This is an archive of the discontinued LLVM Phabricator instance.

Differential D152436

[clang][analyzer] Move checker alpha.unix.StdCLibraryFunctions out of alpha.
AcceptedPublic

Authored by balazske on Jun 8 2023, 5:26 AM.

Details

Reviewers
Szelethus
NoQ
steakhal
gamesh411
Summary

This checker can be good enough to move out of alpha.
I am not sure about the exact requirements, this review can be a place
for discussion about what should be fixed (if any).

Diff Detail

Event Timeline

balazske created this revision.Jun 8 2023, 5:26 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptJun 8 2023, 5:26 AM
Herald added a reviewer: NoQ. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: steakhal, manas, ASDenysPetrov and 10 others. · View Herald Transcript
balazske requested review of this revision.Jun 8 2023, 5:26 AM
Herald added a project: Restricted Project. · View Herald TranscriptJun 8 2023, 5:26 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
balazske added a comment.Jun 8 2023, 5:31 AM

I could test the checker on these projects (CTU analysis was not used):
memcached,tmux,curl,twin,vim,openssl,sqlite,ffmpeg,postgres,tinyxml2,libwebm,xerces,bitcoin,protobuf,qtbase,contour,acid

These are reports that could be improved:
link
In this case function fileno returns -1 because of failure, but this is not indicated in a NoteTag. This is a correct result, only the note is missing. This problem can be solved if a note is displayed on every branch ("case") of the standard C functions. But this leads to many notes at un-interesting places. If the note is displayed only at "interesting" values another difficulty shows up: The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement. So the solution may require more work. This case with function fileno occurs 13 times in all the tested projects.
link
The function open is not modeled in StdCLibraryFunctionsChecker, it should not return less than -1 but this information is not included now.
link
This looks wrong, L should not be 0 because len looks > 0 (see the macros that set len). Probably the many bitwise operations cause the problem.
link
socket can not return less than -1 but this function is not modeled currently.
link
fwrite with 0 buffer and 0 size should not be an error, this is not checked now.
link
When file_size is 0 status.ok() is probably false that is not correctly recognized (may work in CTU mode?).

These results look good:
link
link
link
link
link
link
link
link
In this last case it looks like that previous call to ftell returns -1, this value is assigned to fileSize. This is again a case for improvement similar as the case with fileno.

balazske added a comment.Jun 8 2023, 5:34 AM

One deficiency is that some filenames of test files contain the old std-c-library-functions-arg name that is not used any more.

balazske added a comment.Jun 8 2023, 5:35 AM

Another question is if default value of ModelPOSIX can be changed to true?

Harbormaster completed remote builds in B237474: Diff 529568.Jun 8 2023, 5:57 AM
Szelethus added reviewers: steakhal, gamesh411.Jun 9 2023, 1:49 AM
Szelethus added a comment.Jun 9 2023, 3:42 AM

I am not sure about the exact requirements, this review can be a place for discussion about what should be fixed (if any).

D52984 added the "Making your checker better" section to the dev manual: https://clang-analyzer.llvm.org/checker_dev_manual.html (nobody can be faulted for not finding this, aside from those that witnessed its creation, it has faded from the collective memory of the analyzer developers).

In D152436#4405558, @balazske wrote:

I could test the checker on these projects (CTU analysis was not used):
memcached,tmux,curl,twin,vim,openssl,sqlite,ffmpeg,postgres,tinyxml2,libwebm,xerces,bitcoin,protobuf,qtbase,contour,acid

These are reports that could be improved:
link
In this case function fileno returns -1 because of failure, but this is not indicated in a NoteTag. This is a correct result, only the note is missing. This problem can be solved if a note is displayed on every branch ("case") of the standard C functions. But this leads to many notes at un-interesting places. If the note is displayed only at "interesting" values another difficulty shows up: The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement. So the solution may require more work. This case with function fileno occurs 13 times in all the tested projects.

Yeah, this is a tough cookie... is it okay to find hide the -1 branch behind an off-by-default checker option for the time being?

link
The function open is not modeled in StdCLibraryFunctionsChecker, it should not return less than -1 but this information is not included now.
link
socket can not return less than -1 but this function is not modeled currently.

These should be a rather painless fix, right?

link
This looks wrong, L should not be 0 because len looks > 0 (see the macros that set len). Probably the many bitwise operations cause the problem.
link
When file_size is 0 status.ok() is probably false that is not correctly recognized (may work in CTU mode?).

Looks like something we can live with.

link
fwrite with 0 buffer and 0 size should not be an error, this is not checked now.

Some discussion for that: D140387#inline-1360054. There is a FIXME in the code for it -- not sure how common this specific issue is, but we did stumble on it in an open source project... how painful would it be to fix this?

These results look good:
link
link
link
link
link
link
link
link
In this last case it looks like that previous call to ftell returns -1, this value is assigned to fileSize. This is again a case for improvement similar as the case with fileno.

steakhal added a comment.Jun 9 2023, 4:17 AM
In D152436#4405558, @balazske wrote:

These are reports that could be improved:
link
In this case function fileno returns -1 because of failure, but this is not indicated in a NoteTag. This is a correct result, only the note is missing. This problem can be solved if a note is displayed on every branch ("case") of the standard C functions. But this leads to many notes at un-interesting places. If the note is displayed only at "interesting" values another difficulty shows up: The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement. So the solution may require more work. This case with function fileno occurs 13 times in all the tested projects.

Could you elaborate on what do you mean by "The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement.". A short example would do the job I think.

I looked at the TPs, and if the violation was introduced by an assumption (instead of an assignment), then it's really hard to spot which assumption is important for the bug.
I wonder if we could add the TrackConstraintBRVisitor to the bugreport to "highlight" that particular assumption/place.

balazske added a comment.Jun 9 2023, 7:41 AM
In D152436#4408301, @steakhal wrote:
In D152436#4405558, @balazske wrote:

These are reports that could be improved:
link
In this case function fileno returns -1 because of failure, but this is not indicated in a NoteTag. This is a correct result, only the note is missing. This problem can be solved if a note is displayed on every branch ("case") of the standard C functions. But this leads to many notes at un-interesting places. If the note is displayed only at "interesting" values another difficulty shows up: The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement. So the solution may require more work. This case with function fileno occurs 13 times in all the tested projects.

Could you elaborate on what do you mean by "The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement.". A short example would do the job I think.

I looked at the TPs, and if the violation was introduced by an assumption (instead of an assignment), then it's really hard to spot which assumption is important for the bug.
I wonder if we could add the TrackConstraintBRVisitor to the bugreport to "highlight" that particular assumption/place.

The question is first if this problem must be fixed before the checker comes out of alpha state. If yes I try to make another patch with this fix. I tried this previously but do not remember exactly what the problem was.

clang/docs/analyzer/checkers.rst
922

This is applicable to C++ too?

steakhal added a comment.Jun 11 2023, 1:00 AM
In D152436#4408811, @balazske wrote:
In D152436#4408301, @steakhal wrote:

I looked at the TPs, and if the violation was introduced by an assumption (instead of an assignment), then it's really hard to spot which assumption is important for the bug.
I wonder if we could add the TrackConstraintBRVisitor to the bugreport to "highlight" that particular assumption/place.

The question is first if this problem must be fixed before the checker comes out of alpha state. If yes I try to make another patch with this fix. I tried this previously but do not remember exactly what the problem was.

WIthout an explicit note message there, I don't see how could we advertise this as a "mature" checker.

clang/docs/analyzer/checkers.rst
922

Yes it's applicable to c++ if they use these C APIs.
However, I would prefer not to extend it with C++. IMO that would only raise confusion.

Szelethus added a comment.Jun 12 2023, 1:42 AM
In D152436#4411912, @steakhal wrote:
In D152436#4408811, @balazske wrote:
In D152436#4408301, @steakhal wrote:

I looked at the TPs, and if the violation was introduced by an assumption (instead of an assignment), then it's really hard to spot which assumption is important for the bug.
I wonder if we could add the TrackConstraintBRVisitor to the bugreport to "highlight" that particular assumption/place.

The question is first if this problem must be fixed before the checker comes out of alpha state. If yes I try to make another patch with this fix. I tried this previously but do not remember exactly what the problem was.

WIthout an explicit note message there, I don't see how could we advertise this as a "mature" checker.

Is it possible to hide functions hindered by this problem behing an off-by-default flag?

balazske added a comment.Jun 19 2023, 7:40 AM

It is possible to add note tags to show decisions at standard functions. For example at fileno show if it has failed or not failed. The most simple way is to add it to all places, this means a note will show up on any bug path at all standard function usages. This is how it works already with the existing notes. Like in the following code:

int __test_case_note();

int test_case_note_1(int y) {
  int x1 = __test_case_note(); // expected-note{{Function returns 1}}
  int x = __test_case_note(); // expected-note{{Function returns 0}} \
                              // expected-note{{'x' initialized here}}
  return y / x; // expected-warning{{Division by zero}} \
                // expected-note{{Division by zero}}
}

int test_case_note_2(int y) {
  int x = __test_case_note(); // expected-note{{Function returns 1}}
  return y / (x - 1); // expected-warning{{Division by zero}} \
                      // expected-note{{Division by zero}}
}

Here the first note at line with "x1" is not necessary. This problem can be fixed if the note is only shown when the return value is "interesting":

int __test_case_note();

int test_case_note_1(int y) {
  int x1 = __test_case_note(); // no note
  int x = __test_case_note(); // expected-note{{Function returns 0}} \
                              // expected-note{{'x' initialized here}}
  return y / x; // expected-warning{{Division by zero}} \
                // expected-note{{Division by zero}}
}

int test_case_note_2(int y) {
  int x = __test_case_note(); // no note
  return y / (x - 1); // expected-warning{{Division by zero}} \
                      // expected-note{{Division by zero}}
}

But in this case the note at test_case_note_2 disappears because x-1 is interesting, but not x. Fixing this problem looks more difficult.

