This is an archive of the discontinued LLVM Phabricator instance.

Differential D33825

[clang-tidy] signal handler must be plain old function check
Needs RevisionPublic

Authored by bruntib on Jun 2 2017, 5:29 AM.

Details

Reviewers
aaron.ballman
hokein
Prazek
Eugene.Zelenko
NorenaLeonetti
jfb
Summary

Based on CERT-MSC54-CPP

Diff Detail

Repository
rL LLVM

Event Timeline

NorenaLeonetti created this revision.Jun 2 2017, 5:29 AM
Herald added subscribers: xazax.hun, mgorny. · View Herald TranscriptJun 2 2017, 5:29 AM
Eugene.Zelenko added inline comments.Jun 2 2017, 10:25 AM
clang-tidy/cert/CERTTidyModule.cpp
62–64

checker -> check.

docs/ReleaseNotes.rst
85

Probably C++ should be mentioned for clarity.

docs/clang-tidy/checks/cert-msc54-cpp.rst
8

'extern C' -> `extern "C"`.

22

Unnecessary empty line.

33

Unnecessary empty line.

35

Please replace CPP with C++ as in similar checks documentation.

aaron.ballman edited edge metadata.Jun 5 2017, 6:11 AM

This check is an interesting one. The rules around what is signal safe are changing for C++17 to be a bit more lenient than what the rules are for C++14. CERT's rule is written against C++14, and so the current behavior matches the rule wording. However, the *intent* of the rule is to ensure that only signal-safe functionality is used from a signal handler, and so from that perspective, I can imagine a user compiling for C++17 to want the relaxed rules to still comply with CERT's wording. What do you think?

clang-tidy/cert/SignalHandlerMustBePlainOldFunctionCheck.cpp
23

Since this is only needed once and is quite succinct, I'd just lower it into its usage.

48

Same here.

53

And here.

84

Don't use auto for this one, since the type is neither complex nor spelled out in the initialization.

85

Can use isDefined() instead of getDefinition(). Then you can store off the FunctionDecl * for the definition and use it below in the call to hasCxxRepr().

103–104

These functions can be marked const.

142

'extern \"C\"'' instead of 'external C'. I'd probably reword it to: "signal handlers must be 'extern \"C\""

150

representations -> constructs

(same below)

docs/clang-tidy/checks/cert-msc54-cpp.rst
25

Space between // and warning; indent the comment.

30

Indent the code.

whisperity edited the summary of this revision. (Show Details)Jul 6 2017, 5:21 AM
whisperity added subscribers: gsd, o.gyorgy, dkrupp, whisperity.
alexfh requested changes to this revision.Jul 11 2017, 6:42 AM
This revision now requires changes to proceed.Jul 11 2017, 6:42 AM
NorenaLeonetti marked 16 inline comments as done.Sep 2 2017, 6:19 AM
In D33825#772688, @aaron.ballman wrote:

This check is an interesting one. The rules around what is signal safe are changing for C++17 to be a bit more lenient than what the rules are for C++14. CERT's rule is written against C++14, and so the current behavior matches the rule wording. However, the *intent* of the rule is to ensure that only signal-safe functionality is used from a signal handler, and so from that perspective, I can imagine a user compiling for C++17 to want the relaxed rules to still comply with CERT's wording. What do you think?

I think your concerns are right. I've checked the upcoming changes in the C++17 standard draft and I'll add some logic to the code to have those relaxed rules at least partly fulfilled.
For now, I uploaded the changes required for this check.

NorenaLeonetti updated this revision to Diff 113651.Sep 2 2017, 7:25 AM
NorenaLeonetti edited edge metadata.
Herald added a subscriber: JDevlieghere. · View Herald TranscriptSep 2 2017, 7:25 AM
jklaehn added a subscriber: jklaehn.Sep 2 2017, 9:48 AM
jklaehn added inline comments.
docs/ReleaseNotes.rst
64

You missed a conflict marker here (and below in line 149).

NorenaLeonetti updated this revision to Diff 113652.Sep 2 2017, 10:02 AM
aaron.ballman added a comment.Sep 5 2017, 9:17 AM

Aside from a few small nits, this looks reasonable. Have you run it over any large code bases that use signals to test the quality of the check?

docs/clang-tidy/checks/cert-msc54-cpp.rst
23

The warning text should match the actual warning.

test/clang-tidy/cert-signal-handler-must-be-plain-old-function.cpp
56–57

Can you move these to be closer to where the actual note appears? It makes it easier to ensure that the diagnostic appears on the proper line.

alexfh removed a reviewer: alexfh.Sep 10 2017, 6:00 AM
alexfh added a subscriber: alexfh.
bruntib commandeered this revision.Aug 28 2020, 7:37 AM
bruntib added a reviewer: NorenaLeonetti.
bruntib added a subscriber: bruntib.

