| Devin Coughlin | 8beac28 | 2016-12-19 22:50:31 +0000 | [diff] [blame] | 1 | //==- GTestChecker.cpp - Model gtest API --*- C++ -*-==// |
| 2 | // |
| 3 | // The LLVM Compiler Infrastructure |
| 4 | // |
| 5 | // This file is distributed under the University of Illinois Open Source |
| 6 | // License. See LICENSE.TXT for details. |
| 7 | // |
| 8 | //===----------------------------------------------------------------------===// |
| 9 | // |
| 10 | // This checker models the behavior of un-inlined APIs from the the gtest |
| 11 | // unit-testing library to avoid false positives when using assertions from |
| 12 | // that library. |
| 13 | // |
| 14 | //===----------------------------------------------------------------------===// |
| 15 | |
| 16 | #include "ClangSACheckers.h" |
| 17 | #include "clang/AST/Expr.h" |
| 18 | #include "clang/Basic/LangOptions.h" |
| 19 | #include "clang/StaticAnalyzer/Core/Checker.h" |
| 20 | #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" |
| 21 | #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" |
| 22 | #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" |
| 23 | #include "llvm/Support/raw_ostream.h" |
| 24 | |
| 25 | using namespace clang; |
| 26 | using namespace ento; |
| 27 | |
| 28 | // Modeling of un-inlined AssertionResult constructors |
| 29 | // |
| 30 | // The gtest unit testing API provides macros for assertions that expand |
| 31 | // into an if statement that calls a series of constructors and returns |
| 32 | // when the "assertion" is false. |
| 33 | // |
| 34 | // For example, |
| 35 | // |
| 36 | // ASSERT_TRUE(a == b) |
| 37 | // |
| 38 | // expands into: |
| 39 | // |
| 40 | // switch (0) |
| 41 | // case 0: |
| 42 | // default: |
| 43 | // if (const ::testing::AssertionResult gtest_ar_ = |
| 44 | // ::testing::AssertionResult((a == b))) |
| 45 | // ; |
| 46 | // else |
| 47 | // return ::testing::internal::AssertHelper( |
| 48 | // ::testing::TestPartResult::kFatalFailure, |
| 49 | // "<path to project>", |
| 50 | // <line number>, |
| 51 | // ::testing::internal::GetBoolAssertionFailureMessage( |
| 52 | // gtest_ar_, "a == b", "false", "true") |
| 53 | // .c_str()) = ::testing::Message(); |
| 54 | // |
| 55 | // where AssertionResult is defined similarly to |
| 56 | // |
| 57 | // class AssertionResult { |
| 58 | // public: |
| 59 | // AssertionResult(const AssertionResult& other); |
| 60 | // explicit AssertionResult(bool success) : success_(success) {} |
| 61 | // operator bool() const { return success_; } |
| 62 | // ... |
| 63 | // private: |
| 64 | // bool success_; |
| 65 | // }; |
| 66 | // |
| 67 | // In order for the analyzer to correctly handle this assertion, it needs to |
| 68 | // know that the boolean value of the expression "a == b" is stored the |
| 69 | // 'success_' field of the original AssertionResult temporary and propagated |
| 70 | // (via the copy constructor) into the 'success_' field of the object stored |
| 71 | // in 'gtest_ar_'. That boolean value will then be returned from the bool |
| 72 | // conversion method in the if statement. This guarantees that the assertion |
| 73 | // holds when the return path is not taken. |
| 74 | // |
| 75 | // If the success value is not properly propagated, then the eager case split |
| 76 | // on evaluating the expression can cause pernicious false positives |
| 77 | // on the non-return path: |
| 78 | // |
| 79 | // ASSERT(ptr != NULL) |
| 80 | // *ptr = 7; // False positive null pointer dereference here |
| 81 | // |
| 82 | // Unfortunately, the bool constructor cannot be inlined (because its |
| 83 | // implementation is not present in the headers) and the copy constructor is |
| 84 | // not inlined (because it is constructed into a temporary and the analyzer |
| 85 | // does not inline these since it does not yet reliably call temporary |
| 86 | // destructors). |
| 87 | // |
| 88 | // This checker compensates for the missing inlining by propgagating the |
