This is an archive of the discontinued LLVM Phabricator instance.

Differential D154423

[clang][analyzer] Add all success/failure messages to StdLibraryFunctionsChecker.
ClosedPublic

Authored by balazske on Jul 4 2023, 2:35 AM.

Details

Reviewers
Szelethus
NoQ
donat.nagy
Commits
rG6dccf5b8d550: [clang][analyzer] Add all success/failure messages to…
Summary

Success or failure messages are now shown at all checked functions, if the call
(return value) is interesting.
Additionally new functions are added: open, openat, socket, shutdown

Diff Detail

Event Timeline

balazske created this revision.Jul 4 2023, 2:35 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptJul 4 2023, 2:35 AM
Herald added a reviewer: NoQ. · View Herald Transcript
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: steakhal, manas, ASDenysPetrov and 10 others. · View Herald Transcript
balazske requested review of this revision.Jul 4 2023, 2:35 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 4 2023, 2:35 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
balazske added a parent revision: D153776: [clang][analyzer] Display notes in StdLibraryFunctionsChecker only if interesting.Jul 4 2023, 2:44 AM
Harbormaster completed remote builds in B242977: Diff 537004.Jul 4 2023, 3:50 AM
donat.nagy added a comment.Jul 5 2023, 1:55 AM

These code changes seem to be promising. Please upload results on the open source projects (like the ones that you uploaded previously), and I hope that after verifying those I we can finally merge this set of commits.

balazske added a comment.Jul 5 2023, 6:31 AM

Results from the last run (the same applies as before, the run postfix _3 must be selected at top right corner):

memcached_1.6.8_stdclf_notetag_interesting_test_3Reports
tmux_2.6_stdclf_notetag_interesting_test_3Reports
curl_curl-7_66_0_stdclf_notetag_interesting_test_3Reports
twin_v0.8.1_stdclf_notetag_interesting_test_3Reports
vim_v8.2.1920_stdclf_notetag_interesting_test_3Reports
openssl_openssl-3.0.0-alpha7_stdclf_notetag_interesting_test_3Reports
sqlite_version-3.33.0_stdclf_notetag_interesting_test_3Reports
ffmpeg_n4.3.1_stdclf_notetag_interesting_test_3Reports
postgres_REL_13_0_stdclf_notetag_interesting_test_3Reports
xerces_v3.2.3_stdclf_notetag_interesting_test_3Reports
bitcoin_v0.20.1_stdclf_notetag_interesting_test_3Reports
balazske updated this revision to Diff 537346.Jul 5 2023, 6:49 AM

Added AT_FDCWD openat test.

balazske added a child revision: D154509: [clang][analyzer] StdLibraryFunctionsChecker: Allow NULL buffer in `fread` and `fwrite` if size is zero..Jul 5 2023, 7:17 AM
Harbormaster completed remote builds in B243211: Diff 537346.Jul 5 2023, 7:49 AM
balazske added a reviewer: donat.nagy.Jul 7 2023, 3:27 AM
donat.nagy added a comment.Jul 7 2023, 6:09 AM

I looked through most of the open source results, and they look promising.

However I've seen one questionable tendency: there are many reports (e.g. this one) where the checker assumes that fileno(stdin), fileno(stdout) or fileno(stderr) fails. How realistic are these assumptions? Do we need to bother the programmer with these or should/can we silence them (and perhaps return the known fileno values corresponding to these standard streams)?

Another, concrete issue is this report where the analyzer assumes that ftell returns -1 (that gets converted to 2**64-1 because unsigned numbers are crazy), but there is no note tag (not even in the _3 run) and I don't see where does this assumption come from (although I didn't do a deep analysis).

Apart from these, the false positives are coming from general limitations of the engine that cannot be reasonably avoided.

balazske added a comment.Jul 7 2023, 8:53 AM

The standard streams may need special handling, this can be useful for StreamChecker too. One problem is that the standard streams can be changed by the program, so we can not know for sure if these are the original values. Still it can be better to assume that fileno can not fail if used with the standard streams.
The result with ftell looks interesting, I checked this case already and I think the note tag is missing because there is a hidden conversion so the original symbol (that is set to interesting) is different than the real ftell function call.

donat.nagy accepted this revision.Jul 10 2023, 2:10 AM

Ok, then I think you can finally merge this commit and its two predecessors. I'm happy to see that this improvement is complete.

I hope that you can later add a special case for the standard streams, but I agree that it should be a separate commit.

Thanks for clarifying the ftell situation, that's clearly an engine issue that should not block this checker improvement. However, I'd be really glad to see a cleanup of the interestingness system (as a separate project), because its inconsistency leads to lots of very confusing bug reports.

This revision is now accepted and ready to land.Jul 10 2023, 2:10 AM
balazske added a comment.Jul 10 2023, 6:17 AM

It would be more simple to handle the standard streams in StreamChecker only. There it is possible to detect standard streams (should be variables with the known names) as arguments to functions. If StreamChecker eliminates the failure branch of fileno it will disappear from the analysis (order of checker callbacks does not matter, at the end only the correct branch remains). If stream checker is not enabled we will still get the failure for fileno(stdin). StdLibraryFunctionsChecker does not have a mechanism to detect special variables to arguments, probably it is possible to implement with a special type of argument constraint.

donat.nagy added a comment.Jul 10 2023, 12:07 PM
In D154423#4485009, @balazske wrote:

It would be more simple to handle the standard streams in StreamChecker only. [...]

That's a reasonable plan, especially if we can bring that checker out of alpha in the foreseeable future. I like that it avoids code duplication.

balazske added a comment.Jul 14 2023, 8:32 AM

About the "fileno with standard stream" problem: I do not see an always good solution for this case because these standard streams are global variables. If we want to be exact, we can not know much about these at analysis start unless it is the main function. The standard stream variables can be overwritten by the program or opened or closed, even if not, any unknown function can change the state of these. Because the possibility to change these, the file number can change.
At least it is possible to add a checker option for "the program does not manipulate standard streams". If this is true the standard streams are different values from all other opened streams and the file number is known. This can be the default value, most programs probably work this way.

This revision was landed with ongoing or failed builds.Jul 18 2023, 12:30 AM
Closed by commit rG6dccf5b8d550: [clang][analyzer] Add all success/failure messages to… (authored by balazske). · Explain Why
This revision was automatically updated to reflect the committed changes.
balazske added a commit: rG6dccf5b8d550: [clang][analyzer] Add all success/failure messages to….

