This is an archive of the discontinued LLVM Phabricator instance.

Differential D92474

[analyzer][StdLibraryFunctionsChecker] Add return value constraint to functions with BufferSize
ClosedPublic

Authored by martong on Dec 2 2020, 3:40 AM.

Details

Reviewers
steakhal
Szelethus
Commits
rGb40b3196b321: [analyzer][StdLibraryFunctionsChecker] Add return value constraint to functions…

Diff Detail

Event Timeline

martong created this revision.Dec 2 2020, 3:40 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptDec 2 2020, 3:40 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: cfe-commits, ASDenysPetrov, Charusso and 11 others. · View Herald Transcript
martong requested review of this revision.Dec 2 2020, 3:40 AM
Harbormaster completed remote builds in B80795: Diff 308927.Dec 2 2020, 4:21 AM
steakhal added a comment.Dec 2 2020, 5:14 AM

I've double-checked the return values of each touched summary.
Everything seems fine to me, besides the two I've highlighted.

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
1775
1788

Same here.

1863

Aaa, I get it. We deal with this in a single transition. Fine.

2068

BTW, this is quite frequently repeated.
Do you think worth hoisting such a return value constraint?

I'm thinking of something like ReturnsZeroOrMinusOne.

martong marked 3 inline comments as done.Dec 2 2020, 6:36 AM
martong added inline comments.
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
1775

The two constraints are applied in the same case (branch), the second is more generic. The first constraint may not have any effect if Arg2 is Unknown. Consequently, [-1, -1] would be too strict in such cases.

martong marked 2 inline comments as done.Dec 2 2020, 6:48 AM
martong added inline comments.
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
2068

Good idea!

martong updated this revision to Diff 308951.Dec 2 2020, 6:48 AM
martong marked an inline comment as done.
  • Remove comments
  • Hoist Range(-1,0) to ReturnsZeroOrMinusOne
Harbormaster completed remote builds in B80807: Diff 308951.Dec 2 2020, 7:24 AM
steakhal accepted this revision.Dec 2 2020, 7:41 AM

Awesome, thank you.

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
1775

I overlooked that we have a single Case, my bad.

This revision is now accepted and ready to land.Dec 2 2020, 7:41 AM
Closed by commit rGb40b3196b321: [analyzer][StdLibraryFunctionsChecker] Add return value constraint to functions… (authored by martong). · Explain WhyDec 2 2020, 8:55 AM
This revision was automatically updated to reflect the committed changes.
martong added a commit: rGb40b3196b321: [analyzer][StdLibraryFunctionsChecker] Add return value constraint to functions….

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
55 lines

Diff 308981

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 LinesShow All 451 Lines▼ Show 20 Linesclass StdLibraryFunctionsChecker
public: public:
Summary(InvalidationKind InvalidationKd) : InvalidationKd(InvalidationKd) {} Summary(InvalidationKind InvalidationKd) : InvalidationKd(InvalidationKd) {}
Summary &Case(ConstraintSet &&CS) { Summary &Case(ConstraintSet &&CS) {
CaseConstraints.push_back(std::move(CS)); CaseConstraints.push_back(std::move(CS));
return *this; return *this;
} }
Summary &Case(const ConstraintSet &CS) {
CaseConstraints.push_back(CS);
return *this;
}
Summary &ArgConstraint(ValueConstraintPtr VC) { Summary &ArgConstraint(ValueConstraintPtr VC) {
assert(VC->getArgNo() != Ret && assert(VC->getArgNo() != Ret &&
"Arg constraint should not refer to the return value"); "Arg constraint should not refer to the return value");
ArgConstraints.push_back(VC); ArgConstraints.push_back(VC);
return *this; return *this;
} }
InvalidationKind getInvalidationKd() const { return InvalidationKd; } InvalidationKind getInvalidationKd() const { return InvalidationKd; }
▲ Show 20 LinesShow All 762 Lines▼ Show 20 Lines addToFunctionSummaryMap(
"getchar", Signature(ArgTypes{}, RetType{IntTy}), "getchar", Signature(ArgTypes{}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(WithinRange, .Case({ReturnValueCondition(WithinRange,
{{EOFv, EOFv}, {0, UCharRangeMax}})})); {{EOFv, EOFv}, {0, UCharRangeMax}})}));
// read()-like functions that never return more than buffer size. // read()-like functions that never return more than buffer size.
auto FreadSummary = auto FreadSummary =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(LessThanOrEq, ArgNo(2)), ReturnValueCondition(WithinRange, Range(0, SizeMax))})
})
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(0), /*BufSize=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(0), /*BufSize=*/ArgNo(1),
/*BufSizeMultiplier=*/ArgNo(2))); /*BufSizeMultiplier=*/ArgNo(2)));
// size_t fread(void *restrict ptr, size_t size, size_t nitems, // size_t fread(void *restrict ptr, size_t size, size_t nitems,
// FILE *restrict stream); // FILE *restrict stream);
addToFunctionSummaryMap( addToFunctionSummaryMap(
▲ Show 20 LinesShow All 510 Lines▼ Show 20 Lines if (ModelPOSIX) {
// ssize_t readlink(const char *restrict path, char *restrict buf, // ssize_t readlink(const char *restrict path, char *restrict buf,
// size_t bufsize); // size_t bufsize);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"readlink", "readlink",
Signature(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy}, Signature(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))) /*BufSize=*/ArgNo(2)))
steakhalUnsubmitted
Done
ReplyInline Actions
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
- ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
+ ReturnValueCondition(WithinRange, Range(-1, -1))})
.ArgConstraint(NotNull(ArgNo(0)))
steakhal:
martongAuthorUnsubmitted
Done
ReplyInline Actions

