This is an archive of the discontinued LLVM Phabricator instance.

Differential D62092

[analyzer] Create the beta package that is more stable than alpha, move unix.cstring.OutOfBounds there
AbandonedPublic

Authored by Szelethus on May 17 2019, 6:14 PM.

Details

Reviewers
NoQ
dkrupp
o.gyorgy
dcoughlin
Charusso
a.sidorin
xazax.hun
rnkovacs
Summary

As per discussed on the mailing list, this patch introduces a new package, that is conceptually in between an alpha and a production ready package called beta.

Beta packages and checkers may lack a better better bug reporting,some finetuning on the FP/TP ratio, but as an experimental feature they are considered stable enough to be run on production code.

We philosophically define alpha as not "power user feature"s, or "high fp/tp reporting checkers that is usable sometimes", but as unfinished. For checkers in beta, while still unfinished, we would like to allow users to experiment with it, because according to our experience analyzing internal C/C++ code at Ericsson, false positives from alpha checkers, even with poor reporting were tolerable, hence the desire to move a portion of alpha checkers to beta.

This patch only moves a single checker to beta, beta.unix.cstring.OutOfBounds.

Diff Detail

Revision Contents

PathSize
include/
clang/
StaticAnalyzer/
Checkers/
33 lines
test/
Analysis/
7 lines
35 lines
2 lines
7 lines
52 lines