| 89 | // _success value across the bool and copy constructors so the assertion behaves |
| 90 | // as expected. |
| 91 | |
| 92 | namespace { |
| 93 | class GTestChecker : public Checker<check::PostCall> { |
| 94 | |
| 95 | mutable IdentifierInfo *AssertionResultII; |
| 96 | mutable IdentifierInfo *SuccessII; |
| 97 | |
| 98 | public: |
| 99 | GTestChecker(); |
| 100 | |
| 101 | void checkPostCall(const CallEvent &Call, CheckerContext &C) const; |
| 102 | |
| 103 | private: |
| 104 | void modelAssertionResultBoolConstructor(const CXXConstructorCall *Call, |
| 105 | CheckerContext &C) const; |
| 106 | |
| 107 | void modelAssertionResultCopyConstructor(const CXXConstructorCall *Call, |
| 108 | CheckerContext &C) const; |
| 109 | |
| 110 | void initIdentifierInfo(ASTContext &Ctx) const; |
| 111 | |
| 112 | SVal |
| 113 | getAssertionResultSuccessFieldValue(const CXXRecordDecl *AssertionResultDecl, |
| 114 | SVal Instance, |
| 115 | ProgramStateRef State) const; |
| 116 | |
| 117 | static ProgramStateRef assumeValuesEqual(SVal Val1, SVal Val2, |
| 118 | ProgramStateRef State, |
| 119 | CheckerContext &C); |
| 120 | }; |
| 121 | } // End anonymous namespace. |
| 122 | |
| 123 | GTestChecker::GTestChecker() : AssertionResultII(nullptr), SuccessII(nullptr) {} |
| 124 | |
| 125 | /// Model a call to an un-inlined AssertionResult(boolean expression). |
| 126 | /// To do so, constrain the value of the newly-constructed instance's 'success_' |
| 127 | /// field to be equal to the passed-in boolean value. |
| 128 | void GTestChecker::modelAssertionResultBoolConstructor( |
| 129 | const CXXConstructorCall *Call, CheckerContext &C) const { |
| 130 | assert(Call->getNumArgs() > 0); |
| 131 | |
| 132 | // Depending on the version of gtest the constructor can be either of: |
| 133 | // |
| 134 | // v1.7 and earlier: |
| 135 | // AssertionResult(bool success) |
| 136 | // |
| 137 | // v1.8 and greater: |
| 138 | // template <typename T> |
| 139 | // AssertionResult(const T& success, |
| 140 | // typename internal::EnableIf< |
| 141 | // !internal::ImplicitlyConvertible<T, |
| 142 | // AssertionResult>::value>::type*) |
| 143 | |
| 144 | SVal BooleanArgVal = Call->getArgSVal(0); |
| 145 | if (Call->getDecl()->getParamDecl(0)->getType()->getAs<ReferenceType>()) { |
| 146 | // We have v1.8+, so load the value from the reference. |
| 147 | if (!BooleanArgVal.getAs<Loc>()) |
| 148 | return; |
| 149 | BooleanArgVal = C.getState()->getSVal(BooleanArgVal.castAs<Loc>()); |
| 150 | } |
| 151 | |
| 152 | ProgramStateRef State = C.getState(); |
| 153 | |
| 154 | SVal ThisVal = Call->getCXXThisVal(); |
| 155 | |
| 156 | SVal ThisSuccess = getAssertionResultSuccessFieldValue( |
| 157 | Call->getDecl()->getParent(), ThisVal, State); |
| 158 | |
| 159 | State = assumeValuesEqual(ThisSuccess, BooleanArgVal, State, C); |
| 160 | C.addTransition(State); |
| 161 | } |
| 162 | |
| 163 | /// Model a call to an un-inlined AssertionResult copy constructor: |
| 164 | /// |
| 165 | /// AssertionResult(const &AssertionResult other) |
| 166 | /// |
| 167 | /// To do so, constrain the value of the newly-constructed instance's |
| 168 | /// 'success_' field to be equal to the value of the pass-in instance's |
| 169 | /// 'success_' field. |
| 170 | void GTestChecker::modelAssertionResultCopyConstructor( |
| 171 | const CXXConstructorCall *Call, CheckerContext &C) const { |
| 172 | assert(Call->getNumArgs() > 0); |
| 173 | |
| 174 | // The first parameter of the the copy constructor must be the other |
| 175 | // instance to initialize this instances fields from. |
| 176 | SVal OtherVal = Call->getArgSVal(0); |
| 177 | SVal ThisVal = Call->getCXXThisVal(); |
| 178 | |
| 179 | const CXXRecordDecl *AssertResultClassDecl = Call->getDecl()->getParent(); |
| 180 | ProgramStateRef State = C.getState(); |
| 181 | |
| 182 | SVal ThisSuccess = getAssertionResultSuccessFieldValue(AssertResultClassDecl, |
| 183 | ThisVal, State); |
