This is an archive of the discontinued LLVM Phabricator instance.

Differential D79437

[clang-tidy] Add fsetpos argument checker
Needs ReviewPublic

Authored by DerWaschbar on May 5 2020, 11:08 AM.

Details

Reviewers
aaron.ballman
alexfh
hokein
njames93
Summary

According to https://wiki.sei.cmu.edu/confluence/x/x9UxBQ
bugprone-fsetpos-argument-check is created.
The check finds fsetpos() function calls where the argument
is not initialized with fgetpos()

Diff Detail

Event Timeline

DerWaschbar created this revision.May 5 2020, 11:08 AM
Herald added subscribers: mgehre, dexonsmith, xazax.hun, mgorny. · View Herald TranscriptMay 5 2020, 11:08 AM
Eugene.Zelenko added a subscriber: Eugene.Zelenko.May 5 2020, 11:48 AM

Please rebase from master. Current version is based on 9.0.

clang-tools-extra/clang-tidy/bugprone/FsetposArgumentCheck.cpp
13

Unnecessary empty line.

23

Unnecessary empty line.

clang-tools-extra/docs/ReleaseNotes.rst
200

Please use double back-ticks to highlight language constructs.

clang-tools-extra/docs/clang-tidy/checks/bugprone-fsetpos-argument-check.rst
7

Please use double back-ticks to highlight language constructs.

16

Please indent code.

38

Please add newline.

clang-tools-extra/docs/clang-tidy/checks/cert-fio44-c.rst
11

Please add newline.

Eugene.Zelenko edited reviewers, added: njames93; removed: jfb, Charusso.May 5 2020, 11:48 AM
Eugene.Zelenko added a subscriber: cfe-commits.
Herald added a subscriber: Charusso. · View Herald TranscriptMay 5 2020, 11:48 AM
DerWaschbar updated this revision to Diff 262383.May 6 2020, 8:10 AM
DerWaschbar marked 7 inline comments as done.
  • Removed unnecessary empty lines.
  • Added double back-ticks to highlight language constructs.
  • Indented code in documentation.
DerWaschbar added a comment.May 6 2020, 8:11 AM
This comment was removed by DerWaschbar.
DerWaschbar updated this revision to Diff 264949.May 19 2020, 9:31 AM

Rebased

aaron.ballman added a comment.May 23 2020, 7:33 AM

Thank you for working on this check, I think it's useful functionality. One concern I have, though, is that it's not flow-sensitive and should probably be implemented as a clang static analyzer check instead of a clang-tidy check. For instance, consider these three plausible issues:

// This only sets the offset on one code path.
void func(FILE *fp) {
  fpos_t offset;
  if (condition) {
    // ... code
    if (0 != fgetpos(fp, &offset))
      return;
    // ... code
  } else {
   // ... code
  }
  fsetpos(fp, &offset);
}

// This doesn't check the failure from getting the position and sets the position regardless.
void func(FILE *fp) {
  fpos_t offset;
  fgetpos(fp, &offset);
  // ... code
  fsetpos(fp, &offset);
}

// This function accepts the offset from the caller but the caller passes an invalid offset.
void func(FILE *fp, const fpos_t *offset) {
  fsetpos(fp, offset);
}
void caller(FILE *fp) {
  fpos_t offset;
  func(fp, &offset);
}

Have you considered writing a static analyzer check so you can do data and control flow analysis to catch issues like these?

clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
103

Can you reorder to below fio38-c?

clang-tools-extra/docs/clang-tidy/checks/bugprone-fsetpos-argument-check.rst
5

The underlines here don't look like they are correct.

36

the CERT C Coding Standard rule

DerWaschbar updated this revision to Diff 265930.May 24 2020, 8:30 AM
DerWaschbar marked 3 inline comments as done.
mgehre removed a subscriber: mgehre.May 24 2020, 9:15 AM
DerWaschbar added a comment.May 24 2020, 11:19 AM
In D79437#2052109, @aaron.ballman wrote:

Thank you for working on this check, I think it's useful functionality. One concern I have, though, is that it's not flow-sensitive and should probably be implemented as a clang static analyzer check instead of a clang-tidy check. For instance, consider these three plausible issues:

// This only sets the offset on one code path.
void func(FILE *fp) {
  fpos_t offset;
  if (condition) {
    // ... code
    if (0 != fgetpos(fp, &offset))
      return;
    // ... code
  } else {
   // ... code
  }
  fsetpos(fp, &offset);
}

// This doesn't check the failure from getting the position and sets the position regardless.
void func(FILE *fp) {
  fpos_t offset;
  fgetpos(fp, &offset);
  // ... code
  fsetpos(fp, &offset);
}

// This function accepts the offset from the caller but the caller passes an invalid offset.
void func(FILE *fp, const fpos_t *offset) {
  fsetpos(fp, offset);
}
void caller(FILE *fp) {
  fpos_t offset;
  func(fp, &offset);
}

Have you considered writing a static analyzer check so you can do data and control flow analysis to catch issues like these?