I'll rebase this patch and continue its development.

Herald added subscribers: martong, steakhal, jfb. · View Herald TranscriptAug 28 2020, 7:37 AM
bruntib updated this revision to Diff 288606.Aug 28 2020, 7:49 AM

I rebased the patch so it compiles with master version of LLVM/Clang. I did no other change, so I would like if this patch would be committed on behalf of @NorenaLeonetti if the patch is acceptable.
I would kindly ask the reviewers to give some comments if any additional modification is needed. I run this checker on DuckDB project and this checker gave two reports on functions which shouldn't be used as signal handler:

duckdb-0.2.0/third_party/sqlsmith/sqlsmith.cc:38:17: do not use C++ constructs in signal handlers [cert-msc54-cpp]
https://github.com/cwida/duckdb/blob/master/third_party/sqlsmith/sqlsmith.cc#L38

duckdb-0.2.0/tools/shell/shell.c:8828:13: signal handlers must be 'extern "C"' [cert-msc54-cpp]
https://github.com/cwida/duckdb/blob/master/tools/shell/shell.c#L8828

I haven't found other C++ projects which use signals. However, this checker reports on the non-compliant code fragments of the corresponding SEI-CERT rule: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC54-CPP.+A+signal+handler+must+be+a+plain+old+function. The two findings above also seem to be true positive.

Herald added a subscriber: mgehre. · View Herald TranscriptAug 28 2020, 7:49 AM
bruntib updated this revision to Diff 288617.Aug 28 2020, 8:30 AM

Update lincense.

jfb requested changes to this revision.Aug 28 2020, 8:46 AM

Please consider these changes, and whether this is relevant as implemented: http://wg21.link/p0270

clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp
22 ↗(On Diff #288617)

"C++ construct" isn't particularly useful. Here it needs to call out throwing exceptions.

57 ↗(On Diff #288617)

Here too, I have no idea what this means given just this message.

73 ↗(On Diff #288617)

This is also very confusing.

This revision now requires changes to proceed.Aug 28 2020, 8:46 AM
Herald added a subscriber: dexonsmith. · View Herald TranscriptAug 28 2020, 8:46 AM
mgehre removed a subscriber: mgehre.Aug 28 2020, 12:44 PM
Herald added a subscriber: danielkiss. · View Herald TranscriptAug 28 2020, 12:44 PM
bruntib updated this revision to Diff 288774.Aug 29 2020, 6:34 AM

Test file has been extended with the second line of the "note" diagnostic message which designates the location of the suspicious "C++ construct". The full clang-tidy output looks like this:

llvm-project/clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp:20:17: warning: do not use C++ constructs in signal handlers [cert-msc54-cpp]
extern "C" void cpp_signal_handler(int sig) {

^

llvm-project/clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp:23:3: note: C++ construct used here

throw "error message";
^
bruntib added inline comments.Aug 29 2020, 6:40 AM
clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp
22 ↗(On Diff #288617)

Thanks for the review!
I think the clang-tidy message is understandable, because the next line after "note: C++ construct used here" displays the exact source location where this C++ construct is used. I included this line in the test file so it is visible here. The full message looks like this:

llvm-project/clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp:20:17: warning: do not use C++ constructs in signal handlers [cert-msc54-cpp]
extern "C" void cpp_signal_handler(int sig) {

^

llvm-project/clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp:23:3: note: C++ construct used here

throw "error message";
^

Do you think it's enough, or should the note text be different for all C++ constructs?

bruntib updated this revision to Diff 288777.Aug 29 2020, 8:13 AM

Note texts are now describing what kind of C++ constructs were used. The warning message also explains better the reason of the issue: "signal handlers must be plain old functions, C++-only constructs are not allowed"

jfb requested changes to this revision.Aug 29 2020, 3:47 PM

MSC54-CPP refers to POF, which as I pointed out above isn't relevant anymore. I'd much rather have a diagnostic which honors the state of things after http://wg21.link/p0270.

Additionally, lots of what MSC54-CPP intends is implementation-defined. We shouldn't diagnose for things that clang has defined as signal safe, at least not by default.

