This is an archive of the discontinued LLVM Phabricator instance.

Differential D75851

[Analyzer][StreamChecker] Added evaluation of fseek.
ClosedPublic

Authored by balazske on Mar 9 2020, 8:42 AM.

Details

Reviewers
Szelethus
NoQ
xazax.hun
rnkovacs
dcoughlin
baloghadamsoftware
martong
Commits
rGf2b5e60dfd09: [Analyzer][StreamChecker] Added evaluation of fseek.
Summary

Function fseek is now evaluated with setting error return value
and error flags.

Diff Detail

Event Timeline

balazske created this revision.Mar 9 2020, 8:42 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptMar 9 2020, 8:42 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: cfe-commits, martong, Charusso and 9 others. · View Herald Transcript
balazske added a parent revision: D75682: [Analyzer][StreamChecker] Introduction of stream error handling..Mar 9 2020, 8:42 AM
Harbormaster completed remote builds in B48561: Diff 249118.Mar 9 2020, 9:41 AM
Szelethus requested changes to this revision.Mar 10 2020, 7:39 AM

We should totally dedicate an error kind of fseek, see (and please respond, if you could to) D75356#inline-689287.

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
492–494

This seems a bit excessive, we could merge the last two into FSeekError.

This revision now requires changes to proceed.Mar 10 2020, 7:39 AM
Szelethus added reviewers: NoQ, xazax.hun, rnkovacs, dcoughlin, baloghadamsoftware, martong.Mar 10 2020, 7:40 AM
balazske marked an inline comment as done.Mar 10 2020, 8:52 AM

I do not like to make difference between error from fseek and error from any other function that may fail. AnyError can be used to handle every case. After a failed file operation we do not know if it was feof or ferror kind of error. fseek is only special because it can fail additionally without feof or ferror. If the kind of the last operation needs to be known later, it can be saved in the stream state.

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
492–494

There are 3 cases:

  • fseek did not fail at all. Return value is zero. This is StateNotFailed.
  • fseek failed but none of the error flags is true afterwards. Return value is nonzero but feof and ferror are not true. This is StateFailedWithoutFError.
  • fseek failed and we have feof or ferror set (never both). Return value is nonzero and feof or ferror will be true. This is StateFailedWithFError. And an use of AnyError, otherwise we need here 2 states, one for feof and one for ferror. But it is not important here if feof or ferror is actually true, so the special value AnyError is used and only one new state instead of two.
Szelethus added a comment.Mar 10 2020, 9:41 AM
In D75851#1914874, @balazske wrote:

I do not like to make difference between error from fseek and error from any other function that may fail. AnyError can be used to handle every case.

Okay, it took me a while, but I think I understand where you're coming from. Lets preserve this enum. I think NoteTags would be a better fit to pinpoint which function left the stream in a state that should be checked before usage. This patch is quite small, could we add one then?

After a failed file operation we do not know if it was feof or ferror kind of error.

Is this true for that many stream operations?

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
492–494

Sure, but from the point of the analyzer the latter two are the same, isn't it? Its never a good idea to use a stream on which fseek failed without checking.

State splits are the most expensive things the analyzer can make, which is why I'm cautious here.

Szelethus added a comment.Mar 10 2020, 11:33 AM
In D75851#1915014, @Szelethus wrote:
In D75851#1914874, @balazske wrote:

After a failed file operation we do not know if it was feof or ferror kind of error.

Is this true for that many stream operations?

I looked it up, and it totally is.

balazske added a comment.Mar 11 2020, 4:28 AM

Probably we need to clarify when to make warnings. Originally I do not wanted a warning after for example failed read, because it is possible to retry the operation. But the standard says that after failed fread the file position is indeterminate, so a new read may get indeterminate values that is a case for warning. The character I/O functions may work not this way so after failed fgetc it may be possible to retry it and no warning is needed. Some operations such as fclose and fseek can be called in error (including EOF) state.

For this to work we need more kinds of error states, or save the type of the last operation in the state (and use it to determine if warning is needed). Probably the best is to have only a single "failed" state and determine what kind of error is possible based on the saved last operation type. A "feof" and "ferror" kind of error state is still needed because after a call to feof if it returned true the error type is fixed to EOF error.

baloghadamsoftware added inline comments.Mar 11 2020, 5:22 AM
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
492–494

Somehow, this should be done with just two new states. Maybe there should be an error state "Unknown" instead of OtherError (or FeoFOrFError what I suggested at the other patch) which can be any of the errors plus the NoError value. Later, when ferror() of feof() is checked we can do a second state split, but not earlier.

balazske marked an inline comment as done.Mar 11 2020, 8:17 AM
balazske added inline comments.
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
492–494

Yes it is possible to use two new states only. For example by having a new FSeekError that can "manifest" in feof, ferror or no error. Better is to have only one "last-operation-failed-with-any-error" state and determine later if needed what errors are possible (based on the last operation). For fseek it is possible to get feof, ferror, or none of these (but still failed fseek). For reading operations the error can be feof or ferror. After write only ferror is possible.

balazske updated this revision to Diff 249904.Mar 12 2020, 5:05 AM

Rebased, added handling of UnknownError.

Harbormaster completed remote builds in B48971: Diff 249904.Mar 12 2020, 5:54 AM
balazske mentioned this in D75682: [Analyzer][StreamChecker] Introduction of stream error handling..Mar 13 2020, 1:47 AM
NoQ added inline comments.Mar 15 2020, 8:30 PM
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
559–560

Please explain the high-level idea behind this code.

balazske marked an inline comment as done.Mar 17 2020, 12:34 AM
balazske added inline comments.
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
559–560

The higher level idea is that if a stream function fails we do not create a new state for every type of error (EOF and "other" error). Instead there will be an "unknown error" state. The description for each stream function contains what errors are possible after that function (PossibleErrors).

