[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
@@ -926,6 +932,49 @@ void StreamChecker::evalFputx(const FnDescription *Desc,
const CallEvent ,
C.addTransition(StateFailed);
}
+void StreamChecker::evalFprintf(const FnDescription *Desc,
+const CallEvent ,
+CheckerContext ) const {
+ ProgramStateRef State = C.getState();
+ if (Call.getNumArgs() < 2)
+return;
+ SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
+ if (!StreamSym)
+return;
+
+ const CallExpr *CE = dyn_cast_or_null(Call.getOriginExpr());
+ if (!CE)
+return;
+
+ const StreamState *OldSS = State->get(StreamSym);
+ if (!OldSS)
+return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder = C.getSValBuilder();
+ auto = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+SVB.getConditionType())
+ .getAs();
+ if (!Cond)
+return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
balazske wrote:
Yes, some fixes can be done with `fprintf` and `fscanf` and the argument
invalidation. I plan to do this with the following patches.
https://github.com/llvm/llvm-project/pull/77613
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
https://github.com/steakhal edited https://github.com/llvm/llvm-project/pull/77613 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
@@ -926,6 +932,49 @@ void StreamChecker::evalFputx(const FnDescription *Desc,
const CallEvent ,
C.addTransition(StateFailed);
}
+void StreamChecker::evalFprintf(const FnDescription *Desc,
+const CallEvent ,
+CheckerContext ) const {
+ ProgramStateRef State = C.getState();
+ if (Call.getNumArgs() < 2)
+return;
+ SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
+ if (!StreamSym)
+return;
+
+ const CallExpr *CE = dyn_cast_or_null(Call.getOriginExpr());
+ if (!CE)
+return;
+
+ const StreamState *OldSS = State->get(StreamSym);
+ if (!OldSS)
+return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder = C.getSValBuilder();
+ auto = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+SVB.getConditionType())
+ .getAs();
+ if (!Cond)
+return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
balazs-benics-sonarsource wrote:
In addition to this, we should also invalidate any buffers passed to such
calls. This also sounds like a regression compared to default eval calling
"fpintf". (Look at the format string specifier `%n`)
https://github.com/llvm/llvm-project/pull/77613
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
@@ -926,6 +932,49 @@ void StreamChecker::evalFputx(const FnDescription *Desc,
const CallEvent ,
C.addTransition(StateFailed);
}
+void StreamChecker::evalFprintf(const FnDescription *Desc,
+const CallEvent ,
+CheckerContext ) const {
+ ProgramStateRef State = C.getState();
+ if (Call.getNumArgs() < 2)
+return;
+ SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
+ if (!StreamSym)
+return;
+
+ const CallExpr *CE = dyn_cast_or_null(Call.getOriginExpr());
+ if (!CE)
+return;
+
+ const StreamState *OldSS = State->get(StreamSym);
+ if (!OldSS)
+return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder = C.getSValBuilder();
+ auto = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+SVB.getConditionType())
+ .getAs();
+ if (!Cond)
+return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
steakhal wrote:
Downstream we used `State->assumeInclusiveRange()` for this.
As a sideffect, we bound an upperbound to the `RetVal` with the number of
arguments we had for the call.
Have you considered setting the upperbound here too?
I was thinking if the std library functions checker applies this constraint,
but AFAIK it does not, nor we have a proposed patch for doing so. And anyways
I'd prefer setting both upper and lowerbounds at the same checker if possible.
Thus, I write to this PR.
https://github.com/llvm/llvm-project/pull/77613
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
https://github.com/balazske closed https://github.com/llvm/llvm-project/pull/77613 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
https://github.com/balazske updated
https://github.com/llvm/llvm-project/pull/77613
From 96a786f07ca5fb84b372e0b7c60f371bf4cdfd7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?=
Date: Wed, 10 Jan 2024 10:55:27 +0100
Subject: [PATCH] [clang][analyzer] Add function 'fprintf' to StreamChecker.
