This is an archive of the discontinued LLVM Phabricator instance.

Differential D118370

[clang-tidy] bugprone-signal-handler: Message improvement and code refactoring.
ClosedPublic

Authored by balazske on Jan 27 2022, 7:49 AM.

Details

Reviewers
njames93
aaron.ballman
LegalizeAdulthood
whisperity
Commits
rGcc7ed0caaca5: [clang-tidy] bugprone-signal-handler: Message improvement and code refactoring.
Summary

Another change of the code design.
Code simplified again, now there is a single place to check
a handler function and less functions for bug report emitting.
More details are added to the bug report messages.

Diff Detail

Event Timeline

balazske created this revision.Jan 27 2022, 7:49 AM
Herald added subscribers: carlosgalvezp, steakhal, martong and 4 others. · View Herald TranscriptJan 27 2022, 7:49 AM
balazske requested review of this revision.Jan 27 2022, 7:49 AM
Herald added a project: Restricted Project. · View Herald TranscriptJan 27 2022, 7:49 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
balazske added a parent revision: D118224: [clang-tidy] bugprone-signal-handler improvements: display call chain.Jan 27 2022, 7:50 AM
balazske added reviewers: njames93, aaron.ballman, LegalizeAdulthood.Jan 27 2022, 7:52 AM
LegalizeAdulthood added inline comments.Jan 27 2022, 8:57 AM
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
146

Why do we ignore the return value of checkFunction here?

Also, the name doesn't reveal to me why the result is true
or false, e.g. it acts like a predicate but its name doesn't ask
a question.

balazske added inline comments.Jan 27 2022, 9:09 AM
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
146

The function returns if a problem (warning) was found. At the next call site it is used to display additional notes, but here it is not needed. A better name can be isFunctionValidSignalHandler but the function checks not only a fact, it generates the warnings too.

151

There are problems with this approach in C++ code.

njames93 added inline comments.Jan 27 2022, 9:33 AM
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
167

This can probably just be inlined into its only use.

clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.h
36

This isn't a very descriptive name, and the bool return value conveys no meaning. Probably could do with some documentation.

46–49

While you're refactoring, those static StringSets really belong in the implementation file, and the ConformingFunctions should be a const ref.

However global destructores are kind of a taboo thing, Maybe there is case to change them into a sorted array and binary search them to see if a function is conforming.
Probably wouldn't advise using TableGens StringMatcher to build this functionality as that maybe a little too far.

balazske updated this revision to Diff 404040.Jan 28 2022, 8:28 AM

Even more simplification, added documentation.
Text of bug reports is more detailed, no NFC now.

balazske marked 2 inline comments as done.Jan 28 2022, 8:37 AM
balazske added inline comments.
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
151

The call graph adds nodes for the canonical declaration only. When getting a node it works only with the CanonicalDecl unless the CallGraph code is changed (it seems to be worth to do this change).

167

The value is used now multiple times. (But maybe the diag call can be put into a lambda later.)

balazske retitled this revision from [clang-tidy] bugprone-signal-handler: Code refactor (NFC) to [clang-tidy] bugprone-signal-handler: Message improvement and code refactoring..Jan 28 2022, 8:38 AM
balazske edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B146304: Diff 404040.Jan 28 2022, 9:30 AM
LegalizeAdulthood added inline comments.Jan 28 2022, 12:34 PM
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
146

Can we put (void) checkFunction(...) here to make it clear
we're intentionally ignoring the return value?

clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.h
37

... as a signal handler

38

Should test the properties ...

39–41

... from a signal

42

.. from the signal handler ...

43

... as a registered

45

... only if a problem ...

balazske updated this revision to Diff 404434.Jan 31 2022, 12:36 AM
balazske marked an inline comment as done.

