tree: 3c2e800ac152654e93979ec96545dc201a94cc72 [path history] [tgz]
  1. tests/
  2. CMakeLists.txt
  3. DIR_METADATA
  4. IteratorChecker.cpp
  5. OWNERS
  6. README.md
iterator_checker/README.md

Clang IteratorChecker

Note for developers: FlowSensitive is a fast evolving framework, and thus some breaking changes are regularly introduced. The current state of this plugin works against llvmorg-18.0.0.

This clang plugin aims at detecting iterator use-after-invalidation bugs using the clang-tidy dataflow framework FlowSensitive.

For instance:

  for (auto* it = container->begin(); it != container->end();) {
    if (it->block_end <= block_offset) {
      // should be it = container->erase(it);
      container->erase(it);
    } else {
      ++it;
    }
  }
}

It is not valid using ++it in the second branch of the loop after if container->erase(it) was called on the first branch. See real code example.

Build

Clang is built using CMake. To run cmake, this script can be used:

  ./tools/clang/scripts/build.py     \
    --without-android                \
    --without-fuchsia                \
    --extra-tools iterator_checker

The build directory is created into: third_party/llvm-build/Release+Asserts/ and you can build it again using:

  ninja -C third_party/llvm-build/Release+Asserts/

Run the tests

	./tools/clang/iterator_checker/tests/test.py \
    $(pwd)/third_party/llvm-build/Release+Asserts/bin/clang

Using the plugin

The procedure is mostly the same as for the other clang plugins in chrome. What you need to do is to basically add the following in a GN file (depending what you want the plugin to be used for).

cflags += [
  "-Xclang",
  "-add-plugin",
  "-Xclang",
  "iterator-checker",
]