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
397 lines
test/
Analysis/
Inputs/
4 lines
25 lines
1 line

Diff 541355

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 LinesShow All 2,175 Lines▼ Show 20 Lines if (ModelPOSIX) {
// char *l64a(long value); // char *l64a(long value);
addToFunctionSummaryMap("l64a", addToFunctionSummaryMap("l64a",
Signature(ArgTypes{LongTy}, RetType{CharPtrTy}), Signature(ArgTypes{LongTy}, RetType{CharPtrTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
0, WithinRange, Range(0, LongMax)))); 0, WithinRange, Range(0, LongMax))));
// int open(const char *path, int oflag, ...);
addToFunctionSummaryMap(
"open", Signature(ArgTypes{ConstCharPtrTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))));
// int openat(int fd, const char *path, int oflag, ...);
addToFunctionSummaryMap(
"openat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int access(const char *pathname, int amode); // int access(const char *pathname, int amode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"access", Signature(ArgTypes{ConstCharPtrTy, IntTy}, RetType{IntTy}), "access", Signature(ArgTypes{ConstCharPtrTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int faccessat(int dirfd, const char *pathname, int mode, int flags); // int faccessat(int dirfd, const char *pathname, int mode, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"faccessat", "faccessat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy, IntTy}, Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int dup(int fildes); // int dup(int fildes);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"dup", Signature(ArgTypes{IntTy}, RetType{IntTy}), "dup", Signature(ArgTypes{IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked) .Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int dup2(int fildes1, int filedes2); // int dup2(int fildes1, int filedes2);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"dup2", Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}), "dup2", Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked) .Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, IntMax)))); ArgumentCondition(1, WithinRange, Range(0, IntMax))));
// int fdatasync(int fildes); // int fdatasync(int fildes);
addToFunctionSummaryMap("fdatasync", addToFunctionSummaryMap(
Signature(ArgTypes{IntTy}, RetType{IntTy}), "fdatasync", Signature(ArgTypes{IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition( .ArgConstraint(
0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int fnmatch(const char *pattern, const char *string, int flags); // int fnmatch(const char *pattern, const char *string, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fnmatch", "fnmatch",
Signature(ArgTypes{ConstCharPtrTy, ConstCharPtrTy, IntTy}, Signature(ArgTypes{ConstCharPtrTy, ConstCharPtrTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int fsync(int fildes); // int fsync(int fildes);
addToFunctionSummaryMap("fsync", Signature(ArgTypes{IntTy}, RetType{IntTy}), addToFunctionSummaryMap(
"fsync", Signature(ArgTypes{IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition( .ArgConstraint(
0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
std::optional<QualType> Off_tTy = lookupTy("off_t"); std::optional<QualType> Off_tTy = lookupTy("off_t");
// int truncate(const char *path, off_t length); // int truncate(const char *path, off_t length);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"truncate", "truncate",
Signature(ArgTypes{ConstCharPtrTy, Off_tTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, Off_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int symlink(const char *oldpath, const char *newpath); // int symlink(const char *oldpath, const char *newpath);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"symlink", "symlink",
Signature(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int symlinkat(const char *oldpath, int newdirfd, const char *newpath); // int symlinkat(const char *oldpath, int newdirfd, const char *newpath);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"symlinkat", "symlinkat",
Signature(ArgTypes{ConstCharPtrTy, IntTy, ConstCharPtrTy}, Signature(ArgTypes{ConstCharPtrTy, IntTy, ConstCharPtrTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(1))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2)))); .ArgConstraint(NotNull(ArgNo(2))));
// int lockf(int fd, int cmd, off_t len); // int lockf(int fd, int cmd, off_t len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"lockf", Signature(ArgTypes{IntTy, IntTy, Off_tTy}, RetType{IntTy}), "lockf", Signature(ArgTypes{IntTy, IntTy, Off_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
std::optional<QualType> Mode_tTy = lookupTy("mode_t"); std::optional<QualType> Mode_tTy = lookupTy("mode_t");
// int creat(const char *pathname, mode_t mode); // int creat(const char *pathname, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"creat", Signature(ArgTypes{ConstCharPtrTy, Mode_tTy}, RetType{IntTy}), "creat", Signature(ArgTypes{ConstCharPtrTy, Mode_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked) .Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// unsigned int sleep(unsigned int seconds); // unsigned int sleep(unsigned int seconds);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sleep", Signature(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}), "sleep", Signature(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax)))); ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax))));
std::optional<QualType> DirTy = lookupTy("DIR"); std::optional<QualType> DirTy = lookupTy("DIR");
std::optional<QualType> DirPtrTy = getPointerTy(DirTy); std::optional<QualType> DirPtrTy = getPointerTy(DirTy);
// int dirfd(DIR *dirp); // int dirfd(DIR *dirp);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"dirfd", Signature(ArgTypes{DirPtrTy}, RetType{IntTy}), "dirfd", Signature(ArgTypes{DirPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked) .Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// unsigned int alarm(unsigned int seconds); // unsigned int alarm(unsigned int seconds);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"alarm", Signature(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}), "alarm", Signature(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax)))); ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax))));
// int closedir(DIR *dir); // int closedir(DIR *dir);
addToFunctionSummaryMap("closedir", addToFunctionSummaryMap(
Signature(ArgTypes{DirPtrTy}, RetType{IntTy}), "closedir", Signature(ArgTypes{DirPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// char *strdup(const char *s); // char *strdup(const char *s);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"strdup", Signature(ArgTypes{ConstCharPtrTy}, RetType{CharPtrTy}), "strdup", Signature(ArgTypes{ConstCharPtrTy}, RetType{CharPtrTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0)))); Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
// char *strndup(const char *s, size_t n); // char *strndup(const char *s, size_t n);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"strndup", "strndup",
Signature(ArgTypes{ConstCharPtrTy, SizeTy}, RetType{CharPtrTy}), Signature(ArgTypes{ConstCharPtrTy, SizeTy}, RetType{CharPtrTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, SizeMax)))); ArgumentCondition(1, WithinRange, Range(0, SizeMax))));
// wchar_t *wcsdup(const wchar_t *s); // wchar_t *wcsdup(const wchar_t *s);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"wcsdup", Signature(ArgTypes{ConstWchar_tPtrTy}, RetType{Wchar_tPtrTy}), "wcsdup", Signature(ArgTypes{ConstWchar_tPtrTy}, RetType{Wchar_tPtrTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0)))); Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
// int mkstemp(char *template); // int mkstemp(char *template);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mkstemp", Signature(ArgTypes{CharPtrTy}, RetType{IntTy}), "mkstemp", Signature(ArgTypes{CharPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked) .Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// char *mkdtemp(char *template); // char *mkdtemp(char *template);
// FIXME: Improve for errno modeling. // FIXME: Improve for errno modeling.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mkdtemp", Signature(ArgTypes{CharPtrTy}, RetType{CharPtrTy}), "mkdtemp", Signature(ArgTypes{CharPtrTy}, RetType{CharPtrTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0)))); Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
// char *getcwd(char *buf, size_t size); // char *getcwd(char *buf, size_t size);
// FIXME: Improve for errno modeling. // FIXME: Improve for errno modeling.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getcwd", Signature(ArgTypes{CharPtrTy, SizeTy}, RetType{CharPtrTy}), "getcwd", Signature(ArgTypes{CharPtrTy, SizeTy}, RetType{CharPtrTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, SizeMax)))); ArgumentCondition(1, WithinRange, Range(0, SizeMax))));
// int mkdir(const char *pathname, mode_t mode); // int mkdir(const char *pathname, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mkdir", Signature(ArgTypes{ConstCharPtrTy, Mode_tTy}, RetType{IntTy}), "mkdir", Signature(ArgTypes{ConstCharPtrTy, Mode_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int mkdirat(int dirfd, const char *pathname, mode_t mode); // int mkdirat(int dirfd, const char *pathname, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mkdirat", "mkdirat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
