[analyzer] Fix assertion on casting SVal to NonLoc inside the IteratorRange checker

The checker assumed that it could safely cast an SVal to Nonloc.
This surfaced because, with std::ranges, we can u

[analyzer] Fix assertion on casting SVal to NonLoc inside the IteratorRange checker

The checker assumed that it could safely cast an SVal to Nonloc.
This surfaced because, with std::ranges, we can unintentionally match
on other APIs as well, thus increasing the likelihood of violating
checker assumptions about the context it's invoked.
https://godbolt.org/z/13vEb3K76

See the discourse post on CallDescriptions and std::ranges here.
https://discourse.llvm.org/t/calldescriptions-should-not-skip-the-ranges-part-in-std-names-when-matching/73076

Fixes https://github.com/llvm/llvm-project/issues/65009

Differential Revision: https://reviews.llvm.org/D158968

show more ...

[analyzer] Crash fix for alpha.cplusplus.IteratorRange

If the non-iterator side of an iterator operation
`+`, `+=`, `-` or `-=` is `UndefinedVal` an assertions happens.
This small fix prevents this.

[analyzer] Crash fix for alpha.cplusplus.IteratorRange

If the non-iterator side of an iterator operation
`+`, `+=`, `-` or `-=` is `UndefinedVal` an assertions happens.
This small fix prevents this.

Patch by Adam Balogh.

Reviewed By: NoQ

Differential Revision: https://reviews.llvm.org/D85424

show more ...

[Analyzer] Hotfix for various crashes in iterator checkers

The patch that introduces handling iterators implemented as pointers may
cause crash in some projects because pointer difference is mistake

[Analyzer] Hotfix for various crashes in iterator checkers

The patch that introduces handling iterators implemented as pointers may
cause crash in some projects because pointer difference is mistakenly
handled as pointer decrement. (Similair case for iterators implemented
as class instances are already handled correctly.) This patch fixes this
issue.

The second case that causes crash is comparison of an iterator
implemented as pointer and a null-pointer. This patch contains a fix for
this issue as well.

The third case which causes crash is that the checker mistakenly
considers all integers as nonloc::ConcreteInt when handling an increment
or decrement of an iterator implemented as pointers. This patch adds a
fix for this too.

The last case where crashes were detected is when checking for success
of an std::advance() operation. Since the modeling of iterators
implemented as pointers is still incomplete this may result in an
assertion. This patch replaces the assertion with an early exit and
adds a FIXME there.

Differential Revision: https://reviews.llvm.org/D83295

show more ...

[Analyzer] Handle pointer implemented as iterators in iterator checkers

Iterators are an abstraction of pointers and in some data structures
iterators may be implemented by pointers. This patch adds

[Analyzer] Handle pointer implemented as iterators in iterator checkers

Iterators are an abstraction of pointers and in some data structures
iterators may be implemented by pointers. This patch adds support for
iterators implemented as pointers in all the iterator checkers
(including iterator modeling).

Differential Revision: https://reviews.llvm.org/D82185

show more ...

[analyzer] Stability improvement for IteratorModeling

Summary:
Some function path may lead to crash.
Fixed using local variable outside the scope through a pointer.
Fixed minor misspellings.
Added

[analyzer] Stability improvement for IteratorModeling

Summary:
Some function path may lead to crash.
Fixed using local variable outside the scope through a pointer.
Fixed minor misspellings.
Added regression test.

This patch covers a bug https://bugs.llvm.org/show_bug.cgi?id=41485

Reviewed By: baloghadamsoftware

Differential Revision: https://reviews.llvm.org/D78289

show more ...

[Analyzer] Use note tags to track container begin and and changes

Container operations such as `push_back()`, `pop_front()`
etc. increment and decrement the abstract begin and end
symbols of contain

[Analyzer] Use note tags to track container begin and and changes

Container operations such as `push_back()`, `pop_front()`
etc. increment and decrement the abstract begin and end
symbols of containers. This patch introduces note tags
to `ContainerModeling` to track these changes. This helps
the user to better identify the source of errors related
to containers and iterators.

