https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106140
Bug ID: 106140 Summary: RFE: analyzer could complain about misuses of socket APIs Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 106003 Target Milestone: --- POSIX has numerous API entrypoints for working with sockets, and, presumably, numerous ways of misusing them. They're expressed in terms of file-descriptors, and so checking them would interact with PR 106003. One specific example: the Juliet 1.3 testsuite https://samate.nist.gov/SARD/test-suites has a subdirectory: C/testcases/CWE666_Operation_on_Resource_in_Wrong_Phase_of_Lifetime/ which has e.g. tests that sockets have calls to: bind then listen then accept (good) rather than, say: accept then bind then listen (bad) This could be modeled as part of a state machine, possibly as part of the FD state machine. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003 [Bug 106003] RFE: -fanalyzer could complain about misuse of file-descriptors