diff options
Diffstat (limited to 'contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend')
8 files changed, 1704 insertions, 0 deletions
diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp new file mode 100644 index 000000000000..03bc40804d73 --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp @@ -0,0 +1,769 @@ +//===--- AnalysisConsumer.cpp - ASTConsumer for running Analyses ----------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// "Meta" ASTConsumer for running different source analyses. +// +//===----------------------------------------------------------------------===// + +#include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h" +#include "ModelInjector.h" +#include "clang/AST/Decl.h" +#include "clang/AST/DeclCXX.h" +#include "clang/AST/DeclObjC.h" +#include "clang/AST/RecursiveASTVisitor.h" +#include "clang/Analysis/Analyses/LiveVariables.h" +#include "clang/Analysis/CFG.h" +#include "clang/Analysis/CallGraph.h" +#include "clang/Analysis/CodeInjector.h" +#include "clang/Analysis/MacroExpansionContext.h" +#include "clang/Analysis/PathDiagnostic.h" +#include "clang/Basic/SourceManager.h" +#include "clang/CrossTU/CrossTranslationUnit.h" +#include "clang/Frontend/CompilerInstance.h" +#include "clang/Lex/Preprocessor.h" +#include "clang/Rewrite/Core/Rewriter.h" +#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" +#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" +#include "clang/StaticAnalyzer/Core/CheckerManager.h" +#include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" +#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" +#include "llvm/ADT/PostOrderIterator.h" +#include "llvm/ADT/ScopeExit.h" +#include "llvm/ADT/Statistic.h" +#include "llvm/Support/FileSystem.h" +#include "llvm/Support/Path.h" +#include "llvm/Support/Program.h" +#include "llvm/Support/Timer.h" +#include "llvm/Support/raw_ostream.h" +#include <memory> +#include <queue> +#include <utility> + +using namespace clang; +using namespace ento; + +#define DEBUG_TYPE "AnalysisConsumer" + +STATISTIC(NumFunctionTopLevel, "The # of functions at top level."); +STATISTIC(NumFunctionsAnalyzed, + "The # of functions and blocks analyzed (as top level " + "with inlining turned on)."); +STATISTIC(NumBlocksInAnalyzedFunctions, + "The # of basic blocks in the analyzed functions."); +STATISTIC(NumVisitedBlocksInAnalyzedFunctions, + "The # of visited basic blocks in the analyzed functions."); +STATISTIC(PercentReachableBlocks, "The % of reachable basic blocks."); +STATISTIC(MaxCFGSize, "The maximum number of basic blocks in a function."); + +//===----------------------------------------------------------------------===// +// AnalysisConsumer declaration. +//===----------------------------------------------------------------------===// + +namespace { + +class AnalysisConsumer : public AnalysisASTConsumer, + public RecursiveASTVisitor<AnalysisConsumer> { + enum { + AM_None = 0, + AM_Syntax = 0x1, + AM_Path = 0x2 + }; + typedef unsigned AnalysisMode; + + /// Mode of the analyzes while recursively visiting Decls. + AnalysisMode RecVisitorMode; + /// Bug Reporter to use while recursively visiting Decls. + BugReporter *RecVisitorBR; + + std::vector<std::function<void(CheckerRegistry &)>> CheckerRegistrationFns; + +public: + ASTContext *Ctx; + Preprocessor &PP; + const std::string OutDir; + AnalyzerOptions &Opts; + ArrayRef<std::string> Plugins; + CodeInjector *Injector; + cross_tu::CrossTranslationUnitContext CTU; + + /// Stores the declarations from the local translation unit. + /// Note, we pre-compute the local declarations at parse time as an + /// optimization to make sure we do not deserialize everything from disk. + /// The local declaration to all declarations ratio might be very small when + /// working with a PCH file. + SetOfDecls LocalTUDecls; + + MacroExpansionContext MacroExpansions; + + // Set of PathDiagnosticConsumers. Owned by AnalysisManager. + PathDiagnosticConsumers PathConsumers; + + StoreManagerCreator CreateStoreMgr; + ConstraintManagerCreator CreateConstraintMgr; + + std::unique_ptr<CheckerManager> checkerMgr; + std::unique_ptr<AnalysisManager> Mgr; + + /// Time the analyzes time of each translation unit. + std::unique_ptr<llvm::TimerGroup> AnalyzerTimers; + std::unique_ptr<llvm::Timer> SyntaxCheckTimer; + std::unique_ptr<llvm::Timer> ExprEngineTimer; + std::unique_ptr<llvm::Timer> BugReporterTimer; + + /// The information about analyzed functions shared throughout the + /// translation unit. + FunctionSummariesTy FunctionSummaries; + + AnalysisConsumer(CompilerInstance &CI, const std::string &outdir, + AnalyzerOptions &opts, ArrayRef<std::string> plugins, + CodeInjector *injector) + : RecVisitorMode(0), RecVisitorBR(nullptr), Ctx(nullptr), + PP(CI.getPreprocessor()), OutDir(outdir), Opts(opts), + Plugins(plugins), Injector(injector), CTU(CI), + MacroExpansions(CI.getLangOpts()) { + DigestAnalyzerOptions(); + if (Opts.AnalyzerDisplayProgress || Opts.PrintStats || + Opts.ShouldSerializeStats) { + AnalyzerTimers = std::make_unique<llvm::TimerGroup>( + "analyzer", "Analyzer timers"); + SyntaxCheckTimer = std::make_unique<llvm::Timer>( + "syntaxchecks", "Syntax-based analysis time", *AnalyzerTimers); + ExprEngineTimer = std::make_unique<llvm::Timer>( + "exprengine", "Path exploration time", *AnalyzerTimers); + BugReporterTimer = std::make_unique<llvm::Timer>( + "bugreporter", "Path-sensitive report post-processing time", + *AnalyzerTimers); + } + + if (Opts.PrintStats || Opts.ShouldSerializeStats) { + llvm::EnableStatistics(/* DoPrintOnExit= */ false); + } + + if (Opts.ShouldDisplayMacroExpansions) + MacroExpansions.registerForPreprocessor(PP); + } + + ~AnalysisConsumer() override { + if (Opts.PrintStats) { + llvm::PrintStatistics(); + } + } + + void DigestAnalyzerOptions() { + switch (Opts.AnalysisDiagOpt) { + case PD_NONE: + break; +#define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN) \ + case PD_##NAME: \ + CREATEFN(Opts.getDiagOpts(), PathConsumers, OutDir, PP, CTU, \ + MacroExpansions); \ + break; +#include "clang/StaticAnalyzer/Core/Analyses.def" + default: + llvm_unreachable("Unknown analyzer output type!"); + } + + // Create the analyzer component creators. + CreateStoreMgr = &CreateRegionStoreManager; + + switch (Opts.AnalysisConstraintsOpt) { + default: + llvm_unreachable("Unknown constraint manager."); +#define ANALYSIS_CONSTRAINTS(NAME, CMDFLAG, DESC, CREATEFN) \ + case NAME##Model: CreateConstraintMgr = CREATEFN; break; +#include "clang/StaticAnalyzer/Core/Analyses.def" + } + } + + void DisplayTime(llvm::TimeRecord &Time) { + if (!Opts.AnalyzerDisplayProgress) { + return; + } + llvm::errs() << " : " << llvm::format("%1.1f", Time.getWallTime() * 1000) + << " ms\n"; + } + + void DisplayFunction(const Decl *D, AnalysisMode Mode, + ExprEngine::InliningModes IMode) { + if (!Opts.AnalyzerDisplayProgress) + return; + + SourceManager &SM = Mgr->getASTContext().getSourceManager(); + PresumedLoc Loc = SM.getPresumedLoc(D->getLocation()); + if (Loc.isValid()) { + llvm::errs() << "ANALYZE"; + + if (Mode == AM_Syntax) + llvm::errs() << " (Syntax)"; + else if (Mode == AM_Path) { + llvm::errs() << " (Path, "; + switch (IMode) { + case ExprEngine::Inline_Minimal: + llvm::errs() << " Inline_Minimal"; + break; + case ExprEngine::Inline_Regular: + llvm::errs() << " Inline_Regular"; + break; + } + llvm::errs() << ")"; + } else + assert(Mode == (AM_Syntax | AM_Path) && "Unexpected