Differential Revision: https://reviews.llvm.org/D73720

show more ...

[Analyzer] IteratorRangeChecker verify `std::advance()`, `std::prev()` and `std::next()`

Upon calling one of the functions `std::advance()`, `std::prev()` and
`std::next()` iterators could get out o

[Analyzer] IteratorRangeChecker verify `std::advance()`, `std::prev()` and `std::next()`

Upon calling one of the functions `std::advance()`, `std::prev()` and
`std::next()` iterators could get out of their valid range which leads
to undefined behavior. If all these funcions are inlined together with
the functions they call internally (e.g. `__advance()` called by
`std::advance()` in some implementations) the error is detected by
`IteratorRangeChecker` but the bug location is inside the STL
implementation. Even worse, if the budget runs out and one of the calls
is not inlined the bug remains undetected. This patch fixes this
behavior: all the bugs are detected at the point of the STL function
invocation.

Differential Revision: https://reviews.llvm.org/D76379

show more ...

[Analyzer][NFC] Separate white-box tests for iterator modelling from iterator checker tests

The recently committed debug.IteratorDebugging checker enables
standalone white-box testing of the modelli

[Analyzer][NFC] Separate white-box tests for iterator modelling from iterator checker tests

The recently committed debug.IteratorDebugging checker enables
standalone white-box testing of the modelling of containers and
iterators. For the three checkers based on iterator modelling only
simple tests are needed.

Differential Revision: https://reviews.llvm.org/D70123

show more ...

[Analyzer] Iterator Checkers - Make range errors and invalidated access fatal

Range errors (dereferencing or incrementing the past-the-end iterator or
decrementing the iterator of the first element

[Analyzer] Iterator Checkers - Make range errors and invalidated access fatal

Range errors (dereferencing or incrementing the past-the-end iterator or
decrementing the iterator of the first element of the range) and access of
invalidated iterators lead to undefined behavior. There is no point to
continue the analysis after such an error on the same execution path, but
terminate it by a sink node (fatal error). This also improves the
performance and helps avoiding double reports (e.g. in case of nested
iterators).

Differential Revision: https://reviews.llvm.org/D62893

llvm-svn: 370314

show more ...

[Analyzer] Iterator Checkers - Fix for Crash on Iterator Differences

Iterators differences were mistakenly handled as random decrements which
causes an assertion. This patch fixes this.

llvm-svn: 3

[Analyzer] Iterator Checkers - Fix for Crash on Iterator Differences

Iterators differences were mistakenly handled as random decrements which
causes an assertion. This patch fixes this.

llvm-svn: 367802

show more ...

[Analyzer] Iterator Checker - Forbid decrements past the begin() and increments past the end() of containers

Previously, the iterator range checker only warned upon dereferencing of
iterators outsid

[Analyzer] Iterator Checker - Forbid decrements past the begin() and increments past the end() of containers

Previously, the iterator range checker only warned upon dereferencing of
iterators outside their valid range as well as increments and decrements of
out-of-range iterators where the result remains out-of-range. However, the C++
standard is more strict than this: decrementing begin() or incrementing end()
results in undefined behaviour even if the iterator is not dereferenced
afterwards. Coming back to the range once out-of-range is also undefined.

This patch corrects the behaviour of the iterator range checker: warnings are
given for any operation whose result is ahead of begin() or past the end()
(which is the past-end iterator itself, thus now we are speaking of past
past-the-end).

Differential Revision: https://reviews.llvm.org/D53812

llvm-svn: 348245

show more ...

[Analyzer] Iterator Checkers - Use the region of the topmost base class for iterators stored in a region

If an iterator is represented by a derived C++ class but its comparison operator
is for its b

[Analyzer] Iterator Checkers - Use the region of the topmost base class for iterators stored in a region

If an iterator is represented by a derived C++ class but its comparison operator
is for its base the iterator checkers cannot recognize the iterators compared.
This results in false positives in very straightforward cases (range error when
dereferencing an iterator after disclosing that it is equal to the past-the-end
iterator).

