. This isn't always true, for instance, in ILP32 (e.g., 32-bit AIX), 32-bit could be `long`, and in LP64 (e.g., 64-bit wasm64), 64-bit could be `long long`.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D114454
2021-12-02 18:29:43 -05:00
|
|
|
TEST_P(SValTest, NAME) { \
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
EXPECT_TRUE(runCheckerOnCodeWithArgs<add##NAME##SValCollector>( \
|
|
|
|
|
CODE, GetParam().getCommandLineArgs())); \
|
[analyzer]Skip unstable CSA tests failing on several platforms
Clang static analyzer uses bitwidth to infer the integer value type, that is, any 32-bit integer is considered of type `int`, and any 64-bit integer is considered of type `long`. This isn't always true, for instance, in ILP32 (e.g., 32-bit AIX), 32-bit could be `long`, and in LP64 (e.g., 64-bit wasm64), 64-bit could be `long long`.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D114454
2021-12-02 18:29:43 -05:00
|
|
|
} \
|
2021-06-18 14:16:18 +03:00
|
|
|
void NAME##SValCollector::test(ExprEngine &Engine, \
|
|
|
|
|
const ASTContext &Context) const
|
|
|
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Actual tests
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetConstType, R"(
|
|
|
|
|
void foo() {
|
|
|
|
|
int x = 42;
|
|
|
|
|
int *y = nullptr;
|
2022-07-14 15:54:40 +08:00
|
|
|
bool z = true;
|
2021-06-18 14:16:18 +03:00
|
|
|
})") {
|
|
|
|
|
SVal X = getByName("x");
|
|
|
|
|
ASSERT_FALSE(X.getType(Context).isNull());
|
|
|
|
|
EXPECT_EQ(Context.IntTy, X.getType(Context));
|
|
|
|
|
|
|
|
|
|
SVal Y = getByName("y");
|
|
|
|
|
ASSERT_FALSE(Y.getType(Context).isNull());
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
expectSameSignAndBitWidth(Context.getUIntPtrType(), Y.getType(Context),
|
|
|
|
|
Context);
|
2022-07-14 15:54:40 +08:00
|
|
|
|
|
|
|
|
SVal Z = getByName("z");
|
|
|
|
|
ASSERT_FALSE(Z.getType(Context).isNull());
|
|
|
|
|
EXPECT_EQ(Context.BoolTy, Z.getType(Context));
|
2021-06-18 14:16:18 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetLocAsIntType, R"(
|
|
|
|
|
void foo(int *x) {
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
long int a = (long long int)x;
|
|
|
|
|
unsigned b = (long long unsigned)&a;
|
|
|
|
|
int c = (long long int)nullptr;
|
2021-06-18 14:16:18 +03:00
|
|
|
})") {
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
|
2021-06-18 14:16:18 +03:00
|
|
|
// TODO: Turn it into signed long
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
expectSameSignAndBitWidth(Context.UnsignedLongTy, A.getType(Context),
|
|
|
|
|
Context);
|
2021-06-18 14:16:18 +03:00
|
|
|
|
|
|
|
|
SVal B = getByName("b");
|
|
|
|
|
ASSERT_FALSE(B.getType(Context).isNull());
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
expectSameSignAndBitWidth(Context.UnsignedIntTy, B.getType(Context), Context);
|
2021-06-18 14:16:18 +03:00
|
|
|
|
|
|
|
|
SVal C = getByName("c");
|
|
|
|
|
ASSERT_FALSE(C.getType(Context).isNull());
|
[analyzer][NFC] Re-enable skipped SValTests by relaxing expectations
Some tests were skipped in D114454 to resolve test failures on some
platforms, where the pointers have different bitwidth than expected.
This patch re-enables these tests, by relaxing the requirements on the
types of the SVal.
The issue:
There is no way to reconstruct the type of the `SVal` perfectly
accurately, since there could be multiple types having the required
bitwidth and signedness.
Consider platforms where `int` and `long` have the same bitwidth.
Additionally, we need to be careful about casting a pointer to an
integral representation, because we don't know what smallest integral
type can represent that.
To workaround these issues, I propose enforcing a type that has the
same signedness and bitwidth as the expected type, instead of perfect
equality.