If it is needed to know the exact error (like here, what should feof return?) we look at the previous function to see what errors are possible after it. If EOF is not possible at all, the feof returns false. If EOF is possible and only one other type of error, we make a state split with EOF error and the other error set. If EOF and two possible other errors are possible there is state split again but the non-EOF state contains UnknownError.

In PossibleErrors the NoError state is possible. This indicates that the function failed (returned an error value) but the stream error flags are not set (can happen at fseek). There are 3 possible error values (EOF, "other" and no error), if after a feof there is UnknownError we know that the remaining 2 error types are possible.

balazske updated this revision to Diff 251112.Mar 18 2020, 9:33 AM

Rebased.

Herald added a subscriber: ASDenysPetrov. · View Herald TranscriptMar 18 2020, 9:33 AM
Harbormaster completed remote builds in B49614: Diff 251112.Mar 18 2020, 10:20 AM
balazske updated this revision to Diff 251640.Mar 20 2020, 7:39 AM

Simplified code.

Harbormaster completed remote builds in B49891: Diff 251640.Mar 20 2020, 8:38 AM
Szelethus marked an inline comment as done.Apr 8 2020, 5:37 AM
In D75851#1933538, @balazske wrote:

Simplified code.

I can tell! The patch is amazing, the code practically reads itself aloud. I have some inlines but nothing major, the high level idea is great.

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
98–105

This feels clunky to me.

Suppose that we're curious about the stream reaching EOF. We know that the last operation on the stream could cause EOF and ERROR. This function then would return FError. That doesn't really feel like the answer to the question "isErrorPossible".

In what contexts do you see calling this function that isn't like this?:

Optional<StreamState::ErrorKindTy> NewError =
    SS->isErrorPossible(ErrorKind);
if (!NewError) {
  // This kind of error is not possible, function returns zero.
  // Error state remains unknown.
  AddTransition(bindInt(0, State, C, CE), StreamState::UnknownError);
} else {
  // Add state with true returned.
  AddTransition(bindAndAssumeTrue(State, C, CE), ErrorKind);
  // Add state with false returned and the new remaining error type.
  AddTransition(bindInt(0, State, C, CE), *NewError);
}

Would it make more sense to move the logic of creating state transitions into a function instead?

536–544

It took me a while to realize that this also includes the case where the stat is not in any error :) Could you add a line of comment please?

553–556

I gave this plenty of thought, and I now believe that the state split here is appropriate. We really should ensure that the user checked both feof and ferror.

clang/test/Analysis/stream-error.c
62

That is a bit misleading, because Eof isn't EOF as specified in the standard. How about IsEof?

balazske marked an inline comment as done.Apr 8 2020, 7:08 AM
balazske added inline comments.
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
98–105

The name of the function may be misleading. The non-empty Optional means "yes" and an empty means "no". And if yes additional information is returned in the optional value. If the transitions would be included in this function it needs more parameters. This function is for the part of the operation that computes the remaining error ( getRemainingPossibleError is a better name?). Later it will turn out in what way the function is used and if there is code repetition a new function can be introduced, but not now (the needed state transitions may be different).

balazske updated this revision to Diff 256023.Apr 8 2020, 7:53 AM
  • Rebase
  • Improved comments
  • Changed UnknownError to Unknown
  • Test changes (removed unneeded test)
Harbormaster failed remote builds in B52360: Diff 256023!Apr 8 2020, 8:40 AM
Szelethus accepted this revision.Apr 9 2020, 6:20 AM

LGTM! You seem to have a firm grasp on where you want this checker to go, and I like everything about it.

The code needs seme clang-format treatment, and another eye might not hurt, but as far as I'm concerned, I'm super happy how this patch turned out.

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
98–105

getRemainingPossibleError sounds great! You convinced me, if we ever need to stuff more things into this function, we will do that then.

This revision is now accepted and ready to land.Apr 9 2020, 6:20 AM
balazske updated this revision to Diff 256317.Apr 9 2020, 8:19 AM

Addressed review comments (reformat and rename).

Harbormaster failed remote builds in B52520: Diff 256317!Apr 9 2020, 8:41 AM
Closed by commit rGf2b5e60dfd09: [Analyzer][StreamChecker] Added evaluation of fseek. (authored by balazske). · Explain WhyApr 14 2020, 3:41 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
246 lines
test/
Analysis/
31 lines