From the paper, I'd like to see tests for these:

  • a call to any standard library function, except for plain lock-free atomic atomic operations and functions explicitly identified as signal-safe. [Note: This implicitly excludes the use of new and delete expressions that rely on a library-provided memory allocator. – end note]; -- here I'd like to explicitly see the list of signal-safe functions, and examples of ones that are not
  • an access to an object with thread storage duration;
  • a dynamic_cast expression;
  • throwing of an exception;
  • control entering a try-block or function-try-block; or
  • initialization of a variable with static storage duration requiring dynamic initialization (3.6.3 [basic.start.dynamic], 6.7 [stmt.decl])). [ Note: Such initialization might occur because it is the first odr-use (3.2 [basic.def.odr]) of that variable. -- end note ]
  • waiting for the completion of the initialization of a variable with static storage duration (6.7 [stmt.decl]).
clang-tools-extra/clang-tidy/cert/SignalHandlerMustBePlainOldFunctionCheck.cpp
84 ↗(On Diff #288777)

Most of the above are fine per p0270, and most don't have a test at the moment.

clang-tools-extra/docs/clang-tidy/checks/cert-msc54-cpp.rst
15 ↗(On Diff #288777)

'extern', not 'external'

23 ↗(On Diff #288777)

Update the example too.

clang-tools-extra/test/clang-tidy/checkers/cert-signal-handler-must-be-plain-old-function.cpp
74 ↗(On Diff #288777)

I don't think this should diagnose, it is signal safe for clang's implementation, and allowed by p0270.

91 ↗(On Diff #288777)

_Thread_local isn't signal safe per p0270.

114 ↗(On Diff #288777)

The atomic isn't used here, and atomic initialization isn't atomic, so the test isn't sufficient.

This revision now requires changes to proceed.Aug 29 2020, 3:47 PM
aaron.ballman added a comment.Aug 31 2020, 6:16 AM
In D33825#2246369, @jfb wrote:

MSC54-CPP refers to POF, which as I pointed out above isn't relevant anymore. I'd much rather have a diagnostic which honors the state of things after http://wg21.link/p0270.

I agree, and I've commented on that rule to remind the folks at CERT that the rule has largely gone stale.

Additionally, lots of what MSC54-CPP intends is implementation-defined. We shouldn't diagnose for things that clang has defined as signal safe, at least not by default.

Also agreed.

clang-tools-extra/clang-tidy/cert/SignalHandlerMustBePlainOldFunctionCheck.cpp
42 ↗(On Diff #288777)

I'm not super keen on this approach because as new C++ constructs are added, this will continually need to be updated, which is a maintenance burden I think we should try to avoid. I would rather use some generic wording or tie the wording automatically to something provided by the Stmt class.

44 ↗(On Diff #288777)

Diagnostics in clang-tidy should start with a lowercase letter

91 ↗(On Diff #288777)

Similar concerns here.

aaron.ballman mentioned this in D87449: [clang-tidy] Add new check for SEI CERT rule SIG30-C.Oct 7 2020, 7:32 AM
balazske added a subscriber: balazske.Jan 24 2022, 12:03 AM
Herald added a subscriber: carlosgalvezp. · View Herald TranscriptJan 24 2022, 12:03 AM
balazske mentioned this in D118016: [clang-tidy] Change code of SignalHandlerCheck (NFC)..Jan 24 2022, 12:12 AM

Revision Contents

Diff 113652

clang-tidy/cert/CERTTidyModule.cpp

Show All 16 Lines
#include "../misc/StaticAssertCheck.h" #include "../misc/StaticAssertCheck.h"
#include "../misc/ThrowByValueCatchByReferenceCheck.h" #include "../misc/ThrowByValueCatchByReferenceCheck.h"
#include "CommandProcessorCheck.h" #include "CommandProcessorCheck.h"
#include "DontModifyStdNamespaceCheck.h" #include "DontModifyStdNamespaceCheck.h"
#include "FloatLoopCounter.h" #include "FloatLoopCounter.h"
#include "LimitedRandomnessCheck.h" #include "LimitedRandomnessCheck.h"
#include "PostfixOperatorCheck.h" #include "PostfixOperatorCheck.h"
#include "SetLongJmpCheck.h" #include "SetLongJmpCheck.h"
#include "SignalHandlerMustBePlainOldFunctionCheck.h"
#include "StaticObjectExceptionCheck.h" #include "StaticObjectExceptionCheck.h"
#include "StrToNumCheck.h" #include "StrToNumCheck.h"
#include "ThrownExceptionTypeCheck.h" #include "ThrownExceptionTypeCheck.h"
#include "VariadicFunctionDefCheck.h" #include "VariadicFunctionDefCheck.h"
namespace clang { namespace clang {
namespace tidy { namespace tidy {
namespace cert { namespace cert {
Show All 20 Lines CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
"cert-err09-cpp"); "cert-err09-cpp");
CheckFactories.registerCheck<SetLongJmpCheck>("cert-err52-cpp"); CheckFactories.registerCheck<SetLongJmpCheck>("cert-err52-cpp");
CheckFactories.registerCheck<StaticObjectExceptionCheck>("cert-err58-cpp"); CheckFactories.registerCheck<StaticObjectExceptionCheck>("cert-err58-cpp");
CheckFactories.registerCheck<ThrownExceptionTypeCheck>("cert-err60-cpp"); CheckFactories.registerCheck<ThrownExceptionTypeCheck>("cert-err60-cpp");
CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>( CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
"cert-err61-cpp"); "cert-err61-cpp");
// MSC // MSC
CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc50-cpp"); CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc50-cpp");
CheckFactories.registerCheck<SignalHandlerMustBePlainOldFunctionCheck>(
// C checkers "cert-msc54-cpp");
// C checks
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