In the `GetLocAsIntType` test, in case of pointer-to-integral casts
I'm using the widest standard integral type (long long) to make sure
that the pointer can be represented by the type without losing
precision. This won't affect the test in any meaningful way, since the
type of the `lvalue` remained the same.
In one case, I had to replace `getUIntPtrType()` with `UnsignedLongTy`
because on some platforms `getUIntPtrType()` is different then `long
int`.
In this patch, I also enforce that the tests must compile without
errors, to prevent narrowing conversions in the future.
Reviewed By: stevewan
Differential Revision: https://reviews.llvm.org/D115349
2022-01-19 15:16:18 +01:00
|
|
|
expectSameSignAndBitWidth(Context.IntTy, C.getType(Context), Context);
|
2021-06-18 14:16:18 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetSymExprType, R"(
|
|
|
|
|
void foo(int a, int b) {
|
|
|
|
|
int x = a;
|
|
|
|
|
int y = a + b;
|
|
|
|
|
long z = a;
|
|
|
|
|
})") {
|
|
|
|
|
QualType Int = Context.IntTy;
|
|
|
|
|
|
|
|
|
|
SVal X = getByName("x");
|
|
|
|
|
ASSERT_FALSE(X.getType(Context).isNull());
|
|
|
|
|
EXPECT_EQ(Int, X.getType(Context));
|
|
|
|
|
|
|
|
|
|
SVal Y = getByName("y");
|
|
|
|
|
ASSERT_FALSE(Y.getType(Context).isNull());
|
|
|
|
|
EXPECT_EQ(Int, Y.getType(Context));
|
|
|
|
|
|
|
|
|
|
// TODO: Change to Long when we support symbolic casts
|
|
|
|
|
SVal Z = getByName("z");
|
|
|
|
|
ASSERT_FALSE(Z.getType(Context).isNull());
|
|
|
|
|
EXPECT_EQ(Int, Z.getType(Context));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetPointerType, R"(
|
|
|
|
|
int *bar();
|
|
|
|
|
int &foobar();
|
|
|
|
|
struct Z {
|
|
|
|
|
int a;
|
|
|
|
|
int *b;
|
|
|
|
|
};
|
|
|
|
|
void foo(int x, int *y, Z z) {
|
|
|
|
|
int &a = x;
|
|
|
|
|
int &b = *y;
|
|
|
|
|
int &c = *bar();
|
|
|
|
|
int &d = foobar();
|
|
|
|
|
int &e = z.a;
|
|
|
|
|
int &f = *z.b;
|
|
|
|
|
})") {
|
|
|
|
|
QualType Int = Context.IntTy;
|
|
|
|
|
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
|
|
|
|
const auto *APtrTy = dyn_cast<PointerType>(A.getType(Context));
|
|
|
|
|
ASSERT_NE(APtrTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Int, APtrTy->getPointeeType());
|
|
|
|
|
|
|
|
|
|
SVal B = getByName("b");
|
|
|
|
|
ASSERT_FALSE(B.getType(Context).isNull());
|
|
|
|
|
const auto *BPtrTy = dyn_cast<PointerType>(B.getType(Context));
|
|
|
|
|
ASSERT_NE(BPtrTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Int, BPtrTy->getPointeeType());
|
|
|
|
|
|
|
|
|
|
SVal C = getByName("c");
|
|
|
|
|
ASSERT_FALSE(C.getType(Context).isNull());
|
|
|
|
|
const auto *CPtrTy = dyn_cast<PointerType>(C.getType(Context));
|
|
|
|
|
ASSERT_NE(CPtrTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Int, CPtrTy->getPointeeType());
|
|
|
|
|
|
|
|
|
|
SVal D = getByName("d");
|
|
|
|
|
ASSERT_FALSE(D.getType(Context).isNull());
|
|
|
|
|
const auto *DRefTy = dyn_cast<LValueReferenceType>(D.getType(Context));
|
|
|
|
|
ASSERT_NE(DRefTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Int, DRefTy->getPointeeType());
|
|
|
|
|
|
|
|
|
|
SVal E = getByName("e");
|
|
|
|
|
ASSERT_FALSE(E.getType(Context).isNull());
|
|
|
|
|
const auto *EPtrTy = dyn_cast<PointerType>(E.getType(Context));
|
|
|
|
|
ASSERT_NE(EPtrTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Int, EPtrTy->getPointeeType());
|
|
|
|
|
|
|
|
|
|
SVal F = getByName("f");
