This is an archive of the discontinued LLVM Phabricator instance.

Differential D78280

[Analyzer][StreamChecker] Track streams that were not found to be opened.
Needs ReviewPublic

Authored by balazske on Apr 16 2020, 12:56 AM.

Details

Reviewers
Szelethus
NoQ
baloghadamsoftware
xazax.hun
martong
Summary

If a stream operation is encountered with unknown stream (to the checker)
the stream is recognized and added to the data structure.
(Instead of ignoring the call.)

This patch in only here for reference purposes, to not forget that this can be a useful feature. Probably at a later time we can think about this problem again and adapt this change to the StreamChecker at that time. The problem is that if we find a stream function call without a stream open call, the stream was opened presumably at another function. So it is assumable that the other function (where it was opened) handles some of the stream calls and error handling, probably together with the current function, so analysing the current function only may produce wrong results (but still it is possible to discover real errors). (And if we have luck the current function is inlined from that other function.)

Diff Detail

Event Timeline

balazske created this revision.Apr 16 2020, 12:56 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptApr 16 2020, 12:56 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: cfe-commits, ASDenysPetrov, martong and 10 others. · View Herald Transcript
Harbormaster failed remote builds in B53522: Diff 257980!Apr 16 2020, 1:34 AM
balazske added a comment.Apr 17 2020, 2:55 AM

I am not sure if this is the best approach: In a similar case (no opening function encountered) it is possible that the stream is already "escaped", there could be references to it from outside the analyzed function (to which it was passed, or got from another non-analyzed function). Maybe it is better to ignore such cases as it is already without this change, then we do not need to handle "escape" of the stream pointer specially (only remove it from the data).

Szelethus added a comment.Apr 20 2020, 6:38 AM

The high level idea seems great after surveying the analyzer for similar issues, but I might need to think about this a bit longer. @baloghadamsoftware, IteratorChecker needs to solve similar problems, right? Do you have any input on this?

Szelethus added reviewers: NoQ, baloghadamsoftware, xazax.hun, martong.Apr 20 2020, 6:38 AM
Herald added a subscriber: rnkovacs. · View Herald TranscriptApr 20 2020, 6:38 AM
baloghadamsoftware added a comment.May 14 2020, 5:10 AM

I like this idea, except the word OpenEncountered, but that might be a matter of taste. Please try this patch on several open-source projects, such as BitCoin, CURL, OpenSSL, PostGreS, TMux and Xerces. Then compare the results whether we have more or less true and false positives.

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
36

Maybe SawOpened or ExplicitlyOpened?

NoQ added inline comments.May 14 2020, 7:12 AM
clang/test/Analysis/stream.c
11–13

What do these tests test?

balazske marked an inline comment as done.May 14 2020, 7:57 AM

Currently priority of this change is lower than D78374.
If a similar change is done a "escaped" stream state will be needed too.

clang/test/Analysis/stream.c
11–13

There should be no warning about resource leak (file not closed). This may be not the best approach to show what the checker does. Some other detectable problem should be added to show that the functions are not ignored by the checker.
(I do not like that the buffer argument is 0 here, probably other checker should check this.)

Szelethus mentioned this in D80699: [Analyzer][StreamChecker] Add check for pointer escape..Jun 4 2020, 3:25 AM
Szelethus added inline comments.
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
36

Shouldn't this be in KindTy?

Szelethus added a comment.Jul 10 2020, 4:33 AM

Its a bit hard to judge this. Have you tested this on open source projects?

balazske edited the summary of this revision. (Show Details)Jul 10 2020, 7:27 AM

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
81 lines
test/
Analysis/
31 lines
46 lines

Diff 257980

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp

Show All 25 Lines
namespace { namespace {
struct FnDescription; struct FnDescription;
/// Full state information about a stream pointer. /// Full state information about a stream pointer.
struct StreamState { struct StreamState {
/// The last file operation called in the stream. /// The last file operation called in the stream.
const FnDescription *LastOperation; const FnDescription *LastOperation;
/// Was a opening function encountered for this stream?
/// (False if the stream was first encountered in a non-opening function.)
bool OpenEncountered;
baloghadamsoftwareUnsubmitted
Not Done
ReplyInline Actions

Maybe SawOpened or ExplicitlyOpened?

baloghadamsoftware: Maybe `SawOpened` or `ExplicitlyOpened`?
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Shouldn't this be in KindTy?