std::optional<QualType> Dev_tTy = lookupTy("dev_t"); std::optional<QualType> Dev_tTy = lookupTy("dev_t");
// int mknod(const char *pathname, mode_t mode, dev_t dev); // int mknod(const char *pathname, mode_t mode, dev_t dev);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mknod", "mknod",
Signature(ArgTypes{ConstCharPtrTy, Mode_tTy, Dev_tTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, Mode_tTy, Dev_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev); // int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mknodat", "mknodat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy, Dev_tTy}, Signature(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy, Dev_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int chmod(const char *path, mode_t mode); // int chmod(const char *path, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"chmod", Signature(ArgTypes{ConstCharPtrTy, Mode_tTy}, RetType{IntTy}), "chmod", Signature(ArgTypes{ConstCharPtrTy, Mode_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags); // int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchmodat", "fchmodat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy, IntTy}, Signature(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int fchmod(int fildes, mode_t mode); // int fchmod(int fildes, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchmod", Signature(ArgTypes{IntTy, Mode_tTy}, RetType{IntTy}), "fchmod", Signature(ArgTypes{IntTy, Mode_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
std::optional<QualType> Uid_tTy = lookupTy("uid_t"); std::optional<QualType> Uid_tTy = lookupTy("uid_t");
std::optional<QualType> Gid_tTy = lookupTy("gid_t"); std::optional<QualType> Gid_tTy = lookupTy("gid_t");
// int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group, // int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group,
// int flags); // int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchownat", "fchownat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, Uid_tTy, Gid_tTy, IntTy}, Signature(ArgTypes{IntTy, ConstCharPtrTy, Uid_tTy, Gid_tTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int chown(const char *path, uid_t owner, gid_t group); // int chown(const char *path, uid_t owner, gid_t group);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"chown", "chown",
Signature(ArgTypes{ConstCharPtrTy, Uid_tTy, Gid_tTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, Uid_tTy, Gid_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int lchown(const char *path, uid_t owner, gid_t group); // int lchown(const char *path, uid_t owner, gid_t group);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"lchown", "lchown",
Signature(ArgTypes{ConstCharPtrTy, Uid_tTy, Gid_tTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, Uid_tTy, Gid_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int fchown(int fildes, uid_t owner, gid_t group); // int fchown(int fildes, uid_t owner, gid_t group);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchown", Signature(ArgTypes{IntTy, Uid_tTy, Gid_tTy}, RetType{IntTy}), "fchown", Signature(ArgTypes{IntTy, Uid_tTy, Gid_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int rmdir(const char *pathname); // int rmdir(const char *pathname);
addToFunctionSummaryMap("rmdir", addToFunctionSummaryMap(
Signature(ArgTypes{ConstCharPtrTy}, RetType{IntTy}), "rmdir", Signature(ArgTypes{ConstCharPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int chdir(const char *path); // int chdir(const char *path);
addToFunctionSummaryMap("chdir", addToFunctionSummaryMap(
Signature(ArgTypes{ConstCharPtrTy}, RetType{IntTy}), "chdir", Signature(ArgTypes{ConstCharPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int link(const char *oldpath, const char *newpath); // int link(const char *oldpath, const char *newpath);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"link", "link",
Signature(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int linkat(int fd1, const char *path1, int fd2, const char *path2, // int linkat(int fd1, const char *path1, int fd2, const char *path2,
// int flag); // int flag);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"linkat", "linkat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy, ConstCharPtrTy, IntTy}, Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy, ConstCharPtrTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(2))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(2)))
.ArgConstraint(NotNull(ArgNo(3)))); .ArgConstraint(NotNull(ArgNo(3))));
// int unlink(const char *pathname); // int unlink(const char *pathname);
addToFunctionSummaryMap("unlink", addToFunctionSummaryMap(
Signature(ArgTypes{ConstCharPtrTy}, RetType{IntTy}), "unlink", Signature(ArgTypes{ConstCharPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int unlinkat(int fd, const char *path, int flag); // int unlinkat(int fd, const char *path, int flag);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"unlinkat", "unlinkat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
std::optional<QualType> StructStatTy = lookupTy("stat"); std::optional<QualType> StructStatTy = lookupTy("stat");
std::optional<QualType> StructStatPtrTy = getPointerTy(StructStatTy); std::optional<QualType> StructStatPtrTy = getPointerTy(StructStatTy);
std::optional<QualType> StructStatPtrRestrictTy = std::optional<QualType> StructStatPtrRestrictTy =
getRestrictTy(StructStatPtrTy); getRestrictTy(StructStatPtrTy);
// int fstat(int fd, struct stat *statbuf); // int fstat(int fd, struct stat *statbuf);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fstat", Signature(ArgTypes{IntTy, StructStatPtrTy}, RetType{IntTy}), "fstat", Signature(ArgTypes{IntTy, StructStatPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int stat(const char *restrict path, struct stat *restrict buf); // int stat(const char *restrict path, struct stat *restrict buf);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"stat", "stat",
Signature(ArgTypes{ConstCharPtrRestrictTy, StructStatPtrRestrictTy}, Signature(ArgTypes{ConstCharPtrRestrictTy, StructStatPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int lstat(const char *restrict path, struct stat *restrict buf); // int lstat(const char *restrict path, struct stat *restrict buf);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"lstat", "lstat",
Signature(ArgTypes{ConstCharPtrRestrictTy, StructStatPtrRestrictTy}, Signature(ArgTypes{ConstCharPtrRestrictTy, StructStatPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int fstatat(int fd, const char *restrict path, // int fstatat(int fd, const char *restrict path,
// struct stat *restrict buf, int flag); // struct stat *restrict buf, int flag);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fstatat", "fstatat",
Signature(ArgTypes{IntTy, ConstCharPtrRestrictTy, Signature(ArgTypes{IntTy, ConstCharPtrRestrictTy,
StructStatPtrRestrictTy, IntTy}, StructStatPtrRestrictTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2)))); .ArgConstraint(NotNull(ArgNo(2))));
// DIR *opendir(const char *name); // DIR *opendir(const char *name);
// FIXME: Improve for errno modeling. // FIXME: Improve for errno modeling.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"opendir", Signature(ArgTypes{ConstCharPtrTy}, RetType{DirPtrTy}), "opendir", Signature(ArgTypes{ConstCharPtrTy}, RetType{DirPtrTy}),
Show All 27 Lines if (ModelPOSIX) {
// int pclose(FILE *stream); // int pclose(FILE *stream);
// FIXME: Improve for errno modeling. // FIXME: Improve for errno modeling.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"pclose", Signature(ArgTypes{FilePtrTy}, RetType{IntTy}), "pclose", Signature(ArgTypes{FilePtrTy}, RetType{IntTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0)))); Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
// int close(int fildes); // int close(int fildes);
addToFunctionSummaryMap("close", Signature(ArgTypes{IntTy}, RetType{IntTy}), addToFunctionSummaryMap(
"close", Signature(ArgTypes{IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition( .ArgConstraint(
0, WithinRange, Range(-1, IntMax)))); ArgumentCondition(0, WithinRange, Range(-1, IntMax))));
// long fpathconf(int fildes, int name); // long fpathconf(int fildes, int name);
addToFunctionSummaryMap("fpathconf", addToFunctionSummaryMap("fpathconf",
Signature(ArgTypes{IntTy, IntTy}, RetType{LongTy}), Signature(ArgTypes{IntTy, IntTy}, RetType{LongTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
0, WithinRange, Range(0, IntMax)))); 0, WithinRange, Range(0, IntMax))));
▲ Show 20 LinesShow All 60 Lines▼ Show 20 Lines addToFunctionSummaryMap(
Signature(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, Off64_tTy}, Signature(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, Off64_tTy},
RetType{VoidPtrTy}), RetType{VoidPtrTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax))) .ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(4, WithinRange, Range(-1, IntMax)))); ArgumentCondition(4, WithinRange, Range(-1, IntMax))));
// int pipe(int fildes[2]); // int pipe(int fildes[2]);
addToFunctionSummaryMap("pipe", addToFunctionSummaryMap(
Signature(ArgTypes{IntPtrTy}, RetType{IntTy}), "pipe", Signature(ArgTypes{IntPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// off_t lseek(int fildes, off_t offset, int whence); // off_t lseek(int fildes, off_t offset, int whence);