---
.../StaticAnalyzer/Checkers/StreamChecker.cpp | 49 +++
clang/test/Analysis/stream-error.c| 17 +++
clang/test/Analysis/stream.c | 11 +++--
3 files changed, 74 insertions(+), 3 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
index 742426a628e065..95c7503e49e0d3 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
@@ -263,6 +263,9 @@ class StreamChecker : public Checker(Call.getOriginExpr());
+ if (!CE)
+return;
+
+ const StreamState *OldSS = State->get(StreamSym);
+ if (!OldSS)
+return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder = C.getSValBuilder();
+ auto = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+SVB.getConditionType())
+ .getAs();
+ if (!Cond)
+return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
+
+ StateNotFailed =
+ StateNotFailed->set(StreamSym, StreamState::getOpened(Desc));
+ C.addTransition(StateNotFailed);
+
+ // Add transition for the failed state. The resulting value of the file
+ // position indicator for the stream is indeterminate.
+ StateFailed = StateFailed->set(
+ StreamSym, StreamState::getOpened(Desc, ErrorFError, true));
+ C.addTransition(StateFailed);
+}
+
void StreamChecker::evalUngetc(const FnDescription *Desc, const CallEvent
,
CheckerContext ) const {
ProgramStateRef State = C.getState();
diff --git a/clang/test/Analysis/stream-error.c
b/clang/test/Analysis/stream-error.c
index 2d03c0bbe7c474..0f7fdddc0dd4cd 100644
--- a/clang/test/Analysis/stream-error.c
+++ b/clang/test/Analysis/stream-error.c
@@ -191,6 +191,23 @@ void error_fputs(void) {
fputs("ABC", F); // expected-warning {{Stream might be already closed}}
}
+void error_fprintf(void) {
+ FILE *F = tmpfile();
+ if (!F)
+return;
+ int Ret = fprintf(F, "aaa");
+ if (Ret >= 0) {
+clang_analyzer_eval(feof(F) || ferror(F)); // expected-warning {{FALSE}}
+fprintf(F, "bbb"); // no-warning
+ } else {
+clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
+clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
+fprintf(F, "bbb"); // expected-warning {{might be
'indeterminate'}}
+ }
+ fclose(F);
+ fprintf(F, "ccc"); // expected-warning {{Stream might be already closed}}
+}
+
void error_ungetc() {
FILE *F = tmpfile();
if (!F)
diff --git a/clang/test/Analysis/stream.c b/clang/test/Analysis/stream.c
index d8026247697a50..e8f06922bdb2f3 100644
--- a/clang/test/Analysis/stream.c
+++ b/clang/test/Analysis/stream.c
@@ -39,6 +39,12 @@ void check_fputs(void) {
fclose(fp);
}
+void check_fprintf(void) {
+ FILE *fp = tmpfile();
+ fprintf(fp, "ABC"); // expected-warning {{Stream pointer might be NULL}}
+ fclose(fp);
+}
+
void check_ungetc(void) {
FILE *fp = tmpfile();
ungetc('A', fp); // expected-warning {{Stream pointer might be NULL}}
@@ -271,9 +277,8 @@ void check_escape4(void) {
return;
fwrite("1", 1, 1, F); // may fail
- // no escape at (non-StreamChecker-handled) system call
- // FIXME: all such calls should be handled by the checker
- fprintf(F, "0");
+ // no escape at a non-StreamChecker-handled system call
+ setbuf(F, "0");
fwrite("1", 1, 1, F); // expected-warning {{might be 'indeterminate'}}
fclose(F);
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
https://github.com/NagyDonat approved this pull request. I don't see any issue. https://github.com/llvm/llvm-project/pull/77613 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
llvmbot wrote:
@llvm/pr-subscribers-clang-static-analyzer-1
Author: Balázs Kéri (balazske)
Changes
[clang][analyzer] Add function 'fprintf' to StreamChecker.
