[GCChecker] fix a few tests by looking through casts

Author: vtjnash

src/clangsa/GCChecker.cpp

@@ -200,6 +200,7 @@ class GCChecker
                               const MemRegion *Region);
 
   static bool isGCTrackedType(QualType Type);
+  static bool isGCTracked(const Expr *E);
   bool isGloballyRootedType(QualType Type) const;
   static void dumpState(const ProgramStateRef &State);
   static bool declHasAnnotation(const clang::Decl *D, const char *which);
@@ -703,12 +704,8 @@ void GCChecker::checkBeginFunction(CheckerContext &C) const {
   }
 }
 
-#if LLVM_VERSION_MAJOR >= 7
 void GCChecker::checkEndFunction(const clang::ReturnStmt *RS,
                                  CheckerContext &C) const {
-#else
-void GCChecker::checkEndFunction(CheckerContext &C) const {
-#endif
   ProgramStateRef State = C.getState();
   bool Changed = false;
   if (State->get<GCDisabledAt>() == C.getStackFrame()->getIndex()) {
@@ -789,6 +786,19 @@ bool GCChecker::isGCTrackedType(QualType QT) {
              QT);
 }
 
+bool GCChecker::isGCTracked(const Expr *E) {
+  while (1) {
+    if (isGCTrackedType(E->getType()))
+      return true;
+    if (auto ICE = dyn_cast<ImplicitCastExpr>(E))
+      E = ICE->getSubExpr();
+    else if (auto CE = dyn_cast<CastExpr>(E))
+      E = CE->getSubExpr();
+    else
+      return false;
+  }
+}
+
 bool GCChecker::isGloballyRootedType(QualType QT) const {
   return isJuliaType(
       [](StringRef Name) { return Name.endswith_lower("jl_sym_t"); }, QT);
@@ -1053,7 +1063,7 @@ SymbolRef GCChecker::getSymbolForResult(const Expr *Result,
     QualType QT = Result->getType();
     if (!QT->isPointerType())
       return nullptr;
-    if (OldValS || GCChecker::isGCTrackedType(QT)) {
+    if (OldValS || GCChecker::isGCTracked(Result)) {
       Loaded = C.getSValBuilder().conjureSymbolVal(
           nullptr, Result, C.getLocationContext(), Result->getType(),
           C.blockCount());
@@ -1082,7 +1092,7 @@ void GCChecker::checkDerivingExpr(const Expr *Result, const Expr *Parent,
         State->set<GCValueMap>(NewSym, ValueState::getRooted(nullptr, -1)));
     return;
   }
-  if (!isGCTrackedType(Result->getType())) {
+  if (!isGCTracked(Result)) {
     // TODO: We may want to refine this. This is to track pointers through the
     // array list in jl_module_t.
     bool ParentIsModule = isJuliaType(
@@ -1091,8 +1101,7 @@ void GCChecker::checkDerivingExpr(const Expr *Result, const Expr *Parent,
     bool ResultIsArrayList = isJuliaType(
         [](StringRef Name) { return Name.endswith_lower("arraylist_t"); },
         Result->getType());
-    if (!(ParentIsModule && ResultIsArrayList) &&
-        isGCTrackedType(Parent->getType())) {
+    if (!(ParentIsModule && ResultIsArrayList) && isGCTracked(Parent)) {
       ResultTracked = false;
     }
   }
@@ -1144,7 +1153,7 @@ void GCChecker::checkDerivingExpr(const Expr *Result, const Expr *Parent,
   }
   if (!OldValS) {
     // This way we'll get better diagnostics
-    if (isGCTrackedType(Result->getType())) {
+    if (isGCTracked(Result)) {
       C.addTransition(
           State->set<GCValueMap>(NewSym, ValueState::getUntracked()));
     }
@@ -1167,8 +1176,7 @@ void GCChecker::checkPostStmt(const ArraySubscriptExpr *ASE,
   const MemRegion *Region = C.getSVal(ASE->getLHS()).getAsRegion();
   ProgramStateRef State = C.getState();
   SValExplainer Ex(C.getASTContext());
-  if (Region && Region->getAs<ElementRegion>() &&
-      isGCTrackedType(ASE->getType())) {
+  if (Region && Region->getAs<ElementRegion>() && isGCTracked(ASE)) {
     const RootState *RS =
         State->get<GCRootMap>(Region->getAs<ElementRegion>()->getSuperRegion());
     if (RS) {
@@ -1192,7 +1200,7 @@ void GCChecker::checkPostStmt(const MemberExpr *ME, CheckerContext &C) const {
   // It is possible for the member itself to be gcrooted, so check that first
   const MemRegion *Region = C.getSVal(ME).getAsRegion();
   ProgramStateRef State = C.getState();
-  if (Region && isGCTrackedType(ME->getType())) {
+  if (Region && isGCTracked(ME)) {
     if (const RootState *RS = State->get<GCRootMap>(Region)) {
       ValueState ValS = ValueState::getRooted(Region, RS->RootedAtDepth);
       SymbolRef NewSym = getSymbolForResult(ME, &ValS, State, C);
@@ -1274,7 +1282,7 @@ void GCChecker::checkPreCall(const CallEvent &Call, CheckerContext &C) const {
     SourceRange range;
     if (const Expr *E = Call.getArgExpr(idx)) {
       range = E->getSourceRange();
-      if (!isGCTrackedType(E->getType()))
+      if (!isGCTracked(E))
         continue;
     }
     if (ValState->isPotentiallyFreed()) {