mode!"); + + llvm::errs() << ": " << Loc.getFilename() << ' ' + << AnalysisDeclContext::getFunctionName(D); + } + } + + void Initialize(ASTContext &Context) override { + Ctx = &Context; + checkerMgr = std::make_unique<CheckerManager>(*Ctx, Opts, PP, Plugins, + CheckerRegistrationFns); + + Mgr = std::make_unique<AnalysisManager>(*Ctx, PP, PathConsumers, + CreateStoreMgr, CreateConstraintMgr, + checkerMgr.get(), Opts, Injector); + } + + /// Store the top level decls in the set to be processed later on. + /// (Doing this pre-processing avoids deserialization of data from PCH.) + bool HandleTopLevelDecl(DeclGroupRef D) override; + void HandleTopLevelDeclInObjCContainer(DeclGroupRef D) override; + + void HandleTranslationUnit(ASTContext &C) override; + + /// Determine which inlining mode should be used when this function is + /// analyzed. This allows to redefine the default inlining policies when + /// analyzing a given function. + ExprEngine::InliningModes + getInliningModeForFunction(const Decl *D, const SetOfConstDecls &Visited); + + /// Build the call graph for all the top level decls of this TU and + /// use it to define the order in which the functions should be visited. + void HandleDeclsCallGraph(const unsigned LocalTUDeclsSize); + + /// Run analyzes(syntax or path sensitive) on the given function. + /// \param Mode - determines if we are requesting syntax only or path + /// sensitive only analysis. + /// \param VisitedCallees - The output parameter, which is populated with the + /// set of functions which should be considered analyzed after analyzing the + /// given root function. + void HandleCode(Decl *D, AnalysisMode Mode, + ExprEngine::InliningModes IMode = ExprEngine::Inline_Minimal, + SetOfConstDecls *VisitedCallees = nullptr); + + void RunPathSensitiveChecks(Decl *D, + ExprEngine::InliningModes IMode, + SetOfConstDecls *VisitedCallees); + + /// Visitors for the RecursiveASTVisitor. + bool shouldWalkTypesOfTypeLocs() const { return false; } + + /// Handle callbacks for arbitrary Decls. + bool VisitDecl(Decl *D) { + AnalysisMode Mode = getModeForDecl(D, RecVisitorMode); + if (Mode & AM_Syntax) { + if (SyntaxCheckTimer) + SyntaxCheckTimer->startTimer(); + checkerMgr->runCheckersOnASTDecl(D, *Mgr, *RecVisitorBR); + if (SyntaxCheckTimer) + SyntaxCheckTimer->stopTimer(); + } + return true; + } + + bool VisitVarDecl(VarDecl *VD) { + if (!Opts.IsNaiveCTUEnabled) + return true; + + if (VD->hasExternalStorage() || VD->isStaticDataMember()) { + if (!cross_tu::shouldImport(VD, *Ctx)) + return true; + } else { + // Cannot be initialized in another TU. + return true; + } + + if (VD->getAnyInitializer()) + return true; + + llvm::Expected<const VarDecl *> CTUDeclOrError = + CTU.getCrossTUDefinition(VD, Opts.CTUDir, Opts.CTUIndexName, + Opts.DisplayCTUProgress); + + if (!CTUDeclOrError) { + handleAllErrors(CTUDeclOrError.takeError(), + [&](const cross_tu::IndexError &IE) { + CTU.emitCrossTUDiagnostics(IE); + }); + } + + return true; + } + + bool VisitFunctionDecl(FunctionDecl *FD) { + IdentifierInfo *II = FD->getIdentifier(); + if (II && II->getName().starts_with("__inline")) + return true; + + // We skip function template definitions, as their semantics is + // only determined when they are instantiated. + if (FD->isThisDeclarationADefinition() && + !FD->isDependentContext()) { + assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); + HandleCode(FD, RecVisitorMode); + } + return true; + } + + bool VisitObjCMethodDecl(ObjCMethodDecl *MD) { + if (MD->isThisDeclarationADefinition()) { + assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); + HandleCode(MD, RecVisitorMode); + } + return true; + } + + bool VisitBlockDecl(BlockDecl *BD) { + if (BD->hasBody()) { + assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); + // Since we skip function template definitions, we should skip blocks + // declared in those functions as well. + if (!BD->isDependentContext()) { + HandleCode(BD, RecVisitorMode); + } + } + return true; + } + + void AddDiagnosticConsumer(PathDiagnosticConsumer *Consumer) override { + PathConsumers.push_back(Consumer); + } + + void AddCheckerRegistrationFn(std::function<void(CheckerRegistry&)> Fn) override { + CheckerRegistrationFns.push_back(std::move(Fn)); + } + +private: + void storeTopLevelDecls(DeclGroupRef DG); + + /// Check if we should skip (not analyze) the given function. + AnalysisMode getModeForDecl(Decl *D, AnalysisMode Mode); + void runAnalysisOnTranslationUnit(ASTContext &C); + + /// Print \p S to stderr if \c Opts.AnalyzerDisplayProgress is set. + void reportAnalyzerProgress(StringRef S); +}; // namespace +} // end anonymous namespace + + +//===----------------------------------------------------------------------===// +// AnalysisConsumer implementation. +//===----------------------------------------------------------------------===// +bool AnalysisConsumer::HandleTopLevelDecl(DeclGroupRef DG) { + storeTopLevelDecls(DG); + return true; +} + +void AnalysisConsumer::HandleTopLevelDeclInObjCContainer(DeclGroupRef DG) { + storeTopLevelDecls(DG); +} + +void AnalysisConsumer::storeTopLevelDecls(DeclGroupRef DG) { + for (auto &I : DG) { + + // Skip ObjCMethodDecl, wait for the objc container to avoid + // analyzing twice. + if (isa<ObjCMethodDecl>(I)) + continue; + + LocalTUDecls.push_back(I); + } +} + +static bool shouldSkipFunction(const Decl *D, + const SetOfConstDecls &Visited, + const SetOfConstDecls &VisitedAsTopLevel) { + if (VisitedAsTopLevel.count(D)) + return true; + + // Skip analysis of inheriting constructors as top-level functions. These + // constructors don't even have a body written down in the code, so even if + // we find a bug, we won't be able to display it. + if (const auto *CD = dyn_cast<CXXConstructorDecl>(D)) + if (CD->isInheritingConstructor()) + return true; + + // We want to re-analyse the functions as top level in the following cases: + // - The 'init' methods should be reanalyzed because + // ObjCNonNilReturnValueChecker assumes that '[super init]' never returns + // 'nil' and unless we analyze the 'init' functions as top level, we will + // not catch errors within defensive code. + // - We want to reanalyze all ObjC methods as top level to report Retain + // Count naming convention errors more aggressively. + if (isa<ObjCMethodDecl>(D)) + return false; + // We also want to reanalyze all C++ copy and move assignment operators to + // separately check the two cases where 'this' aliases with the parameter and + // where it may not. (cplusplus.SelfAssignmentChecker) + if (const auto *MD = dyn_cast<CXXMethodDecl>(D)) { + if (MD->isCopyAssignmentOperator() || MD->isMoveAssignmentOperator()) + return false; + } + + // Otherwise, if we visited the function before, do not reanalyze it. + return Visited.count(D); +} + +ExprEngine::InliningModes +AnalysisConsumer::getInliningModeForFunction(const Decl *D, + const SetOfConstDecls &Visited) { + // We want to reanalyze all ObjC methods as top level to report Retain + // Count naming convention errors more aggressively. But we should tune down + // inlining when reanalyzing an already inlined function. + if (Visited.count(D) && isa<ObjCMethodDecl>(D)) { + const ObjCMethodDecl *ObjCM = cast<ObjCMethodDecl>(D); + if (ObjCM->getMethodFamily() != OMF_init) + return ExprEngine::Inline_Minimal; + } + + return ExprEngine::Inline_Regular; +} + +void AnalysisConsumer::HandleDeclsCallGraph(const unsigned LocalTUDeclsSize) { + // Build the Call Graph by adding