Diff 257267

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp

Show All 19 Lines
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
namespace { namespace {
struct FnDescription;
/// Full state information about a stream pointer. /// Full state information about a stream pointer.
struct StreamState { struct StreamState {
/// The last file operation called in the stream.
const FnDescription *LastOperation;
/// State of a stream symbol. /// State of a stream symbol.
/// FIXME: We need maybe an "escaped" state later. /// FIXME: We need maybe an "escaped" state later.
enum KindTy { enum KindTy {
Opened, /// Stream is opened. Opened, /// Stream is opened.
Closed, /// Closed stream (an invalid stream pointer after it was closed). Closed, /// Closed stream (an invalid stream pointer after it was closed).
OpenFailed /// The last open operation has failed. OpenFailed /// The last open operation has failed.
} State; } State;
/// The error state of a stream. /// The error state of a stream.
/// Valid only if the stream is opened. /// Valid only if the stream is opened.
/// It is assumed that feof and ferror flags are never true at the same time. /// It is assumed that feof and ferror flags are never true at the same time.
enum ErrorKindTy { enum ErrorKindTy {
/// No error flag is set (or stream is not open). /// No error flag is set (or stream is not open).
NoError, NoError,
/// EOF condition (`feof` is true). /// EOF condition (`feof` is true).
FEof, FEof,
/// Other generic (non-EOF) error (`ferror` is true). /// Other generic (non-EOF) error (`ferror` is true).
FError, FError,
/// Unknown error flag is set (or none), the meaning depends on the last
/// operation.
Unknown
} ErrorState = NoError; } ErrorState = NoError;
bool isOpened() const { return State == Opened; } bool isOpened() const { return State == Opened; }
bool isClosed() const { return State == Closed; } bool isClosed() const { return State == Closed; }
bool isOpenFailed() const { return State == OpenFailed; } bool isOpenFailed() const { return State == OpenFailed; }
bool isNoError() const { bool isNoError() const {
assert(State == Opened && "Error undefined for closed stream."); assert(State == Opened && "Error undefined for closed stream.");
return ErrorState == NoError; return ErrorState == NoError;
} }
bool isFEof() const { bool isFEof() const {
assert(State == Opened && "Error undefined for closed stream."); assert(State == Opened && "Error undefined for closed stream.");
return ErrorState == FEof; return ErrorState == FEof;
} }
bool isFError() const { bool isFError() const {
assert(State == Opened && "Error undefined for closed stream."); assert(State == Opened && "Error undefined for closed stream.");
return ErrorState == FError; return ErrorState == FError;
} }
bool isUnknown() const {
assert(State == Opened && "Error undefined for closed stream.");
return ErrorState == Unknown;
}
bool operator==(const StreamState &X) const { bool operator==(const StreamState &X) const {
// In not opened state error should always NoError. // In not opened state error should always NoError.
return State == X.State && ErrorState == X.ErrorState; return LastOperation == X.LastOperation && State == X.State &&
ErrorState == X.ErrorState;
} }
static StreamState getOpened() { return StreamState{Opened}; } static StreamState getOpened(const FnDescription *L) {
static StreamState getClosed() { return StreamState{Closed}; } return StreamState{L, Opened};
static StreamState getOpenFailed() { return StreamState{OpenFailed}; } }
static StreamState getOpenedWithFEof() { return StreamState{Opened, FEof}; } static StreamState getOpened(const FnDescription *L, ErrorKindTy E) {
static StreamState getOpenedWithFError() { return StreamState{L, Opened, E};
return StreamState{Opened, FError}; }
static StreamState getClosed(const FnDescription *L) {
return StreamState{L, Closed};
}
static StreamState getOpenFailed(const FnDescription *L) {
return StreamState{L, OpenFailed};
} }
/// Return if the specified error kind is possible on the stream in the
/// current state.
/// This depends on the stored `LastOperation` value.
/// If the error is not possible returns empty value.
/// If the error is possible returns the remaining possible error type
/// (after taking out `ErrorKind`). If a single error is possible it will
/// return that value, otherwise unknown error.
Optional<ErrorKindTy> getRemainingPossibleError(ErrorKindTy ErrorKind) const;
SzelethusUnsubmitted
Not Done
ReplyInline Actions

This feels clunky to me.

Suppose that we're curious about the stream reaching EOF. We know that the last operation on the stream could cause EOF and ERROR. This function then would return FError. That doesn't really feel like the answer to the question "isErrorPossible".

In what contexts do you see calling this function that isn't like this?:

Optional<StreamState::ErrorKindTy> NewError =
    SS->isErrorPossible(ErrorKind);
if (!NewError) {
  // This kind of error is not possible, function returns zero.
  // Error state remains unknown.
  AddTransition(bindInt(0, State, C, CE), StreamState::UnknownError);
} else {
  // Add state with true returned.
  AddTransition(bindAndAssumeTrue(State, C, CE), ErrorKind);
  // Add state with false returned and the new remaining error type.
  AddTransition(bindInt(0, State, C, CE), *NewError);
}

Would it make more sense to move the logic of creating state transitions into a function instead?

Szelethus: This feels clunky to me. Suppose that we're curious about the stream reaching `EOF`. We know…
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

The name of the function may be misleading. The non-empty Optional means "yes" and an empty means "no". And if yes additional information is returned in the optional value. If the transitions would be included in this function it needs more parameters. This function is for the part of the operation that computes the remaining error ( getRemainingPossibleError is a better name?). Later it will turn out in what way the function is used and if there is code repetition a new function can be introduced, but not now (the needed state transitions may be different).

balazske: The name of the function may be misleading. The non-empty `Optional` means "yes" and an empty…
SzelethusUnsubmitted
Not Done
ReplyInline Actions

getRemainingPossibleError sounds great! You convinced me, if we ever need to stuff more things into this function, we will do that then.