|
|
|
|
|
ASSERT_FALSE(F.getType(Context).isNull());
|
|
|
|
|
const auto *FPtrTy = dyn_cast<PointerType>(F.getType(Context));
|
|
|
|
|
ASSERT_NE(FPtrTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Int, FPtrTy->getPointeeType());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetCompoundType, R"(
|
|
|
|
|
struct TestStruct {
|
|
|
|
|
int a, b;
|
|
|
|
|
};
|
|
|
|
|
union TestUnion {
|
|
|
|
|
int a;
|
|
|
|
|
float b;
|
|
|
|
|
TestStruct c;
|
|
|
|
|
};
|
|
|
|
|
void foo(int x) {
|
|
|
|
|
int a[] = {1, x, 2};
|
|
|
|
|
TestStruct b = {x, 42};
|
|
|
|
|
TestUnion c = {42};
|
|
|
|
|
TestUnion d = {.c=b};
|
|
|
|
|
}
|
|
|
|
|
)") {
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
|
|
|
|
const auto *AArrayType = dyn_cast<ArrayType>(A.getType(Context));
|
|
|
|
|
ASSERT_NE(AArrayType, nullptr);
|
|
|
|
|
EXPECT_EQ(Context.IntTy, AArrayType->getElementType());
|
|
|
|
|
|
|
|
|
|
SVal B = getByName("b");
|
|
|
|
|
ASSERT_FALSE(B.getType(Context).isNull());
|
|
|
|
|
const auto *BRecordType = dyn_cast<RecordType>(B.getType(Context));
|
|
|
|
|
ASSERT_NE(BRecordType, nullptr);
|
|
|
|
|
EXPECT_EQ("TestStruct", BRecordType->getDecl()->getName());
|
|
|
|
|
|
|
|
|
|
SVal C = getByName("c");
|
|
|
|
|
ASSERT_FALSE(C.getType(Context).isNull());
|
|
|
|
|
const auto *CRecordType = dyn_cast<RecordType>(C.getType(Context));
|
|
|
|
|
ASSERT_NE(CRecordType, nullptr);
|
|
|
|
|
EXPECT_EQ("TestUnion", CRecordType->getDecl()->getName());
|
|
|
|
|
|
|
|
|
|
auto D = getByName("d").getAs<nonloc::CompoundVal>();
|
2022-07-12 22:47:41 -07:00
|
|
|
ASSERT_TRUE(D.has_value());
|
2021-06-18 14:16:18 +03:00
|
|
|
auto Begin = D->begin();
|
|
|
|
|
ASSERT_NE(D->end(), Begin);
|
|
|
|
|
++Begin;
|
|
|
|
|
ASSERT_EQ(D->end(), Begin);
|
|
|
|
|
auto LD = D->begin()->getAs<nonloc::LazyCompoundVal>();
|
2022-07-12 22:47:41 -07:00
|
|
|
ASSERT_TRUE(LD.has_value());
|
2021-06-18 14:16:18 +03:00
|
|
|
auto LDT = LD->getType(Context);
|
|
|
|
|
ASSERT_FALSE(LDT.isNull());
|
[clang] Implement ElaboratedType sugaring for types written bare
Without this patch, clang will not wrap in an ElaboratedType node types written
without a keyword and nested name qualifier, which goes against the intent that
we should produce an AST which retains enough details to recover how things are
written.
The lack of this sugar is incompatible with the intent of the type printer
default policy, which is to print types as written, but to fall back and print
them fully qualified when they are desugared.
An ElaboratedTypeLoc without keyword / NNS uses no storage by itself, but still
requires pointer alignment due to pre-existing bug in the TypeLoc buffer
handling.
---
Troubleshooting list to deal with any breakage seen with this patch:
1) The most likely effect one would see by this patch is a change in how
a type is printed. The type printer will, by design and default,
print types as written. There are customization options there, but
not that many, and they mainly apply to how to print a type that we
somehow failed to track how it was written. This patch fixes a
problem where we failed to distinguish between a type
that was written without any elaborated-type qualifiers,
such as a 'struct'/'class' tags and name spacifiers such as 'std::',
and one that has been stripped of any 'metadata' that identifies such,
the so called canonical types.