all the top level declarations to the graph. + // Note: CallGraph can trigger deserialization of more items from a pch + // (though HandleInterestingDecl); triggering additions to LocalTUDecls. + // We rely on random access to add the initially processed Decls to CG. + CallGraph CG; + for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { + CG.addToCallGraph(LocalTUDecls[i]); + } + + // Walk over all of the call graph nodes in topological order, so that we + // analyze parents before the children. Skip the functions inlined into + // the previously processed functions. Use external Visited set to identify + // inlined functions. The topological order allows the "do not reanalyze + // previously inlined function" performance heuristic to be triggered more + // often. + SetOfConstDecls Visited; + SetOfConstDecls VisitedAsTopLevel; + llvm::ReversePostOrderTraversal<clang::CallGraph*> RPOT(&CG); + for (auto &N : RPOT) { + NumFunctionTopLevel++; + + Decl *D = N->getDecl(); + + // Skip the abstract root node. + if (!D) + continue; + + // Skip the functions which have been processed already or previously + // inlined. + if (shouldSkipFunction(D, Visited, VisitedAsTopLevel)) + continue; + + // The CallGraph might have declarations as callees. However, during CTU + // the declaration might form a declaration chain with the newly imported + // definition from another TU. In this case we don't want to analyze the + // function definition as toplevel. + if (const auto *FD = dyn_cast<FunctionDecl>(D)) { + // Calling 'hasBody' replaces 'FD' in place with the FunctionDecl + // that has the body. + FD->hasBody(FD); + if (CTU.isImportedAsNew(FD)) + continue; + } + + // Analyze the function. + SetOfConstDecls VisitedCallees; + + HandleCode(D, AM_Path, getInliningModeForFunction(D, Visited), + (Mgr->options.InliningMode == All ? nullptr : &VisitedCallees)); + + // Add the visited callees to the global visited set. + for (const Decl *Callee : VisitedCallees) + // Decls from CallGraph are already canonical. But Decls coming from + // CallExprs may be not. We should canonicalize them manually. + Visited.insert(isa<ObjCMethodDecl>(Callee) ? Callee + : Callee->getCanonicalDecl()); + VisitedAsTopLevel.insert(D); + } +} + +static bool fileContainsString(StringRef Substring, ASTContext &C) { + const SourceManager &SM = C.getSourceManager(); + FileID FID = SM.getMainFileID(); + StringRef Buffer = SM.getBufferOrFake(FID).getBuffer(); + return Buffer.contains(Substring); +} + +static void reportAnalyzerFunctionMisuse(const AnalyzerOptions &Opts, + const ASTContext &Ctx) { + llvm::errs() << "Every top-level function was skipped.\n"; + + if (!Opts.AnalyzerDisplayProgress) + llvm::errs() << "Pass the -analyzer-display-progress for tracking which " + "functions are analyzed.\n"; + + bool HasBrackets = + Opts.AnalyzeSpecificFunction.find("(") != std::string::npos; + + if (Ctx.getLangOpts().CPlusPlus && !HasBrackets) { + llvm::errs() + << "For analyzing C++ code you need to pass the function parameter " + "list: -analyze-function=\"foobar(int, _Bool)\"\n"; + } else if (!Ctx.getLangOpts().CPlusPlus && HasBrackets) { + llvm::errs() << "For analyzing C code you shouldn't pass the function " + "parameter list, only the name of the function: " + "-analyze-function=foobar\n"; + } +} + +void AnalysisConsumer::runAnalysisOnTranslationUnit(ASTContext &C) { + BugReporter BR(*Mgr); + const TranslationUnitDecl *TU = C.getTranslationUnitDecl(); + BR.setAnalysisEntryPoint(TU); + if (SyntaxCheckTimer) + SyntaxCheckTimer->startTimer(); + checkerMgr->runCheckersOnASTDecl(TU, *Mgr, BR); + if (SyntaxCheckTimer) + SyntaxCheckTimer->stopTimer(); + + // Run the AST-only checks using the order in which functions are defined. + // If inlining is not turned on, use the simplest function order for path + // sensitive analyzes as well. + RecVisitorMode = AM_Syntax; + if (!Mgr->shouldInlineCall()) + RecVisitorMode |= AM_Path; + RecVisitorBR = &BR; + + // Process all the top level declarations. + // + // Note: TraverseDecl may modify LocalTUDecls, but only by appending more + // entries. Thus we don't use an iterator, but rely on LocalTUDecls + // random access. By doing so, we automatically compensate for iterators + // possibly being invalidated, although this is a bit slower. + const unsigned LocalTUDeclsSize = LocalTUDecls.size(); + for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { + TraverseDecl(LocalTUDecls[i]); + } + + if (Mgr->shouldInlineCall()) + HandleDeclsCallGraph(LocalTUDeclsSize); + + // After all decls handled, run checkers on the entire TranslationUnit. + checkerMgr->runCheckersOnEndOfTranslationUnit(TU, *Mgr, BR); + + BR.FlushReports(); + RecVisitorBR = nullptr; + + // If the user wanted to analyze a specific function and the number of basic + // blocks analyzed is zero, than the user might not specified the function + // name correctly. + // FIXME: The user might have analyzed the requested function in Syntax mode, + // but we are unaware of that. + if (!Opts.AnalyzeSpecificFunction.empty() && NumFunctionsAnalyzed == 0) + reportAnalyzerFunctionMisuse(Opts, *Ctx); +} + +void AnalysisConsumer::reportAnalyzerProgress(StringRef S) { + if (Opts.AnalyzerDisplayProgress) + llvm::errs() << S; +} + +void AnalysisConsumer::HandleTranslationUnit(ASTContext &C) { + // Don't run the actions if an error has occurred with parsing the file. + DiagnosticsEngine &Diags = PP.getDiagnostics(); + if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred()) + return; + + // Explicitly destroy the PathDiagnosticConsumer. This will flush its output. + // FIXME: This should be replaced with something that doesn't rely on + // side-effects in PathDiagnosticConsumer's destructor. This is required when + // used with option -disable-free. + const auto DiagFlusherScopeExit = + llvm::make_scope_exit([this] { Mgr.reset(); }); + + if (Opts.ShouldIgnoreBisonGeneratedFiles && + fileContainsString("/* A Bison parser, made by", C)) { + reportAnalyzerProgress("Skipping bison-generated file\n"); + return; + } + + if (Opts.ShouldIgnoreFlexGeneratedFiles && + fileContainsString("/* A lexical scanner generated by flex", C)) { + reportAnalyzerProgress("Skipping flex-generated file\n"); + return; + } + + // Don't analyze if the user explicitly asked for no checks to be performed + // on this file. + if (Opts.DisableAllCheckers) { + reportAnalyzerProgress("All checks are disabled using a supplied option\n"); + return; + } + + // Otherwise, just run the analysis. + runAnalysisOnTranslationUnit(C); + + // Count how many basic blocks we have not covered. + NumBlocksInAnalyzedFunctions = FunctionSummaries.getTotalNumBasicBlocks(); + NumVisitedBlocksInAnalyzedFunctions = + FunctionSummaries.getTotalNumVisitedBasicBlocks(); + if (NumBlocksInAnalyzedFunctions > 0) + PercentReachableBlocks = + (FunctionSummaries.getTotalNumVisitedBasicBlocks() * 100) / + NumBlocksInAnalyzedFunctions; +} + +AnalysisConsumer::AnalysisMode +AnalysisConsumer::getModeForDecl(Decl *D, AnalysisMode Mode) { + if (!Opts.AnalyzeSpecificFunction.empty() && + AnalysisDeclContext::getFunctionName(D) != Opts.AnalyzeSpecificFunction) + return AM_None; + + // Unless -analyze-all is specified, treat decls differently depending on + // where they came from: + // - Main source file: run both path-sensitive and non-path-sensitive checks. + // - Header files: run non-path-sensitive checks only. + // - System headers: don't run any checks. + if (Opts.AnalyzeAll) + return Mode; + + const SourceManager &SM = Ctx->getSourceManager(); + + const SourceLocation Loc = [&SM](Decl *D) -> SourceLocation { + const Stmt *Body = D->getBody(); + SourceLocation SL = Body ? Body->getBeginLoc() : D->getLocation(); + return SM.getExpansionLoc(SL); + }(D); + + // Ignore system headers. + if (Loc.isInvalid() || SM.isInSystemHeader(Loc)) + return AM_None; + + // Disable path sensitive analysis in user-headers. + if (!Mgr->isInCodeFile(Loc)) + return Mode & ~AM_Path; + + return Mode; +} + +void AnalysisConsumer::HandleCode(Decl *D, AnalysisMode Mode, + ExprEngine::InliningModes IMode, + SetOfConstDecls *VisitedCallees) { + if (!D->hasBody()) + return; + Mode = getModeForDecl(D, Mode); + if (Mode == AM_None) + return; + + // Clear the AnalysisManager of old AnalysisDeclContexts. + Mgr->ClearContexts(); + // Ignore autosynthesized code. + if (Mgr->getAnalysisDeclContext(D)->isBodyAutosynthesized()) + return; + + CFG *DeclCFG = Mgr->getCFG(D); + if (DeclCFG) + MaxCFGSize.updateMax(DeclCFG->size()); + + DisplayFunction(D, Mode, IMode); + BugReporter BR(*Mgr); + BR.setAnalysisEntryPoint(D); + + if (Mode & AM_Syntax) { + llvm::TimeRecord CheckerStartTime; + if (SyntaxCheckTimer) { + CheckerStartTime = SyntaxCheckTimer->getTotalTime(); + SyntaxCheckTimer->startTimer(); + } + checkerMgr->runCheckersOnASTBody(D, *Mgr, BR); + if (SyntaxCheckTimer) { + SyntaxCheckTimer->stopTimer(); + llvm::TimeRecord CheckerEndTime = SyntaxCheckTimer->getTotalTime(); + CheckerEndTime -= CheckerStartTime; + DisplayTime(CheckerEndTime); + } + } + + BR.FlushReports(); + + if ((Mode & AM_Path) && checkerMgr->hasPathSensitiveCheckers()) { + RunPathSensitiveChecks(D, IMode, VisitedCallees); + if (IMode != ExprEngine::Inline_Minimal) + NumFunctionsAnalyzed++; + } +} + +//===----------------------------------------------------------------------===// +// Path-sensitive checking. +//===----------------------------------------------------------------------===// + +void AnalysisConsumer::RunPathSensitiveChecks(Decl *D, + ExprEngine::InliningModes IMode, + SetOfConstDecls *VisitedCallees) { + // Construct the analysis engine. First check if the CFG is valid. + // FIXME: Inter-procedural analysis will need to handle invalid CFGs. + if (!Mgr->getCFG(D)) + return; + + // See if the LiveVariables analysis scales. + if (!Mgr->getAnalysisDeclContext(D)->getAnalysis<RelaxedLiveVariables>()) + return; + + ExprEngine Eng(CTU, *Mgr, VisitedCallees, &FunctionSummaries, IMode); + + // Execute the worklist algorithm. + llvm::TimeRecord ExprEngineStartTime; + if (ExprEngineTimer) { + ExprEngineStartTime = ExprEngineTimer->getTotalTime(); + ExprEngineTimer->startTimer(); + } + Eng.ExecuteWorkList(Mgr->getAnalysisDeclContextManager().getStackFrame(D), + Mgr->options.MaxNodesPerTopLevelFunction); + if (ExprEngineTimer) { + ExprEngineTimer->stopTimer(); + llvm::TimeRecord ExprEngineEndTime = ExprEngineTimer->getTotalTime(); + ExprEngineEndTime -= ExprEngineStartTime; + DisplayTime(ExprEngineEndTime); + } + + if (!Mgr->options.DumpExplodedGraphTo.empty()) + Eng.DumpGraph(Mgr->options.TrimGraph, Mgr->options.DumpExplodedGraphTo); + + // Visualize the exploded graph. + if (Mgr->options.visualizeExplodedGraphWithGraphViz) + Eng.ViewGraph(Mgr->options.TrimGraph); + + // Display warnings. + if (BugReporterTimer) + BugReporterTimer->startTimer(); + Eng.getBugReporter().FlushReports(); + if (BugReporterTimer) + BugReporterTimer->stopTimer(); +} + +//===----------------------------------------------------------------------===// +// AnalysisConsumer creation. +//===----------------------------------------------------------------------===// + +std::unique_ptr<AnalysisASTConsumer> +ento::CreateAnalysisConsumer(CompilerInstance &CI) { + // Disable the effects of '-Werror' when using the AnalysisConsumer. + CI.getPreprocessor().getDiagnostics().setWarningsAsErrors(false); + + AnalyzerOptions &analyzerOpts = CI.getAnalyzerOpts(); + bool hasModelPath = analyzerOpts.Config.count("model-path") > 0; + + return std::make_unique<AnalysisConsumer>( + CI, CI.getFrontendOpts().OutputFile, analyzerOpts, + CI.getFrontendOpts().Plugins, + hasModelPath ? new ModelInjector(CI) : nullptr); +} diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalyzerHelpFlags.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalyzerHelpFlags.cpp new file mode 100644 index 000000000000..ea75c794f0b7 --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalyzerHelpFlags.cpp @@ -0,0 +1,112 @@ +//===--- CheckerRegistration.cpp - Registration for the Analyzer Checkers -===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Defines the registration function for the analyzer checkers. +// +//===----------------------------------------------------------------------===// + +#include "clang/StaticAnalyzer/Frontend/AnalyzerHelpFlags.h" +#include "clang/Basic/Diagnostic.h" +#include "clang/Frontend/CompilerInstance.h" +#include "clang/Frontend/FrontendDiagnostic.h" +#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" +#include "clang/StaticAnalyzer/Core/CheckerManager.h" +#include "clang/StaticAnalyzer/Frontend/CheckerRegistry.h" +#include "clang/StaticAnalyzer/Frontend/FrontendActions.h" +#include "llvm/ADT/SmallVector.h" +#include "llvm/Support/raw_ostream.h" +#include <memory> + +using namespace clang; +using namespace ento; + +void ento::printCheckerHelp(raw_ostream &out, CompilerInstance &CI) { + out << "OVERVIEW: Clang Static Analyzer Checkers List\n\n"; + out << "USAGE: -analyzer-checker <CHECKER or PACKAGE,...>\n\n"; + + auto CheckerMgr = std::make_unique<CheckerManager>( + CI.getAnalyzerOpts(), CI.getLangOpts(), CI.getDiagnostics(), + CI.getFrontendOpts().Plugins); + + CheckerMgr->getCheckerRegistryData().printCheckerWithDescList( + CI.getAnalyzerOpts(), out); +} + +void ento::printEnabledCheckerList(raw_ostream &out, CompilerInstance &CI) { + out << "OVERVIEW: Clang Static Analyzer Enabled Checkers List\n\n"; + + auto CheckerMgr = std::make_unique<CheckerManager>( + CI.getAnalyzerOpts(), CI.getLangOpts(), CI.getDiagnostics(), + CI.getFrontendOpts().Plugins); + + CheckerMgr->getCheckerRegistryData().printEnabledCheckerList(out); +} + +void ento::printCheckerConfigList(raw_ostream &out, CompilerInstance &CI) { + + auto CheckerMgr = std::make_unique<CheckerManager>( + CI.getAnalyzerOpts(), CI.getLangOpts(), CI.getDiagnostics(), + CI.getFrontendOpts().Plugins); + + CheckerMgr->getCheckerRegistryData().printCheckerOptionList( + CI.getAnalyzerOpts(), out); +} + +void ento::printAnalyzerConfigList(raw_ostream &out) { + // FIXME: This message sounds scary, should be scary, but incorrectly states + // that all configs are super dangerous. In reality, many of them should be + // accessible to the user. We should create a user-facing subset of config + // options under a different frontend flag. + out << R"( +OVERVIEW: Clang Static Analyzer -analyzer-config Option List + +The following list of configurations are meant for development purposes only, as +some of the variables they define are set to result in the most optimal +analysis. Setting them to other values may drastically change how the analyzer +behaves, and may even result in instabilities, crashes! + +USAGE: -analyzer-config <OPTION1=VALUE,OPTION2=VALUE,...