Corrected the comment problems, explained why return value of checkFunction is ignored.

balazske marked 8 inline comments as done.Jan 31 2022, 12:50 AM
Harbormaster completed remote builds in B146567: Diff 404434.Jan 31 2022, 1:06 AM
balazske added a child revision: D118996: [clang-tidy] Support C++14 in bugprone-signal-handler..Feb 4 2022, 7:10 AM
balazske updated this revision to Diff 406475.Feb 7 2022, 8:21 AM

Rebase

Harbormaster completed remote builds in B147995: Diff 406475.Feb 7 2022, 9:07 AM
balazske added a comment.Feb 15 2022, 6:16 AM

ping

aaron.ballman added a comment.Feb 23 2022, 11:15 AM

Mostly small nits, but it looks like precommit CI is failing due to the changes:

Failed Tests (2):
  Clang Tools :: clang-tidy/checkers/bugprone-signal-handler-minimal.c
  Clang Tools :: clang-tidy/checkers/bugprone-signal-handler-posix.c
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
149
186
201
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.h
47
balazske updated this revision to Diff 411047.Feb 24 2022, 1:59 AM

Applied review comments, fixed the failing tests.

Harbormaster completed remote builds in B151214: Diff 411047.Feb 24 2022, 2:36 AM
whisperity added a reviewer: whisperity.Mar 1 2022, 2:27 AM
whisperity added a subscriber: whisperity.

This generally looks good, and thank you! I have a few minor comments (mostly presentation and documentation).

clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
72–73

(Nit: There are a lot of indirections in the documentation that did not help understanding what is happening here.)

156–160
162–168

What does the return value of checkFunction signal to the user, and the if?

201
225

Otherwise, if these are truly const and we are reasonably sure they can be instantiated on any meaningful system without crashing, then these could be a TU-static. It's still iffy, but that technique is used in many places already.

225–226

Perchance this could work with constexpr? Although I'm not sure how widely supported that is, given that we're pegged at C++14 still.

clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.h
39–42

First, we usually call these "diagnostics" in Tidy and not "bug report notes", which to me seems like CSA terminology. Second... It's not clear to me what (from it) is referring to. "[...] show call chain from a signal handler to a [... specific? provided? expected? ...] function" sounds alright to me.

45
46–49

Once the ConformingFunctions is const, these symbols are not needed here, right? Static initialisation does feel dirty... (heck, there's even a CERT rule against that too!)

clang-tools-extra/test/clang-tidy/checkers/bugprone-signal-handler-posix.c
14 ↗(On Diff #411047)

I'm not exactly sure we should call printf (and memcpy) a "system call". As far as I can see, in this patch, isSystemCall() boils down to "declaration in file included as system header"

clang-tools-extra/test/clang-tidy/checkers/bugprone-signal-handler.c
31 ↗(On Diff #411047)
133 ↗(On Diff #411047)
Herald added a subscriber: rnkovacs. · View Herald TranscriptMar 1 2022, 2:27 AM
whisperity mentioned this in D118996: [clang-tidy] Support C++14 in bugprone-signal-handler..Mar 1 2022, 3:53 AM
balazske added inline comments.Mar 3 2022, 2:03 AM
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
156–160

Is this code not too long to put in the condition section?

162–168

This has a description in the header file.

clang-tools-extra/test/clang-tidy/checkers/bugprone-signal-handler-posix.c
14 ↗(On Diff #411047)

Call it "standard function"?

Herald added a project: Restricted Project. · View Herald TranscriptMar 3 2022, 2:03 AM
whisperity added inline comments.Mar 17 2022, 6:32 AM
clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp
156–160

The formatter will break it up appropriately, no problem with that.

clang-tools-extra/test/clang-tidy/checkers/bugprone-signal-handler-posix.c
14 ↗(On Diff #411047)

Yes, that would be better.

balazske updated this revision to Diff 416429.Mar 18 2022, 2:00 AM

Applied the review proposals.
Changed "system call" to "standard function".
Put the string lists into constant std::initializer_list.

balazske marked 15 inline comments as done.Mar 18 2022, 2:33 AM
Harbormaster completed remote builds in B154997: Diff 416429.Mar 18 2022, 2:41 AM
balazske updated this revision to Diff 416435.Mar 18 2022, 3:08 AM

Additional documentation related fixes.

balazske marked 2 inline comments as done.Mar 18 2022, 3:10 AM
Harbormaster completed remote builds in B155001: Diff 416435.Mar 18 2022, 3:22 AM
whisperity accepted this revision.Mar 29 2022, 2:17 AM

Alright, I think this is good to go. I like that it makes it clear that the called function is coming from some external source (system header or otherwise).