| 184 | SVal OtherSuccess = getAssertionResultSuccessFieldValue(AssertResultClassDecl, |
| 185 | OtherVal, State); |
| 186 | |
| 187 | State = assumeValuesEqual(ThisSuccess, OtherSuccess, State, C); |
| 188 | C.addTransition(State); |
| 189 | } |
| 190 | |
| 191 | /// Model calls to AssertionResult constructors that are not inlined. |
| 192 | void GTestChecker::checkPostCall(const CallEvent &Call, |
| 193 | CheckerContext &C) const { |
| 194 | /// If the constructor was inlined, there is no need model it. |
| 195 | if (C.wasInlined) |
| 196 | return; |
| 197 | |
| 198 | initIdentifierInfo(C.getASTContext()); |
| 199 | |
| 200 | auto *CtorCall = dyn_cast<CXXConstructorCall>(&Call); |
| 201 | if (!CtorCall) |
| 202 | return; |
| 203 | |
| 204 | const CXXConstructorDecl *CtorDecl = CtorCall->getDecl(); |
| 205 | const CXXRecordDecl *CtorParent = CtorDecl->getParent(); |
| 206 | if (CtorParent->getIdentifier() != AssertionResultII) |
| 207 | return; |
| 208 | |
| 209 | if (CtorDecl->getNumParams() == 0) |
| 210 | return; |
| 211 | |
| 212 | |
| 213 | // Call the appropriate modeling method based on the type of the first |
| 214 | // constructor parameter. |
| 215 | const ParmVarDecl *ParamDecl = CtorDecl->getParamDecl(0); |
| 216 | QualType ParamType = ParamDecl->getType(); |
| 217 | if (CtorDecl->getNumParams() <= 2 && |
| 218 | ParamType.getNonReferenceType()->getCanonicalTypeUnqualified() == |
| 219 | C.getASTContext().BoolTy) { |
| 220 | // The first parameter is either a boolean or reference to a boolean |
| 221 | modelAssertionResultBoolConstructor(CtorCall, C); |
| 222 | |
| 223 | } else if (CtorDecl->isCopyConstructor()) { |
| 224 | modelAssertionResultCopyConstructor(CtorCall, C); |
| 225 | } |
| 226 | } |
| 227 | |
| 228 | void GTestChecker::initIdentifierInfo(ASTContext &Ctx) const { |
| 229 | if (AssertionResultII) |
| 230 | return; |
| 231 | |
| 232 | AssertionResultII = &Ctx.Idents.get("AssertionResult"); |
| 233 | SuccessII = &Ctx.Idents.get("success_"); |
| 234 | } |
| 235 | |
| 236 | /// Returns the value stored in the 'success_' field of the passed-in |
| 237 | /// AssertionResult instance. |
| 238 | SVal GTestChecker::getAssertionResultSuccessFieldValue( |
| 239 | const CXXRecordDecl *AssertionResultDecl, SVal Instance, |
| 240 | ProgramStateRef State) const { |
| 241 | |
| 242 | DeclContext::lookup_result Result = AssertionResultDecl->lookup(SuccessII); |
| 243 | if (Result.empty()) |
| 244 | return UnknownVal(); |
| 245 | |
| 246 | auto *SuccessField = dyn_cast<FieldDecl>(Result.front()); |
| 247 | if (!SuccessField) |
| 248 | return UnknownVal(); |
| 249 | |
| 250 | Optional<Loc> FieldLoc = |
| 251 | State->getLValue(SuccessField, Instance).getAs<Loc>(); |
| 252 | if (!FieldLoc.hasValue()) |
| 253 | return UnknownVal(); |
| 254 | |
| 255 | return State->getSVal(*FieldLoc); |
| 256 | } |
| 257 | |
| 258 | /// Constrain the passed-in state to assume two values are equal. |
| 259 | ProgramStateRef GTestChecker::assumeValuesEqual(SVal Val1, SVal Val2, |
| 260 | ProgramStateRef State, |
| 261 | CheckerContext &C) { |
| 262 | if (!Val1.getAs<DefinedOrUnknownSVal>() || |
| 263 | !Val2.getAs<DefinedOrUnknownSVal>()) |
| 264 | return State; |
| 265 | |
| 266 | auto ValuesEqual = |
| 267 | C.getSValBuilder().evalEQ(State, Val1.castAs<DefinedOrUnknownSVal>(), |
| 268 | Val2.castAs<DefinedOrUnknownSVal>()); |
| 269 | |
| 270 | if (!ValuesEqual.getAs<DefinedSVal>()) |
| 271 | return State; |
| 272 | |
| 273 | State = C.getConstraintManager().assume( |
| 274 | State, ValuesEqual.castAs<DefinedSVal>(), true); |
| 275 | |
| 276 | return State; |
| 277 | } |
| 278 | |
| 279 | void ento::registerGTestChecker(CheckerManager &Mgr) { |
| 280 | const LangOptions &LangOpts = Mgr.getLangOpts(); |
| 281 | // gtest is a C++ API so there is no sense running the checker |
| 282 | // if not compiling for C++. |
| 283 | if (!LangOpts.CPlusPlus) |
| 284 | return; |
| 285 | |
| 286 | Mgr.registerChecker<GTestChecker>(); |
| 287 | } |