Szelethus: `getRemainingPossibleError` sounds great! You convinced me, if we ever need to stuff more…
void Profile(llvm::FoldingSetNodeID &ID) const { void Profile(llvm::FoldingSetNodeID &ID) const {
ID.AddPointer(LastOperation);
ID.AddInteger(State); ID.AddInteger(State);
ID.AddInteger(ErrorState); ID.AddInteger(ErrorState);
} }
}; };
class StreamChecker; class StreamChecker;
struct FnDescription;
using FnCheck = std::function<void(const StreamChecker *, const FnDescription *, using FnCheck = std::function<void(const StreamChecker *, const FnDescription *,
const CallEvent &, CheckerContext &)>; const CallEvent &, CheckerContext &)>;
using ArgNoTy = unsigned int; using ArgNoTy = unsigned int;
static const ArgNoTy ArgNone = std::numeric_limits<ArgNoTy>::max(); static const ArgNoTy ArgNone = std::numeric_limits<ArgNoTy>::max();
struct FnDescription { struct FnDescription {
FnCheck PreFn; FnCheck PreFn;
FnCheck EvalFn; FnCheck EvalFn;
ArgNoTy StreamArgNo; ArgNoTy StreamArgNo;
// What errors are possible after this operation.
// Used only if this operation resulted in Unknown state
// (otherwise there is a known single error).
// Must contain 2 or 3 elements, or zero.
llvm::SmallVector<StreamState::ErrorKindTy, 3> PossibleErrors = {};
}; };
Optional<StreamState::ErrorKindTy>
StreamState::getRemainingPossibleError(ErrorKindTy ErrorKind) const {
assert(ErrorState == Unknown &&
"Function to be used only if error is unknown.");
llvm::SmallVector<StreamState::ErrorKindTy, 3> NewPossibleErrors;
for (StreamState::ErrorKindTy E : LastOperation->PossibleErrors)
if (E != ErrorKind)
NewPossibleErrors.push_back(E);
if (NewPossibleErrors.size() == LastOperation->PossibleErrors.size())
return {};
if (NewPossibleErrors.size() == 1)
return NewPossibleErrors.front();
return Unknown;
}
/// Get the value of the stream argument out of the passed call event. /// Get the value of the stream argument out of the passed call event.
/// The call should contain a function that is described by Desc. /// The call should contain a function that is described by Desc.
SVal getStreamArg(const FnDescription *Desc, const CallEvent &Call) { SVal getStreamArg(const FnDescription *Desc, const CallEvent &Call) {
assert(Desc && Desc->StreamArgNo != ArgNone && assert(Desc && Desc->StreamArgNo != ArgNone &&
"Try to get a non-existing stream argument."); "Try to get a non-existing stream argument.");
return Call.getArgSVal(Desc->StreamArgNo); return Call.getArgSVal(Desc->StreamArgNo);
} }
/// Create a conjured symbol return value for a call expression. /// Create a conjured symbol return value for a call expression.
DefinedSVal makeRetVal(CheckerContext &C, const CallExpr *CE) { DefinedSVal makeRetVal(CheckerContext &C, const CallExpr *CE) {
assert(CE && "Expecting a call expression."); assert(CE && "Expecting a call expression.");
const LocationContext *LCtx = C.getLocationContext(); const LocationContext *LCtx = C.getLocationContext();
return C.getSValBuilder() return C.getSValBuilder()
.conjureSymbolVal(nullptr, CE, LCtx, C.blockCount()) .conjureSymbolVal(nullptr, CE, LCtx, C.blockCount())
.castAs<DefinedSVal>(); .castAs<DefinedSVal>();
} }
ProgramStateRef bindAndAssumeTrue(ProgramStateRef State, CheckerContext &C,
const CallExpr *CE) {
DefinedSVal RetVal = makeRetVal(C, CE);
State = State->BindExpr(CE, C.getLocationContext(), RetVal);
State = State->assume(RetVal, true);
assert(State && "Assumption on new value should not fail.");
return State;
}
ProgramStateRef bindInt(uint64_t Value, ProgramStateRef State,
CheckerContext &C, const CallExpr *CE) {
State = State->BindExpr(CE, C.getLocationContext(),
C.getSValBuilder().makeIntVal(Value, false));
return State;
}
class StreamChecker class StreamChecker
: public Checker<check::PreCall, eval::Call, check::DeadSymbols> { : public Checker<check::PreCall, eval::Call, check::DeadSymbols> {
mutable std::unique_ptr<BuiltinBug> BT_nullfp, BT_illegalwhence, mutable std::unique_ptr<BuiltinBug> BT_nullfp, BT_illegalwhence,
BT_UseAfterClose, BT_UseAfterOpenFailed, BT_ResourceLeak; BT_UseAfterClose, BT_UseAfterOpenFailed, BT_ResourceLeak;
public: public:
void checkPreCall(const CallEvent &Call, CheckerContext &C) const; void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
bool evalCall(const CallEvent &Call, CheckerContext &C) const; bool evalCall(const CallEvent &Call, CheckerContext &C) const;
void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const;
/// If true, evaluate special testing stream functions. /// If true, evaluate special testing stream functions.
bool TestMode = false; bool TestMode = false;
private: private:
CallDescriptionMap<FnDescription> FnDescriptions = { CallDescriptionMap<FnDescription> FnDescriptions = {
{{"fopen"}, {nullptr, &StreamChecker::evalFopen, ArgNone}}, {{"fopen"}, {nullptr, &StreamChecker::evalFopen, ArgNone, {}}},
{{"freopen", 3}, {{"freopen", 3},
{&StreamChecker::preFreopen, &StreamChecker::evalFreopen, 2}}, {&StreamChecker::preFreopen, &StreamChecker::evalFreopen, 2, {}}},
{{"tmpfile"}, {nullptr, &StreamChecker::evalFopen, ArgNone}}, {{"tmpfile"}, {nullptr, &StreamChecker::evalFopen, ArgNone, {}}},
{{"fclose", 1}, {{"fclose", 1},
{&StreamChecker::preDefault, &StreamChecker::evalFclose, 0}}, {&StreamChecker::preDefault, &StreamChecker::evalFclose, 0, {}}},
{{"fread", 4}, {&StreamChecker::preDefault, nullptr, 3}}, {{"fread", 4}, {&StreamChecker::preDefault, nullptr, 3, {}}},
{{"fwrite", 4}, {&StreamChecker::preDefault, nullptr, 3}}, {{"fwrite", 4}, {&StreamChecker::preDefault, nullptr, 3, {}}},
{{"fseek", 3}, {&StreamChecker::preFseek, nullptr, 0}}, {{"fseek", 3},
{{"ftell", 1}, {&StreamChecker::preDefault, nullptr, 0}}, {&StreamChecker::preFseek,
{{"rewind", 1}, {&StreamChecker::preDefault, nullptr, 0}}, &StreamChecker::evalFseek,
{{"fgetpos", 2}, {&StreamChecker::preDefault, nullptr, 0}}, 0,
{{"fsetpos", 2}, {&StreamChecker::preDefault, nullptr, 0}}, {StreamState::FEof, StreamState::FError, StreamState::NoError}}},
{{"ftell", 1}, {&StreamChecker::preDefault, nullptr, 0, {}}},
{{"rewind", 1}, {&StreamChecker::preDefault, nullptr, 0, {}}},
