Open Quuxplusone opened 4 years ago
Attached mwe.7z
(13112 bytes, application/x-7z-compressed): The minimal working example as .cpp file plus a GNUmakefile and the output of a run of CSA (9.0.0) on it.
Aha, yes, that's a false positive on our part. The analyzer fully understands
what does CopyDeviceRegisters() do, but our memory model fails to confirm that
writing a 32-bit integer would initialize all 4 bytes of that integer, so we
become confused when you start reading bugs byte-by-byte.
This is one of the most commonly reported bugs these days, so i hope i'll get
to it soon, but it requires large changes to fix.
If you want to suppress the bug, you can try the following trick:
static void CopyDeviceRegisters(
struct device_registers volatile& dest,
struct device_registers volatile* src
)
{
+#ifdef __clang_analyzer__
+ // https://bugs.llvm.org/show_bug.cgi?id=44114
+ extern void maybe_initialize(void *x);
+ maybe_initialize(&dest);
+#endif
dest.n1 = src->n1;
dest.n2 = src->n2;
dest.n3 = src->n3;
dest.n4 = src->n4;
dest.n5 = src->n5;
}
Thank you very much for the confirmation and the additional information.
Am I right to assume that the CSA only requires the prototype of maybe_initialize() because it does not (currently) analyze beyond module boundaries?
No, it's just to keep it a valid C++ program. In C++ you can't use a function without declaring it (unlike C) and the code under analysis still needs to be a valid program.
The function is completely fake, of course, but nobody will notice that it's fake until link time, and the analyzer will not do linking, so it's fine. And it won't get to the actual .o file because it's preprocessed out because __clang_analyze__ isn't defined during normal compilation.
So the point of the suppression is to tell the analyzer "well, something happens to &dest here, just trust me".
Artem, having watched Meike's talk [https://www.youtube.com/watch?v=F_q50Th1t3A], do you think this ticket would be a reasonable entry point for contributions for someone who has never before contributed to Clang/LLVM?
No, unfortunately, this is too difficult for a newcomer. I could have tried to do it as a GSoC project with a good student. The problem is easy to understand, but this piece of code (RegionStore) is one of the most difficult, convoluted and controversial parts of the Static Analyzer.
https://bugs.llvm.org/show_bug.cgi?id=47727, http://lists.llvm.org/pipermail/cfe-dev/2020-November/067145.html: another example.
In this case the users were confused about whether it's a true positive warning that highlights a strict aliasing violation. In fact we could go down this road and transform instances of this bug into strict aliasing violation warnings when applicable; that would potentially simplify the solution when it'll only require us to reason about extents when one of the involved types is char
(which bypasses strict aliasing rules). I don't see much indication that this approach would actually be much easier but these problems are indeed somewhat related.
mwe.7z
(13112 bytes, application/x-7z-compressed)