// In the first case we can not tell for sure if it failed or not. // In the first case we can not tell for sure if it failed or not.
// A return value different from of the expected offset (that is unknown // A return value different from of the expected offset (that is unknown
// here) may indicate failure. For this reason we do not enforce the errno // here) may indicate failure. For this reason we do not enforce the errno
// check (can cause false positive). // check (can cause false positive).
addToFunctionSummaryMap( addToFunctionSummaryMap(
"lseek", Signature(ArgTypes{IntTy, Off_tTy, IntTy}, RetType{Off_tTy}), "lseek", Signature(ArgTypes{IntTy, Off_tTy, IntTy}, RetType{Off_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsNonnegative, ErrnoIrrelevant) .Case(ReturnsNonnegative, ErrnoIrrelevant)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// ssize_t readlink(const char *restrict path, char *restrict buf, // ssize_t readlink(const char *restrict path, char *restrict buf,
// size_t bufsize); // size_t bufsize);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"readlink", "readlink",
Signature(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy}, Signature(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))) /*BufSize=*/ArgNo(2)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, SizeMax)))); ArgumentCondition(2, WithinRange, Range(0, SizeMax))));
// ssize_t readlinkat(int fd, const char *restrict path, // ssize_t readlinkat(int fd, const char *restrict path,
// char *restrict buf, size_t bufsize); // char *restrict buf, size_t bufsize);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"readlinkat", "readlinkat",
Signature( Signature(
ArgTypes{IntTy, ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy}, ArgTypes{IntTy, ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(3)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(3)),
ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))) .ArgConstraint(NotNull(ArgNo(2)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2),
/*BufSize=*/ArgNo(3))) /*BufSize=*/ArgNo(3)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(3, WithinRange, Range(0, SizeMax)))); ArgumentCondition(3, WithinRange, Range(0, SizeMax))));
// int renameat(int olddirfd, const char *oldpath, int newdirfd, const char // int renameat(int olddirfd, const char *oldpath, int newdirfd, const char
// *newpath); // *newpath);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"renameat", "renameat",
Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy, ConstCharPtrTy}, Signature(ArgTypes{IntTy, ConstCharPtrTy, IntTy, ConstCharPtrTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(2))) .ArgConstraint(ValidFileDescriptorOrAtFdcwd(ArgNo(2)))
.ArgConstraint(NotNull(ArgNo(3)))); .ArgConstraint(NotNull(ArgNo(3))));
// char *realpath(const char *restrict file_name, // char *realpath(const char *restrict file_name,
// char *restrict resolved_name); // char *restrict resolved_name);
// FIXME: Improve for errno modeling. // FIXME: Improve for errno modeling.
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines if (ModelPOSIX) {
std::optional<RangeInt> Socklen_tMax = getMaxValue(Socklen_tTy); std::optional<RangeInt> Socklen_tMax = getMaxValue(Socklen_tTy);
// In 'socket.h' of some libc implementations with C99, sockaddr parameter // In 'socket.h' of some libc implementations with C99, sockaddr parameter
// is a transparent union of the underlying sockaddr_ family of pointers // is a transparent union of the underlying sockaddr_ family of pointers
// instead of being a pointer to struct sockaddr. In these cases, the // instead of being a pointer to struct sockaddr. In these cases, the
// standardized signature will not match, thus we try to match with another // standardized signature will not match, thus we try to match with another
// signature that has the joker Irrelevant type. We also remove those // signature that has the joker Irrelevant type. We also remove those
// constraints which require pointer types for the sockaddr param. // constraints which require pointer types for the sockaddr param.
// int socket(int domain, int type, int protocol);
addToFunctionSummaryMap(
"socket", Signature(ArgTypes{IntTy, IntTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg));
auto Accept = auto Accept =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked) .Case(ReturnsValidFileDescriptor, ErrnoMustNotBeChecked,
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))); .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"accept", "accept",
// int accept(int socket, struct sockaddr *restrict address, // int accept(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Accept)) Accept))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"accept", "accept",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Accept); Accept);
// int bind(int socket, const struct sockaddr *address, socklen_t // int bind(int socket, const struct sockaddr *address, socklen_t
// address_len); // address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"bind", "bind",
Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy}, Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(1), /*BufSize=*/ArgNo(2))) BufferSize(/*Buffer=*/ArgNo(1), /*BufSize=*/ArgNo(2)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax))))) ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax)))))
// Do not add constraints on sockaddr. // Do not add constraints on sockaddr.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"bind", "bind",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax)))); ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax))));
// int getpeername(int socket, struct sockaddr *restrict address, // int getpeername(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"getpeername", "getpeername",
Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))))) .ArgConstraint(NotNull(ArgNo(2)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getpeername", "getpeername",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int getsockname(int socket, struct sockaddr *restrict address, // int getsockname(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"getsockname", "getsockname",
Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))))) .ArgConstraint(NotNull(ArgNo(2)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getsockname", "getsockname",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int connect(int socket, const struct sockaddr *address, socklen_t // int connect(int socket, const struct sockaddr *address, socklen_t
// address_len); // address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"connect", "connect",
Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy}, Signature(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))))) .ArgConstraint(NotNull(ArgNo(1)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"connect", "connect",
Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, Irrelevant, Socklen_tTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
auto Recvfrom = auto Recvfrom =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))); /*BufSize=*/ArgNo(2)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"recvfrom", "recvfrom",
// ssize_t recvfrom(int socket, void *restrict buffer, // ssize_t recvfrom(int socket, void *restrict buffer,
// size_t length, // size_t length,
// int flags, struct sockaddr *restrict address, // int flags, struct sockaddr *restrict address,
Show All 9 Lines if (!addToFunctionSummaryMap(
Irrelevant, Socklen_tPtrRestrictTy}, Irrelevant, Socklen_tPtrRestrictTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Recvfrom); Recvfrom);
auto Sendto = auto Sendto =
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))); /*BufSize=*/ArgNo(2)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"sendto", "sendto",
// ssize_t sendto(int socket, const void *message, size_t length, // ssize_t sendto(int socket, const void *message, size_t length,
// int flags, const struct sockaddr *dest_addr, // int flags, const struct sockaddr *dest_addr,
// socklen_t dest_len); // socklen_t dest_len);
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy,
ConstStructSockaddrPtrTy, Socklen_tTy}, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Sendto)) Sendto))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sendto", "sendto",
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Irrelevant, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Irrelevant,
Socklen_tTy}, Socklen_tTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Sendto); Sendto);
// int listen(int sockfd, int backlog); // int listen(int sockfd, int backlog);
addToFunctionSummaryMap("listen", addToFunctionSummaryMap(
Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}), "listen", Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition( .ArgConstraint(
0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// ssize_t recv(int sockfd, void *buf, size_t len, int flags); // ssize_t recv(int sockfd, void *buf, size_t len, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recv", "recv",
Signature(ArgTypes{IntTy, VoidPtrTy, SizeTy, IntTy}, Signature(ArgTypes{IntTy, VoidPtrTy, SizeTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))); /*BufSize=*/ArgNo(2))));
std::optional<QualType> StructMsghdrTy = lookupTy("msghdr"); std::optional<QualType> StructMsghdrTy = lookupTy("msghdr");
std::optional<QualType> StructMsghdrPtrTy = getPointerTy(StructMsghdrTy); std::optional<QualType> StructMsghdrPtrTy = getPointerTy(StructMsghdrTy);
std::optional<QualType> ConstStructMsghdrPtrTy = std::optional<QualType> ConstStructMsghdrPtrTy =
getPointerTy(getConstTy(StructMsghdrTy)); getPointerTy(getConstTy(StructMsghdrTy));
// ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags); // ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recvmsg", "recvmsg",
Signature(ArgTypes{IntTy, StructMsghdrPtrTy, IntTy}, Signature(ArgTypes{IntTy, StructMsghdrPtrTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, .Case({ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags); // ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sendmsg", "sendmsg",
Signature(ArgTypes{IntTy, ConstStructMsghdrPtrTy, IntTy}, Signature(ArgTypes{IntTy, ConstStructMsghdrPtrTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, .Case({ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int setsockopt(int socket, int level, int option_name, // int setsockopt(int socket, int level, int option_name,
// const void *option_value, socklen_t option_len); // const void *option_value, socklen_t option_len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"setsockopt", "setsockopt",
Signature(ArgTypes{IntTy, IntTy, IntTy, ConstVoidPtrTy, Socklen_tTy}, Signature(ArgTypes{IntTy, IntTy, IntTy, ConstVoidPtrTy, Socklen_tTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4))) BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, Socklen_tMax)))); ArgumentCondition(4, WithinRange, Range(0, Socklen_tMax))));
// int getsockopt(int socket, int level, int option_name, // int getsockopt(int socket, int level, int option_name,
// void *restrict option_value, // void *restrict option_value,
// socklen_t *restrict option_len); // socklen_t *restrict option_len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getsockopt", "getsockopt",
Signature(ArgTypes{IntTy, IntTy, IntTy, VoidPtrRestrictTy, Signature(ArgTypes{IntTy, IntTy, IntTy, VoidPtrRestrictTy,
Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint(NotNull(ArgNo(4)))); .ArgConstraint(NotNull(ArgNo(4))));
// ssize_t send(int sockfd, const void *buf, size_t len, int flags); // ssize_t send(int sockfd, const void *buf, size_t len, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"send", "send",
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy}, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy},
RetType{Ssize_tTy}), RetType{Ssize_tTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))}, ReturnValueCondition(WithinRange, Range(0, Ssize_tMax))},
ErrnoMustNotBeChecked) ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))); /*BufSize=*/ArgNo(2))));
// int socketpair(int domain, int type, int protocol, int sv[2]); // int socketpair(int domain, int type, int protocol, int sv[2]);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"socketpair", "socketpair",
Signature(ArgTypes{IntTy, IntTy, IntTy, IntPtrTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, IntTy, IntTy, IntPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(3)))); .ArgConstraint(NotNull(ArgNo(3))));
// int shutdown(int socket, int how);
addToFunctionSummaryMap(
"shutdown", Signature(ArgTypes{IntTy, IntTy}, RetType{IntTy}),
Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, // int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen,
// char *restrict node, socklen_t nodelen, // char *restrict node, socklen_t nodelen,
// char *restrict service, // char *restrict service,
// socklen_t servicelen, int flags); // socklen_t servicelen, int flags);
// //
// This is defined in netdb.h. And contrary to 'socket.h', the sockaddr // This is defined in netdb.h. And contrary to 'socket.h', the sockaddr
// parameter is never handled as a transparent union in netdb.h // parameter is never handled as a transparent union in netdb.h
addToFunctionSummaryMap( addToFunctionSummaryMap(
Show All 19 Lines
std::optional<QualType> StructUtimbufTy = lookupTy("utimbuf"); std::optional<QualType> StructUtimbufTy = lookupTy("utimbuf");
std::optional<QualType> StructUtimbufPtrTy = getPointerTy(StructUtimbufTy); std::optional<QualType> StructUtimbufPtrTy = getPointerTy(StructUtimbufTy);
// int utime(const char *filename, struct utimbuf *buf); // int utime(const char *filename, struct utimbuf *buf);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"utime", "utime",
Signature(ArgTypes{ConstCharPtrTy, StructUtimbufPtrTy}, RetType{IntTy}), Signature(ArgTypes{ConstCharPtrTy, StructUtimbufPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
std::optional<QualType> StructTimespecTy = lookupTy("timespec"); std::optional<QualType> StructTimespecTy = lookupTy("timespec");
std::optional<QualType> StructTimespecPtrTy = std::optional<QualType> StructTimespecPtrTy =
getPointerTy(StructTimespecTy); getPointerTy(StructTimespecTy);
std::optional<QualType> ConstStructTimespecPtrTy = std::optional<QualType> ConstStructTimespecPtrTy =
getPointerTy(getConstTy(StructTimespecTy)); getPointerTy(getConstTy(StructTimespecTy));
// int futimens(int fd, const struct timespec times[2]); // int futimens(int fd, const struct timespec times[2]);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"futimens", "futimens",
Signature(ArgTypes{IntTy, ConstStructTimespecPtrTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, ConstStructTimespecPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int utimensat(int dirfd, const char *pathname, // int utimensat(int dirfd, const char *pathname,
// const struct timespec times[2], int flags); // const struct timespec times[2], int flags);
addToFunctionSummaryMap("utimensat", addToFunctionSummaryMap(
Signature(ArgTypes{IntTy, ConstCharPtrTy, "utimensat",
ConstStructTimespecPtrTy, IntTy}, Signature(
ArgTypes{IntTy, ConstCharPtrTy, ConstStructTimespecPtrTy, IntTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
std::optional<QualType> StructTimevalTy = lookupTy("timeval"); std::optional<QualType> StructTimevalTy = lookupTy("timeval");
std::optional<QualType> ConstStructTimevalPtrTy = std::optional<QualType> ConstStructTimevalPtrTy =
getPointerTy(getConstTy(StructTimevalTy)); getPointerTy(getConstTy(StructTimevalTy));
// int utimes(const char *filename, const struct timeval times[2]); // int utimes(const char *filename, const struct timeval times[2]);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"utimes", "utimes",
Signature(ArgTypes{ConstCharPtrTy, ConstStructTimevalPtrTy}, Signature(ArgTypes{ConstCharPtrTy, ConstStructTimevalPtrTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); // int nanosleep(const struct timespec *rqtp, struct timespec *rmtp);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"nanosleep", "nanosleep",
Signature(ArgTypes{ConstStructTimespecPtrTy, StructTimespecPtrTy}, Signature(ArgTypes{ConstStructTimespecPtrTy, StructTimespecPtrTy},
RetType{IntTy}), RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
std::optional<QualType> Time_tTy = lookupTy("time_t"); std::optional<QualType> Time_tTy = lookupTy("time_t");
std::optional<QualType> ConstTime_tPtrTy = std::optional<QualType> ConstTime_tPtrTy =
getPointerTy(getConstTy(Time_tTy)); getPointerTy(getConstTy(Time_tTy));
std::optional<QualType> ConstTime_tPtrRestrictTy = std::optional<QualType> ConstTime_tPtrRestrictTy =
getRestrictTy(ConstTime_tPtrTy); getRestrictTy(ConstTime_tPtrTy);
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Lines
std::optional<QualType> Clockid_tTy = lookupTy("clockid_t"); std::optional<QualType> Clockid_tTy = lookupTy("clockid_t");
// int clock_gettime(clockid_t clock_id, struct timespec *tp); // int clock_gettime(clockid_t clock_id, struct timespec *tp);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"clock_gettime", "clock_gettime",
Signature(ArgTypes{Clockid_tTy, StructTimespecPtrTy}, RetType{IntTy}), Signature(ArgTypes{Clockid_tTy, StructTimespecPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
std::optional<QualType> StructItimervalTy = lookupTy("itimerval"); std::optional<QualType> StructItimervalTy = lookupTy("itimerval");
std::optional<QualType> StructItimervalPtrTy = std::optional<QualType> StructItimervalPtrTy =
getPointerTy(StructItimervalTy); getPointerTy(StructItimervalTy);
// int getitimer(int which, struct itimerval *curr_value); // int getitimer(int which, struct itimerval *curr_value);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getitimer", "getitimer",
Signature(ArgTypes{IntTy, StructItimervalPtrTy}, RetType{IntTy}), Signature(ArgTypes{IntTy, StructItimervalPtrTy}, RetType{IntTy}),
Summary(NoEvalCall) Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked) .Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant) .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
std::optional<QualType> Pthread_cond_tTy = lookupTy("pthread_cond_t"); std::optional<QualType> Pthread_cond_tTy = lookupTy("pthread_cond_t");
std::optional<QualType> Pthread_cond_tPtrTy = std::optional<QualType> Pthread_cond_tPtrTy =
getPointerTy(Pthread_cond_tTy); getPointerTy(Pthread_cond_tTy);
std::optional<QualType> Pthread_tTy = lookupTy("pthread_t"); std::optional<QualType> Pthread_tTy = lookupTy("pthread_t");
std::optional<QualType> Pthread_tPtrTy = getPointerTy(Pthread_tTy); std::optional<QualType> Pthread_tPtrTy = getPointerTy(Pthread_tTy);
std::optional<QualType> Pthread_tPtrRestrictTy = std::optional<QualType> Pthread_tPtrRestrictTy =
▲ Show 20 LinesShow All 345 LinesShow Last 20 Lines