Szelethus: Shouldn't this be in `KindTy`?
/// State of a stream symbol. /// State of a stream symbol.
/// FIXME: We need maybe an "escaped" state later. /// FIXME: We need maybe an "escaped" state later.
enum KindTy { enum KindTy {
Opened, /// Stream is opened. Opened, /// Stream is opened.
Closed, /// Closed stream (an invalid stream pointer after it was closed). Closed, /// Closed stream (an invalid stream pointer after it was closed).
OpenFailed /// The last open operation has failed. OpenFailed /// The last open operation has failed.
} State; } State;
Show All 35 Linesstruct StreamState {
} }
bool operator==(const StreamState &X) const { bool operator==(const StreamState &X) const {
// In not opened state error should always NoError. // In not opened state error should always NoError.
return LastOperation == X.LastOperation && State == X.State && return LastOperation == X.LastOperation && State == X.State &&
ErrorState == X.ErrorState; ErrorState == X.ErrorState;
} }
static StreamState getOpened(const FnDescription *L) { static StreamState getOpened(const FnDescription *L,
return StreamState{L, Opened}; const StreamState *PrevState,
ErrorKindTy NewError) {
if (PrevState)
return StreamState{L, PrevState->OpenEncountered, Opened, NewError};
else
return StreamState{L, false, Opened, NewError};
} }
static StreamState getOpened(const FnDescription *L, ErrorKindTy E) { static StreamState getOpened(const FnDescription *L,
return StreamState{L, Opened, E}; bool OpenEncountered = true) {
return StreamState{L, OpenEncountered, Opened, NoError};
} }
static StreamState getClosed(const FnDescription *L) { static StreamState getClosed(const FnDescription *L) {
return StreamState{L, Closed}; return StreamState{L, false, Closed};
} }
static StreamState getOpenFailed(const FnDescription *L) { static StreamState getOpenFailed(const FnDescription *L) {
return StreamState{L, OpenFailed}; return StreamState{L, false, OpenFailed};
} }
/// Return if the specified error kind is possible on the stream in the /// Return if the specified error kind is possible on the stream in the
/// current state. /// current state.
/// This depends on the stored `LastOperation` value. /// This depends on the stored `LastOperation` value.
/// If the error is not possible returns empty value. /// If the error is not possible returns empty value.
/// If the error is possible returns the remaining possible error type /// If the error is possible returns the remaining possible error type
/// (after taking out `ErrorKind`). If a single error is possible it will /// (after taking out `ErrorKind`). If a single error is possible it will
/// return that value, otherwise unknown error. /// return that value, otherwise unknown error.
Optional<ErrorKindTy> getRemainingPossibleError(ErrorKindTy ErrorKind) const; Optional<ErrorKindTy> getRemainingPossibleError(ErrorKindTy ErrorKind) const;
void Profile(llvm::FoldingSetNodeID &ID) const { void Profile(llvm::FoldingSetNodeID &ID) const {
ID.AddPointer(LastOperation); ID.AddPointer(LastOperation);
ID.AddBoolean(OpenEncountered);
ID.AddInteger(State); ID.AddInteger(State);
ID.AddInteger(ErrorState); ID.AddInteger(ErrorState);
} }
}; };
class StreamChecker; class StreamChecker;
using FnCheck = std::function<void(const StreamChecker *, const FnDescription *, using FnCheck = std::function<void(const StreamChecker *, const FnDescription *,
const CallEvent &, CheckerContext &)>; const CallEvent &, CheckerContext &)>;
▲ Show 20 LinesShow All 146 Lines▼ Show 20 Linesprivate:
template <StreamState::ErrorKindTy ErrorKind> template <StreamState::ErrorKindTy ErrorKind>
void evalFeofFerror(const FnDescription *Desc, const CallEvent &Call, void evalFeofFerror(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