---
Full diff: https://github.com/llvm/llvm-project/pull/77613.diff
3 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp (+49)
- (modified) clang/test/Analysis/stream-error.c (+17)
- (modified) clang/test/Analysis/stream.c (+8-3)
``diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
index 25da3c18e8519f..d6df5199ece2d7 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
@@ -263,6 +263,9 @@ class StreamChecker : public Checker(Call.getOriginExpr());
+ if (!CE)
+return;
+
+ const StreamState *OldSS = State->get(StreamSym);
+ if (!OldSS)
+return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder = C.getSValBuilder();
+ auto = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+SVB.getConditionType())
+ .getAs();
+ if (!Cond)
+return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
+
+ StateNotFailed =
+ StateNotFailed->set(StreamSym, StreamState::getOpened(Desc));
+ C.addTransition(StateNotFailed);
+
+ // Add transition for the failed state. The resulting value of the file
+ // position indicator for the stream is indeterminate.
+ StateFailed = StateFailed->set(
+ StreamSym, StreamState::getOpened(Desc, ErrorFError, true));
+ C.addTransition(StateFailed);
+}
+
void StreamChecker::preFseek(const FnDescription *Desc, const CallEvent ,
CheckerContext ) const {
ProgramStateRef State = C.getState();
diff --git a/clang/test/Analysis/stream-error.c
b/clang/test/Analysis/stream-error.c
index 13c6684b5840af..abe391b21a4d07 100644
--- a/clang/test/Analysis/stream-error.c
+++ b/clang/test/Analysis/stream-error.c
@@ -191,6 +191,23 @@ void error_fputs(void) {
fputs("ABC", F); // expected-warning {{Stream might be already closed}}
}
+void error_fprintf(void) {
+ FILE *F = tmpfile();
+ if (!F)
+return;
+ int Ret = fprintf(F, "aaa");
+ if (Ret >= 0) {
+clang_analyzer_eval(feof(F) || ferror(F)); // expected-warning {{FALSE}}
+fprintf(F, "bbb"); // no-warning
+ } else {
+clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
+clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
+fprintf(F, "bbb"); // expected-warning {{might be
'indeterminate'}}
+ }
+ fclose(F);
+ fprintf(F, "ccc"); // expected-warning {{Stream might be already closed}}
+}
+
void write_after_eof_is_allowed(void) {
FILE *F = tmpfile();
if (!F)
diff --git a/clang/test/Analysis/stream.c b/clang/test/Analysis/stream.c
index 060d561c1fe1c2..bd1509f31bc0d0 100644
--- a/clang/test/Analysis/stream.c
+++ b/clang/test/Analysis/stream.c
@@ -39,6 +39,12 @@ void check_fputs(void) {
fclose(fp);
}
+void check_fprintf(void) {
+ FILE *fp = tmpfile();
+ fprintf(fp, "ABC"); // expected-warning {{Stream pointer might be NULL}}
+ fclose(fp);
+}
+
void check_fseek(void) {
FILE *fp = tmpfile();
fseek(fp, 0, 0); // expected-warning {{Stream pointer might be NULL}}
@@ -265,9 +271,8 @@ void check_escape4(void) {
return;
fwrite("1", 1, 1, F); // may fail
- // no escape at (non-StreamChecker-handled) system call
- // FIXME: all such calls should be handled by the checker
- fprintf(F, "0");
+ // no escape at a non-StreamChecker-handled system call
+ setbuf(F, "0");
fwrite("1", 1, 1, F); // expected-warning {{might be 'indeterminate'}}
fclose(F);
``
https://github.com/llvm/llvm-project/pull/77613
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Add function 'fprintf' to StreamChecker. (PR #77613)
https://github.com/balazske created
https://github.com/llvm/llvm-project/pull/77613
[clang][analyzer] Add function 'fprintf' to StreamChecker.
From 574816e425d623b3b07674422b901879cc3c83c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?=
Date: Wed, 10 Jan 2024 10:55:27 +0100
Subject: [PATCH] [clang][analyzer] Add function 'fprintf' to StreamChecker.