clang/test/Analysis/Inputs/std-c-library-functions-POSIX.h

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines
FILE *tmpfile(void); FILE *tmpfile(void);
FILE *freopen(const char *restrict pathname, const char *restrict mode, FILE *freopen(const char *restrict pathname, const char *restrict mode,
FILE *restrict stream); FILE *restrict stream);
int fclose(FILE *stream); int fclose(FILE *stream);
int fseek(FILE *stream, long offset, int whence); int fseek(FILE *stream, long offset, int whence);
int fileno(FILE *stream); int fileno(FILE *stream);
long a64l(const char *str64); long a64l(const char *str64);
char *l64a(long value); char *l64a(long value);
int open(const char *path, int oflag, ...);
int openat(int fd, const char *path, int oflag, ...);
int access(const char *pathname, int amode); int access(const char *pathname, int amode);
int faccessat(int dirfd, const char *pathname, int mode, int flags); int faccessat(int dirfd, const char *pathname, int mode, int flags);
int dup(int fildes); int dup(int fildes);
int dup2(int fildes1, int filedes2); int dup2(int fildes1, int filedes2);
int fdatasync(int fildes); int fdatasync(int fildes);
int fnmatch(const char *pattern, const char *string, int flags); int fnmatch(const char *pattern, const char *string, int flags);
int fsync(int fildes); int fsync(int fildes);
int truncate(const char *path, off_t length); int truncate(const char *path, off_t length);
▲ Show 20 LinesShow All 72 Lines▼ Show 20 Lines
} __SOCKADDR_ARG __attribute__((__transparent_union__)); } __SOCKADDR_ARG __attribute__((__transparent_union__));
#undef __SOCKADDR_ONETYPE #undef __SOCKADDR_ONETYPE
#define __SOCKADDR_ONETYPE(type) const struct type *restrict __##type##__; #define __SOCKADDR_ONETYPE(type) const struct type *restrict __##type##__;
typedef union { typedef union {
__SOCKADDR_ALLTYPES __SOCKADDR_ALLTYPES
} __CONST_SOCKADDR_ARG __attribute__((__transparent_union__)); } __CONST_SOCKADDR_ARG __attribute__((__transparent_union__));
#undef __SOCKADDR_ONETYPE #undef __SOCKADDR_ONETYPE
int socket(int domain, int type, int protocol);
int accept(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len); int accept(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len);
int bind(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len); int bind(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len);
int getpeername(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len); int getpeername(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len);
int getsockname(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len); int getsockname(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len);
int connect(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len); int connect(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len);
ssize_t recvfrom(int socket, void *restrict buffer, size_t length, int flags, __SOCKADDR_ARG address, socklen_t *restrict address_len); ssize_t recvfrom(int socket, void *restrict buffer, size_t length, int flags, __SOCKADDR_ARG address, socklen_t *restrict address_len);
ssize_t sendto(int socket, const void *message, size_t length, int flags, __CONST_SOCKADDR_ARG dest_addr, socklen_t dest_len); ssize_t sendto(int socket, const void *message, size_t length, int flags, __CONST_SOCKADDR_ARG dest_addr, socklen_t dest_len);
int listen(int sockfd, int backlog); int listen(int sockfd, int backlog);
ssize_t recv(int sockfd, void *buf, size_t len, int flags); ssize_t recv(int sockfd, void *buf, size_t len, int flags);
ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags); ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags);
ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags); ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags);
int setsockopt(int socket, int level, int option_name, const void *option_value, socklen_t option_len); int setsockopt(int socket, int level, int option_name, const void *option_value, socklen_t option_len);
int getsockopt(int socket, int level, int option_name, void *restrict option_value, socklen_t *restrict option_len); int getsockopt(int socket, int level, int option_name, void *restrict option_value, socklen_t *restrict option_len);
ssize_t send(int sockfd, const void *buf, size_t len, int flags); ssize_t send(int sockfd, const void *buf, size_t len, int flags);
int socketpair(int domain, int type, int protocol, int sv[2]); int socketpair(int domain, int type, int protocol, int sv[2]);
int shutdown(int socket, int how);
int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, char *restrict node, socklen_t nodelen, char *restrict service, socklen_t servicelen, int flags); int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, char *restrict node, socklen_t nodelen, char *restrict service, socklen_t servicelen, int flags);
int utime(const char *filename, struct utimbuf *buf); int utime(const char *filename, struct utimbuf *buf);
int futimens(int fd, const struct timespec times[2]); int futimens(int fd, const struct timespec times[2]);
int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags); int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags);
int utimes(const char *filename, const struct timeval times[2]); int utimes(const char *filename, const struct timeval times[2]);
int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); int nanosleep(const struct timespec *rqtp, struct timespec *rmtp);
struct tm *localtime(const time_t *tp); struct tm *localtime(const time_t *tp);
struct tm *localtime_r(const time_t *restrict timer, struct tm *restrict result); struct tm *localtime_r(const time_t *restrict timer, struct tm *restrict result);
Show All 21 Lines