I have noticed those issues too, but most likely the getter/setter will be in the same function body and we could measure fast how common is that issue in the wild. Also, this was my first introductory project for Clang and with that, I can rewrite this as a Static Analyzer project or start working on another Clang-Tidy project.

aaron.ballman added a comment.May 30 2020, 9:42 AM
In D79437#2052704, @DerWaschbar wrote:
In D79437#2052109, @aaron.ballman wrote:

Have you considered writing a static analyzer check so you can do data and control flow analysis to catch issues like these?

I have noticed those issues too, but most likely the getter/setter will be in the same function body and we could measure fast how common is that issue in the wild.

That doesn't match my intuition, but if you have data, that would be excellent for helping to make a decision.

Also, this was my first introductory project for Clang and with that, I can rewrite this as a Static Analyzer project or start working on another Clang-Tidy project.

Welcome! I think this functionality is likely useful in here as a clang-tidy check, but I'd be curious to see data on whether it finds true or false positives in the wild to help judge that. My gut instinct is that to do this properly, we'll want it in the static analyzer, but perhaps the tidy check is good enough. I'd be curious to know if others have different thoughts though (pinging @alexfh for visibility).

aaron.ballman added a comment.May 30 2020, 10:38 AM

btw, if you're interested in exploring a static analyzer solution for this, here's a recent review of an analyzer feature that's in the same general problem space: https://reviews.llvm.org/D80018

dkrupp added a subscriber: dkrupp.Jul 3 2020, 5:13 AM
whisperity added a subscriber: whisperity.Jul 9 2020, 1:01 AM
whisperity added inline comments.Jul 9 2020, 1:58 AM
clang-tools-extra/test/clang-tidy/checkers/bugprone-fsetpos-argument-check.cpp
1

This is a C, not a C++ file, the extension should show it. In addition, a similar test should be added that uses std::fgetpos() and std::fsetpos(), and shows the matching still works.

MTC added a subscriber: MTC.Aug 16 2021, 7:17 PM

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
bugprone/
3 lines
1 line
35 lines
60 lines
cert/
2 lines
docs/
11 lines
clang-tidy/
checks/
37 lines
10 lines
2 lines
test/
clang-tidy/
checkers/
59 lines

Diff 265930

clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp

Context not available.
#include "FoldInitTypeCheck.h" #include "FoldInitTypeCheck.h"
#include "ForwardDeclarationNamespaceCheck.h" #include "ForwardDeclarationNamespaceCheck.h"
#include "ForwardingReferenceOverloadCheck.h" #include "ForwardingReferenceOverloadCheck.h"
#include "FsetposArgumentCheck.h"
#include "InaccurateEraseCheck.h" #include "InaccurateEraseCheck.h"
#include "IncorrectRoundingsCheck.h" #include "IncorrectRoundingsCheck.h"
#include "InfiniteLoopCheck.h" #include "InfiniteLoopCheck.h"
Context not available.
"bugprone-forward-declaration-namespace"); "bugprone-forward-declaration-namespace");
CheckFactories.registerCheck<ForwardingReferenceOverloadCheck>( CheckFactories.registerCheck<ForwardingReferenceOverloadCheck>(
"bugprone-forwarding-reference-overload"); "bugprone-forwarding-reference-overload");
CheckFactories.registerCheck<FsetposArgumentCheck>(
"bugprone-fsetpos-argument-check");
CheckFactories.registerCheck<InaccurateEraseCheck>( CheckFactories.registerCheck<InaccurateEraseCheck>(
"bugprone-inaccurate-erase"); "bugprone-inaccurate-erase");
CheckFactories.registerCheck<IncorrectRoundingsCheck>( CheckFactories.registerCheck<IncorrectRoundingsCheck>(
Context not available.

clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt

Context not available.
FoldInitTypeCheck.cpp FoldInitTypeCheck.cpp
ForwardDeclarationNamespaceCheck.cpp ForwardDeclarationNamespaceCheck.cpp
ForwardingReferenceOverloadCheck.cpp ForwardingReferenceOverloadCheck.cpp
FsetposArgumentCheck.cpp
InaccurateEraseCheck.cpp InaccurateEraseCheck.cpp
IncorrectRoundingsCheck.cpp IncorrectRoundingsCheck.cpp
InfiniteLoopCheck.cpp InfiniteLoopCheck.cpp
Context not available.

clang-tools-extra/clang-tidy/bugprone/FsetposArgumentCheck.h

  • This file was added.
//===--- FsetposArgumentCheck.h - clang-tidy ----------------------*- C -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_FSETPOSARGUMENTCHECK_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_FSETPOSARGUMENTCHECK_H
#include "../ClangTidyCheck.h"
namespace clang {
namespace tidy {
namespace bugprone {
/// Finds call of 'fsetpos' functions, which do not have file position indicator
/// obtained from 'fgetpos'.
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/bugprone-fsetpos-argument-check.html
class FsetposArgumentCheck : public ClangTidyCheck {
public:
FsetposArgumentCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context) {}
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
} // namespace bugprone
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_FSETPOSARGUMENTCHECK_H

clang-tools-extra/clang-tidy/bugprone/FsetposArgumentCheck.cpp

  • This file was added.
//===--- FsetposArgumentCheck.cpp - clang-tidy ----------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "FsetposArgumentCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include <iostream>
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Unnecessary empty line.

Eugene.Zelenko: Unnecessary empty line.
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace bugprone {
void FsetposArgumentCheck::registerMatchers(MatchFinder *Finder) {
const auto Offset = declRefExpr(to(varDecl().bind("offset")));
const auto WithOffset = hasArgument(
1,
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Unnecessary empty line.

Eugene.Zelenko: Unnecessary empty line.
ignoringImpCasts(anyOf(unaryOperator(hasUnaryOperand(Offset)), Offset)));
const auto IsOffset = declRefExpr(to(varDecl(equalsBoundNode("offset"))));
const auto HasOffset = hasAnyArgument(ignoringImpCasts(
anyOf(unaryOperator(hasUnaryOperand(IsOffset)), IsOffset)));
const auto OffsetInWrongFunction = hasAncestor(functionDecl(
hasDescendant(callExpr(HasOffset, unless(callee(functionDecl(hasAnyName(
"::fgetpos", "::fsetpos")))))
.bind("non-fpos"))));
const auto OffsetInFgetpos = hasAncestor(functionDecl(hasDescendant(
callExpr(HasOffset, callee(functionDecl(hasName("::fgetpos")))))));
Finder->addMatcher(
callExpr(WithOffset, callee(functionDecl(hasName("::fsetpos"))),
anyOf(OffsetInWrongFunction, unless(OffsetInFgetpos)))
.bind("fsetpos"),
this);
}
void FsetposArgumentCheck::check(const MatchFinder::MatchResult &Result) {
const auto *MatchedDecl = Result.Nodes.getNodeAs<CallExpr>("fsetpos");
diag(MatchedDecl->getBeginLoc(),
"file position indicator should be obtained only from 'fgetpos'");
const auto *WrongFunction = Result.Nodes.getNodeAs<CallExpr>("non-fpos");
if (WrongFunction)
diag(WrongFunction->getBeginLoc(),
"fpos_t object should be passed as an argument only to 'fsetpos' or "
"'fgetpos' functions.",
DiagnosticIDs::Note);
}
} // namespace bugprone
} // namespace tidy
} // namespace clang

clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp

Context not available.
#include "../ClangTidyModule.h" #include "../ClangTidyModule.h"
#include "../ClangTidyModuleRegistry.h" #include "../ClangTidyModuleRegistry.h"
#include "../bugprone/BadSignalToKillThreadCheck.h" #include "../bugprone/BadSignalToKillThreadCheck.h"
#include "../bugprone/FsetposArgumentCheck.h"
#include "../bugprone/ReservedIdentifierCheck.h" #include "../bugprone/ReservedIdentifierCheck.h"
#include "../bugprone/SignedCharMisuseCheck.h" #include "../bugprone/SignedCharMisuseCheck.h"
#include "../bugprone/SpuriouslyWakeUpFunctionsCheck.h" #include "../bugprone/SpuriouslyWakeUpFunctionsCheck.h"
Context not available.
CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c"); CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c");
// FIO // FIO
CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c"); CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c");
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

