[analyzer] CDM::CXXMethod mode CallDescription matching causes serious regressions and FNs #99628
Comments
|
@llvm/issue-subscribers-clang-static-analyzer Author: Balazs Benics (steakhal)
Turns out the recent (#90974) `CallDescription` matching improvements can cause regressions when using standard library implementations where method we want to match comes from an implementation specific base class, such as in this example:
https://compiler-explorer.com/z/ErMbhxfPv
```c++
unsigned int sleep(unsigned int seconds);
namespace std {
class __mutex_base {
public:
void lock();
};
class mutex : public __mutex_base{
public:
void unlock();
bool try_lock();
};
}
void top() { |
|
/CC @NagyDonat @gamesh411 |
|
Thanks for alerting me, I'll investigate this. I'd guess that I'll be able to create a fix within a few days. |
|
As I started to examine the source code, I realized that this incorrect behavior is probably unrelated to the new matching modes, and Note that the "check that each qualified name part is present" logic was already present before my improvements (in commit fb299ca I moved it to a separate method, but I'm not changing it) and it's not influenced by the matching mode check (which is just an early return branch before the name validation). (Moreover It would be still good to improve this aspect of the analyzer, but instead of simply reverting to a well-established baseline, we'd need to develop a new, better logic for qualified name handling. (Note that the unit tests of the qualified name handling contain many FIXME comments, it would be good to also handle those if we need to touch this qualified name handling.) |
|
Hm, I get what you say. But it popped up now, that I wanted to rebase to llvm/main. So for sure, something caused that since the last release. You can see this even on Compiler explorer, that we have a report change there. |
Yes, now I see it -- previously I misread the UI and "checked" that changing clang 18.1 to older versions doesn't change anything. I'll continue the investigations. |
|
After digging into the git logs, it's clear that the regression was introduced by commit 705788c which was created on the 18th of March by @gamesh411. Before that commit the checker used the extremely trivial call description |
|
I'll create a quickfix patch that will fix this particular regression. Eventually we are planning to tweak the |
Before commit 705788c the checker alpha.unix.BlockInCriticalSection "recognized" the methods `std::mutex::lock` and `std::mutex::unlock` with an extremely trivial check that accepted any function (or method) named lock/unlock. To avoid matching unrelated user-defined function, this was refined to a check that also requires the presence of "std" and "mutex" as distinct parts of the qualified name. However, as llvm#99628 reported, there are standard library implementations where some methods of `std::mutex` are inherited from an implementation detail base class and the new code wasn't able to recognize these methods, which led to emitting false positive reports. As a workaround, this commit partially restores the old behavior by omitting the check for the class name. In the future, it would be good to replace this hack with a solution which ensures that `CallDescription` understands inherited methods.
Totally agree with this. Thanks for taking care. TBH I completely forgot about this one. |
Before commit 705788c the checker alpha.unix.BlockInCriticalSection "recognized" the methods `std::mutex::lock` and `std::mutex::unlock` with an extremely trivial check that accepted any function (or method) named lock/unlock. To avoid matching unrelated user-defined function, this was refined to a check that also requires the presence of "std" and "mutex" as distinct parts of the qualified name. However, as #99628 reported, there are standard library implementations where some methods of `std::mutex` are inherited from an implementation detail base class and the new code wasn't able to recognize these methods, which led to emitting false positive reports. As a workaround, this commit partially restores the old behavior by omitting the check for the class name. In the future, it would be good to replace this hack with a solution which ensures that `CallDescription` understands inherited methods.
|
Mitigated by #99628 |
Before commit 705788c the checker alpha.unix.BlockInCriticalSection "recognized" the methods `std::mutex::lock` and `std::mutex::unlock` with an extremely trivial check that accepted any function (or method) named lock/unlock. To avoid matching unrelated user-defined function, this was refined to a check that also requires the presence of "std" and "mutex" as distinct parts of the qualified name. However, as #99628 reported, there are standard library implementations where some methods of `std::mutex` are inherited from an implementation detail base class and the new code wasn't able to recognize these methods, which led to emitting false positive reports. As a workaround, this commit partially restores the old behavior by omitting the check for the class name. In the future, it would be good to replace this hack with a solution which ensures that `CallDescription` understands inherited methods. (cherry picked from commit 99ae2ed)
Turns out the recent (#90974)
CallDescriptionmatching improvements can cause regressions when using standard library implementations where method we want to match comes from an implementation specific base class, such as in this example:https://compiler-explorer.com/z/ErMbhxfPv
In this case, the
BlockInCriticalSectionCheckerwants to match thestd::mutex::lockandstd::mutex::unlockmember functions using theCDM::CXXMethodmatching mode. However, one could only match thelockbystd::__mutex_base::lock, causing a mismatch.This issue is more generic and not entirely specific to this checker. I expect similar bugs to happen for any other checker using
CDM::CXXMethod.If we don't do about this, we are going to have a serious regression in the clang-19 release.
The text was updated successfully, but these errors were encountered: