This is an archive of the discontinued LLVM Phabricator instance.

Differential D86531

[analyzer][StdLibraryFunctionsChecker][NFC] Use Optionals throughout the summary API
ClosedPublic

Authored by martong on Aug 25 2020, 5:06 AM.

Details

Reviewers
balazske
vsavchenko
Szelethus
Commits
rGa787a4ed16d6: [analyzer][StdLibraryFunctionsChecker] Use Optionals throughout the summary API
Summary

By using optionals, we no longer have to check the validity of types that we
get from a lookup. This way, the definition of the summaries have a declarative
form, there are no superflous conditions in the source code.

Diff Detail

Event Timeline

martong created this revision.Aug 25 2020, 5:06 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptAug 25 2020, 5:06 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: cfe-commits, ASDenysPetrov, steakhal and 12 others. · View Herald Transcript
martong requested review of this revision.Aug 25 2020, 5:06 AM
martong added a child revision: D84415: [analyzer][StdLibraryFunctionsChecker] Add POSIX pthread handling functions.Aug 25 2020, 5:07 AM
martong added inline comments.Aug 25 2020, 5:45 AM
clang/test/Analysis/std-c-library-functions-POSIX-lookup.c
15

Probably I should use FileCheck with --allow-empty and with CHECK-EMPTY

martong retitled this revision from [analyzer][StdLibraryFunctionsChecker] Use Optionals throughout the summary API to [analyzer][StdLibraryFunctionsChecker][NFC] Use Optionals throughout the summary API.Aug 25 2020, 5:51 AM
Harbormaster completed remote builds in B69437: Diff 287634.Aug 25 2020, 5:57 AM
martong updated this revision to Diff 287680.Aug 25 2020, 8:38 AM
  • Use FileCheck in the lit test
Harbormaster completed remote builds in B69455: Diff 287680.Aug 25 2020, 9:18 AM
balazske added inline comments.Aug 26 2020, 3:12 AM
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
862

Why has this class different layout than GetPointerTy and GetRestrictTy (beneath that here is no ASTContext)? It would be better if all these classes look the same way: First is the operator with QualType, then operator with Optional that calls the other version of the operator. And all of these can be "unnamed" classes?

901–902

Is it better to use ACtx.VoidPtrTy?

1344

It is better to get every type at the start before adding functions, or group the functions and get some types at the start of these groups but mark the groups at least with comments.

martong marked 3 inline comments as done.Aug 26 2020, 4:42 AM
martong added inline comments.
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
862

I'd had the same thoughts before, and was thinking about that maybe a class template would suffice for all these, but then I realized the following:

To make a type const, we don't need the ASTContext, that is the reason of the difference.
However, to make a type restricted or a pointer, we need the ASTContext. This is a legacy non-symmetry from the AST.

And all of these can be "unnamed" classes?

GetPointerTy and GetRestrictTy need the ASTContext in their constructor. And you cannot define a constructor to an unnamed class because you cannot write down the nonexistent name.

901–902

I'd like to use the ACtx as less as possible: just to get the basic types. And from that on we can use our convenience API (GetConstTy, GetPointerTy, etc) to define all of the derived types... and we can do that in a declarative form (like ASTMatchters).
Also, the declarative definition of these types now look the same regardless the type is "derived" from a looked-up type or from a built-in type.

1344

Well, with looked-up types I followed the usual convention to define a variable right before using it. This means that we lookup a type just before we try to add the function which first uses that type.

However, builtin types are defined at the beginning, because they are used very often.

martong marked 3 inline comments as done.Aug 28 2020, 7:20 AM

Ping

balazske added inline comments.Aug 28 2020, 8:26 AM
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
1017

This return of empty vector and possibility of adding empty vector to range constraint is a new thing, probably it is better to check at create of range constraint (or other place) for empty range (in this case the summary could be made invalid)? But this occurs probably never because the matching type (of the max value) should be used at the same function and if the type is there the max value should be too.

1344

I still like it better if all the type variables are created at one place (can be more easy to maintain if order changes and we have one block of types and one of functions) but this is no reason to block this change.

martong updated this revision to Diff 288946.Aug 31 2020, 7:17 AM
  • Add assert in getRanges
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
1017

Alright, I added an assert to RangeConstraint::getRanges:

     const IntRangeVector &getRanges() const {
+      // When using max values for a type, the type normally should be part of
+      // the signature. Thus we must had looked up previously the type. If the
+      // type is not found then the range would be empty, but then the summary
+      // should be invalid too.
+      assert(Args.size() && "Empty range is meaningless");
       return Args;
     }
1344

I see your point, still I'd keep this way, because I this way the functions and the types they use are close to each other in the source.

Harbormaster completed remote builds in B70093: Diff 288946.Aug 31 2020, 7:52 AM
martong added a comment.Aug 31 2020, 8:32 AM

Just realized. There maybe cases when we'd like to give XMax to an arg constraint, but the type of the arg is Y (X may be a looked up type). One example for such is getchar, where the return type is Int, but we have a range constraint {0, UCharRangeMax}. Consequently, it seems to be better to remove the assert, because we will not be able to handle such cases with looked up types and their max values.

martong updated this revision to Diff 288957.Aug 31 2020, 8:34 AM
  • Revert "Add assert in getRanges"
martong updated this revision to Diff 288958.Aug 31 2020, 8:38 AM
  • Rebase to correct base
Harbormaster completed remote builds in B70102: Diff 288957.Aug 31 2020, 9:41 AM
Harbormaster completed remote builds in B70103: Diff 288958.Aug 31 2020, 10:02 AM
martong updated this revision to Diff 289099.Sep 1 2020, 12:58 AM
  • Support empty ranges
balazske accepted this revision.Sep 1 2020, 1:03 AM

Looks good now.