This revision is now accepted and ready to land.Mar 29 2022, 2:17 AM
Closed by commit rGcc7ed0caaca5: [clang-tidy] bugprone-signal-handler: Message improvement and code refactoring. (authored by balazske). · Explain WhyApr 7 2022, 12:40 AM
This revision was automatically updated to reflect the committed changes.
balazske added a commit: rGcc7ed0caaca5: [clang-tidy] bugprone-signal-handler: Message improvement and code refactoring..

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
bugprone/
10 lines
47 lines

Diff 403652

clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.h

Show All 27 Linespublic:
SignalHandlerCheck(StringRef Name, ClangTidyContext *Context); SignalHandlerCheck(StringRef Name, ClangTidyContext *Context);
void storeOptions(ClangTidyOptions::OptionMap &Opts) override; void storeOptions(ClangTidyOptions::OptionMap &Opts) override;
bool isLanguageVersionSupported(const LangOptions &LangOpts) const override; bool isLanguageVersionSupported(const LangOptions &LangOpts) const override;
void registerMatchers(ast_matchers::MatchFinder *Finder) override; void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override; void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
private: private:
bool checkFunction(const FunctionDecl *FD, const Expr *CallOrRef);
njames93Unsubmitted
Done
ReplyInline Actions

This isn't a very descriptive name, and the bool return value conveys no meaning. Probably could do with some documentation.

njames93: This isn't a very descriptive name, and the bool return value conveys no meaning. Probably…
bool isFunctionAsyncSafe(const FunctionDecl *FD) const; bool isFunctionAsyncSafe(const FunctionDecl *FD) const;
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

... as a signal handler

LegalizeAdulthood: ... `as a signal handler`
bool isSystemCallAsyncSafe(const FunctionDecl *FD) const; bool isSystemCallAsyncSafe(const FunctionDecl *FD) const;
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

Should test the properties ...

LegalizeAdulthood: `Should test the properties` ...
void reportBug(const FunctionDecl *CalledFunction, const Expr *CallOrRef, void reportHandlerChain(const llvm::df_iterator<clang::CallGraphNode *> &Itr,
bool DirectHandler);
void reportHandlerCommon(llvm::df_iterator<clang::CallGraphNode *> Itr,
const CallExpr *SignalCall,
const FunctionDecl *HandlerDecl, const FunctionDecl *HandlerDecl,
const Expr *HandlerRef); const Expr *HandlerRef);
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

... from a signal

LegalizeAdulthood: ... `from a signal`
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

.. from the signal handler ...

LegalizeAdulthood: .. `from the signal handler` ...
whisperityUnsubmitted
Done
ReplyInline Actions

First, we usually call these "diagnostics" in Tidy and not "bug report notes", which to me seems like CSA terminology. Second... It's not clear to me what (from it) is referring to. "[...] show call chain from a signal handler to a [... specific? provided? expected? ...] function" sounds alright to me.

whisperity: First, we usually call these "diagnostics" in Tidy and not "bug report notes", which to me…
clang::CallGraph CG; clang::CallGraph CG;
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

... as a registered

LegalizeAdulthood: ... `as a registered`
AsyncSafeFunctionSetType AsyncSafeFunctionSet; AsyncSafeFunctionSetType AsyncSafeFunctionSet;
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

... only if a problem ...