The two constraints are applied in the same case (branch), the second is more generic. The first constraint may not have any effect if Arg2 is Unknown. Consequently, [-1, -1] would be too strict in such cases.

martong: The two constraints are applied in the same case (branch), the second is more generic. The…
steakhalUnsubmitted
Not Done
ReplyInline Actions

I overlooked that we have a single Case, my bad.

steakhal: I overlooked that we have a single `Case`, my bad.
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, SizeMax)))); ArgumentCondition(2, WithinRange, Range(0, SizeMax))));
// ssize_t readlinkat(int fd, const char *restrict path, // ssize_t readlinkat(int fd, const char *restrict path,
// char *restrict buf, size_t bufsize); // char *restrict buf, size_t bufsize);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"readlinkat", "readlinkat",
Signature( Signature(
ArgTypes{IntTy, ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy}, ArgTypes{IntTy, ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(3)),
ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
steakhalUnsubmitted
Done
ReplyInline Actions
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(3)),
- ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
+ ReturnValueCondition(WithinRange, Range(-1, -1))})
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))

Same here.

steakhal: Same here.
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))) .ArgConstraint(NotNull(ArgNo(2)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2),
/*BufSize=*/ArgNo(3))) /*BufSize=*/ArgNo(3)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(3, WithinRange, Range(0, SizeMax)))); ArgumentCondition(3, WithinRange, Range(0, SizeMax))));
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines Optional<QualType> StructSockaddrPtrRestrictTy =
getRestrictTy(StructSockaddrPtrTy); getRestrictTy(StructSockaddrPtrTy);
Optional<QualType> ConstStructSockaddrPtrRestrictTy = Optional<QualType> ConstStructSockaddrPtrRestrictTy =
getRestrictTy(ConstStructSockaddrPtrTy); getRestrictTy(ConstStructSockaddrPtrTy);
Optional<QualType> Socklen_tTy = lookupTy("socklen_t"); Optional<QualType> Socklen_tTy = lookupTy("socklen_t");
Optional<QualType> Socklen_tPtrTy = getPointerTy(Socklen_tTy); Optional<QualType> Socklen_tPtrTy = getPointerTy(Socklen_tTy);
Optional<QualType> Socklen_tPtrRestrictTy = getRestrictTy(Socklen_tPtrTy); Optional<QualType> Socklen_tPtrRestrictTy = getRestrictTy(Socklen_tPtrTy);
Optional<RangeInt> Socklen_tMax = getMaxValue(Socklen_tTy); Optional<RangeInt> Socklen_tMax = getMaxValue(Socklen_tTy);
const auto ReturnsZeroOrMinusOne =
ConstraintSet{ReturnValueCondition(WithinRange, Range(-1, 0))};
// In 'socket.h' of some libc implementations with C99, sockaddr parameter // In 'socket.h' of some libc implementations with C99, sockaddr parameter
// is a transparent union of the underlying sockaddr_ family of pointers // is a transparent union of the underlying sockaddr_ family of pointers
// instead of being a pointer to struct sockaddr. In these cases, the // instead of being a pointer to struct sockaddr. In these cases, the
// standardized signature will not match, thus we try to match with another // standardized signature will not match, thus we try to match with another
// signature that has the joker Irrelevant type. We also remove those // signature that has the joker Irrelevant type. We also remove those
// constraints which require pointer types for the sockaddr param. // constraints which require pointer types for the sockaddr param.
auto Accept = auto Accept =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(WithinRange, Range(-1, IntMax))})
steakhalUnsubmitted
Done
ReplyInline Actions

