This is an archive of the discontinued LLVM Phabricator instance.

Differential D111245

[analyzer] Bifurcate on getenv() calls
ClosedPublic

Authored by steakhal on Oct 6 2021, 10:19 AM.

Details

Reviewers
martong
balazske
ASDenysPetrov
NoQ
Szelethus
Commits
rG7fc150309d27: [analyzer] Bifurcate on getenv() calls
Summary

The getenv() function might return NULL just like any other function.
However, in case of getenv() a state-split seems justified since the
programmer should expect the failure of this function.

secure_getenv(const char *name) behaves the same way but is not handled right now.
Note that std::getenv() is also not handled.

Diff Detail

Event Timeline

steakhal created this revision.Oct 6 2021, 10:19 AM
Herald added subscribers: manas, dkrupp, donat.nagy and 7 others. · View Herald TranscriptOct 6 2021, 10:19 AM
steakhal requested review of this revision.Oct 6 2021, 10:19 AM
steakhal added inline comments.
clang/test/Analysis/std-c-library-functions.c
260

typo

Harbormaster completed remote builds in B127332: Diff 377594.Oct 6 2021, 11:23 AM
NoQ added a comment.Oct 6 2021, 11:12 PM

a state-split seems justified since the programmer should expect the failure of this function

The programmer can often make an argument that his program is always run "in a controlled environment". It could be a system daemon that's only invoked by the system in a specific manner or it could be a custom server that's run only on one server machine fully controlled by the developer. So most of the time, yeah, it's probably a useful behavior, but sometimes people may want to disable it. Maybe we should make a single global setting, say, -analyzer-config assume-controlled-environment=... or something like that, that'd make the static analyzer produce less such bifurcations.

steakhal added a child revision: D111296: [analyzer] Introduce the assume-controlled-environment config option.Oct 7 2021, 3:31 AM
In D111245#3047214, @NoQ wrote:

a state-split seems justified since the programmer should expect the failure of this function

The programmer can often make an argument that his program is always run "in a controlled environment". It could be a system daemon that's only invoked by the system in a specific manner or it could be a custom server that's run only on one server machine fully controlled by the developer. So most of the time, yeah, it's probably a useful behavior, but sometimes people may want to disable it. Maybe we should make a single global setting, say, -analyzer-config assume-controlled-environment=... or something like that, that'd make the static analyzer produce less such bifurcations.

Hmm, that seems reasonable. Check the child revision: D111296.

martong accepted this revision.Oct 12 2021, 8:23 AM

LGTM!

This revision is now accepted and ready to land.Oct 12 2021, 8:23 AM
This revision was landed with ongoing or failed builds.Oct 13 2021, 1:51 AM
Closed by commit rG7fc150309d27: [analyzer] Bifurcate on getenv() calls (authored by steakhal). · Explain Why
This revision was automatically updated to reflect the committed changes.
steakhal added a commit: rG7fc150309d27: [analyzer] Bifurcate on getenv() calls.
Herald added a project: Restricted Project. · View Herald TranscriptOct 13 2021, 1:51 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
8 lines
test/
Analysis/
8 lines

Diff 379306

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 LinesShow All 1,427 Lines▼ Show 20 Linesvoid StdLibraryFunctionsChecker::initFunctionSummaries(
// int delimiter, FILE *restrict stream); // int delimiter, FILE *restrict stream);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getdelim", "getdelim",
Signature(ArgTypes{CharPtrPtrRestrictTy, SizePtrRestrictTy, IntTy, Signature(ArgTypes{CharPtrPtrRestrictTy, SizePtrRestrictTy, IntTy,
FilePtrRestrictTy}, FilePtrRestrictTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
GetLineSummary); GetLineSummary);
// char *getenv(const char *name);
addToFunctionSummaryMap(
"getenv", Signature(ArgTypes{ConstCharPtrTy}, RetType{CharPtrTy}),
Summary(NoEvalCall)
.Case({NotNull(Ret)})
.Case({NotNull(Ret)->negate()})
.ArgConstraint(NotNull(ArgNo(0))));
if (ModelPOSIX) { if (ModelPOSIX) {
// long a64l(const char *str64); // long a64l(const char *str64);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"a64l", Signature(ArgTypes{ConstCharPtrTy}, RetType{LongTy}), "a64l", Signature(ArgTypes{ConstCharPtrTy}, RetType{LongTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0)))); Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
// char *l64a(long value); // char *l64a(long value);
▲ Show 20 LinesShow All 1,229 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions.c

Show First 20 LinesShow All 248 Lines▼ Show 20 Lines
void test_call_by_pointer() { void test_call_by_pointer() {
typedef int (*func)(int); typedef int (*func)(int);
func f = isascii; func f = isascii;
clang_analyzer_eval(f('A')); // expected-warning{{TRUE}} clang_analyzer_eval(f('A')); // expected-warning{{TRUE}}
f = ispunct; f = ispunct;
clang_analyzer_eval(f('A')); // expected-warning{{FALSE}} clang_analyzer_eval(f('A')); // expected-warning{{FALSE}}
} }
char *getenv(const char *name);
void test_getenv() {
// getenv() bifurcates here.
steakhalAuthorUnsubmitted
Done
ReplyInline Actions

typo

steakhal: typo
clang_analyzer_eval(getenv("FOO") == 0);
// expected-warning@-1 {{TRUE}}
// expected-warning@-2 {{FALSE}}
}