LegalizeAdulthood: ... `only if a problem` ...
whisperityUnsubmitted
Done
ReplyInline Actions
/// @param HandlerRef Reference to the signal handler function where it is
- /// registered (considered as first part of the call chain).
+ /// registered (considered as first element of the call chain).
void reportHandlerChain(const llvm::df_iterator<clang::CallGraphNode *> &Itr,
whisperity:
llvm::StringSet<> &ConformingFunctions; llvm::StringSet<> &ConformingFunctions;
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
bool checkFunction(const FunctionDecl *FD, const Expr *CallOrRef);
- /// Return if a system call function is considered as asynchronous-safe.
+ /// Returns true if a system call function is considered as asynchronous-safe.
bool isSystemCallAsyncSafe(const FunctionDecl *FD) const;
aaron.ballman:
static llvm::StringSet<> MinimalConformingFunctions; static llvm::StringSet<> MinimalConformingFunctions;
static llvm::StringSet<> POSIXConformingFunctions; static llvm::StringSet<> POSIXConformingFunctions;
njames93Unsubmitted
Not Done
ReplyInline Actions

While you're refactoring, those static StringSets really belong in the implementation file, and the ConformingFunctions should be a const ref.

However global destructores are kind of a taboo thing, Maybe there is case to change them into a sorted array and binary search them to see if a function is conforming.
Probably wouldn't advise using TableGens StringMatcher to build this functionality as that maybe a little too far.

njames93: While you're refactoring, those static StringSets really belong in the implementation file, and…
whisperityUnsubmitted
Done
ReplyInline Actions

Once the ConformingFunctions is const, these symbols are not needed here, right? Static initialisation does feel dirty... (heck, there's even a CERT rule against that too!)

whisperity: Once the `ConformingFunctions` is const, these symbols are not needed here, right? Static…
}; };
} // namespace bugprone } // namespace bugprone
} // namespace tidy } // namespace tidy
} // namespace clang } // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SIGNALHANDLERCHECK_H #endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SIGNALHANDLERCHECK_H

clang-tools-extra/clang-tidy/bugprone/SignalHandlerCheck.cpp

Show First 20 LinesShow All 63 Lines▼ Show 20 Linesbool isSystemCall(const FunctionDecl *FD) {
// d.c // d.c
// extern void sysfunc(void); // Canonical declaration, not in system header. // extern void sysfunc(void); // Canonical declaration, not in system header.
// #include <sysheader.h> // #include <sysheader.h>
return FD->getASTContext().getSourceManager().isInSystemHeader( return FD->getASTContext().getSourceManager().isInSystemHeader(
FD->getCanonicalDecl()->getLocation()); FD->getCanonicalDecl()->getLocation());
} }
/// Given a call graph node of a function and another one that is called from /// Given a call graph node of a function and another one that is called from
/// this function, get a CallExpr of the corresponding function call. /// this function, get a CallExpr of the corresponding function call.
whisperityUnsubmitted
Done
ReplyInline Actions
FD->getCanonicalDecl()->getLocation());
}
- /// Given a call graph node of a function and another one that is called from
- /// this function, get a CallExpr of the corresponding function call.
+ /// Given a call graph node of a @p Caller function and a @p Callee that is called from @p Caller,
+ /// get a @p CallExpr of the corresponding function call.
/// It is unspecified which call is found if multiple calls exist, but the order

(Nit: There are a lot of indirections in the documentation that did not help understanding what is happening here.)

whisperity: (Nit: There are a lot of indirections in the documentation that did not help understanding what…
/// It is unspecified which call is found if multiple calls exist, but the order /// It is unspecified which call is found if multiple calls exist, but the order
/// should be deterministic (depend only on the AST). /// should be deterministic (depend only on the AST).
Expr *findCallExpr(const CallGraphNode *Caller, const CallGraphNode *Callee) { Expr *findCallExpr(const CallGraphNode *Caller, const CallGraphNode *Callee) {
auto FoundCallee = llvm::find_if( auto FoundCallee = llvm::find_if(
Caller->callees(), [Callee](const CallGraphNode::CallRecord &Call) { Caller->callees(), [Callee](const CallGraphNode::CallRecord &Call) {
return Call.Callee == Callee; return Call.Callee == Callee;
}); });
assert(FoundCallee != Caller->end() && assert(FoundCallee != Caller->end() &&
▲ Show 20 LinesShow All 55 Lines▼ Show 20 Lines if (CG.size() <= 1) {
// (It is possible to add a single function but the functions called from it // (It is possible to add a single function but the functions called from it
// are not analysed in this case.) // are not analysed in this case.)
CG.addToCallGraph(const_cast<TranslationUnitDecl *>( CG.addToCallGraph(const_cast<TranslationUnitDecl *>(
HandlerDecl->getTranslationUnitDecl())); HandlerDecl->getTranslationUnitDecl()));
assert(CG.size() > 1 && assert(CG.size() > 1 &&
"There should be at least one function added to call graph."); "There should be at least one function added to call graph.");
} }
// Check for special case when the signal handler itself is an unsafe external if (!HandlerDecl->hasBody()) {
// function. checkFunction(HandlerDecl, HandlerExpr);
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