---
.../StaticAnalyzer/Checkers/StreamChecker.cpp | 49 +++
clang/test/Analysis/stream-error.c| 17 +++
clang/test/Analysis/stream.c | 11 +++--
3 files changed, 74 insertions(+), 3 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
index 25da3c18e8519f..d6df5199ece2d7 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
@@ -263,6 +263,9 @@ class StreamChecker : public Checker(Call.getOriginExpr());
+ if (!CE)
+return;
+
+ const StreamState *OldSS = State->get(StreamSym);
+ if (!OldSS)
+return;
+
+ assertStreamStateOpened(OldSS);
+
+ NonLoc RetVal = makeRetVal(C, CE).castAs();
+ State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ SValBuilder = C.getSValBuilder();
+ auto = C.getASTContext();
+ auto Cond = SVB.evalBinOp(State, BO_GE, RetVal, SVB.makeZeroVal(ACtx.IntTy),
+SVB.getConditionType())
+ .getAs();
+ if (!Cond)
+return;
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
+
+ StateNotFailed =
+ StateNotFailed->set(StreamSym, StreamState::getOpened(Desc));
+ C.addTransition(StateNotFailed);
+
+ // Add transition for the failed state. The resulting value of the file
+ // position indicator for the stream is indeterminate.
+ StateFailed = StateFailed->set(
+ StreamSym, StreamState::getOpened(Desc, ErrorFError, true));
+ C.addTransition(StateFailed);
+}
+
void StreamChecker::preFseek(const FnDescription *Desc, const CallEvent ,
CheckerContext ) const {
ProgramStateRef State = C.getState();
diff --git a/clang/test/Analysis/stream-error.c
b/clang/test/Analysis/stream-error.c
index 13c6684b5840af..abe391b21a4d07 100644
--- a/clang/test/Analysis/stream-error.c
+++ b/clang/test/Analysis/stream-error.c
@@ -191,6 +191,23 @@ void error_fputs(void) {
fputs("ABC", F); // expected-warning {{Stream might be already closed}}
}
+void error_fprintf(void) {
+ FILE *F = tmpfile();
+ if (!F)
+return;
+ int Ret = fprintf(F, "aaa");
+ if (Ret >= 0) {
+clang_analyzer_eval(feof(F) || ferror(F)); // expected-warning {{FALSE}}
+fprintf(F, "bbb"); // no-warning
+ } else {
+clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
+clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
+fprintf(F, "bbb"); // expected-warning {{might be
'indeterminate'}}
+ }
+ fclose(F);
+ fprintf(F, "ccc"); // expected-warning {{Stream might be already closed}}
+}
+
void write_after_eof_is_allowed(void) {
FILE *F = tmpfile();
if (!F)
diff --git a/clang/test/Analysis/stream.c b/clang/test/Analysis/stream.c
index 060d561c1fe1c2..bd1509f31bc0d0 100644
--- a/clang/test/Analysis/stream.c
+++ b/clang/test/Analysis/stream.c
@@ -39,6 +39,12 @@ void check_fputs(void) {
fclose(fp);
}
+void check_fprintf(void) {
+ FILE *fp = tmpfile();
+ fprintf(fp, "ABC"); // expected-warning {{Stream pointer might be NULL}}
+ fclose(fp);
+}
+
void check_fseek(void) {
FILE *fp = tmpfile();
fseek(fp, 0, 0); // expected-warning {{Stream pointer might be NULL}}
@@ -265,9 +271,8 @@ void check_escape4(void) {
return;
fwrite("1", 1, 1, F); // may fail
- // no escape at (non-StreamChecker-handled) system call
- // FIXME: all such calls should be handled by the checker
- fprintf(F, "0");
+ // no escape at a non-StreamChecker-handled system call
+ setbuf(F, "0");
fwrite("1", 1, 1, F); // expected-warning {{might be 'indeterminate'}}
fclose(F);
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