{{"fgetpos", 2}, {&StreamChecker::preDefault, nullptr, 0, {}}},
{{"fsetpos", 2}, {&StreamChecker::preDefault, nullptr, 0, {}}},
{{"clearerr", 1}, {{"clearerr", 1},
{&StreamChecker::preDefault, &StreamChecker::evalClearerr, 0}}, {&StreamChecker::preDefault, &StreamChecker::evalClearerr, 0, {}}},
// Note: feof can result in Unknown if at the call there is a
// PossibleErrors with all 3 error states (including NoError).
// Then if feof is false the remaining error could be FError or NoError.
{{"feof", 1}, {{"feof", 1},
{&StreamChecker::preDefault, {&StreamChecker::preDefault,
&StreamChecker::evalFeofFerror<&StreamState::isFEof>, 0}}, &StreamChecker::evalFeofFerror<StreamState::FEof>,
0,
{StreamState::FError, StreamState::NoError}}},
// Note: ferror can result in Unknown if at the call there is a
// PossibleErrors with all 3 error states (including NoError).
// Then if ferror is false the remaining error could be FEof or NoError.
{{"ferror", 1}, {{"ferror", 1},
{&StreamChecker::preDefault, {&StreamChecker::preDefault,
&StreamChecker::evalFeofFerror<&StreamState::isFError>, 0}}, &StreamChecker::evalFeofFerror<StreamState::FError>,
{{"fileno", 1}, {&StreamChecker::preDefault, nullptr, 0}}, 0,
{StreamState::FEof, StreamState::NoError}}},
{{"fileno", 1}, {&StreamChecker::preDefault, nullptr, 0, {}}},
}; };
CallDescriptionMap<FnDescription> FnTestDescriptions = { CallDescriptionMap<FnDescription> FnTestDescriptions = {
{{"StreamTesterChecker_make_feof_stream", 1}, {{"StreamTesterChecker_make_feof_stream", 1},
{nullptr, {nullptr, &StreamChecker::evalSetFeofFerror<StreamState::FEof>, 0}},
&StreamChecker::evalSetFeofFerror<&StreamState::getOpenedWithFEof>, 0}},
{{"StreamTesterChecker_make_ferror_stream", 1}, {{"StreamTesterChecker_make_ferror_stream", 1},
{nullptr, {nullptr, &StreamChecker::evalSetFeofFerror<StreamState::FError>, 0}},
&StreamChecker::evalSetFeofFerror<&StreamState::getOpenedWithFError>,
0}},
}; };
void evalFopen(const FnDescription *Desc, const CallEvent &Call, void evalFopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void preFreopen(const FnDescription *Desc, const CallEvent &Call, void preFreopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void evalFreopen(const FnDescription *Desc, const CallEvent &Call, void evalFreopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void evalFclose(const FnDescription *Desc, const CallEvent &Call, void evalFclose(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void preFseek(const FnDescription *Desc, const CallEvent &Call, void preFseek(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void evalFseek(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const;
void preDefault(const FnDescription *Desc, const CallEvent &Call, void preDefault(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void evalClearerr(const FnDescription *Desc, const CallEvent &Call, void evalClearerr(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
template <bool (StreamState::*IsOfError)() const> template <StreamState::ErrorKindTy ErrorKind>
void evalFeofFerror(const FnDescription *Desc, const CallEvent &Call, void evalFeofFerror(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
template <StreamState (*GetState)()> template <StreamState::ErrorKindTy EK>
void evalSetFeofFerror(const FnDescription *Desc, const CallEvent &Call, void evalSetFeofFerror(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
/// Check that the stream (in StreamVal) is not NULL. /// Check that the stream (in StreamVal) is not NULL.
/// If it can only be NULL a fatal error is emitted and nullptr returned. /// If it can only be NULL a fatal error is emitted and nullptr returned.
/// Otherwise the return value is a new state where the stream is constrained /// Otherwise the return value is a new state where the stream is constrained
/// to be non-null. /// to be non-null.
ProgramStateRef ensureStreamNonNull(SVal StreamVal, CheckerContext &C, ProgramStateRef ensureStreamNonNull(SVal StreamVal, CheckerContext &C,
ProgramStateRef State) const; ProgramStateRef State) const;
/// Check that the stream is the opened state. /// Check that the stream is the opened state.
/// If the stream is known to be not opened an error is generated /// If the stream is known to be not opened an error is generated
/// and nullptr returned, otherwise the original state is returned. /// and nullptr returned, otherwise the original state is returned.
ProgramStateRef ensureStreamOpened(SVal StreamVal, CheckerContext &C, ProgramStateRef ensureStreamOpened(SVal StreamVal, CheckerContext &C,
ProgramStateRef State) const; ProgramStateRef State) const;
/// Check the legality of the 'whence' argument of 'fseek'. /// Check the legality of the 'whence' argument of 'fseek'.
/// Generate error and return nullptr if it is found to be illegal. /// Generate error and return nullptr if it is found to be illegal.
/// Otherwise returns the state. /// Otherwise returns the state.
/// (State is not changed here because the "whence" value is already known.) /// (State is not changed here because the "whence" value is already known.)
ProgramStateRef ensureFseekWhenceCorrect(SVal WhenceVal, CheckerContext &C, ProgramStateRef ensureFseekWhenceCorrect(SVal WhenceVal, CheckerContext &C,
ProgramStateRef State) const; ProgramStateRef State) const;
/// Find the description data of the function called by a call event. /// Find the description data of the function called by a call event.
/// Returns nullptr if no function is recognized. /// Returns nullptr if no function is recognized.
const FnDescription *lookupFn(const CallEvent &Call) const { const FnDescription *lookupFn(const CallEvent &Call) const {
// Recognize "global C functions" with only integral or pointer arguments // Recognize "global C functions" with only integral or pointer arguments
// (and matching name) as stream functions. // (and matching name) as stream functions.
if (!Call.isGlobalCFunction()) if (!Call.isGlobalCFunction())
return nullptr; return nullptr;
for (auto P : Call.parameters()) { for (auto P : Call.parameters()) {