Why do we ignore the return value of checkFunction here?

Also, the name doesn't reveal to me why the result is true
or false, e.g. it acts like a predicate but its name doesn't ask
a question.

LegalizeAdulthood: Why do we ignore the return value of `checkFunction` here? Also, the name doesn't reveal to me…
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

The function returns if a problem (warning) was found. At the next call site it is used to display additional notes, but here it is not needed. A better name can be isFunctionValidSignalHandler but the function checks not only a fact, it generates the warnings too.

balazske: The function returns if a problem (warning) was found. At the next call site it is used to…
LegalizeAdulthoodUnsubmitted
Done
ReplyInline Actions

Can we put (void) checkFunction(...) here to make it clear
we're intentionally ignoring the return value?

LegalizeAdulthood: Can we put `(void) checkFunction(...)` here to make it clear we're intentionally ignoring the…
if (!isFunctionAsyncSafe(HandlerDecl)) {
reportBug(HandlerDecl, HandlerExpr, /*DirectHandler=*/true);
return; return;
} }
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
// No need to show a call chain.
- // Without code body there is no more thing to check.
+ // Without code body there is nothing more to check.
return;
aaron.ballman:
CallGraphNode *HandlerNode = CG.getNode(HandlerDecl); CallGraphNode *HandlerNode = CG.getNode(HandlerDecl);
// Signal handler can be external but not unsafe, no call graph in this case. assert(HandlerNode &&
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

There are problems with this approach in C++ code.

balazske: There are problems with this approach in C++ code.
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

The call graph adds nodes for the canonical declaration only. When getting a node it works only with the CanonicalDecl unless the CallGraph code is changed (it seems to be worth to do this change).

balazske: The call graph adds nodes for the canonical declaration only. When getting a node it works only…
if (!HandlerNode) "Handler has body, should be present in the call graph.");
return;
// Start from signal handler and visit every function call. // Start from signal handler and visit every function call.
for (auto Itr = llvm::df_begin(HandlerNode), ItrE = llvm::df_end(HandlerNode); for (auto Itr = llvm::df_begin(HandlerNode), ItrE = llvm::df_end(HandlerNode);
Itr != ItrE; ++Itr) { Itr != ItrE; ++Itr) {
const auto *CallF = dyn_cast<FunctionDecl>((*Itr)->getDecl()); const auto *CallF = dyn_cast<FunctionDecl>((*Itr)->getDecl());
if (CallF && !isFunctionAsyncSafe(CallF)) { if (CallF && CallF != HandlerDecl) {
assert(Itr.getPathLength() >= 2); if (checkFunction(
reportBug(CallF, findCallExpr(Itr.getPath(Itr.getPathLength() - 2), *Itr), CallF, findCallExpr(Itr.getPath(Itr.getPathLength() - 2), *Itr)))
/*DirectHandler=*/false); reportHandlerChain(Itr, HandlerDecl, HandlerExpr);
whisperityUnsubmitted
Done
ReplyInline Actions
Itr != ItrE; ++Itr) {
- const auto *CallF = dyn_cast<FunctionDecl>((*Itr)->getDecl());
- if (CallF) {
+
+ if (const auto *CallF = dyn_cast<FunctionDecl>((*Itr)->getDecl())) {
unsigned int PathL = Itr.getPathLength();
whisperity:
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

Is this code not too long to put in the condition section?

balazske: Is this code not too long to put in the condition section?
whisperityUnsubmitted
Done
ReplyInline Actions

