Note for developers: FlowSensitive is a fast evolving framework, and thus some breaking changes are regularly introduced. The current state of this plugin works against
llvmorg-18.0.0
.
This clang plugin aims at detecting iterator use-after-invalidation bugs using the clang-tidy dataflow framework FlowSensitive.
For instance:
for (auto* it = container->begin(); it != container->end();) { if (it->block_end <= block_offset) { // should be it = container->erase(it); container->erase(it); } else { ++it; } } }
It is not valid using ++it
in the second branch of the loop after if container->erase(it)
was called on the first branch. See real code example.
Clang is built using CMake. To run cmake, this script can be used:
./tools/clang/scripts/build.py \ --without-android \ --without-fuchsia \ --extra-tools iterator_checker
The build directory is created into: third_party/llvm-build/Release+Asserts/
and you can build it again using:
ninja -C third_party/llvm-build/Release+Asserts/
./tools/clang/iterator_checker/tests/test.py \ $(pwd)/third_party/llvm-build/Release+Asserts/bin/clang
The procedure is mostly the same as for the other clang plugins in chrome. What you need to do is to basically add the following in a GN file (depending what you want the plugin to be used for).
cflags += [ "-Xclang", "-add-plugin", "-Xclang", "iterator-checker", ]