clang/test/Analysis/std-c-library-functions-POSIX.c

// RUN: %clang_analyze_cc1 %s \ // RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \ // RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \ // RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \ // RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \ // RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux -verify
// RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.unix.StdCLibraryFunctions \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config alpha.unix.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s // RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: FILE *fopen(const char *restrict pathname, const char *restrict mode) // CHECK: Loaded summary for: FILE *fopen(const char *restrict pathname, const char *restrict mode)
// CHECK: Loaded summary for: FILE *tmpfile(void) // CHECK: Loaded summary for: FILE *tmpfile(void)
// CHECK: Loaded summary for: FILE *freopen(const char *restrict pathname, const char *restrict mode, FILE *restrict stream) // CHECK: Loaded summary for: FILE *freopen(const char *restrict pathname, const char *restrict mode, FILE *restrict stream)
// CHECK: Loaded summary for: int fclose(FILE *stream) // CHECK: Loaded summary for: int fclose(FILE *stream)
// CHECK: Loaded summary for: int fseek(FILE *stream, long offset, int whence) // CHECK: Loaded summary for: int fseek(FILE *stream, long offset, int whence)
// CHECK: Loaded summary for: int fileno(FILE *stream) // CHECK: Loaded summary for: int fileno(FILE *stream)
// CHECK: Loaded summary for: long a64l(const char *str64) // CHECK: Loaded summary for: long a64l(const char *str64)
// CHECK: Loaded summary for: char *l64a(long value) // CHECK: Loaded summary for: char *l64a(long value)
// CHECK: Loaded summary for: int open(const char *path, int oflag, ...)
// CHECK: Loaded summary for: int openat(int fd, const char *path, int oflag, ...)
// CHECK: Loaded summary for: int access(const char *pathname, int amode) // CHECK: Loaded summary for: int access(const char *pathname, int amode)
// CHECK: Loaded summary for: int faccessat(int dirfd, const char *pathname, int mode, int flags) // CHECK: Loaded summary for: int faccessat(int dirfd, const char *pathname, int mode, int flags)
// CHECK: Loaded summary for: int dup(int fildes) // CHECK: Loaded summary for: int dup(int fildes)
// CHECK: Loaded summary for: int dup2(int fildes1, int filedes2) // CHECK: Loaded summary for: int dup2(int fildes1, int filedes2)
// CHECK: Loaded summary for: int fdatasync(int fildes) // CHECK: Loaded summary for: int fdatasync(int fildes)
// CHECK: Loaded summary for: int fnmatch(const char *pattern, const char *string, int flags) // CHECK: Loaded summary for: int fnmatch(const char *pattern, const char *string, int flags)
// CHECK: Loaded summary for: int fsync(int fildes) // CHECK: Loaded summary for: int fsync(int fildes)
// CHECK: Loaded summary for: int truncate(const char *path, off_t length) // CHECK: Loaded summary for: int truncate(const char *path, off_t length)
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines
// CHECK: Loaded summary for: off_t lseek(int fildes, off_t offset, int whence) // CHECK: Loaded summary for: off_t lseek(int fildes, off_t offset, int whence)
// CHECK: Loaded summary for: ssize_t readlink(const char *restrict path, char *restrict buf, size_t bufsize) // CHECK: Loaded summary for: ssize_t readlink(const char *restrict path, char *restrict buf, size_t bufsize)
// CHECK: Loaded summary for: ssize_t readlinkat(int fd, const char *restrict path, char *restrict buf, size_t bufsize) // CHECK: Loaded summary for: ssize_t readlinkat(int fd, const char *restrict path, char *restrict buf, size_t bufsize)
// CHECK: Loaded summary for: int renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath) // CHECK: Loaded summary for: int renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath)
// CHECK: Loaded summary for: char *realpath(const char *restrict file_name, char *restrict resolved_name) // CHECK: Loaded summary for: char *realpath(const char *restrict file_name, char *restrict resolved_name)
// CHECK: Loaded summary for: int execv(const char *path, char *const argv[]) // CHECK: Loaded summary for: int execv(const char *path, char *const argv[])
// CHECK: Loaded summary for: int execvp(const char *file, char *const argv[]) // CHECK: Loaded summary for: int execvp(const char *file, char *const argv[])
// CHECK: Loaded summary for: int getopt(int argc, char *const argv[], const char *optstring) // CHECK: Loaded summary for: int getopt(int argc, char *const argv[], const char *optstring)
// CHECK: Loaded summary for: int socket(int domain, int type, int protocol)
// CHECK: Loaded summary for: int accept(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len) // CHECK: Loaded summary for: int accept(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len)
// CHECK: Loaded summary for: int bind(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len) // CHECK: Loaded summary for: int bind(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len)
// CHECK: Loaded summary for: int getpeername(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len) // CHECK: Loaded summary for: int getpeername(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len)
// CHECK: Loaded summary for: int getsockname(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len) // CHECK: Loaded summary for: int getsockname(int socket, __SOCKADDR_ARG address, socklen_t *restrict address_len)
// CHECK: Loaded summary for: int connect(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len) // CHECK: Loaded summary for: int connect(int socket, __CONST_SOCKADDR_ARG address, socklen_t address_len)
// CHECK: Loaded summary for: ssize_t recvfrom(int socket, void *restrict buffer, size_t length, int flags, __SOCKADDR_ARG address, socklen_t *restrict address_len) // CHECK: Loaded summary for: ssize_t recvfrom(int socket, void *restrict buffer, size_t length, int flags, __SOCKADDR_ARG address, socklen_t *restrict address_len)
// CHECK: Loaded summary for: ssize_t sendto(int socket, const void *message, size_t length, int flags, __CONST_SOCKADDR_ARG dest_addr, socklen_t dest_len) // CHECK: Loaded summary for: ssize_t sendto(int socket, const void *message, size_t length, int flags, __CONST_SOCKADDR_ARG dest_addr, socklen_t dest_len)
// CHECK: Loaded summary for: int listen(int sockfd, int backlog) // CHECK: Loaded summary for: int listen(int sockfd, int backlog)
// CHECK: Loaded summary for: ssize_t recv(int sockfd, void *buf, size_t len, int flags) // CHECK: Loaded summary for: ssize_t recv(int sockfd, void *buf, size_t len, int flags)
// CHECK: Loaded summary for: ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags) // CHECK: Loaded summary for: ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags)
// CHECK: Loaded summary for: ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) // CHECK: Loaded summary for: ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags)
// CHECK: Loaded summary for: int setsockopt(int socket, int level, int option_name, const void *option_value, socklen_t option_len) // CHECK: Loaded summary for: int setsockopt(int socket, int level, int option_name, const void *option_value, socklen_t option_len)
// CHECK: Loaded summary for: int getsockopt(int socket, int level, int option_name, void *restrict option_value, socklen_t *restrict option_len) // CHECK: Loaded summary for: int getsockopt(int socket, int level, int option_name, void *restrict option_value, socklen_t *restrict option_len)
// CHECK: Loaded summary for: ssize_t send(int sockfd, const void *buf, size_t len, int flags) // CHECK: Loaded summary for: ssize_t send(int sockfd, const void *buf, size_t len, int flags)
// CHECK: Loaded summary for: int socketpair(int domain, int type, int protocol, int sv[2]) // CHECK: Loaded summary for: int socketpair(int domain, int type, int protocol, int sv[2])
// CHECK: Loaded summary for: int shutdown(int socket, int how)
// CHECK: Loaded summary for: int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, char *restrict node, socklen_t nodelen, char *restrict service, socklen_t servicelen, int flags) // CHECK: Loaded summary for: int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, char *restrict node, socklen_t nodelen, char *restrict service, socklen_t servicelen, int flags)
// CHECK: Loaded summary for: int utime(const char *filename, struct utimbuf *buf) // CHECK: Loaded summary for: int utime(const char *filename, struct utimbuf *buf)
// CHECK: Loaded summary for: int futimens(int fd, const struct timespec times[2]) // CHECK: Loaded summary for: int futimens(int fd, const struct timespec times[2])
// CHECK: Loaded summary for: int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags) // CHECK: Loaded summary for: int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags)
// CHECK: Loaded summary for: int utimes(const char *filename, const struct timeval times[2]) // CHECK: Loaded summary for: int utimes(const char *filename, const struct timeval times[2])
// CHECK: Loaded summary for: int nanosleep(const struct timespec *rqtp, struct timespec *rmtp) // CHECK: Loaded summary for: int nanosleep(const struct timespec *rqtp, struct timespec *rmtp)
// CHECK: Loaded summary for: struct tm *localtime(const time_t *tp) // CHECK: Loaded summary for: struct tm *localtime(const time_t *tp)
// CHECK: Loaded summary for: struct tm *localtime_r(const time_t *restrict timer, struct tm *restrict result) // CHECK: Loaded summary for: struct tm *localtime_r(const time_t *restrict timer, struct tm *restrict result)
Show All 15 Lines
// CHECK: Loaded summary for: int pthread_mutex_init(pthread_mutex_t *restrict mutex, const pthread_mutexattr_t *restrict attr) // CHECK: Loaded summary for: int pthread_mutex_init(pthread_mutex_t *restrict mutex, const pthread_mutexattr_t *restrict attr)
// CHECK: Loaded summary for: int pthread_mutex_destroy(pthread_mutex_t *mutex) // CHECK: Loaded summary for: int pthread_mutex_destroy(pthread_mutex_t *mutex)
// CHECK: Loaded summary for: int pthread_mutex_lock(pthread_mutex_t *mutex) // CHECK: Loaded summary for: int pthread_mutex_lock(pthread_mutex_t *mutex)
// CHECK: Loaded summary for: int pthread_mutex_trylock(pthread_mutex_t *mutex) // CHECK: Loaded summary for: int pthread_mutex_trylock(pthread_mutex_t *mutex)
// CHECK: Loaded summary for: int pthread_mutex_unlock(pthread_mutex_t *mutex) // CHECK: Loaded summary for: int pthread_mutex_unlock(pthread_mutex_t *mutex)
#include "Inputs/std-c-library-functions-POSIX.h" #include "Inputs/std-c-library-functions-POSIX.h"
// Must have at least one call expression to initialize the summary map. void test_open(void) {
int bar(void); open(0, 0); // \
void foo(void) { // expected-warning{{The 1st argument to 'open' is NULL but should not be NULL}}
bar(); }
void test_open_additional_arg(void) {
open(0, 0, 0); // \
// expected-warning{{The 1st argument to 'open' is NULL but should not be NULL}}
} }