Diff 200124

include/clang/StaticAnalyzer/Checkers/Checkers.td

//===--- Checkers.td - Static Analyzer Checkers -===-----------------------===// //===--- Checkers.td - Static Analyzer Checkers -===-----------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
include "CheckerBase.td" include "CheckerBase.td"
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Packages. // Packages.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// The Alpha package is for checkers that have too many false positives to be // The Alpha package is for checkers that are unstable, incomplet have too many
// turned on by default. The hierarchy under Alpha should be organized in the // false positives to be turned on by default. The hierarchy under Alpha should
// hierarchy checkers would have had if they were truly at the top level. // be organized in the hierarchy checkers would have had if they were truly at
// (For example, a Cocoa-specific checker that is alpha should be in // the top level. (For example, a Cocoa-specific checker that is alpha should be
// alpha.osx.cocoa). // in alpha.osx.cocoa).
def Alpha : Package<"alpha">; def Alpha : Package<"alpha">;
// Beta checkers are considered stable, but need some finishing touches,
// might have a not ideal false positive/false negative ratio, but are
// usable in production.
// Beta checkers checkers at minimum must be able to analyze several large open
// source projects without crashes, and have a reasonable FP/TP ratio.
def Beta : Package<"beta">;
def Core : Package<"core">; def Core : Package<"core">;
def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden; def CoreBuiltin : Package<"builtin">, ParentPackage<Core>, Hidden;
def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>; def CoreUninitialized : Package<"uninitialized">, ParentPackage<Core>;
def CoreAlpha : Package<"core">, ParentPackage<Alpha>; def CoreAlpha : Package<"core">, ParentPackage<Alpha>;
// The OptIn package is for checkers that are not alpha and that would normally // The OptIn package is for checkers that are not alpha and that would normally
// be on by default but where the driver does not have enough information to // be on by default but where the driver does not have enough information to
// determine when they are applicable. For example, localizability checkers fit // determine when they are applicable. For example, localizability checkers fit
Show All 37 Lines
def Security : Package <"security">; def Security : Package <"security">;
def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>;
def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; def SecurityAlpha : Package<"security">, ParentPackage<Alpha>;
def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; def Taint : Package<"taint">, ParentPackage<SecurityAlpha>;
def Unix : Package<"unix">; def Unix : Package<"unix">;
def UnixAlpha : Package<"unix">, ParentPackage<Alpha>; def UnixAlpha : Package<"unix">, ParentPackage<Alpha>;
def UnixBeta : Package<"unix">, ParentPackage<Beta>;
def CString : Package<"cstring">, ParentPackage<Unix>; def CString : Package<"cstring">, ParentPackage<Unix>;
def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>; def CStringAlpha : Package<"cstring">, ParentPackage<UnixAlpha>;
def CStringBeta : Package<"cstring">, ParentPackage<UnixBeta>;
def OSX : Package<"osx">; def OSX : Package<"osx">;
def OSXAlpha : Package<"osx">, ParentPackage<Alpha>; def OSXAlpha : Package<"osx">, ParentPackage<Alpha>;
def OSXOptIn : Package<"osx">, ParentPackage<OptIn>; def OSXOptIn : Package<"osx">, ParentPackage<OptIn>;
def Cocoa : Package<"cocoa">, ParentPackage<OSX>; def Cocoa : Package<"cocoa">, ParentPackage<OSX>;
def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>; def CocoaAlpha : Package<"cocoa">, ParentPackage<OSXAlpha>;
def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>; def CocoaOptIn : Package<"cocoa">, ParentPackage<OSXOptIn>;
▲ Show 20 LinesShow All 268 Lines▼ Show 20 Lines HelpText<"Check the size argument passed into C string functions for common "
"erroneous patterns">, "erroneous patterns">,
Dependencies<[CStringModeling]>, Dependencies<[CStringModeling]>,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
} // end "unix.cstring" } // end "unix.cstring"
let ParentPackage = CStringAlpha in { let ParentPackage = CStringAlpha in {
def CStringOutOfBounds : Checker<"OutOfBounds">,
HelpText<"Check for out-of-bounds access in string functions">,
Dependencies<[CStringModeling]>,
Documentation<HasAlphaDocumentation>;
def CStringBufferOverlap : Checker<"BufferOverlap">, def CStringBufferOverlap : Checker<"BufferOverlap">,
HelpText<"Checks for overlap in two buffer arguments">, HelpText<"Checks for overlap in two buffer arguments">,
Dependencies<[CStringModeling]>, Dependencies<[CStringModeling]>,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
def CStringNotNullTerm : Checker<"NotNullTerminated">, def CStringNotNullTerm : Checker<"NotNullTerminated">,
HelpText<"Check for arguments which are not null-terminating strings">, HelpText<"Check for arguments which are not null-terminating strings">,
Dependencies<[CStringModeling]>, Dependencies<[CStringModeling]>,
Documentation<HasAlphaDocumentation>; Documentation<HasAlphaDocumentation>;
} // end "alpha.unix.cstring" } // end "alpha.unix.cstring"
let ParentPackage = CStringBeta in {
def CStringOutOfBounds : Checker<"OutOfBounds">,
HelpText<"Check for out-of-bounds access in string functions">,
Dependencies<[CStringModeling]>,
Documentation<HasAlphaDocumentation>;
} // end "beta.unix.cstring"
let ParentPackage = Unix in { let ParentPackage = Unix in {
def UnixAPIMisuseChecker : Checker<"API">, def UnixAPIMisuseChecker : Checker<"API">,
HelpText<"Check calls to various UNIX/Posix functions">, HelpText<"Check calls to various UNIX/Posix functions">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">, def DynamicMemoryModeling: Checker<"DynamicMemoryModeling">,
HelpText<"The base of several malloc() related checkers. On it's own it " HelpText<"The base of several malloc() related checkers. On it's own it "
▲ Show 20 LinesShow All 908 LinesShow Last 20 Lines

test/Analysis/bsd-string.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring.NullArg,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s // RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring.NullArg \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection
#define NULL ((void *)0) #define NULL ((void *)0)
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
size_t strlcpy(char *dst, const char *src, size_t n); size_t strlcpy(char *dst, const char *src, size_t n);
size_t strlcat(char *dst, const char *src, size_t n); size_t strlcat(char *dst, const char *src, size_t n);
void clang_analyzer_eval(int); void clang_analyzer_eval(int);
Show All 37 Lines