From these two solutions, which one is better? (Show many unnecessary notes, or show only necessary ones but lose some of the useful notes too.)

Szelethus added a comment.Jun 21 2023, 5:39 AM
In D152436#4432736, @balazske wrote:

From these two solutions, which one is better? (Show many unnecessary notes, or show only necessary ones but lose some of the useful notes too.)

How likely are the problems with the 2nd case? I know its a hassle, but can you upload results for the first and the second case? Its hard to tell without seeing how these pan out in the real world.

donat.nagy added a comment.Jun 21 2023, 6:34 AM
In D152436#4432736, @balazske wrote:

[...]
From these two solutions, which one is better? (Show many unnecessary notes, or show only necessary ones but lose some of the useful notes too.)

I think we must avoid polluting the environment with unnecessary notes (especially if we'd emit "many" of them), so I strongly suggest option 2.

Later it would be possible to fix the limitations of the interestingness system, e.g. by introducing a "mark all symbols in this expression as interesting" function. Perhaps we should open a separate discussion about this on discourse -- but this review and the de-alpha-ing of StdCLibraryFunctions should not be delayed by this tangentially related engine improvement!

Personally I think it's completely acceptable if the analyzer sometimes emits bug reports that are true positives but lack a message like "expected-note{{Function returns 1}}" as I'd guess that in the majority of these cases it wouldn't be terribly difficult for the user to manually derive this information from the context. (I'd say that even the previously highlighted fileno report is acceptable -- it's surprising at first, but all bug reports come with an implicit "On a certain execution path..." prefix and in this case it's easy to see that "certain" = "when fileno returns -1".)

If these issues produce lots of issues that are very confusing, then we should put the affected functions behind off-by-default flags, finish this review process, and revisit them later when the interestingness system is improved; but based on the available information I don't think that's necessary.

steakhal resigned from this revision.Jun 21 2023, 7:25 AM

I resign as a reviewer as I'm not deeply connected to this checker, thus I won't block it or accept it.
However, my opinion is that a checker should be "released" if they have clear diagnostics (which includes that it doesn't flood the user with unimportant diagnostics either).
Consequently, if there are features missing to accomplish that, then that thing is a blocker.

TBH I never understood why interestingness is not transitive over the SymExpr dependencies (symbols_begin/end).
This was not the only case when it hindered us. Just think of how taint propagates.

In D152436#4437692, @donat.nagy wrote:

Personally I think it's completely acceptable if the analyzer sometimes emits bug reports that are true positives but lack a message [...]

I must admit that I'm in the other camp.

If these issues produce lots of issues that are very confusing, then we should put the affected functions behind off-by-default flags, finish this review process, and revisit them later when the interestingness system is improved; but based on the available information I don't think that's necessary.

I can agree with this pragmatic approach.

donat.nagy added a comment.Jun 21 2023, 8:49 AM
In D152436#4437822, @steakhal wrote:
In D152436#4437692, @donat.nagy wrote:

Personally I think it's completely acceptable if the analyzer sometimes emits bug reports that are true positives but lack a message [...]

I must admit that I'm in the other camp.

To clarify my position the "sometimes" in my comment should've been "rarely" or something closer to that. I don't want to release confusing garbage, I'm just trying to optimize sum(helpfulness of checkers) and I feel that the last few steps towards perfect helpfulness are often disproportionately expensive. If a code contains two bugs, then two rough but understandable warnings are more valuable than one well-polished friendly warning + one completely missed bug (because we didn't have time to write a checker for it).

@balazske:

Do I understand it correctly that the "create note that's shown when the return value is marked as interesting" (the option 2 that I suggested) adds / will add clarifying notes to the fileno/fstat error reports and the ftell issue? Did you see any real-life examples where this option 2 does not provide useful notes? If not, then I think we can accept that option 2 is a sufficient solution for these issues.

In addition to this, there are these issues noted by @Szelethus:

In D152436#4408199, @Szelethus wrote:
In D152436#4405558, @balazske wrote:

link
The function open is not modeled in StdCLibraryFunctionsChecker, it should not return less than -1 but this information is not included now.
link
socket can not return less than -1 but this function is not modeled currently.

These should be a rather painless fix, right?

[...]

link
fwrite with 0 buffer and 0 size should not be an error, this is not checked now.

Some discussion for that: D140387#inline-1360054. There is a FIXME in the code for it -- not sure how common this specific issue is, but we did stumble on it in an open source project... how painful would it be to fix this?

If it's not too difficult, then please upload a new version of this patch that implements "option 2" (i.e. produces notes when the return value of the std library function is marked as interesting) + handles the three requests of @Szelethus. I hope that you can do this and then this review can be concluded quickly.

If there are significant obstacles (or I misunderstood the situation), then please reply and discuss the next steps.

NoQ added a comment.Jun 21 2023, 1:21 PM

Uh-oh, looks like I'm not paying nearly enough attention to this discussion (sorry about that!!)

I'm somewhat skeptical of the decision made in D151225 because the entire reason I originally implemented StdCLibraryFunctions was to deal with false positives I was seeing. It was really valuable even without the bug-finding part. So I really wish we could find some way to keep bug-finding and modeling separate.

I haven't read the entire discussion though, I need to catch up 😓

NoQ added a comment.Jun 21 2023, 1:37 PM

In this case function fileno returns -1 because of failure, but this is not indicated in a NoteTag. This is a correct result, only the note is missing. This problem can be solved if a note is displayed on every branch ("case") of the standard C functions. But this leads to many notes at un-interesting places. If the note is displayed only at "interesting" values another difficulty shows up: The note disappears from places where it should be shown because the "interestingness" is not set, for example at conditions of if statement. So the solution may require more work. This case with function fileno occurs 13 times in all the tested projects.

Extra notes along the path are fine as long as their isPrunable() flag is correctly set. It's perfectly ok to say "(15) Hey btw we've just ran over this statement and here's what we assume it did" in a section of a path that's already displayed to the user. Even if you say that on every line, it's probably ok.

But if the note causes a new nested stack frame to be displayed (which was otherwise pruned from the report), there better be a good reason for this, because this can easily increase the complexity of the bug report by a factor of 100.

It's definitely a requirement for a non-alpha checker to make sure that there are enough non-prunable pieces in the report for the user to understand the report. A lot of our existing on-by-default checkers (and even some core checkers) don't really hold up to this expectation (looking at you null dereference), but almost every time they don't, that's a false positive. If you need to pass -analyzer-config prune-paths=false in order to see a key step in the bug report, that's a false positive even if your path simulation was perfect.

So if any of these notes are essential to understanding any bug report (by this checker or by another checker, eg. like getenv() returning null is essential for null dereference checker), there needs to be a way for the note tag to learn that (eg., the getenv() should be able to ask whether the return value is being tracked by trackExpressionValue()) and if so, the note has to be marked as unprunable.

balazske added a comment.Jun 23 2023, 2:28 AM

For first experiment I have made patch D153612 that adds a NoteTag to "all" standard function calls.

balazske added a comment.Jun 23 2023, 2:58 AM
In D152436#4438956, @NoQ wrote:

Uh-oh, looks like I'm not paying nearly enough attention to this discussion (sorry about that!!)

I'm somewhat skeptical of the decision made in D151225 because the entire reason I originally implemented StdCLibraryFunctions was to deal with false positives I was seeing. It was really valuable even without the bug-finding part. So I really wish we could find some way to keep bug-finding and modeling separate.

I haven't read the entire discussion though, I need to catch up 😓

The problem was that modeling and report generation could not be separated correctly. Both are implemented in one class but are differently named checkers that should run in a specific order because dependency issues, this was not good. Other problem was that if the modeling checker runs first, it will apply state changes for pre and post conditions without generating a bug report even if a bug could be found in the previous state. The old state is then lost and other checkers will not find that bug. For example a case of null pointer argument to a function is always removed by the modeling part of the checker, even if this was a case when a bug report should be generated.

Szelethus added a comment.Jun 26 2023, 12:21 AM
In D152436#4443858, @balazske wrote:
In D152436#4438956, @NoQ wrote:

I'm somewhat skeptical of the decision made in D151225 because the entire reason I originally implemented StdCLibraryFunctions was to deal with false positives I was seeing. It was really valuable even without the bug-finding part. So I really wish we could find some way to keep bug-finding and modeling separate.

The problem was that modeling and report generation could not be separated correctly. Both are implemented in one class but are differently named checkers that should run in a specific order because dependency issues, this was not good.

In my view, it would certainly be possible through enormous efforts to further granularize this checker (or these large ones in general), so that the modeling and reporting portions would could be cleanly separated into their own checker objects. That certianly was my belief a couple years back -- I sank months and months into MallocChecker, yet I'm still not even close to that goal.

So, with the modeling and the reporting being the same entity, we can't express that some more specific checkers should run before it. StreamChecker can construct more specific messages thatn StdLibraryFunctions for a null stream object, but only if it runs ahead of it. That implies a both a weak and a strong dependency on what is essentially the same checker. As things stand, not sure how we could have avoided this if we want these checkers to finally leave the alpha state.

In D152436#4443828, @balazske wrote:

For first experiment I have made patch D153612 that adds a NoteTag to "all" standard function calls.

Could you post the results for it as you have them please?

balazske updated this revision to Diff 547777.Aug 7 2023, 7:15 AM

Using the latest version of the checker.