template <StreamState::ErrorKindTy EK> template <StreamState::ErrorKindTy EK>
void evalSetFeofFerror(const FnDescription *Desc, const CallEvent &Call, void evalSetFeofFerror(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void evalDebugDumpState(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const;
/// Check that the stream (in StreamVal) is not NULL. /// Check that the stream (in StreamVal) is not NULL.
/// If it can only be NULL a fatal error is emitted and nullptr returned. /// If it can only be NULL a fatal error is emitted and nullptr returned.
/// Otherwise the return value is a new state where the stream is constrained /// Otherwise the return value is a new state where the stream is constrained
/// to be non-null. /// to be non-null.
ProgramStateRef ensureStreamNonNull(SVal StreamVal, CheckerContext &C, ProgramStateRef ensureStreamNonNull(SVal StreamVal, CheckerContext &C,
ProgramStateRef State) const; ProgramStateRef State) const;
/// Check that the stream is the opened state. /// Check that the stream is the opened state.
Show All 26 Linesprivate:
} }
}; };
} // end anonymous namespace } // end anonymous namespace
REGISTER_MAP_WITH_PROGRAMSTATE(StreamMap, SymbolRef, StreamState) REGISTER_MAP_WITH_PROGRAMSTATE(StreamMap, SymbolRef, StreamState)
inline void assertStreamStateOpened(const StreamState *SS) { inline void assertStreamStateOpened(const StreamState *SS) {
assert(SS->isOpened() && assert((!SS || SS->isOpened()) &&
"Previous create of error node for non-opened stream failed?"); "Previous create of error node for non-opened stream failed?");
} }
void StreamChecker::checkPreCall(const CallEvent &Call, void StreamChecker::checkPreCall(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
const FnDescription *Desc = lookupFn(Call); const FnDescription *Desc = lookupFn(Call);
if (!Desc || !Desc->PreFn) if (!Desc || !Desc->PreFn)
return; return;
▲ Show 20 LinesShow All 67 Lines▼ Show 20 Lines if (!StreamVal)
return; return;
SymbolRef StreamSym = StreamVal->getAsSymbol(); SymbolRef StreamSym = StreamVal->getAsSymbol();
// Do not care about concrete values for stream ("(FILE *)0x12345"?). // Do not care about concrete values for stream ("(FILE *)0x12345"?).
// FIXME: Are stdin, stdout, stderr such values? // FIXME: Are stdin, stdout, stderr such values?
if (!StreamSym) if (!StreamSym)
return; return;
bool OpenEncountered = false;
if (const StreamState *SS = State->get<StreamMap>(StreamSym))
OpenEncountered = SS->OpenEncountered;
// Generate state for non-failed case. // Generate state for non-failed case.
// Return value is the passed stream pointer. // Return value is the passed stream pointer.
// According to the documentations, the stream is closed first // According to the documentations, the stream is closed first
// but any close error is ignored. The state changes to (or remains) opened. // but any close error is ignored. The state changes to (or remains) opened.
ProgramStateRef StateRetNotNull = ProgramStateRef StateRetNotNull =
State->BindExpr(CE, C.getLocationContext(), *StreamVal); State->BindExpr(CE, C.getLocationContext(), *StreamVal);
// Generate state for NULL return value. // Generate state for NULL return value.
// Stream switches to OpenFailed state. // Stream switches to OpenFailed state.
ProgramStateRef StateRetNull = State->BindExpr(CE, C.getLocationContext(), ProgramStateRef StateRetNull = State->BindExpr(CE, C.getLocationContext(),
C.getSValBuilder().makeNull()); C.getSValBuilder().makeNull());
StateRetNotNull = StateRetNotNull = StateRetNotNull->set<StreamMap>(
StateRetNotNull->set<StreamMap>(StreamSym, StreamState::getOpened(Desc)); StreamSym, StreamState::getOpened(Desc, OpenEncountered));