To overcome this problem we always use the region of the topmost base class for
iterators stored in a region. A new method called getMostDerivedObjectRegion()
was added to the MemRegion class to get this region.

Differential Revision: https://reviews.llvm.org/D54466

llvm-svn: 348244

show more ...

[Analyzer] Iterator Checker - Part 10: Tests for iterators passed as parameter

In earlier Clang Static Analyzer versions `check::Bind() was not invoked for
parameter passing, so we needed a trick wh

[Analyzer] Iterator Checker - Part 10: Tests for iterators passed as parameter

In earlier Clang Static Analyzer versions `check::Bind() was not invoked for
parameter passing, so we needed a trick which is not needed anymore. However
add the tests to ensure its working.

Differential Revision: https::/reviews.llvm.org/D32906

llvm-svn: 344443

show more ...

[Analyzer] Iterator Checker - Part 7: Support for push and pop operations

This patch adds support for the following operations in the iterator checkers: push_back, push_front, emplace_back, emplace_

[Analyzer] Iterator Checker - Part 7: Support for push and pop operations

This patch adds support for the following operations in the iterator checkers: push_back, push_front, emplace_back, emplace_front, pop_back and pop_front. This affects iterator range checks (range is extended after push and emplace and reduced after pop operations) and invalidation checks (according to the standard).

Differential Revision: https://reviews.llvm.org/D32902

llvm-svn: 341793

show more ...

[analyzer] Move analyzer-eagerly-assume to AnalyzerOptions, enable by default

Differential Revision: https://reviews.llvm.org/D51251

llvm-svn: 340963

[Analyzer] Quick Fix for exponential execution time when simpilifying complex additive expressions

Patch https://reviews.llvm.org/rC329780 not only rearranges comparisons but
also binary expressions

[Analyzer] Quick Fix for exponential execution time when simpilifying complex additive expressions

Patch https://reviews.llvm.org/rC329780 not only rearranges comparisons but
also binary expressions. This latter behavior is not protected by the analyzer
option. Hower, since no complexity threshold is enforced to the symbols this
may result in exponential execution time if the expressions are too complex:
https://bugs.llvm.org/show_bug.cgi?id=38208. For a quick fix we extended the
analyzer option to also cover the additive cases.

This is only a temporary fix, the final solution should be enforcing the
complexity threshold to the symbols.

Differential Revision: https://reviews.llvm.org/D49536

llvm-svn: 337678

show more ...

[Analyzer] Iterator Checker - Part 2: Increment, decrement operators and ahead-of-begin checks

Add handling of the begin() funcion of containers to the iterator checkers,
together with the pre- and

[Analyzer] Iterator Checker - Part 2: Increment, decrement operators and ahead-of-begin checks

Add handling of the begin() funcion of containers to the iterator checkers,
together with the pre- and postfix ++ and -- operators of the iterators. This
makes possible the checking of iterators dereferenced ahead of the begin of the
container.

Differential Revision: https://reviews.llvm.org/D32642

llvm-svn: 335835

show more ...

[analyzer] Initial commit for the upcoming refactoring of the IteratorChecker.

The new checker currently contains the very core infrastructure for tracking
the state of iterator-type objects in the

[analyzer] Initial commit for the upcoming refactoring of the IteratorChecker.

The new checker currently contains the very core infrastructure for tracking
the state of iterator-type objects in the analyzer: relating iterators to
their containers, tracking symbolic begin and end iterator values for
containers, and solving simple equality-type constraints over iterators.
A single specific check over this infrastructure is capable of finding usage of
out-of-range iterators in some simple cases.

Patch by Ádám Balogh!

Differential revision: https://reviews.llvm.org/D32592

llvm-svn: 304160

show more ...