checker -> check.

Eugene.Zelenko: checker -> check.
// DCL // DCL
CheckFactories.registerCheck<misc::StaticAssertCheck>("cert-dcl03-c"); CheckFactories.registerCheck<misc::StaticAssertCheck>("cert-dcl03-c");
// ENV // ENV
CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c"); CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c");
// FLP // FLP
CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c"); CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c");
// FIO // FIO
CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c"); CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c");
Show All 20 Lines

clang-tidy/cert/CMakeLists.txt

set(LLVM_LINK_COMPONENTS support) set(LLVM_LINK_COMPONENTS support)
add_clang_library(clangTidyCERTModule add_clang_library(clangTidyCERTModule
CERTTidyModule.cpp CERTTidyModule.cpp
CommandProcessorCheck.cpp CommandProcessorCheck.cpp
DontModifyStdNamespaceCheck.cpp DontModifyStdNamespaceCheck.cpp
FloatLoopCounter.cpp FloatLoopCounter.cpp
LimitedRandomnessCheck.cpp LimitedRandomnessCheck.cpp
PostfixOperatorCheck.cpp PostfixOperatorCheck.cpp
SetLongJmpCheck.cpp SetLongJmpCheck.cpp
SignalHandlerMustBePlainOldFunctionCheck.cpp
StaticObjectExceptionCheck.cpp StaticObjectExceptionCheck.cpp
StrToNumCheck.cpp StrToNumCheck.cpp
ThrownExceptionTypeCheck.cpp ThrownExceptionTypeCheck.cpp
VariadicFunctionDefCheck.cpp VariadicFunctionDefCheck.cpp
LINK_LIBS LINK_LIBS
clangAnalysis clangAnalysis
clangAST clangAST
clangASTMatchers clangASTMatchers
clangBasic clangBasic
clangLex clangLex
clangTidy clangTidy
clangTidyGoogleModule clangTidyGoogleModule
clangTidyMiscModule clangTidyMiscModule
clangTidyUtils clangTidyUtils
) )

clang-tidy/cert/SignalHandlerMustBePlainOldFunctionCheck.h

  • This file was added.
//===--- SignalHandlerMustBePlainOldFunctionCheck.h - clang-tidy-*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_SIGNAL_HANDLER_MUST_BE_PLAIN_OLD_FUNCTION_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_SIGNAL_HANDLER_MUST_BE_PLAIN_OLD_FUNCTION_H
#include "../ClangTidy.h"
namespace clang {
namespace tidy {
namespace cert {
/// A signal handler must be a plain old function.
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc54-cpp.html
class SignalHandlerMustBePlainOldFunctionCheck : public ClangTidyCheck {
public:
SignalHandlerMustBePlainOldFunctionCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context) {}
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
} // namespace cert
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_SIGNAL_HANDLER_MUST_BE_PLAIN_OLD_FUNCTION_H

clang-tidy/cert/SignalHandlerMustBePlainOldFunctionCheck.cpp

  • This file was added.
//===--- SignalHandlerMustBePlainOldFunctionCheck.cpp - clang-tidy---------===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
#include "SignalHandlerMustBePlainOldFunctionCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include <queue>
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace cert {
namespace {
internal::Matcher<Decl> hasCxxStmt() {
return hasDescendant(
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Since this is only needed once and is quite succinct, I'd just lower it into its usage.