StateRetNull = StateRetNull =
StateRetNull->set<StreamMap>(StreamSym, StreamState::getOpenFailed(Desc)); StateRetNull->set<StreamMap>(StreamSym, StreamState::getOpenFailed(Desc));
C.addTransition(StateRetNotNull); C.addTransition(StateRetNotNull);
C.addTransition(StateRetNull); C.addTransition(StateRetNull);
} }
void StreamChecker::evalFclose(const FnDescription *Desc, const CallEvent &Call, void StreamChecker::evalFclose(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef Sym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef Sym = getStreamArg(Desc, Call).getAsSymbol();
if (!Sym) if (!Sym)
return; return;
const StreamState *SS = State->get<StreamMap>(Sym); const StreamState *SS = State->get<StreamMap>(Sym);
if (!SS)
return;
assertStreamStateOpened(SS); assertStreamStateOpened(SS);
// Close the File Descriptor. // Close the File Descriptor.
// Regardless if the close fails or not, stream becomes "closed" // Regardless if the close fails or not, stream becomes "closed"
// and can not be used any more. // and can not be used any more.
State = State->set<StreamMap>(Sym, StreamState::getClosed(Desc)); State = State->set<StreamMap>(Sym, StreamState::getClosed(Desc));
Show All 23 Linesvoid StreamChecker::evalFseek(const FnDescription *Desc, const CallEvent &Call,
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
if (!StreamSym) if (!StreamSym)
return; return;
const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
if (!CE) if (!CE)
return; return;
// Ignore the call if the stream is not tracked. const StreamState *SS = State->get<StreamMap>(StreamSym);
if (!State->get<StreamMap>(StreamSym))
return;
DefinedSVal RetVal = makeRetVal(C, CE); assertStreamStateOpened(SS);
// Make expression result. // Make expression result.
DefinedSVal RetVal = makeRetVal(C, CE);
State = State->BindExpr(CE, C.getLocationContext(), RetVal); State = State->BindExpr(CE, C.getLocationContext(), RetVal);
// Bifurcate the state into failed and non-failed. // Bifurcate the state into failed and non-failed.
// Return zero on success, nonzero on error. // Return zero on success, nonzero on error.
ProgramStateRef StateNotFailed, StateFailed; ProgramStateRef StateNotFailed, StateFailed;
std::tie(StateFailed, StateNotFailed) = std::tie(StateFailed, StateNotFailed) =
C.getConstraintManager().assumeDual(State, RetVal); C.getConstraintManager().assumeDual(State, RetVal);
// Reset the state to opened with no error. // Reset the state to opened with no error.
StateNotFailed = StateNotFailed = StateNotFailed->set<StreamMap>(
StateNotFailed->set<StreamMap>(StreamSym, StreamState::getOpened(Desc)); StreamSym, StreamState::getOpened(Desc, SS, StreamState::NoError));
// We get error. // We get error.
StateFailed = StateFailed->set<StreamMap>( StateFailed = StateFailed->set<StreamMap>(
StreamSym, StreamState::getOpened(Desc, StreamState::Unknown)); StreamSym, StreamState::getOpened(Desc, SS, StreamState::Unknown));
C.addTransition(StateNotFailed); C.addTransition(StateNotFailed);
C.addTransition(StateFailed); C.addTransition(StateFailed);
} }
void StreamChecker::evalClearerr(const FnDescription *Desc, void StreamChecker::evalClearerr(const FnDescription *Desc,
const CallEvent &Call, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
if (!StreamSym) if (!StreamSym)
return; return;
const StreamState *SS = State->get<StreamMap>(StreamSym); const StreamState *SS = State->get<StreamMap>(StreamSym);
if (!SS)
return;
assertStreamStateOpened(SS); assertStreamStateOpened(SS);
State = State->set<StreamMap>(StreamSym, StreamState::getOpened(Desc)); State = State->set<StreamMap>(
StreamSym, StreamState::getOpened(Desc, SS, StreamState::NoError));
C.addTransition(State); C.addTransition(State);
} }
