xref: /freebsd/contrib/llvm-project/clang/lib/StaticAnalyzer/Checkers/GTestChecker.cpp (revision 5f757f3ff9144b609b3c433dfd370cc6bdc191ad) 
1 //==- GTestChecker.cpp - Model gtest API --*- C++ -*-==//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This checker models the behavior of un-inlined APIs from the gtest
10 // unit-testing library to avoid false positives when using assertions from
11 // that library.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
16 #include "clang/AST/Expr.h"
17 #include "clang/Basic/LangOptions.h"
18 #include "clang/StaticAnalyzer/Core/Checker.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
21 #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
22 #include "llvm/Support/raw_ostream.h"
23 #include <optional>
24 
25 using namespace clang;
26 using namespace ento;
27 
28 // Modeling of un-inlined AssertionResult constructors
29 //
30 // The gtest unit testing API provides macros for assertions that expand
31 // into an if statement that calls a series of constructors and returns
32 // when the "assertion" is false.
33 //
34 // For example,
35 //
36 //   ASSERT_TRUE(a == b)
37 //
38 // expands into:
39 //
40 //   switch (0)
41 //   case 0:
42 //   default:
43 //     if (const ::testing::AssertionResult gtest_ar_ =
44 //             ::testing::AssertionResult((a == b)))
45 //       ;
46 //     else
47 //       return ::testing::internal::AssertHelper(
48 //                  ::testing::TestPartResult::kFatalFailure,
49 //                  "<path to project>",
50 //                  <line number>,
51 //                  ::testing::internal::GetBoolAssertionFailureMessage(
52 //                      gtest_ar_, "a == b", "false", "true")
53 //                      .c_str()) = ::testing::Message();
54 //
55 // where AssertionResult is defined similarly to
56 //
57 //   class AssertionResult {
58 //   public:
59 //     AssertionResult(const AssertionResult& other);
60 //     explicit AssertionResult(bool success) : success_(success) {}
61 //     operator bool() const { return success_; }
62 //     ...
63 //     private:
64 //     bool success_;
65 //   };
66 //
67 // In order for the analyzer to correctly handle this assertion, it needs to
68 // know that the boolean value of the expression "a == b" is stored the
69 // 'success_' field of the original AssertionResult temporary and propagated
70 // (via the copy constructor) into the 'success_' field of the object stored
71 // in 'gtest_ar_'.  That boolean value will then be returned from the bool
72 // conversion method in the if statement. This guarantees that the assertion
73 // holds when the return path is not taken.
74 //
75 // If the success value is not properly propagated, then the eager case split
76 // on evaluating the expression can cause pernicious false positives
77 // on the non-return path:
78 //
79 //   ASSERT(ptr != NULL)
80 //   *ptr = 7; // False positive null pointer dereference here
81 //
82 // Unfortunately, the bool constructor cannot be inlined (because its
83 // implementation is not present in the headers) and the copy constructor is
84 // not inlined (because it is constructed into a temporary and the analyzer
85 // does not inline these since it does not yet reliably call temporary
86 // destructors).
87 //
88 // This checker compensates for the missing inlining by propagating the
89 // _success value across the bool and copy constructors so the assertion behaves
90 // as expected.
91 
92 namespace {
93 class GTestChecker : public Checker<check::PostCall> {
94 
95   mutable IdentifierInfo *AssertionResultII = nullptr;
96   mutable IdentifierInfo *SuccessII = nullptr;
97 
98 public:
99   GTestChecker() = default;
100 
101   void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
102 
103 private:
104   void modelAssertionResultBoolConstructor(const CXXConstructorCall *Call,
105                                            bool IsRef, CheckerContext &C) const;
106 
107   void modelAssertionResultCopyConstructor(const CXXConstructorCall *Call,
108                                            CheckerContext &C) const;
109 
110   void initIdentifierInfo(ASTContext &Ctx) const;
111 
112   SVal
113   getAssertionResultSuccessFieldValue(const CXXRecordDecl *AssertionResultDecl,
114                                       SVal Instance,
115                                       ProgramStateRef State) const;
116 
117   static ProgramStateRef assumeValuesEqual(SVal Val1, SVal Val2,
118                                            ProgramStateRef State,
119                                            CheckerContext &C);
120 };
121 } // End anonymous namespace.