test/clangsa/Makefile

@@ -4,7 +4,7 @@ include $(JULIAHOME)/Make.inc
 
 check: $(SRCDIR)
 
-TESTS = $(patsubst $(SRCDIR)/%,%,$(wildcard $(SRCDIR)/*.c)) $(wildcard $(SRCDIR)/*.cpp)
+TESTS = $(patsubst $(SRCDIR)/%,%,$(wildcard $(SRCDIR)/*.c) $(wildcard $(SRCDIR)/*.cpp))
 
 $(SRCDIR) $(TESTS):
 	PATH=$(build_bindir):$(build_depsbindir):$$PATH \

test/clangsa/MissingRoots.c

@@ -10,7 +10,7 @@ extern void process_unrooted(jl_value_t *maybe_unrooted JL_MAYBE_UNROOTED);
 extern void jl_gc_safepoint();
 
 void unrooted_argument() {
-    look_at_value((jl_value_t*)jl_svec1(NULL)); // expected-warning{{Passing non-rooted value as argument to function}}
+    look_at_value((jl_value_t*)jl_svec1(NULL)); // expected-warning{{Passing non-rooted value as argument to function that may GC}}
                                                 // expected-note@-1{{Passing non-rooted value as argument to function}}
                                                 // expected-note@-2{{Started tracking value here}}
 };
@@ -22,9 +22,10 @@ void simple_svec() {
 }
 
 jl_value_t *simple_missing_root() {
-    jl_svec_t *val = jl_svec1(NULL);
-    jl_gc_safepoint();
-    return jl_svecref(val, 0); // XXX-expected-warning{{Passing non-rooted value as argument to function}}
+    jl_svec_t *val = jl_svec1(NULL); // expected-note{{Started tracking value here}}
+    jl_gc_safepoint(); // expected-note{{Value may have been GCed here}}
+    return jl_svecref(val, 0); // expected-warning{{Argument value may have been GCed}}
+                               // expected-note@-1{{Argument value may have been GCed}}
 };
 
 jl_value_t *root_value() {
@@ -130,14 +131,18 @@ jl_value_t *late_root2() {
 
 jl_value_t *already_freed() {
     jl_svec_t *val = NULL;
-    JL_GC_PUSH1(&val);
-    val = jl_svec1(NULL);
-    JL_GC_POP();
-    jl_gc_safepoint();
-    jl_value_t *ret = jl_svecref(val, 0);
+    JL_GC_PUSH1(&val); // expected-note{{GC frame changed here}}
+    val = jl_svec1(NULL); // expected-note{{Started tracking value here}}
+                          // expected-note@-1{{Value was rooted here}}
+    JL_GC_POP(); // expected-note{{GC frame changed here}}
+                 // expected-note@-1{{Root was released here}}
+    jl_gc_safepoint(); // expected-note{{Value may have been GCed here}}
+    jl_value_t *ret = jl_svecref(val, 0); // expected-warning{{Argument value may have been GCed}}
+                                          // expected-note@-1{{Argument value may have been GCed}}
     return ret;
 };
 
+
 int field_access() {
     jl_svec_t *val = jl_svec1(NULL); // expected-note {{Started tracking value here}}
     jl_gc_safepoint(); // expected-note{{Value may have been GCed here}}