Herald added a subscriber: wangpc. · View Herald TranscriptAug 7 2023, 7:15 AM
Harbormaster completed remote builds in B250781: Diff 547777.Aug 7 2023, 9:09 AM
donat.nagy added a comment.Aug 8 2023, 12:49 AM

Why is this checker placed in the "unix" group (instead of e.g. "core")? As far as I understand it can check some POSIX-specific functions with a flag (that's off by default) but the core functionality checks platform-independent standard library functions.

Moreover, if you can, please provide links to some test result examples on open source projects (either run some fresh tests or provide links to an earlier test run that was running with the same functionality).

balazske added a comment.EditedAug 8 2023, 1:20 AM

This checker was originally in the "unix" package. I agree that this is not exact and core can be better, the checked functions should be available in any default C library on UNIX, OSX, Windows or other platforms too, even the POSIX ones at least in some cases. This applies even to the other related checkers alpha.unix.Stream and alpha.unix.Errno.

balazske added a comment.Aug 8 2023, 7:03 AM

I have checked the results on some projects (memcached,tmux,curl,twin,vim,openssl,sqlite,ffmpeg,postgres,xerces,bitcoin).

These results are more interesting, some look correct, some probably not:
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-id=2243964&report-hash=d4a4bda38c5a6fdaabe2c1867158b106&report-filepath=%2atftpd.c
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=ffmpeg_n4.3.1_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=908f965d980d60292af95db0fa10cd5f&report-id=2252082&report-filepath=%2av4l2_buffers.c
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=914e79646cb0de40dab434ba24c8c23c&report-id=2259781&report-filepath=%2adsm_impl.c
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=58d8278be40f99597b44323d2574c053&report-id=2259789&report-filepath=%2asyslogger.c
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=1928ba718d9742340937d425ec3978c6&report-id=2260011&report-filepath=%2apg_backup_custom.c
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=bitcoin_v0.20.1_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=6ad3a20f18f2850293b4cdd867e404e2&report-id=2266103&report-filepath=%2aenv_posix.cc

This is more questionable:
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=twin_v0.8.1_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=50a98122502701302b7b75a6a56342e8&report-id=2244071&report-filepath=%2ashm.c

Correct but interesting, the note about failure of ftell is shown:
https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=xerces_v3.2.3_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions&report-hash=4ab640064066880ac7031727869c92f4&report-id=2260149&report-filepath=%2aThreadTest.cpp

I did not find results that are obvious false positive.
Many results are the case when fileno returns -1 and this value is used without check. The checker generates a note about failure of fileno. For example at these results:
https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_stdclibraryfunctions_alpha&is-unique=on&diff-type=New&checker-name=unix.StdCLibraryFunctions
(There are cases when fileno(stderr) is assumed to fail. This case can be eliminated if the StreamChecker is enabled, after an improvement of the checker. But for this StreamChecker must run before StdCLibraryFunctionsChecker?)

steakhal added a comment.Aug 9 2023, 9:07 AM

Thanks for the sample reports.
I'm fine if we want to make it a non-alpha (released) checker.

An orthogonal question is, whether we want to have it under the code package.
I'm not sure there are official guidance for elevating a checker to code, but here are my assumptions.
To me, these are the questions to see how valuable our reports are for the user.

  • How many issues does it raise? Would we flood the user?
  • How "interesting" those issues are? Do they have *actual* value for the user? (Not only niece edge-cases, that is fancy to know about, but actual users would genuinely commit such mistakes)
  • How long those bug-paths are in practice? I'd argue, the longer they are, usually the less actionable they are for the user. Less actionable reports are also less valuable, or even harmful.
  • In general, how understandable these reports are? Do we have all the interesting "notes" or "events" on the path?

Please, reflect on these questions and argue why we should have diagnostics of this kind?
Note that, I'm (probably) fine enabling modeling parts by default,but having diagnostics by default is another thing.

steakhal added a comment.Aug 9 2023, 9:08 AM

Additionally, it might make sense to first "release" the checker, and after another llvm release, turn this into a Core checker.

NoQ added a comment.EditedAug 9 2023, 5:23 PM

It doesn't have to be in core just because it's dealing with "core features" of the language.

The core package is for checks without which path-sensitive analysis becomes so incredibly incorrect that we don't want to support such configuration, we don't want our users to ever use it.

(Ideally core checkers shouldn't emit any warnings at all. It has to be possible to disable every individual warning and still have other warnings work correctly. But unfortunately that's not the reality of the situation.)

(I agree unix doesn't sound right though. But we already have MallocChecker in unix, which is arguably way worse. What we really need is, to replace our package system with a hashtag system.)

balazske added a comment.Aug 10 2023, 7:44 AM

About the questions:

  • How many issues does it raise? Would we flood the user?

I did not experience that the checker produces many warnings. Any warning from this checker is connected to a function call of a standard API, and the number of such calls is usually not high. Typically one
problem which the checker reports can occur often in a specific program, for example the fileno case (fileno returns -1 at failure, often this failure is not handled and value -1 is used as a file number).
This should not be a case of hundreds of warnings.

  • How "interesting" those issues are? Do they have *actual* value for the user? (Not only niece edge-cases, that is fancy to know about, but actual users would genuinely commit such mistakes)

If the coder cares about all edge-cases of API calls, these are real and important issues. More often most of the results are just cases of ignored errors that are very rare, the programmer probably intentionally did not handle these because it is not worth for a such rare situation. From security point of view these cases can be used to find places where it is possible to make an API call (which normally "never" fails) intentionally fail and produce unexpected behavior of the program. So for an average application many results are not very important, for stability and security critical code the results can be more important.

  • How long those bug-paths are in practice? I'd argue, the longer they are, usually the less actionable they are for the user. Less actionable reports are also less valuable, or even harmful.

The bug path can be long, often only the very last part is important, but sometimes not.

  • In general, how understandable these reports are? Do we have all the interesting "notes" or "events" on the path?

These should be not more difficult to understand than a division by zero, only with a function call instead of division.

steakhal accepted this revision.Aug 11 2023, 9:13 AM

As I don't use this checker, thus I cannot speak of my experience.
However, the reasons look solid and I'm fine with moving this checker to unix.StdCLibraryFunctions.
Let some time for other reviewers to object before landing this. Lets say, one week from now.
@xazax.hun @NoQ?

As next steps, I'd be glad set the default value of ModelPOSIX to true. I don't see much harm doing so.
(And maybe getting rid of that checker option entirely.)

clang/docs/analyzer/checkers.rst
979–982
This revision is now accepted and ready to land.Aug 11 2023, 9:13 AM

Revision Contents

Diff 547777

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 232 Lines▼ Show 20 Lines
------------ ------------
libclang libclang
-------- --------
Static Analyzer Static Analyzer
--------------- ---------------
- Move checker ``alpha.unix.StdCLibraryFunctions`` out of the ``alpha`` package
to ``unix.StdCLibraryFunctions``.
.. _release-notes-sanitizers: .. _release-notes-sanitizers:
Sanitizers Sanitizers
---------- ----------
Python Binding Changes Python Binding Changes
---------------------- ----------------------
Show All 13 Lines

clang/docs/analyzer/checkers.rst

Show First 20 LinesShow All 913 Lines▼ Show 20 Lines
""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""
Check for mismatched deallocators. Check for mismatched deallocators.
.. literalinclude:: checkers/mismatched_deallocator_example.cpp .. literalinclude:: checkers/mismatched_deallocator_example.cpp
:language: c :language: c
.. _unix-Vfork: .. _unix-Vfork:
unix.Vfork (C) unix.Vfork (C)
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

This is applicable to C++ too?

balazske: This is applicable to C++ too?
steakhalUnsubmitted
Done
ReplyInline Actions

Yes it's applicable to c++ if they use these C APIs.
However, I would prefer not to extend it with C++. IMO that would only raise confusion.