template <StreamState::ErrorKindTy ErrorKind> template <StreamState::ErrorKindTy ErrorKind>
void StreamChecker::evalFeofFerror(const FnDescription *Desc, void StreamChecker::evalFeofFerror(const FnDescription *Desc,
const CallEvent &Call, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
if (!StreamSym) if (!StreamSym)
return; return;
const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
if (!CE) if (!CE)
return; return;
auto AddTransition = [&C, Desc, StreamSym](ProgramStateRef State, const StreamState *SS = State->get<StreamMap>(StreamSym);
StreamState::ErrorKindTy SSError) {
StreamState SSNew = StreamState::getOpened(Desc, SSError); assertStreamStateOpened(SS);
auto AddTransition = [&C, Desc, StreamSym,
SS](ProgramStateRef State,
StreamState::ErrorKindTy NewError) {
StreamState SSNew = StreamState::getOpened(Desc, SS, NewError);
State = State->set<StreamMap>(StreamSym, SSNew); State = State->set<StreamMap>(StreamSym, SSNew);
C.addTransition(State); C.addTransition(State);
}; };
const StreamState *SS = State->get<StreamMap>(StreamSym); if (!SS) {
if (!SS) AddTransition(bindInt(0, State, C, CE), StreamState::Unknown);
AddTransition(bindAndAssumeTrue(State, C, CE), ErrorKind);
return; return;
}
assertStreamStateOpened(SS);
if (!SS->isUnknown()) { if (!SS->isUnknown()) {
// The stream is in exactly known state (error or not). // The stream is in exactly known state (error or not).
// Check if it is in error of kind `ErrorKind`. // Check if it is in error of kind `ErrorKind`.
if (SS->ErrorState == ErrorKind) if (SS->ErrorState == ErrorKind)
State = bindAndAssumeTrue(State, C, CE); State = bindAndAssumeTrue(State, C, CE);
else else
State = bindInt(0, State, C, CE); State = bindInt(0, State, C, CE);
Show All 34 Lines
void StreamChecker::evalSetFeofFerror(const FnDescription *Desc, void StreamChecker::evalSetFeofFerror(const FnDescription *Desc,
const CallEvent &Call, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
assert(StreamSym && "Operation not permitted on non-symbolic stream value."); assert(StreamSym && "Operation not permitted on non-symbolic stream value.");
const StreamState *SS = State->get<StreamMap>(StreamSym); const StreamState *SS = State->get<StreamMap>(StreamSym);
assert(SS && "Stream should be tracked by the checker."); assert(SS && "Stream should be tracked by the checker.");
State = State->set<StreamMap>(StreamSym, State = State->set<StreamMap>(
StreamState::getOpened(SS->LastOperation, EK)); StreamSym, StreamState::getOpened(SS->LastOperation, SS, EK));
C.addTransition(State); C.addTransition(State);
} }
ProgramStateRef ProgramStateRef
StreamChecker::ensureStreamNonNull(SVal StreamVal, CheckerContext &C, StreamChecker::ensureStreamNonNull(SVal StreamVal, CheckerContext &C,
ProgramStateRef State) const { ProgramStateRef State) const {
auto Stream = StreamVal.getAs<DefinedSVal>(); auto Stream = StreamVal.getAs<DefinedSVal>();
if (!Stream) if (!Stream)
▲ Show 20 LinesShow All 98 Lines▼ Show 20 Linesvoid StreamChecker::checkDeadSymbols(SymbolReaper &SymReaper,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
// TODO: Clean up the state. // TODO: Clean up the state.
const StreamMapTy &Map = State->get<StreamMap>(); const StreamMapTy &Map = State->get<StreamMap>();
for (const auto &I : Map) { for (const auto &I : Map) {
SymbolRef Sym = I.first; SymbolRef Sym = I.first;
const StreamState &SS = I.second; const StreamState &SS = I.second;
if (!SymReaper.isDead(Sym) || !SS.isOpened()) if (!SymReaper.isDead(Sym) || !SS.isOpened() || !SS.OpenEncountered)
continue; continue;
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
continue; continue;
if (!BT_ResourceLeak) if (!BT_ResourceLeak)
BT_ResourceLeak.reset( BT_ResourceLeak.reset(
Show All 23 Lines