clang/test/Analysis/std-c-library-functions-arg-constraints.c

Show First 20 LinesShow All 310 Lines▼ Show 20 Lines
void test_file_fd_at_functions() { void test_file_fd_at_functions() {
(void)linkat(-22, "from", AT_FDCWD, "to", 0); // \ (void)linkat(-22, "from", AT_FDCWD, "to", 0); // \
// report-warning{{The 1st argument to 'linkat' is -22 but should be a valid file descriptor or AT_FDCWD}} \ // report-warning{{The 1st argument to 'linkat' is -22 but should be a valid file descriptor or AT_FDCWD}} \
// bugpath-warning{{The 1st argument to 'linkat' is -22 but should be a valid file descriptor or AT_FDCWD}} \ // bugpath-warning{{The 1st argument to 'linkat' is -22 but should be a valid file descriptor or AT_FDCWD}} \
// bugpath-note{{The 1st argument to 'linkat' is -22 but should be a valid file descriptor or AT_FDCWD}} // bugpath-note{{The 1st argument to 'linkat' is -22 but should be a valid file descriptor or AT_FDCWD}}
// no warning for these functions if the AT_FDCWD value is used // no warning for these functions if the AT_FDCWD value is used
(void)openat(AT_FDCWD, "path", 0);
(void)linkat(AT_FDCWD, "from", AT_FDCWD, "to", 0); (void)linkat(AT_FDCWD, "from", AT_FDCWD, "to", 0);
(void)faccessat(AT_FDCWD, "path", 0, 0); (void)faccessat(AT_FDCWD, "path", 0, 0);
(void)symlinkat("oldpath", AT_FDCWD, "newpath"); (void)symlinkat("oldpath", AT_FDCWD, "newpath");
(void)mkdirat(AT_FDCWD, "path", 0); (void)mkdirat(AT_FDCWD, "path", 0);
(void)mknodat(AT_FDCWD, "path", 0, 0); (void)mknodat(AT_FDCWD, "path", 0, 0);
(void)fchmodat(AT_FDCWD, "path", 0, 0); (void)fchmodat(AT_FDCWD, "path", 0, 0);
(void)fchownat(AT_FDCWD, "path", 0, 0, 0); (void)fchownat(AT_FDCWD, "path", 0, 0, 0);
(void)linkat(AT_FDCWD, "oldpath", AT_FDCWD, "newpath", 0); (void)linkat(AT_FDCWD, "oldpath", AT_FDCWD, "newpath", 0);
(void)unlinkat(AT_FDCWD, "newpath", 0); (void)unlinkat(AT_FDCWD, "newpath", 0);
struct stat St; struct stat St;
(void)fstatat(AT_FDCWD, "newpath", &St, 0); (void)fstatat(AT_FDCWD, "newpath", &St, 0);
char Buf[10]; char Buf[10];
(void)readlinkat(AT_FDCWD, "newpath", Buf, 10); (void)readlinkat(AT_FDCWD, "newpath", Buf, 10);
(void)renameat(AT_FDCWD, "oldpath", AT_FDCWD, "newpath"); (void)renameat(AT_FDCWD, "oldpath", AT_FDCWD, "newpath");
} }