Example:
```
namespace foo {
struct A {};
A a;
};
```
If one were to print the type of `foo::a`, prior to this patch, this
would result in `foo::A`. This is how the type printer would have,
by default, printed the canonical type of A as well.
As soon as you add any name qualifiers to A, the type printer would
suddenly start accurately printing the type as written. This patch
will make it print it accurately even when written without
qualifiers, so we will just print `A` for the initial example, as
the user did not really write that `foo::` namespace qualifier.
2) This patch could expose a bug in some AST matcher. Matching types
is harder to get right when there is sugar involved. For example,
if you want to match a type against being a pointer to some type A,
then you have to account for getting a type that is sugar for a
pointer to A, or being a pointer to sugar to A, or both! Usually
you would get the second part wrong, and this would work for a
very simple test where you don't use any name qualifiers, but
you would discover is broken when you do. The usual fix is to
either use the matcher which strips sugar, which is annoying
to use as for example if you match an N level pointer, you have
to put N+1 such matchers in there, beginning to end and between
all those levels. But in a lot of cases, if the property you want
to match is present in the canonical type, it's easier and faster
to just match on that... This goes with what is said in 1), if
you want to match against the name of a type, and you want
the name string to be something stable, perhaps matching on
the name of the canonical type is the better choice.
3) This patch could expose a bug in how you get the source range of some
TypeLoc. For some reason, a lot of code is using getLocalSourceRange(),
which only looks at the given TypeLoc node. This patch introduces a new,
and more common TypeLoc node which contains no source locations on itself.
This is not an inovation here, and some other, more rare TypeLoc nodes could
also have this property, but if you use getLocalSourceRange on them, it's not
going to return any valid locations, because it doesn't have any. The right fix
here is to always use getSourceRange() or getBeginLoc/getEndLoc which will dive
into the inner TypeLoc to get the source range if it doesn't find it on the
top level one. You can use getLocalSourceRange if you are really into
micro-optimizations and you have some outside knowledge that the TypeLocs you are
dealing with will always include some source location.
4) Exposed a bug somewhere in the use of the normal clang type class API, where you
have some type, you want to see if that type is some particular kind, you try a
`dyn_cast` such as `dyn_cast<TypedefType>` and that fails because now you have an
ElaboratedType which has a TypeDefType inside of it, which is what you wanted to match.
Again, like 2), this would usually have been tested poorly with some simple tests with
no qualifications, and would have been broken had there been any other kind of type sugar,
be it an ElaboratedType or a TemplateSpecializationType or a SubstTemplateParmType.
The usual fix here is to use `getAs` instead of `dyn_cast`, which will look deeper
into the type. Or use `getAsAdjusted` when dealing with TypeLocs.
For some reason the API is inconsistent there and on TypeLocs getAs behaves like a dyn_cast.
5) It could be a bug in this patch perhaps.
Let me know if you need any help!
Signed-off-by: Matheus Izvekov <mizvekov@gmail.com>
Differential Revision: https://reviews.llvm.org/D112374
2021-10-11 18:15:36 +02:00
|
|
|
const auto *DElaboratedType = dyn_cast<ElaboratedType>(LDT);
|
|
|
|
|
ASSERT_NE(DElaboratedType, nullptr);
|
|
|
|
|
const auto *DRecordType =
|
|
|
|
|
dyn_cast<RecordType>(DElaboratedType->getNamedType());
|