Aaa, I get it. We deal with this in a single transition. Fine.

steakhal: Aaa, I get it. We deal with this in a single transition. Fine.
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))); .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"accept", "accept",
// int accept(int socket, struct sockaddr *restrict address, // int accept(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Accept)) Accept))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"accept", "accept",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Accept); Accept);
// int bind(int socket, const struct sockaddr *address, socklen_t // int bind(int socket, const struct sockaddr *address, socklen_t
// address_len); // address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"bind", "bind",
Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy}, Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(1), /*BufSize=*/ArgNo(2))) BufferSize(/*Buffer=*/ArgNo(1), /*BufSize=*/ArgNo(2)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax))))) ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax)))))
// Do not add constraints on sockaddr. // Do not add constraints on sockaddr.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"bind", "bind",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax)))); ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax))));
// int getpeername(int socket, struct sockaddr *restrict address, // int getpeername(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"getpeername", "getpeername",
Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))))) .ArgConstraint(NotNull(ArgNo(2)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getpeername", "getpeername",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int getsockname(int socket, struct sockaddr *restrict address, // int getsockname(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"getsockname", "getsockname",
Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))))) .ArgConstraint(NotNull(ArgNo(2)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getsockname", "getsockname",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int connect(int socket, const struct sockaddr *address, socklen_t // int connect(int socket, const struct sockaddr *address, socklen_t
// address_len); // address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"connect", "connect",
Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy}, Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))))) .ArgConstraint(NotNull(ArgNo(1)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"connect", "connect",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
auto Recvfrom = auto Recvfrom =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))); /*BufSize=*/ArgNo(2)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"recvfrom", "recvfrom",
// ssize_t recvfrom(int socket, void *restrict buffer, // ssize_t recvfrom(int socket, void *restrict buffer,
// size_t length, // size_t length,
// int flags, struct sockaddr *restrict address, // int flags, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy,
StructSockaddrPtrRestrictTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Recvfrom)) Recvfrom))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recvfrom", "recvfrom",
Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy,
Irrelevant, Socklen_tPtrRestrictTy}, Irrelevant, Socklen_tPtrRestrictTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Recvfrom); Recvfrom);
auto Sendto = auto Sendto =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))); /*BufSize=*/ArgNo(2)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"sendto", "sendto",
// ssize_t sendto(int socket, const void *message, size_t length, // ssize_t sendto(int socket, const void *message, size_t length,
// int flags, const struct sockaddr *dest_addr, // int flags, const struct sockaddr *dest_addr,
// socklen_t dest_len); // socklen_t dest_len);
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy,
ConstStructSockaddrPtrTy, Socklen_tTy}, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Sendto)) Sendto))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sendto", "sendto",
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Irrelevant, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Irrelevant,
Socklen_tTy}, Socklen_tTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Sendto); Sendto);
// int listen(int sockfd, int backlog); // int listen(int sockfd, int backlog);
addToFunctionSummaryMap("listen", addToFunctionSummaryMap("listen",
Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
0, WithinRange, Range(0, IntMax)))); 0, WithinRange, Range(0, IntMax))));
// ssize_t recv(int sockfd, void *buf, size_t len, int flags); // ssize_t recv(int sockfd, void *buf, size_t len, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recv", "recv",
Signature(ArgTypes{IntTy, VoidPtrTy, SizeTy, IntTy}, Signature(ArgTypes{IntTy, VoidPtrTy, SizeTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))); /*BufSize=*/ArgNo(2))));
Optional<QualType> StructMsghdrTy = lookupTy("msghdr"); Optional<QualType> StructMsghdrTy = lookupTy("msghdr");
Optional<QualType> StructMsghdrPtrTy = getPointerTy(StructMsghdrTy); Optional<QualType> StructMsghdrPtrTy = getPointerTy(StructMsghdrTy);
Optional<QualType> ConstStructMsghdrPtrTy = Optional<QualType> ConstStructMsghdrPtrTy =
getPointerTy(getConstTy(StructMsghdrTy)); getPointerTy(getConstTy(StructMsghdrTy));
// ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags); // ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags);
addToFunctionSummaryMap("recvmsg", addToFunctionSummaryMap(
"recvmsg",
Signature(ArgTypes{IntTy, StructMsghdrPtrTy, IntTy}, Signature(ArgTypes{IntTy, StructMsghdrPtrTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition( .Case({ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
0, WithinRange, Range(0, IntMax)))); .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags); // ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sendmsg", "sendmsg",
Signature(ArgTypes{IntTy, ConstStructMsghdrPtrTy, IntTy}, Signature(ArgTypes{IntTy, ConstStructMsghdrPtrTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int setsockopt(int socket, int level, int option_name, // int setsockopt(int socket, int level, int option_name,
// const void *option_value, socklen_t option_len); // const void *option_value, socklen_t option_len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"setsockopt", "setsockopt",
Signature(ArgTypes{IntTy, IntTy, IntTy, ConstVoidPtrTy, Socklen_tTy}, Signature(ArgTypes{IntTy, IntTy, IntTy, ConstVoidPtrTy, Socklen_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
steakhalUnsubmitted
Done
ReplyInline Actions