steakhal: Yes it's applicable to c++ if they use these C APIs. However, I would prefer not to extend it…
"""""""""""""" """"""""""""""
Check for proper usage of ``vfork``. Check for proper usage of ``vfork``.
.. code-block:: c .. code-block:: c
int test(int x) { int test(int x) {
pid_t pid = vfork(); // warn pid_t pid = vfork(); // warn
if (pid != 0) if (pid != 0)
Show All 40 Lines
``strlen, strnlen, strcpy, strncpy, strcat, strncat, strcmp, strncmp, strcasecmp, strncasecmp, wcslen, wcsnlen``. ``strlen, strnlen, strcpy, strncpy, strcat, strncat, strcmp, strncmp, strcasecmp, strncasecmp, wcslen, wcsnlen``.
.. code-block:: c .. code-block:: c
int test() { int test() {
return strlen(0); // warn return strlen(0); // warn
} }
.. _unix-StdCLibraryFunctions:
unix.StdCLibraryFunctions (C)
"""""""""""""""""""""""""""""""""""
steakhalUnsubmitted
Not Done
ReplyInline Actions
return strlen(0); // warn
}
.. _unix-StdCLibraryFunctions:
unix.StdCLibraryFunctions (C)
- """""""""""""""""""""""""""""""""""
+ """""""""""""""""""""""""""""
Check for calls of standard library functions that violate predefined argument
steakhal:
Check for calls of standard library functions that violate predefined argument
constraints. For example, it is stated in the C standard that for the ``int
isalnum(int ch)`` function the behavior is undefined if the value of ``ch`` is
not representable as unsigned char and is not equal to ``EOF``.
.. code-block:: c
#define EOF -1
void test_alnum_concrete(int v) {
int ret = isalnum(256); // \
// warning: Function argument outside of allowed range
(void)ret;
}
void buffer_size_violation(FILE *file) {
enum { BUFFER_SIZE = 1024 };
wchar_t wbuf[BUFFER_SIZE];
const size_t size = sizeof(*wbuf); // 4
const size_t nitems = sizeof(wbuf); // 4096
// Below we receive a warning because the 3rd parameter should be the
// number of elements to read, not the size in bytes. This case is a known
// vulnerability described by the ARR38-C SEI-CERT rule.
fread(wbuf, size, nitems, file);
}
You can think of this checker as defining restrictions (pre- and postconditions)
on standard library functions. Preconditions are checked, and when they are
violated, a warning is emitted. Post conditions are added to the analysis, e.g.
that the return value must be no greater than 255.
For example if an argument to a function must be in between 0 and 255, but the
value of the argument is unknown, the analyzer will conservatively assume that
it is in this interval. Similarly, if a function mustn't be called with a null
pointer and the null value of the argument can not be proven, the analyzer will
assume that it is non-null.
These are the possible checks on the values passed as function arguments:
- The argument has an allowed range (or multiple ranges) of values. The checker
can detect if a passed value is outside of the allowed range and show the
actual and allowed values.
- The argument has pointer type and is not allowed to be null pointer. Many
(but not all) standard functions can produce undefined behavior if a null
pointer is passed, these cases can be detected by the checker.
- The argument is a pointer to a memory block and the minimal size of this
buffer is determined by another argument to the function, or by
multiplication of two arguments (like at function ``fread``), or is a fixed
value (for example ``asctime_r`` requires at least a buffer of size 26). The
checker can detect if the buffer size is too small and in optimal case show
the size of the buffer and the values of the corresponding arguments.
.. code-block:: c
int test_alnum_symbolic(int x) {
int ret = isalnum(x);
// after the call, ret is assumed to be in the range [-1, 255]
if (ret > 255) // impossible (infeasible branch)
if (x == 0)
return ret / x; // division by zero is not reported
return ret;
}
Additionally to the argument and return value conditions, this checker also adds
state of the value ``errno`` if applicable to the analysis. Many system
functions set the ``errno`` value only if an error occurs (together with a
specific return value of the function), otherwise it becomes undefined. This
checker changes the analysis state to contain such information. This data is
used by other checkers, for example :ref:`alpha-unix-Errno`.
**Limitations**
The checker can not always provide notes about the values of the arguments.
Without this information it is hard to confirm if the constraint is indeed
violated. The argument values are shown if they are known constants or the value
is determined by previous (not too complicated) assumptions.
The checker can produce false positives in cases such as if the program has
invariants not known to the analyzer engine or the bug report path contains
calls to unknown functions. In these cases the analyzer fails to detect the real
range of the argument.
**Parameters**
The checker models functions (and emits diagnostics) from the C standard by
default. The ``ModelPOSIX`` option enables modeling (and emit diagnostics) of
additional functions that are defined in the POSIX standard. This option is
disabled by default.
.. _osx-checkers: .. _osx-checkers:
osx osx
^^^ ^^^
macOS checkers. macOS checkers.
.. _osx-API: .. _osx-API:
▲ Show 20 LinesShow All 1,609 Lines▼ Show 20 Lines
* The taintedness property is not propagated through function calls which are * The taintedness property is not propagated through function calls which are
unknown (or too complex) to the analyzer, unless there is a specific unknown (or too complex) to the analyzer, unless there is a specific
propagation rule built-in to the checker or given in the YAML configuration propagation rule built-in to the checker or given in the YAML configuration
file. This causes potential true positive findings to be lost. file. This causes potential true positive findings to be lost.
alpha.unix alpha.unix
^^^^^^^^^^^ ^^^^^^^^^^^
.. _alpha-unix-StdCLibraryFunctions:
alpha.unix.StdCLibraryFunctions (C)
"""""""""""""""""""""""""""""""""""
Check for calls of standard library functions that violate predefined argument
constraints. For example, it is stated in the C standard that for the ``int
isalnum(int ch)`` function the behavior is undefined if the value of ``ch`` is
not representable as unsigned char and is not equal to ``EOF``.
.. code-block:: c
#define EOF -1
void test_alnum_concrete(int v) {
int ret = isalnum(256); // \
// warning: Function argument outside of allowed range
(void)ret;
}
void buffer_size_violation(FILE *file) {
enum { BUFFER_SIZE = 1024 };
wchar_t wbuf[BUFFER_SIZE];
const size_t size = sizeof(*wbuf); // 4
const size_t nitems = sizeof(wbuf); // 4096
// Below we receive a warning because the 3rd parameter should be the
// number of elements to read, not the size in bytes. This case is a known
// vulnerability described by the ARR38-C SEI-CERT rule.
fread(wbuf, size, nitems, file);
}
You can think of this checker as defining restrictions (pre- and postconditions)
on standard library functions. Preconditions are checked, and when they are
violated, a warning is emitted. Post conditions are added to the analysis, e.g.
that the return value must be no greater than 255.
For example if an argument to a function must be in between 0 and 255, but the
value of the argument is unknown, the analyzer will conservatively assume that
it is in this interval. Similarly, if a function mustn't be called with a null
pointer and the null value of the argument can not be proven, the analyzer will
assume that it is non-null.
These are the possible checks on the values passed as function arguments:
- The argument has an allowed range (or multiple ranges) of values. The checker
can detect if a passed value is outside of the allowed range and show the
actual and allowed values.
- The argument has pointer type and is not allowed to be null pointer. Many
(but not all) standard functions can produce undefined behavior if a null
pointer is passed, these cases can be detected by the checker.
- The argument is a pointer to a memory block and the minimal size of this
buffer is determined by another argument to the function, or by
multiplication of two arguments (like at function ``fread``), or is a fixed
value (for example ``asctime_r`` requires at least a buffer of size 26). The
checker can detect if the buffer size is too small and in optimal case show
the size of the buffer and the values of the corresponding arguments.
.. code-block:: c
int test_alnum_symbolic(int x) {
int ret = isalnum(x);
// after the call, ret is assumed to be in the range [-1, 255]
if (ret > 255) // impossible (infeasible branch)
if (x == 0)
return ret / x; // division by zero is not reported
return ret;
}
Additionally to the argument and return value conditions, this checker also adds
state of the value ``errno`` if applicable to the analysis. Many system
functions set the ``errno`` value only if an error occurs (together with a
specific return value of the function), otherwise it becomes undefined. This
checker changes the analysis state to contain such information. This data is
used by other checkers, for example :ref:`alpha-unix-Errno`.
**Limitations**
The checker can not always provide notes about the values of the arguments.
Without this information it is hard to confirm if the constraint is indeed
violated. The argument values are shown if they are known constants or the value
is determined by previous (not too complicated) assumptions.
The checker can produce false positives in cases such as if the program has
invariants not known to the analyzer engine or the bug report path contains
calls to unknown functions. In these cases the analyzer fails to detect the real
range of the argument.
**Parameters**
The checker models functions (and emits diagnostics) from the C standard by
default. The ``ModelPOSIX`` option enables modeling (and emit diagnostics) of
additional functions that are defined in the POSIX standard. This option is
disabled by default.
.. _alpha-unix-BlockInCriticalSection: .. _alpha-unix-BlockInCriticalSection:
alpha.unix.BlockInCriticalSection (C) alpha.unix.BlockInCriticalSection (C)
""""""""""""""""""""""""""""""""""""" """""""""""""""""""""""""""""""""""""
Check for calls to blocking functions inside a critical section. Check for calls to blocking functions inside a critical section.
Applies to: ``lock, unlock, sleep, getc, fgets, read, recv, pthread_mutex_lock,`` Applies to: ``lock, unlock, sleep, getc, fgets, read, recv, pthread_mutex_lock,``
`` pthread_mutex_unlock, mtx_lock, mtx_timedlock, mtx_trylock, mtx_unlock, lock_guard, unique_lock`` `` pthread_mutex_unlock, mtx_lock, mtx_timedlock, mtx_trylock, mtx_unlock, lock_guard, unique_lock``
▲ Show 20 LinesShow All 550 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 LinesShow All 513 Lines▼ Show 20 Linesdef MallocSizeofChecker : Checker<"MallocSizeof">,
HelpText<"Check for dubious malloc arguments involving sizeof">, HelpText<"Check for dubious malloc arguments involving sizeof">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">, def MismatchedDeallocatorChecker : Checker<"MismatchedDeallocator">,
HelpText<"Check for mismatched deallocators.">, HelpText<"Check for mismatched deallocators.">,
Dependencies<[DynamicMemoryModeling]>, Dependencies<[DynamicMemoryModeling]>,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,
HelpText<"Check for invalid arguments of C standard library functions, "
"and apply relations between arguments and return value">,
CheckerOptions<[
CmdLineOption<Boolean,
"DisplayLoadedSummaries",
"If set to true, the checker displays the found summaries "
"for the given translation unit.",
"false",
Released,
Hide>,
CmdLineOption<Boolean,
"ModelPOSIX",
"If set to true, the checker models additional functions "
"from the POSIX standard.",
"false",
InAlpha>
]>,
WeakDependencies<[CallAndMessageChecker, NonNullParamChecker]>,
Documentation<HasDocumentation>;
def VforkChecker : Checker<"Vfork">, def VforkChecker : Checker<"Vfork">,
HelpText<"Check for proper usage of vfork">, HelpText<"Check for proper usage of vfork">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
} // end "unix" } // end "unix"
let ParentPackage = UnixAlpha in { let ParentPackage = UnixAlpha in {
Show All 26 Lines
def SimpleStreamChecker : Checker<"SimpleStream">, def SimpleStreamChecker : Checker<"SimpleStream">,
HelpText<"Check for misuses of stream APIs">, HelpText<"Check for misuses of stream APIs">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">, def BlockInCriticalSectionChecker : Checker<"BlockInCriticalSection">,
HelpText<"Check for calls to blocking functions inside a critical section">, HelpText<"Check for calls to blocking functions inside a critical section">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,
HelpText<"Check for invalid arguments of C standard library functions, "
"and apply relations between arguments and return value">,
CheckerOptions<[
CmdLineOption<Boolean,
"DisplayLoadedSummaries",
"If set to true, the checker displays the found summaries "
"for the given translation unit.",
"false",
Released,
Hide>,
CmdLineOption<Boolean,
"ModelPOSIX",
"If set to true, the checker models additional functions "
"from the POSIX standard.",
"false",
InAlpha>
]>,
WeakDependencies<[CallAndMessageChecker, NonNullParamChecker, StreamChecker]>,
Documentation<HasDocumentation>;
} // end "alpha.unix" } // end "alpha.unix"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// C++ checkers. // C++ checkers.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let ParentPackage = Cplusplus in { let ParentPackage = Cplusplus in {
▲ Show 20 LinesShow All 1,011 Lines▼ Show 20 Lines
def DebugIteratorModeling : Checker<"DebugIteratorModeling">, def DebugIteratorModeling : Checker<"DebugIteratorModeling">,
HelpText<"Check the analyzer's understanding of C++ iterators">, HelpText<"Check the analyzer's understanding of C++ iterators">,
Dependencies<[DebugContainerModeling, IteratorModeling]>, Dependencies<[DebugContainerModeling, IteratorModeling]>,
Documentation<NotDocumented>; Documentation<NotDocumented>;
def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">, def StdCLibraryFunctionsTesterChecker : Checker<"StdCLibraryFunctionsTester">,
HelpText<"Add test functions to the summary map, so testing of individual " HelpText<"Add test functions to the summary map, so testing of individual "
"summary constituents becomes possible.">, "summary constituents becomes possible.">,
WeakDependencies<[StdCLibraryFunctionsChecker]>,
Documentation<NotDocumented>; Documentation<NotDocumented>;
} // end "debug" } // end "debug"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Clone Detection // Clone Detection
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
▲ Show 20 LinesShow All 111 LinesShow Last 20 Lines