2021-06-18 14:16:18 +03:00
|
|
|
ASSERT_NE(DRecordType, nullptr);
|
|
|
|
|
EXPECT_EQ("TestStruct", DRecordType->getDecl()->getName());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetStringType, R"(
|
|
|
|
|
void foo() {
|
|
|
|
|
const char *a = "Hello, world!";
|
|
|
|
|
}
|
|
|
|
|
)") {
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
|
|
|
|
const auto *APtrTy = dyn_cast<PointerType>(A.getType(Context));
|
|
|
|
|
ASSERT_NE(APtrTy, nullptr);
|
|
|
|
|
EXPECT_EQ(Context.CharTy, APtrTy->getPointeeType());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetThisType, R"(
|
|
|
|
|
class TestClass {
|
|
|
|
|
void foo();
|
|
|
|
|
};
|
|
|
|
|
void TestClass::foo() {
|
|
|
|
|
const auto *a = this;
|
|
|
|
|
}
|
|
|
|
|
)") {
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
|
|
|
|
const auto *APtrTy = dyn_cast<PointerType>(A.getType(Context));
|
|
|
|
|
ASSERT_NE(APtrTy, nullptr);
|
|
|
|
|
const auto *ARecordType = dyn_cast<RecordType>(APtrTy->getPointeeType());
|
|
|
|
|
ASSERT_NE(ARecordType, nullptr);
|
|
|
|
|
EXPECT_EQ("TestClass", ARecordType->getDecl()->getName());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetFunctionPtrType, R"(
|
|
|
|
|
void bar();
|
|
|
|
|
void foo() {
|
|
|
|
|
auto *a = &bar;
|
|
|
|
|
}
|
|
|
|
|
)") {
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
|
|
|
|
const auto *APtrTy = dyn_cast<PointerType>(A.getType(Context));
|
|
|
|
|
ASSERT_NE(APtrTy, nullptr);
|
|
|
|
|
ASSERT_TRUE(isa<FunctionProtoType>(APtrTy->getPointeeType()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SVAL_TEST(GetLabelType, R"(
|
|
|
|
|
void foo() {
|
|
|
|
|
entry:
|
|
|
|
|
void *a = &&entry;
|
|
|
|
|
char *b = (char *)&&entry;
|
|
|
|
|
}
|
|
|
|
|
)") {
|
|
|
|
|
SVal A = getByName("a");
|
|
|
|
|
ASSERT_FALSE(A.getType(Context).isNull());
|
|
|
|
|
EXPECT_EQ(Context.VoidPtrTy, A.getType(Context));
|
|
|
|
|
|
|
|
|
|
SVal B = getByName("a");
|
|
|
|
|
ASSERT_FALSE(B.getType(Context).isNull());
|
|
|
|
|
// TODO: Change to CharTy when we support symbolic casts
|
|
|
|
|
EXPECT_EQ(Context.VoidPtrTy, B.getType(Context));
|
|
|
|
|
}
|
|
|
|
|
|
[analyzer]Skip unstable CSA tests failing on several platforms
Clang static analyzer uses bitwidth to infer the integer value type, that is, any 32-bit integer is considered of type `int`, and any 64-bit integer is considered of type `long`. This isn't always true, for instance, in ILP32 (e.g., 32-bit AIX), 32-bit could be `long`, and in LP64 (e.g., 64-bit wasm64), 64-bit could be `long long`.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D114454
2021-12-02 18:29:43 -05:00
|
|
|
std::vector<TestClangConfig> allTestClangConfigs() {
|
|
|
|
|
std::vector<TestClangConfig> all_configs;
|
|
|
|
|
TestClangConfig config;
|
|
|
|
|
config.Language = Lang_CXX14;
|
|
|
|
|
for (std::string target :
|
|
|
|
|
{"i686-pc-windows-msvc", "i686-apple-darwin9",
|
|
|
|
|
"x86_64-apple-darwin9", "x86_64-scei-ps4",
|
|
|
|
|
"x86_64-windows-msvc", "x86_64-unknown-linux",
|
|
|
|
|
"x86_64-apple-macosx", "x86_64-apple-ios14.0",
|
|
|
|
|
"wasm32-unknown-unknown", "wasm64-unknown-unknown",
|
|
|
|
|
"thumb-pc-win32", "sparc64-none-openbsd",
|
|
|
|
|
"sparc-none-none", "riscv64-unknown-linux",
|
|
|
|
|
"ppc64-windows-msvc", "powerpc-ibm-aix",
|
|
|
|
|
"powerpc64-ibm-aix", "s390x-ibm-zos",
|
|
|
|
|
"armv7-pc-windows-msvc", "aarch64-pc-windows-msvc",
|
|
|
|
|
"xcore-xmos-elf"}) {
|
|
|
|
|
config.Target = target;
|
|
|
|
|
all_configs.push_back(config);
|
|
|
|
|
}
|
|
|
|
|
return all_configs;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
INSTANTIATE_TEST_SUITE_P(SValTests, SValTest,
|
|
|
|
|
testing::ValuesIn(allTestClangConfigs()));
|
|
|
|
|
|
2021-06-18 14:16:18 +03:00
|
|
|
} // namespace
|
|
|
|
|
} // namespace ento
|
|
|
|
|
} // namespace clang
|