BTW, this is quite frequently repeated.
Do you think worth hoisting such a return value constraint?

I'm thinking of something like ReturnsZeroOrMinusOne.

steakhal: BTW, this is quite frequently repeated. Do you think worth hoisting such a return value…
martongAuthorUnsubmitted
Done
ReplyInline Actions

Good idea!

martong: Good idea!
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4))) BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, Socklen_tMax)))); ArgumentCondition(4, WithinRange, Range(0, Socklen_tMax))));
// int getsockopt(int socket, int level, int option_name, // int getsockopt(int socket, int level, int option_name,
// void *restrict option_value, // void *restrict option_value,
// socklen_t *restrict option_len); // socklen_t *restrict option_len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getsockopt", "getsockopt",
Signature(ArgTypes{IntTy, IntTy, IntTy, VoidPtrRestrictTy, Signature(ArgTypes{IntTy, IntTy, IntTy, VoidPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint(NotNull(ArgNo(4)))); .ArgConstraint(NotNull(ArgNo(4))));
// ssize_t send(int sockfd, const void *buf, size_t len, int flags); // ssize_t send(int sockfd, const void *buf, size_t len, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"send", "send",
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy}, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(-1, Ssize_tMax))})
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))); /*BufSize=*/ArgNo(2))));
// int socketpair(int domain, int type, int protocol, int sv[2]); // int socketpair(int domain, int type, int protocol, int sv[2]);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"socketpair", "socketpair",
Signature(ArgTypes{IntTy, IntTy, IntTy, IntPtrTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, IntTy, IntTy, IntPtrTy}, RetType{IntTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(3)))); Summary(NoEvalCall)
.Case(ReturnsZeroOrMinusOne)
.ArgConstraint(NotNull(ArgNo(3))));
// int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, // int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen,
// char *restrict node, socklen_t nodelen, // char *restrict node, socklen_t nodelen,
// char *restrict service, // char *restrict service,
// socklen_t servicelen, int flags); // socklen_t servicelen, int flags);
// //
// This is defined in netdb.h. And contrary to 'socket.h', the sockaddr // This is defined in netdb.h. And contrary to 'socket.h', the sockaddr
// parameter is never handled as a transparent union in netdb.h // parameter is never handled as a transparent union in netdb.h
▲ Show 20 LinesShow All 322 LinesShow Last 20 Lines