Can you reorder to below fio38-c?

aaron.ballman: Can you reorder to below fio38-c?
CheckFactories.registerCheck<bugprone::FsetposArgumentCheck>("cert-fio44-c");
// ERR // ERR
CheckFactories.registerCheck<StrToNumCheck>("cert-err34-c"); CheckFactories.registerCheck<StrToNumCheck>("cert-err34-c");
// MSC // MSC
Context not available.

clang-tools-extra/docs/ReleaseNotes.rst

Context not available.
Finds non-const global variables as described in check I.2 of C++ Core Finds non-const global variables as described in check I.2 of C++ Core
Guidelines. Guidelines.
- New :doc:`bugprone-fsetpos-argument-check
<clang-tidy/checks/bugprone-fsetpos-argument-check>` check.
Finds call of ``fsetpos`` functions, which does not have file position indicator
obtained from ``fgetpos``.
- New :doc:`bugprone-misplaced-pointer-arithmetic-in-alloc - New :doc:`bugprone-misplaced-pointer-arithmetic-in-alloc
<clang-tidy/checks/bugprone-misplaced-pointer-arithmetic-in-alloc>` check. <clang-tidy/checks/bugprone-misplaced-pointer-arithmetic-in-alloc>` check.
Context not available.
:doc:`bugprone-reserved-identifier :doc:`bugprone-reserved-identifier
<clang-tidy/checks/bugprone-reserved-identifier>` was added. <clang-tidy/checks/bugprone-reserved-identifier>` was added.
- New alias :doc:`cert-fio44-c
<clang-tidy/checks/cert-fio44-c>` to
:doc:`bugprone-fsetpos-argument-check
<clang-tidy/checks/bugprone-fsetpos-argument-check>` was added.
- New alias :doc:`cert-str34-c - New alias :doc:`cert-str34-c
<clang-tidy/checks/cert-str34-c>` to <clang-tidy/checks/cert-str34-c>` to
:doc:`bugprone-signed-char-misuse :doc:`bugprone-signed-char-misuse
Context not available.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please use double back-ticks to highlight language constructs.

Eugene.Zelenko: Please use double back-ticks to highlight language constructs.

clang-tools-extra/docs/clang-tidy/checks/bugprone-fsetpos-argument-check.rst

  • This file was added.
.. title:: clang-tidy - bugprone-fsetpos-argument-check
bugprone-fsetpos-argument-check
===============================
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

The underlines here don't look like they are correct.

aaron.ballman: The underlines here don't look like they are correct.
Finds call of ``fsetpos`` functions, which does not have file position indicator
obtained from ``fgetpos``.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please use double back-ticks to highlight language constructs.

Eugene.Zelenko: Please use double back-ticks to highlight language constructs.
.. code-block:: c
#include <stdio.h>
#include <string.h>
int opener(FILE *file) {
int rc;
fpos_t offset;
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please indent code.

Eugene.Zelenko: Please indent code.
memset(&offset, 0, sizeof(offset));
if (file == NULL) {
return -1;
}
/* Read in data from file */
rc = fsetpos(file, &offset);
if (rc != 0 ) {
return rc;
}
return 0;
}
This check corresponds to the CERT C Coding Standard rule
`FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
aaron.ballmanUnsubmitted
Done
ReplyInline Actions

the CERT C Coding Standard rule

aaron.ballman: the CERT C Coding Standard rule
<https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152071>`_.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please add newline.

Eugene.Zelenko: Please add newline.

clang-tools-extra/docs/clang-tidy/checks/cert-fio44-c.rst

  • This file was added.
.. title:: clang-tidy - cert-fio44-c
.. meta::
:http-equiv=refresh: 5;URL=bugprone-fsetpos-argument-check.html
cert-fio44-c
============
The cert-fio44-c check is an alias, please see
`bugprone-fsetpos-argument-check <bugprone-fsetpos-argument-check.html>`_
for more information.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please add newline.