QualType T = P->getType(); QualType T = P->getType();
if (!T->isIntegralOrEnumerationType() && !T->isPointerType()) if (!T->isIntegralOrEnumerationType() && !T->isPointerType())
return nullptr; return nullptr;
} }
return FnDescriptions.lookup(Call); return FnDescriptions.lookup(Call);
} }
}; };
} // end anonymous namespace } // end anonymous namespace
REGISTER_MAP_WITH_PROGRAMSTATE(StreamMap, SymbolRef, StreamState) REGISTER_MAP_WITH_PROGRAMSTATE(StreamMap, SymbolRef, StreamState)
inline void assertStreamStateOpened(const StreamState *SS) { inline void assertStreamStateOpened(const StreamState *SS) {
assert(SS->isOpened() && assert(SS->isOpened() &&
Show All 35 Linesvoid StreamChecker::evalFopen(const FnDescription *Desc, const CallEvent &Call,
State = State->BindExpr(CE, C.getLocationContext(), RetVal); State = State->BindExpr(CE, C.getLocationContext(), RetVal);
// Bifurcate the state into two: one with a valid FILE* pointer, the other // Bifurcate the state into two: one with a valid FILE* pointer, the other
// with a NULL. // with a NULL.
ProgramStateRef StateNotNull, StateNull; ProgramStateRef StateNotNull, StateNull;
std::tie(StateNotNull, StateNull) = std::tie(StateNotNull, StateNull) =
C.getConstraintManager().assumeDual(State, RetVal); C.getConstraintManager().assumeDual(State, RetVal);
StateNotNull = StateNotNull->set<StreamMap>(RetSym, StreamState::getOpened()); StateNotNull =
StateNull = StateNull->set<StreamMap>(RetSym, StreamState::getOpenFailed()); StateNotNull->set<StreamMap>(RetSym, StreamState::getOpened(Desc));
StateNull =
StateNull->set<StreamMap>(RetSym, StreamState::getOpenFailed(Desc));
C.addTransition(StateNotNull); C.addTransition(StateNotNull);
C.addTransition(StateNull); C.addTransition(StateNull);
} }
void StreamChecker::preFreopen(const FnDescription *Desc, const CallEvent &Call, void StreamChecker::preFreopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
// Do not allow NULL as passed stream pointer but allow a closed stream. // Do not allow NULL as passed stream pointer but allow a closed stream.
Show All 32 Linesvoid StreamChecker::evalFreopen(const FnDescription *Desc,
ProgramStateRef StateRetNotNull = ProgramStateRef StateRetNotNull =
State->BindExpr(CE, C.getLocationContext(), *StreamVal); State->BindExpr(CE, C.getLocationContext(), *StreamVal);
// Generate state for NULL return value. // Generate state for NULL return value.
// Stream switches to OpenFailed state. // Stream switches to OpenFailed state.
ProgramStateRef StateRetNull = State->BindExpr(CE, C.getLocationContext(), ProgramStateRef StateRetNull = State->BindExpr(CE, C.getLocationContext(),
C.getSValBuilder().makeNull()); C.getSValBuilder().makeNull());
StateRetNotNull = StateRetNotNull =
StateRetNotNull->set<StreamMap>(StreamSym, StreamState::getOpened()); StateRetNotNull->set<StreamMap>(StreamSym, StreamState::getOpened(Desc));
StateRetNull = StateRetNull =
StateRetNull->set<StreamMap>(StreamSym, StreamState::getOpenFailed()); StateRetNull->set<StreamMap>(StreamSym, StreamState::getOpenFailed(Desc));
C.addTransition(StateRetNotNull); C.addTransition(StateRetNotNull);
C.addTransition(StateRetNull); C.addTransition(StateRetNull);
} }
void StreamChecker::evalFclose(const FnDescription *Desc, const CallEvent &Call, void StreamChecker::evalFclose(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef Sym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef Sym = getStreamArg(Desc, Call).getAsSymbol();
if (!Sym) if (!Sym)
return; return;
const StreamState *SS = State->get<StreamMap>(Sym); const StreamState *SS = State->get<StreamMap>(Sym);
if (!SS) if (!SS)
return; return;
assertStreamStateOpened(SS); assertStreamStateOpened(SS);
// Close the File Descriptor. // Close the File Descriptor.
// Regardless if the close fails or not, stream becomes "closed" // Regardless if the close fails or not, stream becomes "closed"
// and can not be used any more. // and can not be used any more.
State = State->set<StreamMap>(Sym, StreamState::getClosed()); State = State->set<StreamMap>(Sym, StreamState::getClosed(Desc));
C.addTransition(State); C.addTransition(State);
} }
void StreamChecker::preFseek(const FnDescription *Desc, const CallEvent &Call, void StreamChecker::preFseek(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SVal StreamVal = getStreamArg(Desc, Call); SVal StreamVal = getStreamArg(Desc, Call);
State = ensureStreamNonNull(StreamVal, C, State); State = ensureStreamNonNull(StreamVal, C, State);
if (!State) if (!State)
return; return;
State = ensureStreamOpened(StreamVal, C, State); State = ensureStreamOpened(StreamVal, C, State);
if (!State) if (!State)
return; return;
State = ensureFseekWhenceCorrect(Call.getArgSVal(2), C, State); State = ensureFseekWhenceCorrect(Call.getArgSVal(2), C, State);
if (!State) if (!State)
return; return;
C.addTransition(State); C.addTransition(State);
} }
void StreamChecker::evalFseek(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
if (!StreamSym)
return;
const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
if (!CE)
return;
// Ignore the call if the stream is not tracked.
if (!State->get<StreamMap>(StreamSym))
return;
DefinedSVal RetVal = makeRetVal(C, CE);
// Make expression result.
State = State->BindExpr(CE, C.getLocationContext(), RetVal);
// Bifurcate the state into failed and non-failed.
// Return zero on success, nonzero on error.
ProgramStateRef StateNotFailed, StateFailed;
std::tie(StateFailed, StateNotFailed) =
C.getConstraintManager().assumeDual(State, RetVal);
// Reset the state to opened with no error.
StateNotFailed =
StateNotFailed->set<StreamMap>(StreamSym, StreamState::getOpened(Desc));
// We get error.
StateFailed = StateFailed->set<StreamMap>(
StreamSym, StreamState::getOpened(Desc, StreamState::Unknown));
C.addTransition(StateNotFailed);
C.addTransition(StateFailed);
}
void StreamChecker::evalClearerr(const FnDescription *Desc, void StreamChecker::evalClearerr(const FnDescription *Desc,
const CallEvent &Call, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
SzelethusUnsubmitted
Not Done
ReplyInline Actions