test/Analysis/bstring.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -verify %s \
// RUN: %clang_analyze_cc1 -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=core \
// RUN: %clang_analyze_cc1 -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=unix.cstring \
// RUN: %clang_analyze_cc1 -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -DVARIANT \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS -DVARIANT \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// Declarations // Declarations
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// Some functions are so similar to each other that they follow the same code // Some functions are so similar to each other that they follow the same code
// path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is // path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is
// defined, make sure to use the variants instead to make sure they are still // defined, make sure to use the variants instead to make sure they are still
▲ Show 20 LinesShow All 481 LinesShow Last 20 Lines

test/Analysis/cstring-plist.c

// RUN: rm -f %t // RUN: rm -f %t
// RUN: %clang_analyze_cc1 -fblocks \ // RUN: %clang_analyze_cc1 -fblocks \
// RUN: -analyzer-checker=core,unix.Malloc,unix.cstring.NullArg \ // RUN: -analyzer-checker=core,unix.Malloc,unix.cstring.NullArg \
// RUN: -analyzer-disable-checker=alpha.unix.cstring.OutOfBounds \ // RUN: -analyzer-disable-checker=beta.unix.cstring.OutOfBounds \
// RUN: -analyzer-output=plist -o %t %s // RUN: -analyzer-output=plist -o %t %s
// RUN: FileCheck -input-file %t %s // RUN: FileCheck -input-file %t %s
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t); void *malloc(size_t);
void free(void *); void free(void *);
char *strncpy(char *restrict s1, const char *restrict s2, size_t n); char *strncpy(char *restrict s1, const char *restrict s2, size_t n);
Show All 16 Lines

test/Analysis/null-deref-ps-region.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,unix,alpha.unix -std=gnu99 -analyzer-store=region -verify %s // RUN: %clang_analyze_cc1 -verify %s -std=gnu99 \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.core \
// RUN: -analyzer-checker=unix \
// RUN: -analyzer-checker=alpha.unix \
// RUN: -analyzer-checker=beta.unix
#include "Inputs/system-header-simulator.h" #include "Inputs/system-header-simulator.h"
typedef __typeof(sizeof(int)) size_t; typedef __typeof(sizeof(int)) size_t;
void *memset(void *__s, int __c, size_t __n); void *memset(void *__s, int __c, size_t __n);
void *malloc(size_t __size); void *malloc(size_t __size);
void free(void *__ptr); void free(void *__ptr);
▲ Show 20 LinesShow All 63 LinesShow Last 20 Lines

test/Analysis/string.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify -analyzer-config eagerly-assume=false %s // RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference \
// RUN: %clang_analyze_cc1 -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=core \
// RUN: %clang_analyze_cc1 -DVARIANT -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=unix.cstring \
// RUN: %clang_analyze_cc1 -DUSE_BUILTINS -DVARIANT -analyzer-checker=alpha.security.taint,core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=unix.Malloc \
// RUN: %clang_analyze_cc1 -DSUPPRESS_OUT_OF_BOUND -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring.BufferOverlap,alpha.unix.cstring.NotNullTerminated,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify -analyzer-config eagerly-assume=false %s // RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference -DUSE_BUILTINS \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference -DVARIANT \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference \
// RUN: -DUSE_BUILTINS -DVARIANT \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.security.taint \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=beta.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//
// RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference \
// RUN: -DSUPPRESS_OUT_OF_BOUND \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=alpha.unix.cstring.BufferOverlap \
// RUN: -analyzer-checker=alpha.unix.cstring.NotNullTerminated \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// Declarations // Declarations
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// Some functions are so similar to each other that they follow the same code // Some functions are so similar to each other that they follow the same code
// path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is // path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is
// defined, make sure to use the variants instead to make sure they are still // defined, make sure to use the variants instead to make sure they are still
▲ Show 20 LinesShow All 1,549 LinesShow Last 20 Lines