Eugene.Zelenko: Please add newline.

clang-tools-extra/docs/clang-tidy/checks/list.rst

Context not available.
`bugprone-fold-init-type <bugprone-fold-init-type.html>`_, `bugprone-fold-init-type <bugprone-fold-init-type.html>`_,
`bugprone-forward-declaration-namespace <bugprone-forward-declaration-namespace.html>`_, `bugprone-forward-declaration-namespace <bugprone-forward-declaration-namespace.html>`_,
`bugprone-forwarding-reference-overload <bugprone-forwarding-reference-overload.html>`_, `bugprone-forwarding-reference-overload <bugprone-forwarding-reference-overload.html>`_,
`bugprone-fsetpos-argument-check <bugprone-fsetpos-argument-check>` _,
`bugprone-inaccurate-erase <bugprone-inaccurate-erase.html>`_, "Yes" `bugprone-inaccurate-erase <bugprone-inaccurate-erase.html>`_, "Yes"
`bugprone-incorrect-roundings <bugprone-incorrect-roundings.html>`_, `bugprone-incorrect-roundings <bugprone-incorrect-roundings.html>`_,
`bugprone-infinite-loop <bugprone-infinite-loop.html>`_, `bugprone-infinite-loop <bugprone-infinite-loop.html>`_,
Context not available.
`cert-err09-cpp <cert-err09-cpp.html>`_, `misc-throw-by-value-catch-by-reference <misc-throw-by-value-catch-by-reference.html>`_, `cert-err09-cpp <cert-err09-cpp.html>`_, `misc-throw-by-value-catch-by-reference <misc-throw-by-value-catch-by-reference.html>`_,
`cert-err61-cpp <cert-err61-cpp.html>`_, `misc-throw-by-value-catch-by-reference <misc-throw-by-value-catch-by-reference.html>`_, `cert-err61-cpp <cert-err61-cpp.html>`_, `misc-throw-by-value-catch-by-reference <misc-throw-by-value-catch-by-reference.html>`_,
`cert-fio38-c <cert-fio38-c.html>`_, `misc-non-copyable-objects <misc-non-copyable-objects.html>`_, `cert-fio38-c <cert-fio38-c.html>`_, `misc-non-copyable-objects <misc-non-copyable-objects.html>`_,
`cert-fio44-c <cert-fio44-c.html>`_, `bugprone-fsetpos-argument-check <bugprone-fsetpos-argument-check.html>`_,
`cert-msc30-c <cert-msc30-c.html>`_, `cert-msc50-cpp <cert-msc50-cpp.html>`_, `cert-msc30-c <cert-msc30-c.html>`_, `cert-msc50-cpp <cert-msc50-cpp.html>`_,
`cert-msc32-c <cert-msc32-c.html>`_, `cert-msc51-cpp <cert-msc51-cpp.html>`_, `cert-msc32-c <cert-msc32-c.html>`_, `cert-msc51-cpp <cert-msc51-cpp.html>`_,
`cert-oop11-cpp <cert-oop11-cpp.html>`_, `performance-move-constructor-init <performance-move-constructor-init.html>`_, "Yes" `cert-oop11-cpp <cert-oop11-cpp.html>`_, `performance-move-constructor-init <performance-move-constructor-init.html>`_, "Yes"
Context not available.

clang-tools-extra/test/clang-tidy/checkers/bugprone-fsetpos-argument-check.cpp

  • This file was added.
// RUN: %check_clang_tidy %s bugprone-fsetpos-argument-check %t
whisperityUnsubmitted
Not Done
ReplyInline Actions

This is a C, not a C++ file, the extension should show it. In addition, a similar test should be added that uses std::fgetpos() and std::fsetpos(), and shows the matching still works.

whisperity: This is a C, not a C++ file, the extension should show it. In addition, a similar test should…
typedef unsigned int size_t;
class FILE;
struct fpos_t {};
int fsetpos(FILE *stream, const fpos_t *pos);
int fgetpos(FILE *stream, fpos_t *pos);
void *memset(void *ptr, int value, size_t num);
//---------------------------------------------------------------------
int opener1(FILE *file) {
int rc;
fpos_t offset;
if (file == nullptr ) {
return -1;
}
rc = fgetpos(file, &offset);
if (rc != 0 ) {
return rc;
}
/* Read in data from file */
rc = fsetpos(file, &offset);
if (rc != 0 ) {
return rc;
}
return 0;
}
//---------------------------------------------------------------------
int opener2(FILE *file) {
int rc;
fpos_t offset;
memset(&offset, 0, sizeof(offset));
if (file == nullptr) {
return -1;
}
/* Read in data from file */
rc = fsetpos(file, &offset);
// CHECK-MESSAGES: :[[@LINE-1]]:8: warning: file position indicator should be obtained only from 'fgetpos' [bugprone-fsetpos-argument-check]
if (rc != 0 ) {
return rc;
}
return 0;
}
//---------------------------------------------------------------------