122 
123 /// Model a call to an un-inlined AssertionResult(bool) or
124 /// AssertionResult(bool &, ...).
125 /// To do so, constrain the value of the newly-constructed instance's 'success_'
126 /// field to be equal to the passed-in boolean value.
127 ///
128 /// \param IsRef Whether the boolean parameter is a reference or not.
129 void GTestChecker::modelAssertionResultBoolConstructor(
130     const CXXConstructorCall *Call, bool IsRef, CheckerContext &C) const {
131   assert(Call->getNumArgs() >= 1 && Call->getNumArgs() <= 2);
132 
133   ProgramStateRef State = C.getState();
134   SVal BooleanArgVal = Call->getArgSVal(0);
135   if (IsRef) {
136     // The argument is a reference, so load from it to get the boolean value.
137     if (!isa<Loc>(BooleanArgVal))
138       return;
139     BooleanArgVal = C.getState()->getSVal(BooleanArgVal.castAs<Loc>());
140   }
141 
142   SVal ThisVal = Call->getCXXThisVal();
143 
144   SVal ThisSuccess = getAssertionResultSuccessFieldValue(
145       Call->getDecl()->getParent(), ThisVal, State);
146 
147   State = assumeValuesEqual(ThisSuccess, BooleanArgVal, State, C);
148   C.addTransition(State);
149 }
150 
151 /// Model a call to an un-inlined AssertionResult copy constructor:
152 ///
153 ///   AssertionResult(const &AssertionResult other)
154 ///
155 /// To do so, constrain the value of the newly-constructed instance's
156 /// 'success_' field to be equal to the value of the pass-in instance's
157 /// 'success_' field.
158 void GTestChecker::modelAssertionResultCopyConstructor(
159     const CXXConstructorCall *Call, CheckerContext &C) const {
160   assert(Call->getNumArgs() == 1);
161 
162   // The first parameter of the copy constructor must be the other
163   // instance to initialize this instances fields from.
164   SVal OtherVal = Call->getArgSVal(0);
165   SVal ThisVal = Call->getCXXThisVal();
166 
167   const CXXRecordDecl *AssertResultClassDecl = Call->getDecl()->getParent();
168   ProgramStateRef State = C.getState();
169 
170   SVal ThisSuccess = getAssertionResultSuccessFieldValue(AssertResultClassDecl,
171                                                          ThisVal, State);
172   SVal OtherSuccess = getAssertionResultSuccessFieldValue(AssertResultClassDecl,
173                                                           OtherVal, State);
174 
175   State = assumeValuesEqual(ThisSuccess, OtherSuccess, State, C);
176   C.addTransition(State);
177 }
178 
179 /// Model calls to AssertionResult constructors that are not inlined.
180 void GTestChecker::checkPostCall(const CallEvent &Call,
181                                  CheckerContext &C) const {
182   /// If the constructor was inlined, there is no need model it.
183   if (C.wasInlined)
184     return;
185 
186   initIdentifierInfo(C.getASTContext());
187 
188   auto *CtorCall = dyn_cast<CXXConstructorCall>(&Call);
189   if (!CtorCall)
190     return;
191 
192   const CXXConstructorDecl *CtorDecl = CtorCall->getDecl();
193   const CXXRecordDecl *CtorParent = CtorDecl->getParent();
194   if (CtorParent->getIdentifier() != AssertionResultII)
195     return;
196 
197   unsigned ParamCount = CtorDecl->getNumParams();
198 
199   // Call the appropriate modeling method based the parameters and their
200   // types.