The formatter will break it up appropriately, no problem with that.

whisperity: The formatter will break it up appropriately, no problem with that.
reportHandlerCommon(Itr, SignalCall, HandlerDecl, HandlerExpr); }
}
} }
bool SignalHandlerCheck::checkFunction(const FunctionDecl *FD,
const Expr *CallOrRef) {
const bool FunctionIsCalled = isa<CallExpr>(CallOrRef);
njames93Unsubmitted
Done
ReplyInline Actions

This can probably just be inlined into its only use.

njames93: This can probably just be inlined into its only use.
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

The value is used now multiple times. (But maybe the diag call can be put into a lambda later.)

balazske: The value is used now multiple times. (But maybe the `diag` call can be put into a lambda later.
whisperityUnsubmitted
Done
ReplyInline Actions
: findCallExpr(Itr.getPath(PathL - 2), *Itr);
if (checkFunction(CallF, CallOrRef))
reportHandlerChain(Itr, HandlerExpr);
}
}
}
+ /// @returns true if a diagnostic was emitted for @p FD.
bool SignalHandlerCheck::checkFunction(const FunctionDecl *FD,
const Expr *CallOrRef) {

What does the return value of checkFunction signal to the user, and the if?

whisperity: What does the return value of `checkFunction` signal to the user, and the `if`?
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

This has a description in the header file.

balazske: This has a description in the header file.
if (!isFunctionAsyncSafe(FD)) {
diag(CallOrRef->getBeginLoc(), "%0 may not be asynchronous-safe; "
"%select{using it as|calling it from}1 "
"a signal handler may be dangerous")
<< FD << FunctionIsCalled;
return true;
} }
return false;
} }
bool SignalHandlerCheck::isFunctionAsyncSafe(const FunctionDecl *FD) const { bool SignalHandlerCheck::isFunctionAsyncSafe(const FunctionDecl *FD) const {
if (isSystemCall(FD)) if (isSystemCall(FD))
return isSystemCallAsyncSafe(FD); return isSystemCallAsyncSafe(FD);
// For external (not checkable) functions assume that these are unsafe. // For external (not checkable) functions assume that these are unsafe.
return FD->hasBody(); return FD->hasBody();
} }
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
const Expr *CallOrRef) {
- const bool FunctionIsCalled = isa<CallExpr>(CallOrRef);
+ bool FunctionIsCalled = isa<CallExpr>(CallOrRef);
if (isSystemCall(FD)) {
aaron.ballman:
bool SignalHandlerCheck::isSystemCallAsyncSafe(const FunctionDecl *FD) const { bool SignalHandlerCheck::isSystemCallAsyncSafe(const FunctionDecl *FD) const {
const IdentifierInfo *II = FD->getIdentifier(); const IdentifierInfo *II = FD->getIdentifier();
// Unnamed functions are not explicitly allowed. // Unnamed functions are not explicitly allowed.
if (!II) if (!II)
return false; return false;
// FIXME: Improve for C++ (check for namespace). // FIXME: Improve for C++ (check for namespace).
if (ConformingFunctions.count(II->getName())) if (ConformingFunctions.count(II->getName()))
return true; return true;
return false; return false;
} }
void SignalHandlerCheck::reportBug(const FunctionDecl *CalledFunction, void SignalHandlerCheck::reportHandlerChain(
const Expr *CallOrRef, bool DirectHandler) { const llvm::df_iterator<clang::CallGraphNode *> &Itr,
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
if (!FD->hasBody()) {
- diag(CallOrRef->getBeginLoc(), "can not verify if external function %0 is "
+ diag(CallOrRef->getBeginLoc(), "cannot verify if external function %0 is "
"asynchronous-safe; "
aaron.ballman:
whisperityUnsubmitted
Done
ReplyInline Actions
if (!FD->hasBody()) {
- diag(CallOrRef->getBeginLoc(), "cannot verify if external function %0 is "
+ diag(CallOrRef->getBeginLoc(), "cannot verify that external function %0 is "
"asynchronous-safe; "
whisperity:
diag(CallOrRef->getBeginLoc(),
"%0 may not be asynchronous-safe; %select{calling it from|using it as}1 "
"a signal handler may be dangerous")
<< CalledFunction << DirectHandler;
}
void SignalHandlerCheck::reportHandlerCommon(
llvm::df_iterator<clang::CallGraphNode *> Itr, const CallExpr *SignalCall,
const FunctionDecl *HandlerDecl, const Expr *HandlerRef) { const FunctionDecl *HandlerDecl, const Expr *HandlerRef) {
int CallLevel = Itr.getPathLength() - 2; int CallLevel = Itr.getPathLength() - 2;
assert(CallLevel >= -1 && "Empty iterator?"); assert(CallLevel >= -1 && "Empty iterator?");
const CallGraphNode *Caller = Itr.getPath(CallLevel + 1), *Callee = nullptr; const CallGraphNode *Caller = Itr.getPath(CallLevel + 1), *Callee = nullptr;
while (CallLevel >= 0) { while (CallLevel >= 0) {
Callee = Caller; Callee = Caller;
Caller = Itr.getPath(CallLevel); Caller = Itr.getPath(CallLevel);
const Expr *CE = findCallExpr(Caller, Callee); const Expr *CE = findCallExpr(Caller, Callee);
diag(CE->getBeginLoc(), "function %0 called here from %1", diag(CE->getBeginLoc(), "function %0 called here from %1",
DiagnosticIDs::Note) DiagnosticIDs::Note)
<< cast<FunctionDecl>(Callee->getDecl()) << cast<FunctionDecl>(Callee->getDecl())
<< cast<FunctionDecl>(Caller->getDecl()); << cast<FunctionDecl>(Caller->getDecl());
--CallLevel; --CallLevel;
} }
diag(HandlerRef->getBeginLoc(), diag(HandlerRef->getBeginLoc(),
"function %0 registered here as signal handler", DiagnosticIDs::Note) "function %0 registered here as signal handler", DiagnosticIDs::Note)
<< HandlerDecl; << HandlerDecl;
} }
// This is the minimal set of safe functions. // This is the minimal set of safe functions.
// https://wiki.sei.cmu.edu/confluence/display/c/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers // https://wiki.sei.cmu.edu/confluence/display/c/SIG30-C.+Call+only+asynchronous-safe+functions+within+signal+handlers
llvm::StringSet<> SignalHandlerCheck::MinimalConformingFunctions{ llvm::StringSet<> SignalHandlerCheck::MinimalConformingFunctions{
whisperityUnsubmitted
Not Done
ReplyInline Actions