clang/test/Analysis/stream-error.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-checker=debug.StreamTester,debug.ExprInspection -analyzer-store region -verify %s // RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-checker=debug.StreamTester,debug.ExprInspection -analyzer-store region -verify %s
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
void clang_analyzer_warnIfReached();
void StreamTesterChecker_make_feof_stream(FILE *); void StreamTesterChecker_make_feof_stream(FILE *);
void StreamTesterChecker_make_ferror_stream(FILE *); void StreamTesterChecker_make_ferror_stream(FILE *);
void error_fopen() { void error_fopen() {
FILE *F = fopen("file", "r"); FILE *F = fopen("file", "r");
if (!F) if (!F)
return; return;
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
fclose(F); fclose(F);
} }
void error_freopen() { void error_freopen(FILE *F) {
FILE *F = fopen("file", "r");
if (!F)
return;
F = freopen(0, "w", F); F = freopen(0, "w", F);
if (!F) if (!F)
return; return;
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
fclose(F);
} }
void stream_error_feof() { void stream_error_feof() {
FILE *F = fopen("file", "r"); FILE *F = fopen("file", "r");
if (!F) if (!F)
return; return;
StreamTesterChecker_make_feof_stream(F); StreamTesterChecker_make_feof_stream(F);
clang_analyzer_eval(feof(F)); // expected-warning {{TRUE}} clang_analyzer_eval(feof(F)); // expected-warning {{TRUE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
clearerr(F); clearerr(F);
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
fclose(F); fclose(F);
} }
void stream_error_feof_noopen(FILE *F) {
if (feof(F))
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
else if (ferror(F))
clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
else
clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
}
void stream_error_ferror() { void stream_error_ferror() {
FILE *F = fopen("file", "r"); FILE *F = fopen("file", "r");
if (!F) if (!F)
return; return;
StreamTesterChecker_make_ferror_stream(F); StreamTesterChecker_make_ferror_stream(F);
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}} clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
clearerr(F); clearerr(F);
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
fclose(F); fclose(F);
} }
void error_fseek() { void stream_error_ferror_noopen(FILE *F) {
FILE *F = fopen("file", "r"); if (ferror(F))
if (!F) clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
return; else if (feof(F))
clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
else
clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
}
void error_fseek(FILE *F) {
int rc = fseek(F, 0, SEEK_SET); int rc = fseek(F, 0, SEEK_SET);
if (rc) { if (rc) {
int IsFEof = feof(F), IsFError = ferror(F); int IsFEof = feof(F), IsFError = ferror(F);
// Get feof or ferror or no error. // Get feof or ferror or no error.
clang_analyzer_eval(IsFEof || IsFError); clang_analyzer_eval(IsFEof || IsFError);
// expected-warning@-1 {{FALSE}} // expected-warning@-1 {{FALSE}}
// expected-warning@-2 {{TRUE}} // expected-warning@-2 {{TRUE}}
clang_analyzer_eval(IsFEof && IsFError); // expected-warning {{FALSE}} clang_analyzer_eval(IsFEof && IsFError); // expected-warning {{FALSE}}
// Error flags should not change. // Error flags should not change.
if (IsFEof) if (IsFEof)
clang_analyzer_eval(feof(F)); // expected-warning {{TRUE}} clang_analyzer_eval(feof(F)); // expected-warning {{TRUE}}
else else
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
if (IsFError) if (IsFError)
clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}} clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
else else
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
} else { } else {
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
// Error flags should not change. // Error flags should not change.
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
} }
fclose(F);
} }