This seems a bit excessive, we could merge the last two into FSeekError.

Szelethus: This seems a bit excessive, we could merge the last two into `FSeekError`.
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

There are 3 cases:

  • fseek did not fail at all. Return value is zero. This is StateNotFailed.
  • fseek failed but none of the error flags is true afterwards. Return value is nonzero but feof and ferror are not true. This is StateFailedWithoutFError.
  • fseek failed and we have feof or ferror set (never both). Return value is nonzero and feof or ferror will be true. This is StateFailedWithFError. And an use of AnyError, otherwise we need here 2 states, one for feof and one for ferror. But it is not important here if feof or ferror is actually true, so the special value AnyError is used and only one new state instead of two.
balazske: There are 3 cases: - `fseek` did not fail at all. Return value is zero. This is…
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Sure, but from the point of the analyzer the latter two are the same, isn't it? Its never a good idea to use a stream on which fseek failed without checking.

State splits are the most expensive things the analyzer can make, which is why I'm cautious here.

Szelethus: Sure, but from the point of the analyzer the latter two are the same, isn't it? Its never a…
baloghadamsoftwareUnsubmitted
Not Done
ReplyInline Actions

Somehow, this should be done with just two new states. Maybe there should be an error state "Unknown" instead of OtherError (or FeoFOrFError what I suggested at the other patch) which can be any of the errors plus the NoError value. Later, when ferror() of feof() is checked we can do a second state split, but not earlier.

baloghadamsoftware: Somehow, this should be done with just two new states. Maybe there should be an error state…
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

Yes it is possible to use two new states only. For example by having a new FSeekError that can "manifest" in feof, ferror or no error. Better is to have only one "last-operation-failed-with-any-error" state and determine later if needed what errors are possible (based on the last operation). For fseek it is possible to get feof, ferror, or none of these (but still failed fseek). For reading operations the error can be feof or ferror. After write only ferror is possible.

balazske: Yes it is possible to use two new states only. For example by having a new `FSeekError` that…
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
if (!StreamSym) if (!StreamSym)
return; return;
const StreamState *SS = State->get<StreamMap>(StreamSym); const StreamState *SS = State->get<StreamMap>(StreamSym);
if (!SS) if (!SS)
return; return;
assertStreamStateOpened(SS); assertStreamStateOpened(SS);
if (SS->isNoError()) State = State->set<StreamMap>(StreamSym, StreamState::getOpened(Desc));
return;
State = State->set<StreamMap>(StreamSym, StreamState::getOpened());
C.addTransition(State); C.addTransition(State);
} }
template <bool (StreamState::*IsOfError)() const> template <StreamState::ErrorKindTy ErrorKind>
void StreamChecker::evalFeofFerror(const FnDescription *Desc, void StreamChecker::evalFeofFerror(const FnDescription *Desc,
const CallEvent &Call, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
if (!StreamSym) if (!StreamSym)
return; return;
const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); const CallExpr *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
if (!CE) if (!CE)
return; return;
auto AddTransition = [&C, Desc, StreamSym](ProgramStateRef State,
StreamState::ErrorKindTy SSError) {
StreamState SSNew = StreamState::getOpened(Desc, SSError);
State = State->set<StreamMap>(StreamSym, SSNew);
C.addTransition(State);
};
const StreamState *SS = State->get<StreamMap>(StreamSym); const StreamState *SS = State->get<StreamMap>(StreamSym);
// Ignore the call if the stream is not tracked.
if (!SS) if (!SS)
return; return;
assertStreamStateOpened(SS); assertStreamStateOpened(SS);
if ((SS->*IsOfError)()) { if (!SS->isUnknown()) {
// Function returns nonzero. // The stream is in exactly known state (error or not).
DefinedSVal RetVal = makeRetVal(C, CE); // Check if it is in error of kind `ErrorKind`.
State = State->BindExpr(CE, C.getLocationContext(), RetVal); if (SS->ErrorState == ErrorKind)
State = State->assume(RetVal, true); State = bindAndAssumeTrue(State, C, CE);
assert(State && "Assumption on new value should not fail."); else
State = bindInt(0, State, C, CE);
// Error state is not changed in the new state.
AddTransition(State, SS->ErrorState);
SzelethusUnsubmitted
Not Done
ReplyInline Actions

It took me a while to realize that this also includes the case where the stat is not in any error :) Could you add a line of comment please?

Szelethus: It took me a while to realize that this also includes the case where the stat is not in any…
} else { } else {
// Return zero. // Stream is in unknown state, check if error `ErrorKind` is possible.
State = State->BindExpr(CE, C.getLocationContext(), Optional<StreamState::ErrorKindTy> NewError =
C.getSValBuilder().makeIntVal(0, false)); SS->getRemainingPossibleError(ErrorKind);
if (!NewError) {
// This kind of error is not possible, function returns zero.
// Error state remains unknown.
AddTransition(bindInt(0, State, C, CE), StreamState::Unknown);
} else {
// Add state with true returned.
AddTransition(bindAndAssumeTrue(State, C, CE), ErrorKind);
// Add state with false returned and the new remaining error type.
SzelethusUnsubmitted
Done
ReplyInline Actions

I gave this plenty of thought, and I now believe that the state split here is appropriate. We really should ensure that the user checked both feof and ferror.