clang/test/Analysis/PR49642.c

// RUN: %clang_analyze_cc1 -Wno-implicit-function-declaration -Wno-implicit-int -w -verify %s \ // RUN: %clang_analyze_cc1 -Wno-implicit-function-declaration -Wno-implicit-int -w -verify %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions // RUN: -analyzer-checker=unix.StdCLibraryFunctions
// expected-no-diagnostics // expected-no-diagnostics
typedef ssize_t; typedef ssize_t;
b; b;
unsigned c; unsigned c;
int write(int, const void *, unsigned long); int write(int, const void *, unsigned long);
Show All 13 Lines

clang/test/Analysis/analyzer-config.c

// RUN: %clang_analyze_cc1 -analyzer-checker=debug.ConfigDumper > %t 2>&1 // RUN: %clang_analyze_cc1 -analyzer-checker=debug.ConfigDumper > %t 2>&1
// RUN: FileCheck --input-file=%t %s --match-full-lines // RUN: FileCheck --input-file=%t %s --match-full-lines
// CHECK: [config] // CHECK: [config]
// CHECK-NEXT: add-pop-up-notes = true // CHECK-NEXT: add-pop-up-notes = true
// CHECK-NEXT: aggressive-binary-operation-simplification = false // CHECK-NEXT: aggressive-binary-operation-simplification = false
// CHECK-NEXT: alpha.clone.CloneChecker:IgnoredFilesPattern = "" // CHECK-NEXT: alpha.clone.CloneChecker:IgnoredFilesPattern = ""
// CHECK-NEXT: alpha.clone.CloneChecker:MinimumCloneComplexity = 50 // CHECK-NEXT: alpha.clone.CloneChecker:MinimumCloneComplexity = 50
// CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true // CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true
// CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false // CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false
// CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false // CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false
// CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtExec = 0x04 // CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtExec = 0x04
// CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtRead = 0x01 // CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtRead = 0x01
// CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = "" // CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = ""
// CHECK-NEXT: alpha.unix.Errno:AllowErrnoReadOutsideConditionExpressions = true // CHECK-NEXT: alpha.unix.Errno:AllowErrnoReadOutsideConditionExpressions = true
// CHECK-NEXT: alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries = false
// CHECK-NEXT: alpha.unix.StdCLibraryFunctions:ModelPOSIX = false
// CHECK-NEXT: apply-fixits = false // CHECK-NEXT: apply-fixits = false
// CHECK-NEXT: assume-controlled-environment = false // CHECK-NEXT: assume-controlled-environment = false
// CHECK-NEXT: avoid-suppressing-null-argument-paths = false // CHECK-NEXT: avoid-suppressing-null-argument-paths = false
// CHECK-NEXT: c++-allocator-inlining = true // CHECK-NEXT: c++-allocator-inlining = true
// CHECK-NEXT: c++-container-inlining = false // CHECK-NEXT: c++-container-inlining = false
// CHECK-NEXT: c++-inlining = destructors // CHECK-NEXT: c++-inlining = destructors
// CHECK-NEXT: c++-shared_ptr-inlining = false // CHECK-NEXT: c++-shared_ptr-inlining = false
// CHECK-NEXT: c++-stdlib-inlining = true // CHECK-NEXT: c++-stdlib-inlining = true
▲ Show 20 LinesShow All 97 Lines▼ Show 20 Lines
// CHECK-NEXT: support-symbolic-integer-casts = false // CHECK-NEXT: support-symbolic-integer-casts = false
// CHECK-NEXT: suppress-c++-stdlib = true // CHECK-NEXT: suppress-c++-stdlib = true
// CHECK-NEXT: suppress-inlined-defensive-checks = true // CHECK-NEXT: suppress-inlined-defensive-checks = true
// CHECK-NEXT: suppress-null-return-paths = true // CHECK-NEXT: suppress-null-return-paths = true
// CHECK-NEXT: track-conditions = true // CHECK-NEXT: track-conditions = true
// CHECK-NEXT: track-conditions-debug = false // CHECK-NEXT: track-conditions-debug = false
// CHECK-NEXT: unix.DynamicMemoryModeling:AddNoOwnershipChangeNotes = true // CHECK-NEXT: unix.DynamicMemoryModeling:AddNoOwnershipChangeNotes = true
// CHECK-NEXT: unix.DynamicMemoryModeling:Optimistic = false // CHECK-NEXT: unix.DynamicMemoryModeling:Optimistic = false
// CHECK-NEXT: unix.StdCLibraryFunctions:DisplayLoadedSummaries = false
// CHECK-NEXT: unix.StdCLibraryFunctions:ModelPOSIX = false
// CHECK-NEXT: unroll-loops = false // CHECK-NEXT: unroll-loops = false
// CHECK-NEXT: verbose-report-filename = false // CHECK-NEXT: verbose-report-filename = false
// CHECK-NEXT: widen-loops = false // CHECK-NEXT: widen-loops = false

clang/test/Analysis/analyzer-enabled-checkers.c

Show All 40 Lines
// CHECK-NEXT: security.insecureAPI.mktemp // CHECK-NEXT: security.insecureAPI.mktemp
// CHECK-NEXT: security.insecureAPI.vfork // CHECK-NEXT: security.insecureAPI.vfork
// CHECK-NEXT: unix.API // CHECK-NEXT: unix.API
// CHECK-NEXT: unix.cstring.CStringModeling // CHECK-NEXT: unix.cstring.CStringModeling
// CHECK-NEXT: unix.DynamicMemoryModeling // CHECK-NEXT: unix.DynamicMemoryModeling
// CHECK-NEXT: unix.Malloc // CHECK-NEXT: unix.Malloc
// CHECK-NEXT: unix.MallocSizeof // CHECK-NEXT: unix.MallocSizeof
// CHECK-NEXT: unix.MismatchedDeallocator // CHECK-NEXT: unix.MismatchedDeallocator
// CHECK-NEXT: unix.StdCLibraryFunctions
// CHECK-NEXT: unix.Vfork // CHECK-NEXT: unix.Vfork
// CHECK-NEXT: unix.cstring.BadSizeArg // CHECK-NEXT: unix.cstring.BadSizeArg
// CHECK-NEXT: unix.cstring.NullArg // CHECK-NEXT: unix.cstring.NullArg
int main() { int main() {
int i; int i;
(void)(10 / i); (void)(10 / i);
} }

clang/test/Analysis/conversion.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -Wno-conversion -Wno-tautological-constant-compare \ // RUN: -Wno-conversion -Wno-tautological-constant-compare \
// RUN: -analyzer-checker=core,apiModeling,alpha.unix.StdCLibraryFunctions,alpha.core.Conversion \ // RUN: -analyzer-checker=core,apiModeling,unix.StdCLibraryFunctions,alpha.core.Conversion \
// RUN: -verify // RUN: -verify
unsigned char U8; unsigned char U8;
signed char S8; signed char S8;
void assign(unsigned U, signed S) { void assign(unsigned U, signed S) {
if (S < -10) if (S < -10)
U8 = S; // expected-warning {{Loss of sign in implicit conversion}} U8 = S; // expected-warning {{Loss of sign in implicit conversion}}
▲ Show 20 LinesShow All 170 Lines▼ Show 20 Lines
char dontwarn10(long long x) { char dontwarn10(long long x) {
long long y = 42; long long y = 42;
y += x; y += x;
return y == 42; return y == 42;
} }
// C library functions, handled via alpha.unix.StdCLibraryFunctions // C library functions, handled via unix.StdCLibraryFunctions
int isascii(int c); int isascii(int c);
void libraryFunction1(void) { void libraryFunction1(void) {
char kb2[5]; char kb2[5];
int X = 1000; int X = 1000;
if (isascii(X)) { if (isascii(X)) {
kb2[0] = X; // no-warning kb2[0] = X; // no-warning
} }
▲ Show 20 LinesShow All 55 LinesShow Last 20 Lines