clang/test/Analysis/stream.c

// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.unix.Stream -analyzer-store region -verify %s // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.unix.Stream -analyzer-store region -verify %s
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
void check_fread() { void check_fread() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
fread(0, 0, 0, fp); // expected-warning {{Stream pointer might be NULL}} fread(0, 0, 0, fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_feread_noopen(FILE *fp) {
fread(0, 0, 0, fp);
}
NoQUnsubmitted
Not Done
ReplyInline Actions

What do these tests test?

NoQ: What do these tests test?
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

There should be no warning about resource leak (file not closed). This may be not the best approach to show what the checker does. Some other detectable problem should be added to show that the functions are not ignored by the checker.
(I do not like that the buffer argument is 0 here, probably other checker should check this.)

balazske: There should be no warning about resource leak (file not closed). This may be not the best…
void check_fwrite() { void check_fwrite() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
fwrite(0, 0, 0, fp); // expected-warning {{Stream pointer might be NULL}} fwrite(0, 0, 0, fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_fwrite_noopen(FILE *fp) {
fwrite(0, 0, 0, fp);
}
void check_fseek() { void check_fseek() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
fseek(fp, 0, 0); // expected-warning {{Stream pointer might be NULL}} fseek(fp, 0, 0); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_fseek_noopen(FILE *fp) {
fseek(fp, 0, 0);
}
void check_ftell() { void check_ftell() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
ftell(fp); // expected-warning {{Stream pointer might be NULL}} ftell(fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_ftell_noopen(FILE *fp) {
ftell(fp);
}
void check_rewind() { void check_rewind() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
rewind(fp); // expected-warning {{Stream pointer might be NULL}} rewind(fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_rewind_noopen(FILE *fp) {
rewind(fp);
}
void check_fgetpos() { void check_fgetpos() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
fpos_t pos; fpos_t pos;
fgetpos(fp, &pos); // expected-warning {{Stream pointer might be NULL}} fgetpos(fp, &pos); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_fgetpos_noopen(FILE *fp) {
fpos_t pos;
fgetpos(fp, &pos);
}
void check_fsetpos() { void check_fsetpos() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
fpos_t pos; fpos_t pos;
fsetpos(fp, &pos); // expected-warning {{Stream pointer might be NULL}} fsetpos(fp, &pos); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_fsetpos_noopen(FILE *fp) {
fpos_t pos;
fsetpos(fp, &pos);
}
void check_clearerr() { void check_clearerr() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
clearerr(fp); // expected-warning {{Stream pointer might be NULL}} clearerr(fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_clearerr_noopen(FILE *fp) {
clearerr(fp);
}
void check_feof() { void check_feof() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
feof(fp); // expected-warning {{Stream pointer might be NULL}} feof(fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_feof_noopen(FILE *fp) {
feof(fp);
}
void check_ferror() { void check_ferror() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
ferror(fp); // expected-warning {{Stream pointer might be NULL}} ferror(fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_ferror_noopen(FILE *fp) {
ferror(fp);
}
void check_fileno() { void check_fileno() {
FILE *fp = tmpfile(); FILE *fp = tmpfile();
fileno(fp); // expected-warning {{Stream pointer might be NULL}} fileno(fp); // expected-warning {{Stream pointer might be NULL}}
fclose(fp); fclose(fp);
} }
void check_fileno_noopen(FILE *fp) {
fileno(fp);
}
void f_open(void) { void f_open(void) {
FILE *p = fopen("foo", "r"); FILE *p = fopen("foo", "r");
char buf[1024]; char buf[1024];
fread(buf, 1, 1, p); // expected-warning {{Stream pointer might be NULL}} fread(buf, 1, 1, p); // expected-warning {{Stream pointer might be NULL}}
fclose(p); fclose(p);
} }
void f_seek(void) { void f_seek(void) {
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Linesvoid check_freopen_3() {
if (f1) { if (f1) {
// Unchecked result of freopen. // Unchecked result of freopen.
// The f1 may be invalid after this call. // The f1 may be invalid after this call.
freopen(0, "w", f1); freopen(0, "w", f1);
rewind(f1); // expected-warning {{Stream might be invalid}} rewind(f1); // expected-warning {{Stream might be invalid}}
fclose(f1); fclose(f1);
} }
} }
No newline at end of file No newline at end of file