aaron.ballman: Since this is only needed once and is quite succinct, I'd just lower it into its usage.
stmt(anyOf(cxxBindTemporaryExpr(), cxxBoolLiteral(), cxxCatchStmt(),
cxxConstCastExpr(), cxxConstructExpr(), cxxDefaultArgExpr(),
cxxDeleteExpr(), cxxDynamicCastExpr(), cxxForRangeStmt(),
cxxFunctionalCastExpr(), cxxMemberCallExpr(), cxxNewExpr(),
cxxNullPtrLiteralExpr(), cxxOperatorCallExpr(),
cxxReinterpretCastExpr(), cxxStaticCastExpr(),
cxxTemporaryObjectExpr(), cxxThisExpr(), cxxThrowExpr(),
cxxTryStmt(), cxxUnresolvedConstructExpr()))
.bind("cxx_stmt"));
}
internal::Matcher<Decl> hasCxxDecl() {
return hasDescendant(
decl(anyOf(cxxConstructorDecl(), cxxConversionDecl(), cxxDestructorDecl(),
cxxMethodDecl(),
cxxRecordDecl(unless(anyOf(isStruct(), isUnion())))))
.bind("cxx_decl"));
}
class CallGraphCheck {
std::queue<const FunctionDecl *> UncheckedCalls;
llvm::DenseSet<const FunctionDecl *> CheckedCalls;
SourceLocation CxxRepresentation;
SourceLocation FunctionCall;
ASTContext *Context;
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Same here.

aaron.ballman: Same here.
bool hasCxxRepr(const FunctionDecl *Func) {
auto MatchesCxxStmt = match(hasCxxStmt(), *Func, *Context);
if (!MatchesCxxStmt.empty()) {
CxxRepresentation =
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

And here.

aaron.ballman: And here.
MatchesCxxStmt[0].getNodeAs<Stmt>("cxx_stmt")->getLocStart();
return true;
}
auto MatchesCxxDecl = match(hasCxxDecl(), *Func, *Context);
if (!MatchesCxxDecl.empty()) {
CxxRepresentation =
MatchesCxxDecl[0].getNodeAs<Decl>("cxx_decl")->getLocStart();
return true;
}
return false;
}
bool callExprContainsCxxRepr(SmallVectorImpl<BoundNodes> &Calls) {
for (const auto &Match : Calls) {
const auto *Call = Match.getNodeAs<CallExpr>("call");
const FunctionDecl *Func = Call->getDirectCallee();
if (!Func || !Func->isDefined())
continue;
auto MatchesCxxMethod = match(decl(cxxMethodDecl()), *Func, *Context);
if (hasCxxRepr(Func->getDefinition()) || !MatchesCxxMethod.empty()) {
FunctionCall = Call->getLocStart();
return true;
}
if (!CheckedCalls.count(Func))
UncheckedCalls.push(Func);
}
return false;
}
public:
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Don't use auto for this one, since the type is neither complex nor spelled out in the initialization.

aaron.ballman: Don't use `auto` for this one, since the type is neither complex nor spelled out in the…
CallGraphCheck(const FunctionDecl *SignalHandler, ASTContext *ResultContext)
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Can use isDefined() instead of getDefinition(). Then you can store off the FunctionDecl * for the definition and use it below in the call to hasCxxRepr().

aaron.ballman: Can use `isDefined()` instead of `getDefinition()`. Then you can store off the `FunctionDecl *`…
: Context(ResultContext) {
UncheckedCalls.push(SignalHandler);
}
const SourceLocation callLoc() { return FunctionCall; }
const SourceLocation cxxRepLoc() { return CxxRepresentation; }
bool checkAllCall() {
while (!UncheckedCalls.empty()) {
CheckedCalls.insert(UncheckedCalls.front());
auto Matches = match(decl(forEachDescendant(callExpr().bind("call"))),
*UncheckedCalls.front()->getDefinition(), *Context);
UncheckedCalls.pop();
if (callExprContainsCxxRepr(Matches))
return true;
}
return false;
}
};
} // namespace
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

These functions can be marked const.