clang/test/Analysis/errno-stdlibraryfunctions-notes.c

// RUN: %clang_analyze_cc1 -verify -analyzer-output text %s \ // RUN: %clang_analyze_cc1 -verify -analyzer-output text %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=apiModeling.Errno \ // RUN: -analyzer-checker=apiModeling.Errno \
// RUN: -analyzer-checker=alpha.unix.Errno \ // RUN: -analyzer-checker=alpha.unix.Errno \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true
#include "Inputs/errno_var.h" #include "Inputs/errno_var.h"
int access(const char *path, int amode); int access(const char *path, int amode);
void clang_analyzer_warnIfReached(); void clang_analyzer_warnIfReached();
void test1() { void test1() {
Show All 34 Lines

clang/test/Analysis/errno-stdlibraryfunctions.c

// RUN: %clang_analyze_cc1 -verify %s \ // RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=apiModeling.Errno \ // RUN: -analyzer-checker=apiModeling.Errno \
// RUN: -analyzer-checker=alpha.unix.Errno \ // RUN: -analyzer-checker=alpha.unix.Errno \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true
#include "Inputs/errno_var.h" #include "Inputs/errno_var.h"
typedef typeof(sizeof(int)) size_t; typedef typeof(sizeof(int)) size_t;
typedef __typeof(sizeof(int)) off_t; typedef __typeof(sizeof(int)) off_t;
typedef size_t ssize_t; typedef size_t ssize_t;
ssize_t send(int sockfd, const void *buf, size_t len, int flags); ssize_t send(int sockfd, const void *buf, size_t len, int flags);
off_t lseek(int fildes, off_t offset, int whence); off_t lseek(int fildes, off_t offset, int whence);
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-POSIX-lookup.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s --allow-empty // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s --allow-empty
// We test here the implementation of our summary API with Optional types. In // We test here the implementation of our summary API with Optional types. In
// this TU we do not provide declaration for any of the functions that have // this TU we do not provide declaration for any of the functions that have
// summaries. The implementation should be able to handle the nonexistent // summaries. The implementation should be able to handle the nonexistent
// declarations in a way that the summary is not added to the map. We expect no // declarations in a way that the summary is not added to the map. We expect no
Show All 9 Lines

clang/test/Analysis/std-c-library-functions-POSIX-socket-sockaddr.cpp

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// We test here that functions from socket.h are added when sockaddr is not a // We test here that functions from socket.h are added when sockaddr is not a
// transparent union of other sockaddr_ pointers. This is the case in C++. // transparent union of other sockaddr_ pointers. This is the case in C++.
// CHECK: Loaded summary for: int accept(int socket, struct sockaddr *address, socklen_t *address_len) // CHECK: Loaded summary for: int accept(int socket, struct sockaddr *address, socklen_t *address_len)
Show All 24 Lines

clang/test/Analysis/std-c-library-functions-POSIX.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux -verify // RUN: -triple i686-unknown-linux -verify
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: FILE *fopen(const char *restrict pathname, const char *restrict mode) // CHECK: Loaded summary for: FILE *fopen(const char *restrict pathname, const char *restrict mode)
// CHECK: Loaded summary for: FILE *tmpfile(void) // CHECK: Loaded summary for: FILE *tmpfile(void)
// CHECK: Loaded summary for: FILE *freopen(const char *restrict pathname, const char *restrict mode, FILE *restrict stream) // CHECK: Loaded summary for: FILE *freopen(const char *restrict pathname, const char *restrict mode, FILE *restrict stream)
// CHECK: Loaded summary for: int fclose(FILE *stream) // CHECK: Loaded summary for: int fclose(FILE *stream)
▲ Show 20 LinesShow All 185 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-arg-constraints-note-tags.cpp

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux \ // RUN: -triple i686-unknown-linux \
// RUN: -analyzer-output=text \ // RUN: -analyzer-output=text \
// RUN: -verify // RUN: -verify
template <typename T> template <typename T>
void clang_analyzer_express(T x); void clang_analyzer_express(T x);
▲ Show 20 LinesShow All 53 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-arg-constraints-notes.cpp

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux \ // RUN: -triple i686-unknown-linux \
// RUN: -verify // RUN: -verify
// In this test we verify that each argument constraints are described properly. // In this test we verify that each argument constraints are described properly.
// Check NotNullConstraint violation notes. // Check NotNullConstraint violation notes.
▲ Show 20 LinesShow All 223 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-arg-constraints-tracking-notes.c

// Check the bugpath related to the reports. // Check the bugpath related to the reports.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -triple x86_64-unknown-linux-gnu \ // RUN: -triple x86_64-unknown-linux-gnu \
// RUN: -analyzer-output=text \ // RUN: -analyzer-output=text \
// RUN: -verify=bugpath // RUN: -verify=bugpath
typedef typeof(sizeof(int)) size_t; typedef typeof(sizeof(int)) size_t;
Show All 18 Lines

clang/test/Analysis/std-c-library-functions-arg-constraints.c

// Check the basic reporting/warning and the application of constraints. // Check the basic reporting/warning and the application of constraints.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -triple x86_64-unknown-linux-gnu \ // RUN: -triple x86_64-unknown-linux-gnu \
// RUN: -verify=report // RUN: -verify=report
// Check the bugpath related to the reports. // Check the bugpath related to the reports.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -triple x86_64-unknown-linux-gnu \ // RUN: -triple x86_64-unknown-linux-gnu \
// RUN: -analyzer-output=text \ // RUN: -analyzer-output=text \
// RUN: -verify=bugpath // RUN: -verify=bugpath
#include "Inputs/std-c-library-functions-POSIX.h" #include "Inputs/std-c-library-functions-POSIX.h"
▲ Show 20 LinesShow All 349 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-arg-constraints.cpp

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux \ // RUN: -triple i686-unknown-linux \
// RUN: -verify // RUN: -verify
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
int __defaultparam(void *, int y = 3); int __defaultparam(void *, int y = 3);
void test_arg_constraint_on_fun_with_default_param() { void test_arg_constraint_on_fun_with_default_param() {
__defaultparam(nullptr); // \ __defaultparam(nullptr); // \
// expected-warning{{The 1st argument to '__defaultparam' is NULL but should not be NULL}} // expected-warning{{The 1st argument to '__defaultparam' is NULL but should not be NULL}}
} }

clang/test/Analysis/std-c-library-functions-arg-cstring-dependency.c

// This test case crashes if strncasecmp is modeled in StdCLibraryFunctions. // This test case crashes if strncasecmp is modeled in StdCLibraryFunctions.
// Either we fix CStringChecker to handle the call prerequisites in // Either we fix CStringChecker to handle the call prerequisites in
// checkPreCall, or we must not evaluate any pure functions in // checkPreCall, or we must not evaluate any pure functions in
// StdCLibraryFunctions that are also handled in CStringChecker. // StdCLibraryFunctions that are also handled in CStringChecker.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=unix.cstring.NullArg \ // RUN: -analyzer-checker=unix.cstring.NullArg \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -triple x86_64-unknown-linux-gnu \ // RUN: -triple x86_64-unknown-linux-gnu \
// RUN: -verify // RUN: -verify
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
int strncasecmp(const char *s1, const char *s2, size_t n); int strncasecmp(const char *s1, const char *s2, size_t n);
int strncasecmp_null_argument(char *a, size_t n) { int strncasecmp_null_argument(char *a, size_t n) {
char *b = 0; char *b = 0;
return strncasecmp(a, b, n); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}} return strncasecmp(a, b, n); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}}
} }