201 
202   // We have AssertionResult(const &AssertionResult)
203   if (CtorDecl->isCopyConstructor() && ParamCount == 1) {
204     modelAssertionResultCopyConstructor(CtorCall, C);
205     return;
206   }
207 
208   // There are two possible boolean constructors, depending on which
209   // version of gtest is being used:
210   //
211   // v1.7 and earlier:
212   //      AssertionResult(bool success)
213   //
214   // v1.8 and greater:
215   //      template <typename T>
216   //      AssertionResult(const T& success,
217   //                      typename internal::EnableIf<
218   //                          !internal::ImplicitlyConvertible<T,
219   //                              AssertionResult>::value>::type*)
220   //
221   CanQualType BoolTy = C.getASTContext().BoolTy;
222   if (ParamCount == 1 && CtorDecl->getParamDecl(0)->getType() == BoolTy) {
223     // We have AssertionResult(bool)
224     modelAssertionResultBoolConstructor(CtorCall, /*IsRef=*/false, C);
225     return;
226   }
227   if (ParamCount == 2){
228     auto *RefTy = CtorDecl->getParamDecl(0)->getType()->getAs<ReferenceType>();
229     if (RefTy &&
230         RefTy->getPointeeType()->getCanonicalTypeUnqualified() == BoolTy) {
231       // We have AssertionResult(bool &, ...)
232       modelAssertionResultBoolConstructor(CtorCall, /*IsRef=*/true, C);
233       return;
234     }
235   }
236 }
237 
238 void GTestChecker::initIdentifierInfo(ASTContext &Ctx) const {
239   if (AssertionResultII)
240     return;
241 
242   AssertionResultII = &Ctx.Idents.get("AssertionResult");
243   SuccessII = &Ctx.Idents.get("success_");
244 }
245 
246 /// Returns the value stored in the 'success_' field of the passed-in
247 /// AssertionResult instance.
248 SVal GTestChecker::getAssertionResultSuccessFieldValue(
249     const CXXRecordDecl *AssertionResultDecl, SVal Instance,
250     ProgramStateRef State) const {
251 
252   DeclContext::lookup_result Result = AssertionResultDecl->lookup(SuccessII);
253   if (Result.empty())
254     return UnknownVal();
255 
256   auto *SuccessField = dyn_cast<FieldDecl>(Result.front());
257   if (!SuccessField)
258     return UnknownVal();
259 
260   std::optional<Loc> FieldLoc =
261       State->getLValue(SuccessField, Instance).getAs<Loc>();
262   if (!FieldLoc)
263     return UnknownVal();
264 
265   return State->getSVal(*FieldLoc);
266 }
267 
268 /// Constrain the passed-in state to assume two values are equal.
269 ProgramStateRef GTestChecker::assumeValuesEqual(SVal Val1, SVal Val2,
270                                                 ProgramStateRef State,
271                                                 CheckerContext &C) {
272   auto DVal1 = Val1.getAs<DefinedOrUnknownSVal>();
273   auto DVal2 = Val2.getAs<DefinedOrUnknownSVal>();
274   if (!DVal1 || !DVal2)
275     return State;
276 
277   auto ValuesEqual =
278       C.getSValBuilder().evalEQ(State, *DVal1, *DVal2).getAs<DefinedSVal>();
279   if (!ValuesEqual)
280     return State;
281 
282   State = C.getConstraintManager().assume(State, *ValuesEqual, true);
283   return State;
284 }
285 
286 void ento::registerGTestChecker(CheckerManager &Mgr) {
287   Mgr.registerChecker<GTestChecker>();
288 }
289 
290 bool ento::shouldRegisterGTestChecker(const CheckerManager &mgr) {
291   // gtest is a C++ API so there is no sense running the checker
292   // if not compiling for C++.
293   const LangOptions &LO = mgr.getLangOpts();
294   return LO.CPlusPlus;
295 }
296