aaron.ballman: These functions can be marked `const`.
void SignalHandlerMustBePlainOldFunctionCheck::registerMatchers(
MatchFinder *Finder) {
auto SignalHas = [](const internal::Matcher<Decl> &SignalHandler) {
return callExpr(hasDeclaration(functionDecl(hasName("signal"))),
hasArgument(1, declRefExpr(hasDeclaration(SignalHandler))
.bind("signal_argument")));
};
auto SignalHandler = [](const internal::Matcher<Decl> &HasCxxRepr) {
return functionDecl(isExternC(), HasCxxRepr)
.bind("signal_handler_with_cxx_repr");
};
Finder->addMatcher(
SignalHas(functionDecl(unless(isExternC())).bind("signal_handler")),
this);
Finder->addMatcher(SignalHas(SignalHandler(hasCxxStmt())), this);
Finder->addMatcher(SignalHas(SignalHandler(hasCxxDecl())), this);
Finder->addMatcher(SignalHas(functionDecl(hasDescendant(callExpr()))
.bind("signal_handler_with_call_expr")),
this);
}
void SignalHandlerMustBePlainOldFunctionCheck::check(
const MatchFinder::MatchResult &Result) {
if (const auto *SignalHandler =
Result.Nodes.getNodeAs<FunctionDecl>("signal_handler")) {
diag(SignalHandler->getLocation(),
"signal handlers must be 'extern \"C\"'");
diag(Result.Nodes.getNodeAs<DeclRefExpr>("signal_argument")->getLocation(),
"given as a signal parameter here", DiagnosticIDs::Note);
}
if (const auto *SingalHandler = Result.Nodes.getNodeAs<FunctionDecl>(
"signal_handler_with_cxx_repr")) {
diag(SingalHandler->getLocation(),
"do not use C++ constructs in signal handlers");
if (const auto *CxxStmt = Result.Nodes.getNodeAs<Stmt>("cxx_stmt"))
diag(CxxStmt->getLocStart(), "C++ construct used here",
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

'extern \"C\"'' instead of 'external C'. I'd probably reword it to: "signal handlers must be 'extern \"C\""

aaron.ballman: 'extern \"C\"'' instead of 'external C'. I'd probably reword it to: `"signal handlers must be…
DiagnosticIDs::Note);
else
diag(Result.Nodes.getNodeAs<Decl>("cxx_decl")->getLocStart(),
"C++ construct used here", DiagnosticIDs::Note);
}
if (const auto *SignalHandler = Result.Nodes.getNodeAs<FunctionDecl>(
"signal_handler_with_call_expr")) {
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

representations -> constructs

(same below)

aaron.ballman: representations -> constructs (same below)
CallGraphCheck CallChain(SignalHandler, Result.Context);
if (CallChain.checkAllCall()) {
diag(SignalHandler->getLocation(), "do not call functions with C++ "
"constructs in signal "
"handlers");
diag(CallChain.callLoc(), "function called here", DiagnosticIDs::Note);
if (CallChain.cxxRepLoc().isValid())
diag(CallChain.cxxRepLoc(), "C++ construct used here",
DiagnosticIDs::Note);
}
}
}
} // namespace cert
} // namespace tidy
} // namespace clang

docs/ReleaseNotes.rst

Show First 20 LinesShow All 50 Lines▼ Show 20 Lines
Improvements to clang-rename Improvements to clang-rename
---------------------------- ----------------------------
The improvements are... The improvements are...
Improvements to clang-tidy Improvements to clang-tidy
-------------------------- --------------------------
- New `cert-msc54-cpp
<http://clang.llvm.org/extra/clang-tidy/checks/cert-msc54-cpp.html>`_ check
Checks if a signal handler is an 'extern \"C\" function without C++ constructs.
- Renamed checks to use correct term "implicit conversion" instead of "implicit - Renamed checks to use correct term "implicit conversion" instead of "implicit
jklaehnUnsubmitted
Not Done
ReplyInline Actions

You missed a conflict marker here (and below in line 149).

jklaehn: You missed a conflict marker here (and below in line 149).
cast" and modified messages and option names accordingly: cast" and modified messages and option names accordingly:
* **performance-implicit-cast-in-loop** was renamed to * **performance-implicit-cast-in-loop** was renamed to
`performance-implicit-conversion-in-loop `performance-implicit-conversion-in-loop
<http://clang.llvm.org/extra/clang-tidy/checks/performance-implicit-conversion-in-loop.html>`_ <http://clang.llvm.org/extra/clang-tidy/checks/performance-implicit-conversion-in-loop.html>`_
* **readability-implicit-bool-cast** was renamed to * **readability-implicit-bool-cast** was renamed to
`readability-implicit-bool-conversion `readability-implicit-bool-conversion
<http://clang.llvm.org/extra/clang-tidy/checks/readability-implicit-bool-conversion.html>`_; <http://clang.llvm.org/extra/clang-tidy/checks/readability-implicit-bool-conversion.html>`_;
the check's options were renamed as follows: the check's options were renamed as follows:
``AllowConditionalIntegerCasts`` -> ``AllowIntegerConditions``, ``AllowConditionalIntegerCasts`` -> ``AllowIntegerConditions``,
``AllowConditionalPointerCasts`` -> ``AllowPointerConditions``. ``AllowConditionalPointerCasts`` -> ``AllowPointerConditions``.
- New `android-cloexec-accept - New `android-cloexec-accept
<http://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-accept.html>`_ check <http://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-accept.html>`_ check
Detects usage of ``accept()``. Detects usage of ``accept()``.
- New `android-cloexec-accept4 - New `android-cloexec-accept4
<http://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-accept4.html>`_ check <http://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-accept4.html>`_ check
Checks if the required file flag ``SOCK_CLOEXEC`` is present in the argument of Checks if the required file flag ``SOCK_CLOEXEC`` is present in the argument of
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Probably C++ should be mentioned for clarity.