> + -analyzer-config OPTION1=VALUE, -analyzer-config OPTION2=VALUE, ... +OPTIONS: +)"; + + using OptionAndDescriptionTy = std::pair<StringRef, std::string>; + OptionAndDescriptionTy PrintableOptions[] = { +#define ANALYZER_OPTION(TYPE, NAME, CMDFLAG, DESC, DEFAULT_VAL) \ + { \ + CMDFLAG, \ + llvm::Twine(llvm::Twine() + "(" + \ + (StringRef(#TYPE) == "StringRef" ? "string" : #TYPE ) + \ + ") " DESC \ + " (default: " #DEFAULT_VAL ")").str() \ + }, + +#define ANALYZER_OPTION_DEPENDS_ON_USER_MODE(TYPE, NAME, CMDFLAG, DESC, \ + SHALLOW_VAL, DEEP_VAL) \ + { \ + CMDFLAG, \ + llvm::Twine(llvm::Twine() + "(" + \ + (StringRef(#TYPE) == "StringRef" ? "string" : #TYPE ) + \ + ") " DESC \ + " (default: " #SHALLOW_VAL " in shallow mode, " #DEEP_VAL \ + " in deep mode)").str() \ + }, +#include "clang/StaticAnalyzer/Core/AnalyzerOptions.def" +#undef ANALYZER_OPTION +#undef ANALYZER_OPTION_DEPENDS_ON_USER_MODE + }; + + llvm::sort(PrintableOptions, llvm::less_first()); + + for (const auto &Pair : PrintableOptions) { + AnalyzerOptions::printFormattedEntry(out, Pair, /*InitialPad*/ 2, + /*EntryWidth*/ 30, + /*MinLineWidth*/ 70); + out << "\n\n"; + } +} diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/CheckerRegistry.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/CheckerRegistry.cpp new file mode 100644 index 000000000000..317df90a7781 --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/CheckerRegistry.cpp @@ -0,0 +1,527 @@ +//===- CheckerRegistry.cpp - Maintains all available checkers -------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "clang/StaticAnalyzer/Frontend/CheckerRegistry.h" +#include "clang/Basic/Diagnostic.h" +#include "clang/Basic/LLVM.h" +#include "clang/Driver/DriverDiagnostic.h" +#include "clang/Frontend/FrontendDiagnostic.h" +#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" +#include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" +#include "clang/StaticAnalyzer/Core/CheckerManager.h" +#include "llvm/ADT/STLExtras.h" +#include "llvm/ADT/StringMap.h" +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/DynamicLibrary.h" +#include "llvm/Support/Path.h" +#include "llvm/Support/raw_ostream.h" +#include <algorithm> + +using namespace clang; +using namespace ento; +using namespace checker_registry; +using llvm::sys::DynamicLibrary; + +//===----------------------------------------------------------------------===// +// Utilities. +//===----------------------------------------------------------------------===// + +static bool isCompatibleAPIVersion(const char *VersionString) { + // If the version string is null, its not an analyzer plugin. + if (!VersionString) + return false; + + // For now, none of the static analyzer API is considered stable. + // Versions must match exactly. + return strcmp(VersionString, CLANG_ANALYZER_API_VERSION_STRING) == 0; +} + +static constexpr char PackageSeparator = '.'; + +//===----------------------------------------------------------------------===// +// Methods of CheckerRegistry. +//===----------------------------------------------------------------------===// + +CheckerRegistry::CheckerRegistry( + CheckerRegistryData &Data, ArrayRef<std::string> Plugins, + DiagnosticsEngine &Diags, AnalyzerOptions &AnOpts, + ArrayRef<std::function<void(CheckerRegistry &)>> CheckerRegistrationFns) + : Data(Data), Diags(Diags), AnOpts(AnOpts) { + + // Register builtin checkers. +#define GET_CHECKERS +#define CHECKER(FULLNAME, CLASS, HELPTEXT, DOC_URI, IS_HIDDEN) \ + addChecker(register##CLASS, shouldRegister##CLASS, FULLNAME, HELPTEXT, \ + DOC_URI, IS_HIDDEN); + +#define GET_PACKAGES +#define PACKAGE(FULLNAME) addPackage(FULLNAME); + +#include "clang/StaticAnalyzer/Checkers/Checkers.inc" +#undef CHECKER +#undef GET_CHECKERS +#undef PACKAGE +#undef GET_PACKAGES + + // Register checkers from plugins. + for (const std::string &Plugin : Plugins) { + // Get access to the plugin. + std::string ErrorMsg; + DynamicLibrary Lib = + DynamicLibrary::getPermanentLibrary(Plugin.c_str(), &ErrorMsg); + if (!Lib.isValid()) { + Diags.Report(diag::err_fe_unable_to_load_plugin) << Plugin << ErrorMsg; + continue; + } + + // See if its compatible with this build of clang. + const char *PluginAPIVersion = static_cast<const char *>( + Lib.getAddressOfSymbol("clang_analyzerAPIVersionString")); + + if (!isCompatibleAPIVersion(PluginAPIVersion)) { + Diags.Report(diag::warn_incompatible_analyzer_plugin_api) + << llvm::sys::path::filename(Plugin); + Diags.Report(diag::note_incompatible_analyzer_plugin_api) + << CLANG_ANALYZER_API_VERSION_STRING << PluginAPIVersion; + continue; + } + + using RegisterPluginCheckerFn = void (*)(CheckerRegistry &); + // Register its checkers. + RegisterPluginCheckerFn RegisterPluginCheckers = + reinterpret_cast<RegisterPluginCheckerFn>( + Lib.getAddressOfSymbol("clang_registerCheckers")); + if (RegisterPluginCheckers) + RegisterPluginCheckers(*this); + } + + // Register statically linked checkers, that aren't generated from the tblgen + // file, but rather passed their registry function as a parameter in + // checkerRegistrationFns. + + for (const auto &Fn : CheckerRegistrationFns) + Fn(*this); + + // Sort checkers for efficient collection. + // FIXME: Alphabetical sort puts 'experimental' in the middle. + // Would it be better to name it '~experimental' or something else + // that's ASCIIbetically last? + llvm::sort(Data.Packages, checker_registry::PackageNameLT{}); + llvm::sort(Data.Checkers, checker_registry::CheckerNameLT{}); + +#define GET_CHECKER_DEPENDENCIES + +#define CHECKER_DEPENDENCY(FULLNAME, DEPENDENCY) \ + addDependency(FULLNAME, DEPENDENCY); + +#define GET_CHECKER_WEAK_DEPENDENCIES + +#define CHECKER_WEAK_DEPENDENCY(FULLNAME, DEPENDENCY) \ + addWeakDependency(FULLNAME, DEPENDENCY); + +#define GET_CHECKER_OPTIONS +#define CHECKER_OPTION(TYPE, FULLNAME, CMDFLAG, DESC, DEFAULT_VAL, \ + DEVELOPMENT_STATUS, IS_HIDDEN) \ + addCheckerOption(TYPE, FULLNAME, CMDFLAG, DEFAULT_VAL, DESC, \ + DEVELOPMENT_STATUS, IS_HIDDEN); + +#define GET_PACKAGE_OPTIONS +#define PACKAGE_OPTION(TYPE, FULLNAME, CMDFLAG, DESC, DEFAULT_VAL, \ + DEVELOPMENT_STATUS, IS_HIDDEN) \ + addPackageOption(TYPE, FULLNAME, CMDFLAG, DEFAULT_VAL, DESC, \ + DEVELOPMENT_STATUS, IS_HIDDEN); + +#include "clang/StaticAnalyzer/Checkers/Checkers.inc" +#undef CHECKER_DEPENDENCY +#undef GET_CHECKER_DEPENDENCIES +#undef CHECKER_WEAK_DEPENDENCY +#undef GET_CHECKER_WEAK_DEPENDENCIES +#undef CHECKER_OPTION +#undef GET_CHECKER_OPTIONS +#undef PACKAGE_OPTION +#undef GET_PACKAGE_OPTIONS + + resolveDependencies<true>(); + resolveDependencies<false>(); + +#ifndef NDEBUG + for (auto &DepPair : Data.Dependencies) { + for (auto &WeakDepPair : Data.WeakDependencies) { + // Some assertions to enforce that strong dependencies are relations in + // between purely modeling checkers, and weak dependencies are about + // diagnostics. + assert(WeakDepPair != DepPair && + "A checker cannot strong and weak depend on the same checker!"); + assert(WeakDepPair.first != DepPair.second && + "A strong dependency mustn't have weak dependencies!"); + assert(WeakDepPair.second != DepPair.second && + "A strong dependency mustn't be a weak dependency as well!"); + } + } +#endif + + resolveCheckerAndPackageOptions(); + + // Parse '-analyzer-checker' and '-analyzer-disable-checker' options from the + // command line. + for (const std::pair<std::string, bool> &Opt : AnOpts.CheckersAndPackages) { + CheckerInfoListRange CheckerForCmdLineArg = + Data.getMutableCheckersForCmdLineArg(Opt.first); + + if (CheckerForCmdLineArg.begin() == CheckerForCmdLineArg.end()) { + Diags.Report(diag::err_unknown_analyzer_checker_or_package) << Opt.first; + Diags.Report(diag::note_suggest_disabling_all_checkers); + } + + for (CheckerInfo &checker : CheckerForCmdLineArg) { + checker.State = Opt.second ? StateFromCmdLine::State_Enabled + : StateFromCmdLine::State_Disabled; + } + } + validateCheckerOptions(); +} + +//===----------------------------------------------------------------------===// +// Dependency resolving. +//===----------------------------------------------------------------------===// + +template <typename IsEnabledFn> +static bool collectStrongDependencies(const ConstCheckerInfoList &Deps, + const CheckerManager &Mgr, + CheckerInfoSet &Ret, + IsEnabledFn IsEnabled); + +/// Collects weak dependencies in \p enabledData.Checkers. +template <typename IsEnabledFn> +static void collectWeakDependencies(const ConstCheckerInfoList &Deps, + const CheckerManager &Mgr, + CheckerInfoSet &Ret, IsEnabledFn IsEnabled); + +void CheckerRegistry::initializeRegistry(const CheckerManager &Mgr) { + // First, we calculate the list of enabled checkers as specified by the + // invocation. Weak dependencies will not enable their unspecified strong + // depenencies, but its only after resolving strong dependencies for all + // checkers when we know whether they will be enabled. + CheckerInfoSet Tmp; + auto IsEnabledFromCmdLine = [&](const CheckerInfo *Checker) { + return !Checker->isDisabled(Mgr); + }; + for (const CheckerInfo &Checker : Data.Checkers) { + if (!Checker.isEnabled(Mgr)) + continue; + + CheckerInfoSet Deps; + if (!collectStrongDependencies(Checker.Dependencies, Mgr, Deps, + IsEnabledFromCmdLine)) { + // If we failed to enable any of the dependencies, don't enable this + // checker. + continue; + } + + Tmp.insert(Deps.begin(), Deps.end()); + + // Enable the checker. + Tmp.insert(&Checker); + } + + // Calculate enabled checkers with the correct registration order. As this is + // done recursively, its arguably cheaper, but for sure less error prone to + // recalculate from scratch. + auto IsEnabled = [&](const CheckerInfo *Checker) { + return Tmp.contains(Checker); + }; + for (const CheckerInfo &Checker : Data.Checkers) { + if (!Checker.isEnabled(Mgr)) + continue; + + CheckerInfoSet Deps; + + collectWeakDependencies(Checker.WeakDependencies, Mgr, Deps, IsEnabled); + + if (!collectStrongDependencies(Checker.Dependencies, Mgr, Deps, + IsEnabledFromCmdLine)) { + // If we failed to enable any of the dependencies, don't enable this + // checker. + continue; + } + + // Note that set_union also preserves the order of insertion. + Data.EnabledCheckers.set_union(Deps); + Data.EnabledCheckers.insert(&Checker); + } +} + +template <typename IsEnabledFn> +static bool collectStrongDependencies(const ConstCheckerInfoList &Deps, + const CheckerManager &Mgr, + CheckerInfoSet &Ret, + IsEnabledFn IsEnabled) { + + for (const CheckerInfo *Dependency : Deps) { + if (!IsEnabled(Dependency)) + return false; + + // Collect dependencies recursively. + if (!collectStrongDependencies(Dependency->Dependencies, Mgr, Ret, + IsEnabled)) + return false; + Ret.insert(Dependency); + } + + return true; +} + +template <typename IsEnabledFn> +static void collectWeakDependencies(const ConstCheckerInfoList &WeakDeps, + const CheckerManager &Mgr, + CheckerInfoSet &Ret, + IsEnabledFn IsEnabled) { + + for (const CheckerInfo *Dependency : WeakDeps) { + // Don't enable this checker if strong dependencies are unsatisfied, but + // assume that weak dependencies are transitive. + collectWeakDependencies(Dependency->WeakDependencies, Mgr, Ret, IsEnabled); + + if (IsEnabled(Dependency) && + collectStrongDependencies(Dependency->Dependencies, Mgr, Ret, + IsEnabled)) + Ret.insert(Dependency); + } +} + +template <bool IsWeak> void CheckerRegistry::resolveDependencies() { + for (const std::pair<StringRef, StringRef> &Entry : + (IsWeak ? Data.WeakDependencies : Data.Dependencies)) { + + auto CheckerIt = binaryFind(Data.Checkers, Entry.first); + assert(CheckerIt != Data.Checkers.end() && + CheckerIt->FullName == Entry.first && + "Failed to find the checker while attempting to set up its " + "dependencies!"); + + auto DependencyIt = binaryFind(Data.Checkers, Entry.second); + assert(DependencyIt != Data.Checkers.end() && + DependencyIt->FullName == Entry.second && + "Failed to find the dependency of a checker!"); + + // We do allow diagnostics from unit test/example dependency checkers. + assert((DependencyIt->FullName.starts_with("test") || + DependencyIt->FullName.starts_with("example") || IsWeak || + DependencyIt->IsHidden) && + "Strong dependencies are modeling checkers, and as such " + "non-user facing! Mark them hidden in Checkers.td!"); + + if (IsWeak) + CheckerIt->WeakDependencies.emplace_back(&*DependencyIt); + else + CheckerIt->Dependencies.emplace_back(&*DependencyIt); + } +} + +void CheckerRegistry::addDependency(StringRef FullName, StringRef Dependency) { + Data.Dependencies.emplace_back(FullName, Dependency); +} + +void CheckerRegistry::addWeakDependency(StringRef FullName, + StringRef Dependency) { + Data.WeakDependencies.emplace_back(FullName, Dependency); +} + +//===----------------------------------------------------------------------===// +// Checker option resolving and validating. +//===----------------------------------------------------------------------===// + +/// Insert the checker/package option to AnalyzerOptions' config table, and +/// validate it, if the user supplied it on the command line. +static void insertAndValidate(StringRef FullName, const CmdLineOption &Option, + AnalyzerOptions &AnOpts, + DiagnosticsEngine &Diags) { + + std::string FullOption = (FullName + ":" + Option.OptionName).str(); + + auto It = + AnOpts.Config.insert({FullOption, std::string(Option.DefaultValStr)}); + + // Insertation was successful -- CmdLineOption's constructor will validate + // whether values received from plugins or TableGen files are correct. + if (It.second) + return; + + // Insertion failed, the user supplied this package/checker option on the + // command line. If the supplied value is invalid, we'll restore the option + // to it's default value, and if we're in non-compatibility mode, we'll also + // emit an error. + + StringRef SuppliedValue = It.first->getValue(); + + if (Option.OptionType == "bool") { + if (SuppliedValue != "true" && SuppliedValue != "false") { + if (AnOpts.ShouldEmitErrorsOnInvalidConfigValue) { + Diags.Report(diag::err_analyzer_checker_option_invalid_input) + << FullOption << "a boolean value"; + } + + It.first->setValue(std::string(Option.DefaultValStr)); + } + return; + } + + if (Option.OptionType == "int") { + int Tmp; + bool HasFailed = SuppliedValue.getAsInteger(0, Tmp); + if (HasFailed) { + if (AnOpts.ShouldEmitErrorsOnInvalidConfigValue) { + Diags.Report(diag::err_analyzer_checker_option_invalid_input) + << FullOption << "an integer value"; + } + + It.first->setValue(std::string(Option.DefaultValStr)); + } + return; + } +} + +template <class T> +static void insertOptionToCollection(StringRef FullName, T &Collection, + const CmdLineOption &Option, + AnalyzerOptions &AnOpts, + DiagnosticsEngine &Diags) { + auto It = binaryFind(Collection, FullName); + assert(It != Collection.end() && + "Failed to find the checker while attempting to add a command line " + "option to it!"); + + insertAndValidate(FullName, Option, AnOpts, Diags); + + It->CmdLineOptions.emplace_back(Option); +} + +void CheckerRegistry::resolveCheckerAndPackageOptions() { + for (const