clang/test/Analysis/std-c-library-functions-arg-enabled-checkers.c

// Here we test the order of the Checkers when StdCLibraryFunctions is // Here we test the order of the Checkers when StdCLibraryFunctions is
// enabled. // enabled.
// RUN: %clang --analyze %s --target=x86_64-pc-linux-gnu \ // RUN: %clang --analyze %s --target=x86_64-pc-linux-gnu \
// RUN: -Xclang -analyzer-checker=core \ // RUN: -Xclang -analyzer-checker=core \
// RUN: -Xclang -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -Xclang -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -Xclang -analyzer-config \ // RUN: -Xclang -analyzer-config \
// RUN: -Xclang alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -Xclang unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -Xclang -analyzer-checker=alpha.unix.Stream \ // RUN: -Xclang -analyzer-checker=alpha.unix.Stream \
// RUN: -Xclang -analyzer-list-enabled-checkers \ // RUN: -Xclang -analyzer-list-enabled-checkers \
// RUN: -Xclang -analyzer-display-progress \ // RUN: -Xclang -analyzer-display-progress \
// RUN: 2>&1 | FileCheck %s --implicit-check-not=ANALYZE \ // RUN: 2>&1 | FileCheck %s --implicit-check-not=ANALYZE \
// RUN: --implicit-check-not=\. // RUN: --implicit-check-not=\.
// CHECK: OVERVIEW: Clang Static Analyzer Enabled Checkers List // CHECK: OVERVIEW: Clang Static Analyzer Enabled Checkers List
// CHECK-EMPTY: // CHECK-EMPTY:
// CHECK-NEXT: core.CallAndMessageModeling
// CHECK-NEXT: core.CallAndMessage
// CHECK-NEXT: core.NonNullParamChecker // CHECK-NEXT: core.NonNullParamChecker
// CHECK-NEXT: alpha.unix.Stream // CHECK-NEXT: alpha.unix.Stream
// CHECK-NEXT: alpha.unix.StdCLibraryFunctions
// CHECK-NEXT: apiModeling.Errno // CHECK-NEXT: apiModeling.Errno
// CHECK-NEXT: apiModeling.TrustNonnull // CHECK-NEXT: apiModeling.TrustNonnull
// CHECK-NEXT: apiModeling.TrustReturnsNonnull // CHECK-NEXT: apiModeling.TrustReturnsNonnull
// CHECK-NEXT: apiModeling.llvm.CastValue // CHECK-NEXT: apiModeling.llvm.CastValue
// CHECK-NEXT: apiModeling.llvm.ReturnValue // CHECK-NEXT: apiModeling.llvm.ReturnValue
// CHECK-NEXT: core.CallAndMessageModeling
// CHECK-NEXT: core.CallAndMessage
// CHECK-NEXT: core.DivideZero // CHECK-NEXT: core.DivideZero
// CHECK-NEXT: core.DynamicTypePropagation // CHECK-NEXT: core.DynamicTypePropagation
// CHECK-NEXT: core.NonnilStringConstants // CHECK-NEXT: core.NonnilStringConstants
// CHECK-NEXT: core.NullDereference // CHECK-NEXT: core.NullDereference
// CHECK-NEXT: core.StackAddrEscapeBase // CHECK-NEXT: core.StackAddrEscapeBase
// CHECK-NEXT: core.StackAddressEscape // CHECK-NEXT: core.StackAddressEscape
// CHECK-NEXT: core.UndefinedBinaryOperatorResult // CHECK-NEXT: core.UndefinedBinaryOperatorResult
// CHECK-NEXT: core.VLASize // CHECK-NEXT: core.VLASize
Show All 16 Lines
// CHECK-NEXT: security.insecureAPI.mktemp // CHECK-NEXT: security.insecureAPI.mktemp
// CHECK-NEXT: security.insecureAPI.vfork // CHECK-NEXT: security.insecureAPI.vfork
// CHECK-NEXT: unix.API // CHECK-NEXT: unix.API
// CHECK-NEXT: unix.cstring.CStringModeling // CHECK-NEXT: unix.cstring.CStringModeling
// CHECK-NEXT: unix.DynamicMemoryModeling // CHECK-NEXT: unix.DynamicMemoryModeling
// CHECK-NEXT: unix.Malloc // CHECK-NEXT: unix.Malloc
// CHECK-NEXT: unix.MallocSizeof // CHECK-NEXT: unix.MallocSizeof
// CHECK-NEXT: unix.MismatchedDeallocator // CHECK-NEXT: unix.MismatchedDeallocator
// CHECK-NEXT: unix.StdCLibraryFunctions
// CHECK-NEXT: unix.Vfork // CHECK-NEXT: unix.Vfork
// CHECK-NEXT: unix.cstring.BadSizeArg // CHECK-NEXT: unix.cstring.BadSizeArg
// CHECK-NEXT: unix.cstring.NullArg // CHECK-NEXT: unix.cstring.NullArg
int main() { int main() {
int i; int i;
(void)(10 / i); (void)(10 / i);
} }

clang/test/Analysis/std-c-library-functions-arg-weakdeps.c

// Check that the more specific checkers report and not the generic // Check that the more specific checkers report and not the generic
// StdCLibraryFunctions checker. // StdCLibraryFunctions checker.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.Stream \ // RUN: -analyzer-checker=alpha.unix.Stream \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -triple x86_64-unknown-linux-gnu \ // RUN: -triple x86_64-unknown-linux-gnu \
// RUN: -verify // RUN: -verify
// Make sure that all used functions have their summary loaded. // Make sure that all used functions have their summary loaded.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -triple x86_64-unknown-linux 2>&1 | FileCheck %s // RUN: -triple x86_64-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: int isalnum(int) // CHECK: Loaded summary for: int isalnum(int)
// CHECK: Loaded summary for: unsigned long fread(void *restrict, size_t, size_t, FILE *restrict) __attribute__((nonnull(1))) // CHECK: Loaded summary for: unsigned long fread(void *restrict, size_t, size_t, FILE *restrict) __attribute__((nonnull(1)))
// CHECK: Loaded summary for: int fileno(FILE *stream) // CHECK: Loaded summary for: int fileno(FILE *stream)
void initializeSummaryMap(void); void initializeSummaryMap(void);
// We analyze this function first, and the call expression inside initializes // We analyze this function first, and the call expression inside initializes
Show All 34 Lines

clang/test/Analysis/std-c-library-functions-eof.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -triple i686-unknown-linux -analyzer-checker=core,alpha.unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -triple i686-unknown-linux -analyzer-checker=core,unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=core,alpha.unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=core,unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=core,alpha.unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=core,unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -triple thumbv7-a15-linux -analyzer-checker=core,alpha.unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -triple thumbv7-a15-linux -analyzer-checker=core,unix.StdCLibraryFunctions,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
typedef struct FILE FILE; typedef struct FILE FILE;
// Unorthodox EOF value. // Unorthodox EOF value.
#define EOF (-2) #define EOF (-2)
int getc(FILE *); int getc(FILE *);
Show All 13 Lines

clang/test/Analysis/std-c-library-functions-inlined.c

// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.unix.StdCLibraryFunctions -verify %s // RUN: %clang_analyze_cc1 -analyzer-checker=unix.StdCLibraryFunctions -verify %s
// RUN: %clang_analyze_cc1 -triple i686-unknown-linux -analyzer-checker=alpha.unix.StdCLibraryFunctions -verify %s // RUN: %clang_analyze_cc1 -triple i686-unknown-linux -analyzer-checker=unix.StdCLibraryFunctions -verify %s
// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=alpha.unix.StdCLibraryFunctions -verify %s // RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=unix.StdCLibraryFunctions -verify %s
// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=alpha.unix.StdCLibraryFunctions -verify %s // RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=unix.StdCLibraryFunctions -verify %s
// RUN: %clang_analyze_cc1 -triple thumbv7-a15-linux -analyzer-checker=alpha.unix.StdCLibraryFunctions -verify %s // RUN: %clang_analyze_cc1 -triple thumbv7-a15-linux -analyzer-checker=unix.StdCLibraryFunctions -verify %s
// This test tests crashes that occur when standard functions are available // This test tests crashes that occur when standard functions are available
// for inlining. // for inlining.
// expected-no-diagnostics // expected-no-diagnostics
int isdigit(int _) { return !0; } int isdigit(int _) { return !0; }
void test_redefined_isdigit(int x) { void test_redefined_isdigit(int x) {
int (*func)(int) = isdigit; int (*func)(int) = isdigit;
for (; func(x);) // no-crash for (; func(x);) // no-crash
; ;
} }

clang/test/Analysis/std-c-library-functions-lookup.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: unsigned int fread(void *restrict, size_t, size_t, FILE *restrict) // CHECK: Loaded summary for: unsigned int fread(void *restrict, size_t, size_t, FILE *restrict)
typedef typeof(sizeof(int)) size_t; typedef typeof(sizeof(int)) size_t;
typedef struct FILE FILE; typedef struct FILE FILE;
size_t fread(void *restrict, size_t, size_t, FILE *restrict); size_t fread(void *restrict, size_t, size_t, FILE *restrict);
// Must have at least one call expression to initialize the summary map. // Must have at least one call expression to initialize the summary map.
int bar(void); int bar(void);
void foo(void) { void foo(void) {
bar(); bar();
} }

clang/test/Analysis/std-c-library-functions-lookup.cpp

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: size_t fread(void *, size_t, size_t, FILE *) // CHECK: Loaded summary for: size_t fread(void *, size_t, size_t, FILE *)
// CHECK-NOT: Loaded summary for: size_t fread(void *, size_t, size_t, MyFile *) // CHECK-NOT: Loaded summary for: size_t fread(void *, size_t, size_t, MyFile *)
typedef unsigned int size_t; typedef unsigned int size_t;
Show All 11 Lines

clang/test/Analysis/std-c-library-functions-path-notes.c

// RUN: %clang_analyze_cc1 -verify %s \ // RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core,alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=core,unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-output=text // RUN: -analyzer-output=text
#include "Inputs/std-c-library-functions-POSIX.h" #include "Inputs/std-c-library-functions-POSIX.h"
#define NULL ((void *)0) #define NULL ((void *)0)
char *getenv(const char *); char *getenv(const char *);
int isalpha(int); int isalpha(int);
int isdigit(int); int isdigit(int);
▲ Show 20 LinesShow All 71 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-restrict.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// The signatures for these functions are the same and they specify their // The signatures for these functions are the same and they specify their
// parameter with the restrict qualifier. In C, the signature should match only // parameter with the restrict qualifier. In C, the signature should match only
// if the restrict qualifier is there on the parameter. Thus, the summary // if the restrict qualifier is there on the parameter. Thus, the summary
// should be loaded for the last two declarations only. // should be loaded for the last two declarations only.
void __test_restrict_param_0(void *p); void __test_restrict_param_0(void *p);
void __test_restrict_param_1(void *__restrict p); void __test_restrict_param_1(void *__restrict p);
Show All 11 Lines

clang/test/Analysis/std-c-library-functions-restrict.cpp

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \ // RUN: -analyzer-checker=debug.StdCLibraryFunctionsTester \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// The signatures for these functions are the same and they specify their // The signatures for these functions are the same and they specify their
// parameter with the restrict qualifier. In C++, however, we are more // parameter with the restrict qualifier. In C++, however, we are more
// indulgent and we do not match based on this qualifier. Thus, the given // indulgent and we do not match based on this qualifier. Thus, the given
// signature should match for both of the declarations below, i.e the summary // signature should match for both of the declarations below, i.e the summary
// should be loaded for both of them. // should be loaded for both of them.
void __test_restrict_param_0(void *p); void __test_restrict_param_0(void *p);
Show All 12 Lines

