This is an archive of the discontinued LLVM Phabricator instance.

Differential D39422

[analyzer] pr34779: CStringChecker: Don't get crashed by non-standard standard library function definitions.
ClosedPublic

Authored by NoQ on Oct 30 2017, 9:12 AM.

Details

Reviewers
zaks.anna
dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
alexfh
Commits
rG0b5b1f14fd9a: [analyzer] pr34779: CStringChecker: Accept non-standard headers.
rC317565: [analyzer] pr34779: CStringChecker: Accept non-standard headers.
rL317565: [analyzer] pr34779: CStringChecker: Accept non-standard headers.
Summary

An assertion failure was triggered in pr34779 by defining strcpy as void (unsigned char *, unsigned char *), while normally it is char *(char *, char *). The assertion is removed because normally we try not to crash in such cases, but simply refuse to model. For now i did not try to actually model the modified strcpy, because it requires more work (unhardcode CharTy in a lot of places around the checker), and supporting other aspects of the non-standard definition requires even more work (i.e. we try to bind the return value, need to disable this mechanism when the return type is void), and if we try to model other similar functions (are other string functions accepting unsigned chars as well?) it'd bloat quite a bit.

So for now the analyzer would not find C string errors in code that defines string functions in a non-standard manner. It simply tries to avoid crashing. To think - maybe we should add more defensive checks (eg. into CallDescription).

Diff Detail

Event Timeline

NoQ created this revision.Oct 30 2017, 9:12 AM
NoQ added inline comments.
test/Analysis/string-with-signedness.c
1

We do have a warning for this.

xazax.hun accepted this revision.Oct 30 2017, 9:23 AM

This patch looks good to me.
I am wondering whether it would make sense to have some kind of warning (even in the frontend if not in the analyzer) for using standard functions with non-standard signatures, so users start to file bugs for the maintainers of those libraries.

This revision is now accepted and ready to land.Oct 30 2017, 9:23 AM
zaks.anna accepted this revision.Oct 30 2017, 4:00 PM
xazax.hun added inline comments.Oct 31 2017, 3:31 AM
test/Analysis/string-with-signedness.c
1

Oh, so we already have a warning for this. Good :)

Closed by commit rL317565: [analyzer] pr34779: CStringChecker: Accept non-standard headers. (authored by dergachev). · Explain WhyNov 7 2017, 2:51 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
StaticAnalyzer/
Checkers/
6 lines
test/
Analysis/
10 lines

Diff 120834

lib/StaticAnalyzer/Checkers/CStringChecker.cpp

Show First 20 LinesShow All 283 Lines▼ Show 20 LinesProgramStateRef CStringChecker::CheckLocation(CheckerContext &C,
const MemRegion *R = l.getAsRegion(); const MemRegion *R = l.getAsRegion();
if (!R) if (!R)
return state; return state;
const ElementRegion *ER = dyn_cast<ElementRegion>(R); const ElementRegion *ER = dyn_cast<ElementRegion>(R);
if (!ER) if (!ER)
return state; return state;
assert(ER->getValueType() == C.getASTContext().CharTy && if (ER->getValueType() != C.getASTContext().CharTy)
"CheckLocation should only be called with char* ElementRegions"); return state;
// Get the size of the array. // Get the size of the array.
const SubRegion *superReg = cast<SubRegion>(ER->getSuperRegion()); const SubRegion *superReg = cast<SubRegion>(ER->getSuperRegion());
SValBuilder &svalBuilder = C.getSValBuilder(); SValBuilder &svalBuilder = C.getSValBuilder();
SVal Extent = SVal Extent =
svalBuilder.convertToArrayIndex(superReg->getExtent(svalBuilder)); svalBuilder.convertToArrayIndex(superReg->getExtent(svalBuilder));
DefinedOrUnknownSVal Size = Extent.castAs<DefinedOrUnknownSVal>(); DefinedOrUnknownSVal Size = Extent.castAs<DefinedOrUnknownSVal>();
▲ Show 20 LinesShow All 567 Lines▼ Show 20 Linesbool CStringChecker::IsFirstBufInBound(CheckerContext &C,
const MemRegion *R = BufEnd.getAsRegion(); const MemRegion *R = BufEnd.getAsRegion();
if (!R) if (!R)
return true; // cf top comment. return true; // cf top comment.
const ElementRegion *ER = dyn_cast<ElementRegion>(R); const ElementRegion *ER = dyn_cast<ElementRegion>(R);
if (!ER) if (!ER)
return true; // cf top comment. return true; // cf top comment.
// FIXME: Does this crash when a non-standard definition
// of a library function is encountered?
assert(ER->getValueType() == C.getASTContext().CharTy && assert(ER->getValueType() == C.getASTContext().CharTy &&
"IsFirstBufInBound should only be called with char* ElementRegions"); "IsFirstBufInBound should only be called with char* ElementRegions");
// Get the size of the array. // Get the size of the array.
const SubRegion *superReg = cast<SubRegion>(ER->getSuperRegion()); const SubRegion *superReg = cast<SubRegion>(ER->getSuperRegion());
SVal Extent = SVal Extent =
svalBuilder.convertToArrayIndex(superReg->getExtent(svalBuilder)); svalBuilder.convertToArrayIndex(superReg->getExtent(svalBuilder));
DefinedOrUnknownSVal ExtentSize = Extent.castAs<DefinedOrUnknownSVal>(); DefinedOrUnknownSVal ExtentSize = Extent.castAs<DefinedOrUnknownSVal>();
▲ Show 20 LinesShow All 1,384 LinesShow Last 20 Lines

test/Analysis/string-with-signedness.c

  • This file was added.
// RUN: %clang_analyze_cc1 -Wno-incompatible-library-redeclaration -analyzer-checker=core,unix.cstring,alpha.unix.cstring -verify %s
NoQAuthorUnsubmitted
Not Done
ReplyInline Actions

We do have a warning for this.

NoQ: We do have a warning for this.
xazax.hunUnsubmitted
Not Done
ReplyInline Actions

Oh, so we already have a warning for this. Good :)

xazax.hun: Oh, so we already have a warning for this. Good :)
// expected-no-diagnostics
void *strcpy(unsigned char *, unsigned char *);
unsigned char a, b;
void testUnsignedStrcpy() {
strcpy(&a, &b);
}