Eugene.Zelenko: Probably C++ should be mentioned for clarity.
``accept4()``. ``accept4()``.
- New `android-cloexec-dup - New `android-cloexec-dup
<http://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-dup.html>`_ check <http://clang.llvm.org/extra/clang-tidy/checks/android-cloexec-dup.html>`_ check
Detects usage of ``dup()``. Detects usage of ``dup()``.
- New `android-cloexec-inotify-init - New `android-cloexec-inotify-init
▲ Show 20 LinesShow All 66 LinesShow Last 20 Lines

docs/clang-tidy/checks/cert-msc54-cpp.rst

  • This file was added.
.. title:: clang-tidy - cert-msc54-cpp
cert-msc54-cpp
==============
This check will give a warning if a signal handler is not defined
as an `extern "C"` function or if the declaration of the function
contains C++ representation.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

'extern C' -> `extern "C"`.

Eugene.Zelenko: 'extern C' -> ``extern "C"``.
Here's an example:
.. code-block:: c++
static void sig_handler(int sig) {}
// warning: use 'external C' prefix for signal handlers
void install_signal_handler() {
if (SIG_ERR == std::signal(SIGTERM, sig_handler))
return;
}
extern "C" void cpp_signal_handler(int sig) {
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Unnecessary empty line.

Eugene.Zelenko: Unnecessary empty line.
// warning: do not use C++ representations in signal handlers
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

The warning text should match the actual warning.

aaron.ballman: The warning text should match the actual warning.
throw "error message";
}
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Space between // and warning; indent the comment.

aaron.ballman: Space between // and warning; indent the comment.
void install_cpp_signal_handler() {
if (SIG_ERR == std::signal(SIGTERM, cpp_signal_handler))
return;
}
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Indent the code.

aaron.ballman: Indent the code.
This check corresponds to the CERT C++ Coding Standard rule
`MSC54-CPP. A signal handler must be a plain old function
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Unnecessary empty line.

Eugene.Zelenko: Unnecessary empty line.
<https://www.securecoding.cert.org/confluence/display/cplusplus/MSC54-CPP.+A+signal+handler+must+be+a+plain+old+function>`_.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please replace CPP with C++ as in similar checks documentation.

Eugene.Zelenko: Please replace CPP with C++ as in similar checks documentation.

docs/clang-tidy/checks/list.rst

Show All 31 Lines.. toctree::
cert-err52-cpp cert-err52-cpp
cert-err58-cpp cert-err58-cpp
cert-err60-cpp cert-err60-cpp
cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference) <cert-err61-cpp> cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference) <cert-err61-cpp>
cert-fio38-c (redirects to misc-non-copyable-objects) <cert-fio38-c> cert-fio38-c (redirects to misc-non-copyable-objects) <cert-fio38-c>
cert-flp30-c cert-flp30-c
cert-msc30-c (redirects to cert-msc50-cpp) <cert-msc30-c> cert-msc30-c (redirects to cert-msc50-cpp) <cert-msc30-c>
cert-msc50-cpp cert-msc50-cpp
cert-msc54-cpp
cert-oop11-cpp (redirects to misc-move-constructor-init) <cert-oop11-cpp> cert-oop11-cpp (redirects to misc-move-constructor-init) <cert-oop11-cpp>
cppcoreguidelines-c-copy-assignment-signature cppcoreguidelines-c-copy-assignment-signature
cppcoreguidelines-interfaces-global-init cppcoreguidelines-interfaces-global-init
cppcoreguidelines-no-malloc cppcoreguidelines-no-malloc
cppcoreguidelines-pro-bounds-array-to-pointer-decay cppcoreguidelines-pro-bounds-array-to-pointer-decay
cppcoreguidelines-pro-bounds-constant-array-index cppcoreguidelines-pro-bounds-constant-array-index
cppcoreguidelines-pro-bounds-pointer-arithmetic cppcoreguidelines-pro-bounds-pointer-arithmetic
cppcoreguidelines-pro-type-const-cast cppcoreguidelines-pro-type-const-cast
▲ Show 20 LinesShow All 149 LinesShow Last 20 Lines