Otherwise, if these are truly const and we are reasonably sure they can be instantiated on any meaningful system without crashing, then these could be a TU-static. It's still iffy, but that technique is used in many places already.

whisperity: Otherwise, **if** these are truly const and we are reasonably sure they can be instantiated on…
"signal", "abort", "_Exit", "quick_exit"}; "signal", "abort", "_Exit", "quick_exit"};
whisperityUnsubmitted
Done
ReplyInline Actions

Perchance this could work with constexpr? Although I'm not sure how widely supported that is, given that we're pegged at C++14 still.

whisperity: Perchance this could work with `constexpr`? Although I'm not sure how widely supported that is…
// The POSIX-defined set of safe functions. // The POSIX-defined set of safe functions.
// https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03 // https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03
// 'quick_exit' is added to the set additionally because it looks like the // 'quick_exit' is added to the set additionally because it looks like the
// mentioned POSIX specification was not updated after 'quick_exit' appeared // mentioned POSIX specification was not updated after 'quick_exit' appeared
// in the C11 standard. // in the C11 standard.
// Also, we want to keep the "minimal set" a subset of the "POSIX set". // Also, we want to keep the "minimal set" a subset of the "POSIX set".
llvm::StringSet<> SignalHandlerCheck::POSIXConformingFunctions{ llvm::StringSet<> SignalHandlerCheck::POSIXConformingFunctions{
▲ Show 20 LinesShow All 196 LinesShow Last 20 Lines