Szelethus: I gave this plenty of thought, and I now believe that the state split here is appropriate. We…
AddTransition(bindInt(0, State, C, CE), *NewError);
}
} }
C.addTransition(State);
} }
NoQUnsubmitted
Not Done
ReplyInline Actions

Please explain the high-level idea behind this code.

NoQ: Please explain the high-level idea behind this code.
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

The higher level idea is that if a stream function fails we do not create a new state for every type of error (EOF and "other" error). Instead there will be an "unknown error" state. The description for each stream function contains what errors are possible after that function (PossibleErrors).

If it is needed to know the exact error (like here, what should feof return?) we look at the previous function to see what errors are possible after it. If EOF is not possible at all, the feof returns false. If EOF is possible and only one other type of error, we make a state split with EOF error and the other error set. If EOF and two possible other errors are possible there is state split again but the non-EOF state contains UnknownError.

In PossibleErrors the NoError state is possible. This indicates that the function failed (returned an error value) but the stream error flags are not set (can happen at fseek). There are 3 possible error values (EOF, "other" and no error), if after a feof there is UnknownError we know that the remaining 2 error types are possible.

balazske: The higher level idea is that if a stream function fails we do not create a new state for every…
void StreamChecker::preDefault(const FnDescription *Desc, const CallEvent &Call, void StreamChecker::preDefault(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SVal StreamVal = getStreamArg(Desc, Call); SVal StreamVal = getStreamArg(Desc, Call);
State = ensureStreamNonNull(StreamVal, C, State); State = ensureStreamNonNull(StreamVal, C, State);
if (!State) if (!State)
return; return;
State = ensureStreamOpened(StreamVal, C, State); State = ensureStreamOpened(StreamVal, C, State);
if (!State) if (!State)
return; return;
C.addTransition(State); C.addTransition(State);
} }
template <StreamState (*GetState)()> template <StreamState::ErrorKindTy EK>
void StreamChecker::evalSetFeofFerror(const FnDescription *Desc, void StreamChecker::evalSetFeofFerror(const FnDescription *Desc,
const CallEvent &Call, const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
ProgramStateRef State = C.getState(); ProgramStateRef State = C.getState();
SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol(); SymbolRef StreamSym = getStreamArg(Desc, Call).getAsSymbol();
assert(StreamSym && "Operation not permitted on non-symbolic stream value."); assert(StreamSym && "Operation not permitted on non-symbolic stream value.");
State = State->set<StreamMap>(StreamSym, (*GetState)()); const StreamState *SS = State->get<StreamMap>(StreamSym);
assert(SS && "Stream should be tracked by the checker.");
State = State->set<StreamMap>(StreamSym,
StreamState::getOpened(SS->LastOperation, EK));
C.addTransition(State); C.addTransition(State);
} }
ProgramStateRef ProgramStateRef
StreamChecker::ensureStreamNonNull(SVal StreamVal, CheckerContext &C, StreamChecker::ensureStreamNonNull(SVal StreamVal, CheckerContext &C,
ProgramStateRef State) const { ProgramStateRef State) const {
auto Stream = StreamVal.getAs<DefinedSVal>(); auto Stream = StreamVal.getAs<DefinedSVal>();
if (!Stream) if (!Stream)
▲ Show 20 LinesShow All 130 Lines▼ Show 20 Lines
void ento::registerStreamTesterChecker(CheckerManager &Mgr) { void ento::registerStreamTesterChecker(CheckerManager &Mgr) {
auto *Checker = Mgr.getChecker<StreamChecker>(); auto *Checker = Mgr.getChecker<StreamChecker>();
Checker->TestMode = true; Checker->TestMode = true;
} }
bool ento::shouldRegisterStreamTesterChecker(const CheckerManager &Mgr) { bool ento::shouldRegisterStreamTesterChecker(const CheckerManager &Mgr) {
return true; return true;
} }

clang/test/Analysis/stream-error.c

Show First 20 LinesShow All 46 Lines▼ Show 20 Linesvoid stream_error_ferror() {
StreamTesterChecker_make_ferror_stream(F); StreamTesterChecker_make_ferror_stream(F);
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}} clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
clearerr(F); clearerr(F);
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}} clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}} clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
fclose(F); fclose(F);
} }
void error_fseek() {
FILE *F = fopen("file", "r");
if (!F)
return;
int rc = fseek(F, 0, SEEK_SET);
if (rc) {
int IsFEof = feof(F), IsFError = ferror(F);
SzelethusUnsubmitted
Not Done
ReplyInline Actions

That is a bit misleading, because Eof isn't EOF as specified in the standard. How about IsEof?

Szelethus: That is a bit misleading, because `Eof` isn't `EOF` as specified in the standard. How about…
// Get feof or ferror or no error.
clang_analyzer_eval(IsFEof || IsFError);
// expected-warning@-1 {{FALSE}}
// expected-warning@-2 {{TRUE}}
clang_analyzer_eval(IsFEof && IsFError); // expected-warning {{FALSE}}
// Error flags should not change.
if (IsFEof)
clang_analyzer_eval(feof(F)); // expected-warning {{TRUE}}
else
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
if (IsFError)
clang_analyzer_eval(ferror(F)); // expected-warning {{TRUE}}
else
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
} else {
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
// Error flags should not change.
clang_analyzer_eval(feof(F)); // expected-warning {{FALSE}}
clang_analyzer_eval(ferror(F)); // expected-warning {{FALSE}}
}
fclose(F);
}