test/clang-tidy/cert-signal-handler-must-be-plain-old-function.cpp

  • This file was added.
// RUN: %check_clang_tidy %s cert-msc54-cpp %t -- -- -std=c++11
namespace std {
extern "C" using signalhandler = void(int);
int signal(int sig, signalhandler *func);
}
#define SIG_ERR -1
#define SIGTERM 15
static void sig_handler(int sig) {}
// CHECK-MESSAGES: :[[@LINE-1]]:13: warning: signal handlers must be 'extern "C"' [cert-msc54-cpp]
// CHECK-MESSAGES: :[[@LINE+3]]:39: note: given as a signal parameter here
void install_signal_handler() {
if (SIG_ERR == std::signal(SIGTERM, sig_handler))
return;
}
extern "C" void cpp_signal_handler(int sig) {
// CHECK-MESSAGES: :[[@LINE-1]]:17: warning: do not use C++ constructs in signal handlers [cert-msc54-cpp]
// CHECK-MESSAGES: :[[@LINE+1]]:3: note: C++ construct used here
throw "error message";
}
void install_cpp_signal_handler() {
if (SIG_ERR == std::signal(SIGTERM, cpp_signal_handler))
return;
}
void indirect_recursion();
void cpp_like(){
try {
cpp_signal_handler(SIG_ERR);
} catch(...) {
// handle error
}
}
void no_body();
void recursive_function() {
indirect_recursion();
cpp_like();
no_body();
recursive_function();
}
void indirect_recursion() {
recursive_function();
}
extern "C" void signal_handler_with_cpp_function_call(int sig) {
// CHECK-MESSAGES: :[[@LINE-1]]:17: warning: do not call functions with C++ constructs in signal handlers [cert-msc54-cpp]
// CHECK-MESSAGES: :[[@LINE-11]]:3: note: function called here
// CHECK-MESSAGES: :[[@LINE-23]]:3: note: C++ construct used here
aaron.ballmanUnsubmitted
Not Done
ReplyInline Actions

Can you move these to be closer to where the actual note appears? It makes it easier to ensure that the diagnostic appears on the proper line.

aaron.ballman: Can you move these to be closer to where the actual note appears? It makes it easier to ensure…
recursive_function();
}
void install_signal_handler_with_cpp_function_call() {
if (SIG_ERR == std::signal(SIGTERM, signal_handler_with_cpp_function_call))
return;
}
class TestClass {
public:
static void static_function() {}
};
extern "C" void signal_handler_with_cpp_static_method_call(int sig) {
// CHECK-MESSAGES: :[[@LINE-1]]:17: warning: do not call functions with C++ constructs in signal handlers [cert-msc54-cpp]
// CHECK-MESSAGES: :[[@LINE+1]]:3: note: function called here
TestClass::static_function();
}
void install_signal_handler_with_cpp_static_method_call() {
if (SIG_ERR == std::signal(SIGTERM, signal_handler_with_cpp_static_method_call))
return;
}
// Something that does not trigger the check:
extern "C" void c_sig_handler(int sig) {
#define cbrt(X) _Generic((X), long double \
: cbrtl, default \
: cbrt)(X)
auto char c = '1';
extern _Thread_local double _Complex d;
static const unsigned long int i = sizeof(float);
register short s;
void f();
volatile struct c_struct {
enum e {};
union u;
};
typedef bool boolean;
label:
switch (c) {
case ('1'):
break;
default:
d = 1.2;
}
goto label;
for (; i < 42;) {
if (d == 1.2)
continue;
else
return;
}
do {
_Atomic int v = _Alignof(char);
_Static_assert(42 == 42, "True");
} while (c == 42);
}
void install_c_sig_handler() {
if (SIG_ERR == std::signal(SIGTERM, c_sig_handler)) {
// Handle error
}
}
extern "C" void signal_handler_with_function_pointer(int sig) {
void (*funp) (void);
funp = &cpp_like;
funp();
}
void install_signal_handler_with_function_pointer() {
if (SIG_ERR == std::signal(SIGTERM, signal_handler_with_function_pointer))
return;
}