Bug Summary

File:tools/sanstats/sanstats.cpp
Warning:line 35, column 24
The result of the left shift is undefined because the right operand is negative

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name sanstats.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -mthread-model posix -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -momit-leaf-frame-pointer -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-7/lib/clang/7.0.0 -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-7~svn326246/build-llvm/tools/sanstats -I /build/llvm-toolchain-snapshot-7~svn326246/tools/sanstats -I /build/llvm-toolchain-snapshot-7~svn326246/build-llvm/include -I /build/llvm-toolchain-snapshot-7~svn326246/include -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/x86_64-linux-gnu/c++/7.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/x86_64-linux-gnu/c++/7.3.0 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0/backward -internal-isystem /usr/include/clang/7.0.0/include/ -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-7/lib/clang/7.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-comment -std=c++11 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-7~svn326246/build-llvm/tools/sanstats -ferror-limit 19 -fmessage-length 0 -fvisibility-inlines-hidden -fobjc-runtime=gcc -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -o /tmp/scan-build-2018-02-28-041547-14988-1 -x c++ /build/llvm-toolchain-snapshot-7~svn326246/tools/sanstats/sanstats.cpp
1//===- sanstats.cpp - Sanitizer statistics dumper -------------------------===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This tool dumps statistics information from files in the format produced
11// by clang's -fsanitize-stats feature.
12//
13//===----------------------------------------------------------------------===//
14
15#include "llvm/DebugInfo/Symbolize/Symbolize.h"
16#include "llvm/Support/CommandLine.h"
17#include "llvm/Support/ErrorOr.h"
18#include "llvm/Support/MemoryBuffer.h"
19#include "llvm/Transforms/Utils/SanitizerStats.h"
20#include <stdint.h>
21
22using namespace llvm;
23
24static cl::opt<std::string> ClInputFile(cl::Positional, cl::Required,
25 cl::desc("<filename>"));
26
27static cl::opt<bool> ClDemangle("demangle", cl::init(false),
28 cl::desc("Print demangled function name."));
29
30inline uint64_t KindFromData(uint64_t Data, char SizeofPtr) {
31 return Data >> (SizeofPtr * 8 - kSanitizerStatKindBits);
32}
33
34inline uint64_t CountFromData(uint64_t Data, char SizeofPtr) {
35 return Data & ((1ull << (SizeofPtr * 8 - kSanitizerStatKindBits)) - 1);
26
The result of the left shift is undefined because the right operand is negative
36}
37
38uint64_t ReadLE(char Size, const char *Begin, const char *End) {
39 uint64_t Result = 0;
40 char Pos = 0;
41 while (Begin < End && Pos != Size) {
42 Result |= uint64_t(uint8_t(*Begin)) << (Pos * 8);
43 ++Begin;
44 ++Pos;
45 }
46 return Result;
47}
48
49const char *ReadModule(char SizeofPtr, const char *Begin, const char *End) {
50 const char *FilenameBegin = Begin;
51 while (Begin != End && *Begin)
14
Loop condition is false. Execution continues on line 53
52 ++Begin;
53 if (Begin == End)
15
Taking false branch
54 return nullptr;
55 StringRef Filename(FilenameBegin, Begin - FilenameBegin);
56
57 ++Begin;
58 if (Begin == End)
16
Taking false branch
59 return nullptr;
60
61 symbolize::LLVMSymbolizer::Options SymbolizerOptions;
62 SymbolizerOptions.Demangle = ClDemangle;
63 SymbolizerOptions.UseSymbolTable = true;
64 symbolize::LLVMSymbolizer Symbolizer(SymbolizerOptions);
65
66 while (1) {
17
Loop condition is true. Entering loop body
67 uint64_t Addr = ReadLE(SizeofPtr, Begin, End);
68 Begin += SizeofPtr;
69 uint64_t Data = ReadLE(SizeofPtr, Begin, End);
70 Begin += SizeofPtr;
71
72 if (Begin > End)
18
Taking false branch
73 return nullptr;
74 if (Addr == 0 && Data == 0)
19
Assuming 'Data' is not equal to 0
20
Taking false branch
75 return Begin;
76 if (Begin == End)
21
Taking false branch
77 return nullptr;
78
79 // As the instrumentation tracks the return address and not
80 // the address of the call to `__sanitizer_stat_report` we
81 // remove one from the address to get the correct DI.
82 if (Expected<DILineInfo> LineInfo =
22
Taking false branch
83 Symbolizer.symbolizeCode(Filename, Addr - 1)) {
84 llvm::outs() << LineInfo->FileName << ':' << LineInfo->Line << ' '
85 << LineInfo->FunctionName << ' ';
86 } else {
87 logAllUnhandledErrors(LineInfo.takeError(), llvm::outs(), "<error> ");
88 }
89
90 switch (KindFromData(Data, SizeofPtr)) {
23
Control jumps to the 'default' case at line 106
91 case SanStat_CFI_VCall:
92 llvm::outs() << "cfi-vcall";
93 break;
94 case SanStat_CFI_NVCall:
95 llvm::outs() << "cfi-nvcall";
96 break;
97 case SanStat_CFI_DerivedCast:
98 llvm::outs() << "cfi-derived-cast";
99 break;
100 case SanStat_CFI_UnrelatedCast:
101 llvm::outs() << "cfi-unrelated-cast";
102 break;
103 case SanStat_CFI_ICall:
104 llvm::outs() << "cfi-icall";
105 break;
106 default:
107 llvm::outs() << "<unknown>";
108 break;
24
Execution continues on line 111
109 }
110
111 llvm::outs() << " " << CountFromData(Data, SizeofPtr) << '\n';
25
Calling 'CountFromData'
112 }
113}
114
115int main(int argc, char **argv) {
116 cl::ParseCommandLineOptions(argc, argv,
117 "Sanitizer Statistics Processing Tool");
118
119 ErrorOr<std::unique_ptr<MemoryBuffer>> MBOrErr =
120 MemoryBuffer::getFile(ClInputFile, -1, false);
121 if (!MBOrErr) {
1
Taking false branch
122 errs() << argv[0] << ": " << ClInputFile << ": "
123 << MBOrErr.getError().message() << '\n';
124 return 1;
125 }
126 std::unique_ptr<MemoryBuffer> MB = std::move(MBOrErr.get());
127 const char *Begin = MB->getBufferStart(), *End = MB->getBufferEnd();
128 if (Begin == End) {
2
Assuming 'Begin' is not equal to 'End'
3
Taking false branch
129 errs() << argv[0] << ": " << ClInputFile << ": short read\n";
130 return 1;
131 }
132 char SizeofPtr = *Begin++;
133 while (Begin != End) {
4
Loop condition is true. Entering loop body
7
Assuming 'Begin' is not equal to 'End'
8
Loop condition is true. Entering loop body
11
Assuming 'Begin' is not equal to 'End'
12
Loop condition is true. Entering loop body
134 Begin = ReadModule(SizeofPtr, Begin, End);
13
Calling 'ReadModule'
135 if (Begin == nullptr) {
5
Assuming the condition is false
6
Taking false branch
9
Assuming the condition is false
10
Taking false branch
136 errs() << argv[0] << ": " << ClInputFile << ": short read\n";
137 return 1;
138 }
139 assert(Begin <= End)(static_cast <bool> (Begin <= End) ? void (0) : __assert_fail
("Begin <= End", "/build/llvm-toolchain-snapshot-7~svn326246/tools/sanstats/sanstats.cpp"
, 139, __extension__ __PRETTY_FUNCTION__))
;
140 }
141}