clang/test/Analysis/std-c-library-functions-vs-stream-checker.c

// Check the case when only the StreamChecker is enabled. // Check the case when only the StreamChecker is enabled.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core,alpha.unix.Stream \ // RUN: -analyzer-checker=core,alpha.unix.Stream \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple x86_64-unknown-linux \ // RUN: -triple x86_64-unknown-linux \
// RUN: -verify=stream // RUN: -verify=stream
// Check the case when only the StdLibraryFunctionsChecker is enabled. // Check the case when only the StdLibraryFunctionsChecker is enabled.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple x86_64-unknown-linux \ // RUN: -triple x86_64-unknown-linux \
// RUN: -verify=stdLib 2>&1 | FileCheck %s // RUN: -verify=stdLib 2>&1 | FileCheck %s
// Check the case when both the StreamChecker and the // Check the case when both the StreamChecker and the
// StdLibraryFunctionsChecker are enabled. // StdLibraryFunctionsChecker are enabled.
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core,alpha.unix.Stream \ // RUN: -analyzer-checker=core,alpha.unix.Stream \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple x86_64-unknown-linux \ // RUN: -triple x86_64-unknown-linux \
// RUN: -verify=both 2>&1 | FileCheck %s // RUN: -verify=both 2>&1 | FileCheck %s
// Verify that the summaries are loaded when the StdLibraryFunctionsChecker is // Verify that the summaries are loaded when the StdLibraryFunctionsChecker is
// enabled. // enabled.
// CHECK: Loaded summary for: int getchar(void) // CHECK: Loaded summary for: int getchar(void)
Show All 28 Lines

clang/test/Analysis/std-c-library-functions.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux \ // RUN: -triple i686-unknown-linux \
// RUN: -verify // RUN: -verify
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple x86_64-unknown-linux \ // RUN: -triple x86_64-unknown-linux \
// RUN: -verify // RUN: -verify
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple armv7-a15-linux \ // RUN: -triple armv7-a15-linux \
// RUN: -verify // RUN: -verify
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple thumbv7-a15-linux \ // RUN: -triple thumbv7-a15-linux \
// RUN: -verify // RUN: -verify
// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: int isalnum(int) // CHECK: Loaded summary for: int isalnum(int)
// CHECK-NEXT: Loaded summary for: int isalpha(int) // CHECK-NEXT: Loaded summary for: int isalpha(int)
// CHECK-NEXT: Loaded summary for: int isascii(int) // CHECK-NEXT: Loaded summary for: int isascii(int)
// CHECK-NEXT: Loaded summary for: int isblank(int) // CHECK-NEXT: Loaded summary for: int isblank(int)
▲ Show 20 LinesShow All 197 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions.cpp

// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=alpha.unix.StdCLibraryFunctions,debug.ExprInspection -verify %s // RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=unix.StdCLibraryFunctions,debug.ExprInspection -verify %s
// Test that we don't model functions with broken prototypes. // Test that we don't model functions with broken prototypes.
// Because they probably work differently as well. // Because they probably work differently as well.
// //
// This test lives in a separate file because we wanted to test all functions // This test lives in a separate file because we wanted to test all functions
// in the .c file, however in C there are no overloads. // in the .c file, however in C there are no overloads.
void clang_analyzer_eval(bool); void clang_analyzer_eval(bool);
bool isalpha(char); bool isalpha(char);
void test() { void test() {
clang_analyzer_eval(isalpha('A')); // no-crash // expected-warning{{UNKNOWN}} clang_analyzer_eval(isalpha('A')); // no-crash // expected-warning{{UNKNOWN}}
} }

clang/test/Analysis/std-c-library-posix-crash.c

// RUN: %clang_analyze_cc1 \ // RUN: %clang_analyze_cc1 \
// RUN: -analyzer-checker=core,alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=core,unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -verify %s // RUN: -verify %s
// //
// expected-no-diagnostics // expected-no-diagnostics
typedef long off_t; typedef long off_t;
typedef long long off64_t; typedef long long off64_t;
typedef unsigned long size_t; typedef unsigned long size_t;
void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset); void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset);
void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t offset); void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t offset);
void test(long len) { void test(long len) {
mmap(0, len, 2, 1, 0, 0); // no-crash mmap(0, len, 2, 1, 0, 0); // no-crash
mmap64(0, len, 2, 1, 0, 0); // no-crash mmap64(0, len, 2, 1, 0, 0); // no-crash
} }

clang/test/Analysis/stream-errno-note.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core \ // RUN: %clang_analyze_cc1 -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.Stream \ // RUN: -analyzer-checker=alpha.unix.Stream \
// RUN: -analyzer-checker=alpha.unix.Errno \ // RUN: -analyzer-checker=alpha.unix.Errno \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-output text -verify %s // RUN: -analyzer-output text -verify %s
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
#include "Inputs/errno_func.h" #include "Inputs/errno_func.h"
void check_fopen(void) { void check_fopen(void) {
FILE *F = fopen("xxx", "r"); FILE *F = fopen("xxx", "r");
// expected-note@-1{{'errno' may be undefined after successful call to 'fopen'}} // expected-note@-1{{'errno' may be undefined after successful call to 'fopen'}}
▲ Show 20 LinesShow All 141 LinesShow Last 20 Lines

clang/test/Analysis/stream-errno.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,alpha.unix.Errno,alpha.unix.StdCLibraryFunctions,debug.ExprInspection \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,alpha.unix.Errno,unix.StdCLibraryFunctions,debug.ExprInspection \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true -verify %s // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true -verify %s
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
#include "Inputs/errno_func.h" #include "Inputs/errno_func.h"
extern void clang_analyzer_eval(int); extern void clang_analyzer_eval(int);
extern void clang_analyzer_dump(int); extern void clang_analyzer_dump(int);
extern void clang_analyzer_printState(); extern void clang_analyzer_printState();
▲ Show 20 LinesShow All 214 LinesShow Last 20 Lines

clang/test/Analysis/stream-noopen.c

// RUN: %clang_analyze_cc1 -verify %s \ // RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.Errno \ // RUN: -analyzer-checker=alpha.unix.Errno \
// RUN: -analyzer-checker=alpha.unix.Stream \ // RUN: -analyzer-checker=alpha.unix.Stream \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-checker=debug.ExprInspection // RUN: -analyzer-checker=debug.ExprInspection
// enable only StdCLibraryFunctions checker // enable only StdCLibraryFunctions checker
// RUN: %clang_analyze_cc1 -verify %s \ // RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.Errno \ // RUN: -analyzer-checker=alpha.unix.Errno \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-checker=debug.ExprInspection // RUN: -analyzer-checker=debug.ExprInspection
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
#include "Inputs/errno_var.h" #include "Inputs/errno_var.h"
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
const char *WBuf = "123456789"; const char *WBuf = "123456789";
▲ Show 20 LinesShow All 180 LinesShow Last 20 Lines

clang/test/Analysis/stream-note.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream -analyzer-output text \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream -analyzer-output text \
// RUN: -verify %s // RUN: -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,alpha.unix.StdCLibraryFunctions -analyzer-output text \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,unix.StdCLibraryFunctions -analyzer-output text \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true -verify=expected,stdargs %s // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true -verify=expected,stdargs %s
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
void check_note_at_correct_open(void) { void check_note_at_correct_open(void) {
FILE *F1 = tmpfile(); // expected-note {{Stream opened here}} FILE *F1 = tmpfile(); // expected-note {{Stream opened here}}
// stdargs-note@-1 {{'tmpfile' is successful}} // stdargs-note@-1 {{'tmpfile' is successful}}
if (!F1) if (!F1)
// expected-note@-1 {{'F1' is non-null}} // expected-note@-1 {{'F1' is non-null}}
▲ Show 20 LinesShow All 145 LinesShow Last 20 Lines

clang/test/Analysis/stream-stdlibraryfunctionargs.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,alpha.unix.StdCLibraryFunctions,debug.ExprInspection \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,unix.StdCLibraryFunctions,debug.ExprInspection \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true -verify=stream,any %s // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true -verify=stream,any %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,debug.ExprInspection \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.Stream,debug.ExprInspection \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true -verify=stream,any %s // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true -verify=stream,any %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.StdCLibraryFunctions,debug.ExprInspection \ // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.StdCLibraryFunctions,debug.ExprInspection \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true -verify=stdfunc,any %s // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true -verify=stdfunc,any %s
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
extern void clang_analyzer_eval(int); extern void clang_analyzer_eval(int);
void *buf; void *buf;
size_t size; size_t size;
size_t n; size_t n;
▲ Show 20 LinesShow All 142 LinesShow Last 20 Lines

clang/test/Analysis/weak-dependencies.c

// RUN: %clang_analyze_cc1 %s -verify \ // RUN: %clang_analyze_cc1 %s -verify \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=unix.StdCLibraryFunctions \
// RUN: -analyzer-checker=core // RUN: -analyzer-checker=core
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
struct FILE; struct FILE;
typedef struct FILE FILE; typedef struct FILE FILE;
size_t fread(void *restrict, size_t, size_t, FILE *restrict) __attribute__((nonnull(1))); size_t fread(void *restrict, size_t, size_t, FILE *restrict) __attribute__((nonnull(1)));
void f(FILE *F) { void f(FILE *F) {
int *p = 0; int *p = 0;
fread(p, sizeof(int), 5, F); // expected-warning{{Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]}} fread(p, sizeof(int), 5, F); // expected-warning{{Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]}}
} }