std::pair<StringRef, CmdLineOption> &CheckerOptEntry : + Data.CheckerOptions) { + insertOptionToCollection(CheckerOptEntry.first, Data.Checkers, + CheckerOptEntry.second, AnOpts, Diags); + } + + for (const std::pair<StringRef, CmdLineOption> &PackageOptEntry : + Data.PackageOptions) { + insertOptionToCollection(PackageOptEntry.first, Data.Packages, + PackageOptEntry.second, AnOpts, Diags); + } +} + +void CheckerRegistry::addPackage(StringRef FullName) { + Data.Packages.emplace_back(PackageInfo(FullName)); +} + +void CheckerRegistry::addPackageOption(StringRef OptionType, + StringRef PackageFullName, + StringRef OptionName, + StringRef DefaultValStr, + StringRef Description, + StringRef DevelopmentStatus, + bool IsHidden) { + Data.PackageOptions.emplace_back( + PackageFullName, CmdLineOption{OptionType, OptionName, DefaultValStr, + Description, DevelopmentStatus, IsHidden}); +} + +void CheckerRegistry::addChecker(RegisterCheckerFn Rfn, + ShouldRegisterFunction Sfn, StringRef Name, + StringRef Desc, StringRef DocsUri, + bool IsHidden) { + Data.Checkers.emplace_back(Rfn, Sfn, Name, Desc, DocsUri, IsHidden); + + // Record the presence of the checker in its packages. + StringRef PackageName, LeafName; + std::tie(PackageName, LeafName) = Name.rsplit(PackageSeparator); + while (!LeafName.empty()) { + Data.PackageSizes[PackageName] += 1; + std::tie(PackageName, LeafName) = PackageName.rsplit(PackageSeparator); + } +} + +void CheckerRegistry::addCheckerOption(StringRef OptionType, + StringRef CheckerFullName, + StringRef OptionName, + StringRef DefaultValStr, + StringRef Description, + StringRef DevelopmentStatus, + bool IsHidden) { + Data.CheckerOptions.emplace_back( + CheckerFullName, CmdLineOption{OptionType, OptionName, DefaultValStr, + Description, DevelopmentStatus, IsHidden}); +} + +void CheckerRegistry::initializeManager(CheckerManager &CheckerMgr) const { + // Initialize the CheckerManager with all enabled checkers. + for (const auto *Checker : Data.EnabledCheckers) { + CheckerMgr.setCurrentCheckerName(CheckerNameRef(Checker->FullName)); + Checker->Initialize(CheckerMgr); + } +} + +static void isOptionContainedIn(const CmdLineOptionList &OptionList, + StringRef SuppliedChecker, + StringRef SuppliedOption, + const AnalyzerOptions &AnOpts, + DiagnosticsEngine &Diags) { + + if (!AnOpts.ShouldEmitErrorsOnInvalidConfigValue) + return; + + auto SameOptName = [SuppliedOption](const CmdLineOption &Opt) { + return Opt.OptionName == SuppliedOption; + }; + + if (llvm::none_of(OptionList, SameOptName)) { + Diags.Report(diag::err_analyzer_checker_option_unknown) + << SuppliedChecker << SuppliedOption; + return; + } +} + +void CheckerRegistry::validateCheckerOptions() const { + for (const auto &Config : AnOpts.Config) { + + StringRef SuppliedCheckerOrPackage; + StringRef SuppliedOption; + std::tie(SuppliedCheckerOrPackage, SuppliedOption) = + Config.getKey().split(':'); + + if (SuppliedOption.empty()) + continue; + + // AnalyzerOptions' config table contains the user input, so an entry could + // look like this: + // + // cor:NoFalsePositives=true + // + // Since lower_bound would look for the first element *not less* than "cor", + // it would return with an iterator to the first checker in the core, so we + // we really have to use find here, which uses operator==. + auto CheckerIt = + llvm::find(Data.Checkers, CheckerInfo(SuppliedCheckerOrPackage)); + if (CheckerIt != Data.Checkers.end()) { + isOptionContainedIn(CheckerIt->CmdLineOptions, SuppliedCheckerOrPackage, + SuppliedOption, AnOpts, Diags); + continue; + } + + const auto *PackageIt = + llvm::find(Data.Packages, PackageInfo(SuppliedCheckerOrPackage)); + if (PackageIt != Data.Packages.end()) { + isOptionContainedIn(PackageIt->CmdLineOptions, SuppliedCheckerOrPackage, + SuppliedOption, AnOpts, Diags); + continue; + } + + Diags.Report(diag::err_unknown_analyzer_checker_or_package) + << SuppliedCheckerOrPackage; + } +} diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/CreateCheckerManager.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/CreateCheckerManager.cpp new file mode 100644 index 000000000000..21a60785eb52 --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/CreateCheckerManager.cpp @@ -0,0 +1,50 @@ +//===- CheckerManager.h - Static Analyzer Checker Manager -------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Defines the Static Analyzer Checker Manager. +// +//===----------------------------------------------------------------------===// + +#include "clang/StaticAnalyzer/Core/CheckerManager.h" +#include "clang/StaticAnalyzer/Frontend/CheckerRegistry.h" +#include <memory> + +namespace clang { +namespace ento { + +CheckerManager::CheckerManager( + ASTContext &Context, AnalyzerOptions &AOptions, const Preprocessor &PP, + ArrayRef<std::string> plugins, + ArrayRef<std::function<void(CheckerRegistry &)>> checkerRegistrationFns) + : Context(&Context), LangOpts(Context.getLangOpts()), AOptions(AOptions), + PP(&PP), Diags(Context.getDiagnostics()), + RegistryData(std::make_unique<CheckerRegistryData>()) { + CheckerRegistry Registry(*RegistryData, plugins, Context.getDiagnostics(), + AOptions, checkerRegistrationFns); + Registry.initializeRegistry(*this); + Registry.initializeManager(*this); + finishedCheckerRegistration(); +} + +CheckerManager::CheckerManager(AnalyzerOptions &AOptions, + const LangOptions &LangOpts, + DiagnosticsEngine &Diags, + ArrayRef<std::string> plugins) + : LangOpts(LangOpts), AOptions(AOptions), Diags(Diags), + RegistryData(std::make_unique<CheckerRegistryData>()) { + CheckerRegistry Registry(*RegistryData, plugins, Diags, AOptions, {}); + Registry.initializeRegistry(*this); +} + +CheckerManager::~CheckerManager() { + for (const auto &CheckerDtor : CheckerDtors) + CheckerDtor(); +} + +} // namespace ento +} // namespace clang diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/FrontendActions.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/FrontendActions.cpp new file mode 100644 index 000000000000..04fbd0cea46b --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/FrontendActions.cpp @@ -0,0 +1,27 @@ +//===--- FrontendActions.cpp ----------------------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "clang/StaticAnalyzer/Frontend/FrontendActions.h" +#include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h" +#include "clang/StaticAnalyzer/Frontend/ModelConsumer.h" +using namespace clang; +using namespace ento; + +std::unique_ptr<ASTConsumer> +AnalysisAction::CreateASTConsumer(CompilerInstance &CI, StringRef InFile) { + return CreateAnalysisConsumer(CI); +} + +ParseModelFileAction::ParseModelFileAction(llvm::StringMap<Stmt *> &Bodies) + : Bodies(Bodies) {} + +std::unique_ptr<ASTConsumer> +ParseModelFileAction::CreateASTConsumer(CompilerInstance &CI, + StringRef InFile) { + return std::make_unique<ModelConsumer>(Bodies); +} diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelConsumer.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelConsumer.cpp new file mode 100644 index 000000000000..0f1039d81d52 --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelConsumer.cpp @@ -0,0 +1,40 @@ +//===--- ModelConsumer.cpp - ASTConsumer for consuming model files --------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +/// +/// \file +/// This file implements an ASTConsumer for consuming model files. +/// +/// This ASTConsumer handles the AST of a parsed model file. All top level +/// function definitions will be collected from that model file for later +/// retrieval during the static analysis. The body of these functions will not +/// be injected into the ASTUnit of the analyzed translation unit. It will be +/// available through the BodyFarm which is utilized by the AnalysisDeclContext +/// class. +/// +//===----------------------------------------------------------------------===// + +#include "clang/StaticAnalyzer/Frontend/ModelConsumer.h" +#include "clang/AST/Decl.h" +#include "clang/AST/DeclGroup.h" + +using namespace clang; +using namespace ento; + +ModelConsumer::ModelConsumer(llvm::StringMap<Stmt *> &Bodies) + : Bodies(Bodies) {} + +bool ModelConsumer::HandleTopLevelDecl(DeclGroupRef DeclGroup) { + for (const Decl *D : DeclGroup) { + // Only interested in definitions. + const auto *func = llvm::dyn_cast<FunctionDecl>(D); + if (func && func->hasBody()) { + Bodies.insert(std::make_pair(func->getName(), func->getBody())); + } + } + return true; +} diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelInjector.cpp b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelInjector.cpp new file mode 100644 index 000000000000..ae11fbbe32b7 --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelInjector.cpp @@ -0,0 +1,113 @@ +//===-- ModelInjector.cpp ---------------------------------------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// + +#include "ModelInjector.h" +#include "clang/AST/Decl.h" +#include "clang/Basic/IdentifierTable.h" +#include "clang/Basic/LangStandard.h" +#include "clang/Basic/Stack.h" +#include "clang/AST/DeclObjC.h" +#include "clang/Frontend/ASTUnit.h" +#include "clang/Frontend/CompilerInstance.h" +#include "clang/Frontend/FrontendAction.h" +#include "clang/Lex/Preprocessor.h" +#include "clang/Serialization/ASTReader.h" +#include "clang/StaticAnalyzer/Frontend/FrontendActions.h" +#include "llvm/ADT/STLExtras.h" +#include "llvm/Support/CrashRecoveryContext.h" +#include "llvm/Support/FileSystem.h" +#include <utility> + +using namespace clang; +using namespace ento; + +ModelInjector::ModelInjector(CompilerInstance &CI) : CI(CI) {} + +Stmt *ModelInjector::getBody(const FunctionDecl *D) { + onBodySynthesis(D); + return Bodies[D->getName()]; +} + +Stmt *ModelInjector::getBody(const ObjCMethodDecl *D) { + onBodySynthesis(D); + return Bodies[D->getName()]; +} + +void ModelInjector::onBodySynthesis(const NamedDecl *D) { + + // FIXME: what about overloads? Declarations can be used as keys but what + // about file name index? Mangled names may not be suitable for that either. + if (Bodies.count(D->getName()) != 0) + return; + + SourceManager &SM = CI.getSourceManager(); + FileID mainFileID = SM.getMainFileID(); + + llvm::StringRef modelPath = CI.getAnalyzerOpts().ModelPath; + + llvm::SmallString<128> fileName; + + if (!modelPath.empty()) + fileName = + llvm::StringRef(modelPath.str() + "/" + D->getName().str() + ".model"); + else + fileName = llvm::StringRef(D->getName().str() + ".model"); + + if (!llvm::sys::fs::exists(fileName.str())) { + Bodies[D->getName()] = nullptr; + return; + } + + auto Invocation = std::make_shared<CompilerInvocation>(CI.getInvocation()); + + FrontendOptions &FrontendOpts = Invocation->getFrontendOpts(); + InputKind IK = Language::CXX; // FIXME + FrontendOpts.Inputs.clear(); + FrontendOpts.Inputs.emplace_back(fileName, IK); + FrontendOpts.DisableFree = true; + + Invocation->getDiagnosticOpts().VerifyDiagnostics = 0; + + // Modules are parsed by a separate CompilerInstance, so this code mimics that + // behavior for models + CompilerInstance Instance(CI.getPCHContainerOperations()); + Instance.setInvocation(std::move(Invocation)); + Instance.createDiagnostics( + new ForwardingDiagnosticConsumer(CI.getDiagnosticClient()), + /*ShouldOwnClient=*/true); + + Instance.getDiagnostics().setSourceManager(&SM); + + // The instance wants to take ownership, however DisableFree frontend option + // is set to true to avoid double free issues + Instance.setFileManager(&CI.getFileManager()); + Instance.setSourceManager(&SM); + Instance.setPreprocessor(CI.getPreprocessorPtr()); + Instance.setASTContext(&CI.getASTContext()); + + Instance.getPreprocessor().InitializeForModelFile(); + + ParseModelFileAction parseModelFile(Bodies); + + llvm::CrashRecoveryContext CRC; + + CRC.RunSafelyOnThread([&]() { Instance.ExecuteAction(parseModelFile); }, + DesiredStackSize); + + Instance.getPreprocessor().FinalizeForModelFile(); + + Instance.resetAndLeakSourceManager(); + Instance.resetAndLeakFileManager(); + Instance.resetAndLeakPreprocessor(); + + // The preprocessor enters to the main file id when parsing is started, so + // the main file id is changed to the model file during parsing and it needs + // to be reset to the former main file id after parsing of the model file + // is done. + SM.setMainFileID(mainFileID); +} diff --git a/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelInjector.h b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelInjector.h new file mode 100644 index 000000000000..4db26028362f --- /dev/null +++ b/contrib/llvm-project/clang/lib/StaticAnalyzer/Frontend/ModelInjector.h @@ -0,0 +1,66 @@ +//===-- ModelInjector.h -----------------------------------------*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +/// +/// \file +/// This file defines the clang::ento::ModelInjector class which implements the +/// clang::CodeInjector interface. This class is responsible for injecting +/// function definitions that were synthesized from model files. +/// +/// Model files allow definitions of functions to be lazily constituted for functions +/// which lack bodies in the original source code. This allows the analyzer +/// to more precisely analyze code that calls such functions, analyzing the +/// artificial definitions (which typically approximate the semantics of the +/// called function) when called by client code. These definitions are +/// reconstituted lazily, on-demand, by the static analyzer engine. +/// +//===----------------------------------------------------------------------===// + +#ifndef LLVM_CLANG_SA_FRONTEND_MODELINJECTOR_H +#define LLVM_CLANG_SA_FRONTEND_MODELINJECTOR_H + +#include "clang/Analysis/CodeInjector.h" +#include "llvm/ADT/StringMap.h" + +namespace clang { + +class CompilerInstance; +class NamedDecl; + +namespace ento { +class ModelInjector : public CodeInjector { +public: + ModelInjector(CompilerInstance &CI); + Stmt *getBody(const FunctionDecl *D) override; + Stmt *getBody(const ObjCMethodDecl *D) override; + +private: + /// Synthesize a body for a declaration + /// + /// This method first looks up the appropriate model file based on the + /// model-path configuration option and the name of the declaration that is + /// looked up. If no model were synthesized yet for a function with that name + /// it will create a new compiler instance to parse the model file using the + /// ASTContext, Preprocessor, SourceManager of the original compiler instance. + /// The former resources are shared between the two compiler instance, so the + /// newly created instance have to "leak" these objects, since they are owned + /// by the original instance. + /// + /// The model-path should be either an absolute path or relative to the + /// working directory of the compiler. + void onBodySynthesis(const NamedDecl *D); + + CompilerInstance &CI; + + // FIXME: double memoization is redundant, with memoization both here and in + // BodyFarm. + llvm::StringMap<Stmt *> Bodies; +}; +} +} + +#endif |