This revision is now accepted and ready to land.Sep 1 2020, 1:03 AM
Harbormaster completed remote builds in B70196: Diff 289099.Sep 1 2020, 1:37 AM
This revision was landed with ongoing or failed builds.Sep 1 2020, 2:37 AM
Closed by commit rGa787a4ed16d6: [analyzer][StdLibraryFunctionsChecker] Use Optionals throughout the summary API (authored by martong). · Explain Why
This revision was automatically updated to reflect the committed changes.
martong added a commit: rGa787a4ed16d6: [analyzer][StdLibraryFunctionsChecker] Use Optionals throughout the summary API.

Revision Contents

PathSize
clang/
lib/
StaticAnalyzer/
Checkers/
1228 lines
test/
Analysis/
22 lines

Diff 289108

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 LinesShow All 132 Lines▼ Show 20 Lines protected:
virtual bool checkSpecificValidity(const FunctionDecl *FD) const { virtual bool checkSpecificValidity(const FunctionDecl *FD) const {
return true; return true;
} }
}; };
/// Given a range, should the argument stay inside or outside this range? /// Given a range, should the argument stay inside or outside this range?
enum RangeKind { OutOfRange, WithinRange }; enum RangeKind { OutOfRange, WithinRange };
/// Encapsulates a single range on a single symbol within a branch. /// Encapsulates a range on a single symbol.
class RangeConstraint : public ValueConstraint { class RangeConstraint : public ValueConstraint {
RangeKind Kind; // Kind of range definition. RangeKind Kind;
IntRangeVector Args; // Polymorphic arguments. // A range is formed as a set of intervals (sub-ranges).
// E.g. {['A', 'Z'], ['a', 'z']}
//
// The default constructed RangeConstraint has an empty range set, applying
// such constraint does not involve any assumptions, thus the State remains
// unchanged. This is meaningful, if the range is dependent on a looked up
// type (e.g. [0, Socklen_tMax]). If the type is not found, then the range
// is default initialized to be empty.
IntRangeVector Ranges;
public: public:
RangeConstraint(ArgNo ArgN, RangeKind Kind, const IntRangeVector &Args) RangeConstraint(ArgNo ArgN, RangeKind Kind, const IntRangeVector &Ranges)
: ValueConstraint(ArgN), Kind(Kind), Args(Args) {} : ValueConstraint(ArgN), Kind(Kind), Ranges(Ranges) {}
const IntRangeVector &getRanges() const { return Args; } const IntRangeVector &getRanges() const { return Ranges; }
private: private:
ProgramStateRef applyAsOutOfRange(ProgramStateRef State, ProgramStateRef applyAsOutOfRange(ProgramStateRef State,
const CallEvent &Call, const CallEvent &Call,
const Summary &Summary) const; const Summary &Summary) const;
ProgramStateRef applyAsWithinRange(ProgramStateRef State, ProgramStateRef applyAsWithinRange(ProgramStateRef State,
const CallEvent &Call, const CallEvent &Call,
const Summary &Summary) const; const Summary &Summary) const;
▲ Show 20 LinesShow All 149 Lines▼ Show 20 Lines bool checkSpecificValidity(const FunctionDecl *FD) const override {
"This constraint should be applied only on a pointer type"); "This constraint should be applied only on a pointer type");
return ValidArg; return ValidArg;
} }
}; };
/// The complete list of constraints that defines a single branch. /// The complete list of constraints that defines a single branch.
typedef std::vector<ValueConstraintPtr> ConstraintSet; typedef std::vector<ValueConstraintPtr> ConstraintSet;
using ArgTypes = std::vector<QualType>; using ArgTypes = std::vector<Optional<QualType>>;
using RetType = Optional<QualType>;
// A placeholder type, we use it whenever we do not care about the concrete // A placeholder type, we use it whenever we do not care about the concrete
// type in a Signature. // type in a Signature.
const QualType Irrelevant{}; const QualType Irrelevant{};
bool static isIrrelevant(QualType T) { return T.isNull(); } bool static isIrrelevant(QualType T) { return T.isNull(); }
// The signature of a function we want to describe with a summary. This is a // The signature of a function we want to describe with a summary. This is a
// concessive signature, meaning there may be irrelevant types in the // concessive signature, meaning there may be irrelevant types in the
// signature which we do not check against a function with concrete types. // signature which we do not check against a function with concrete types.
struct Signature { // All types in the spec need to be canonical.
ArgTypes ArgTys; class Signature {
using ArgQualTypes = std::vector<QualType>;
ArgQualTypes ArgTys;
QualType RetTy; QualType RetTy;
Signature(ArgTypes ArgTys, QualType RetTy) : ArgTys(ArgTys), RetTy(RetTy) { // True if any component type is not found by lookup.
assertRetTypeSuitableForSignature(RetTy); bool Invalid = false;
for (size_t I = 0, E = ArgTys.size(); I != E; ++I) {
QualType ArgTy = ArgTys[I]; public:
assertArgTypeSuitableForSignature(ArgTy); // Construct a signature from optional types. If any of the optional types
// are not set then the signature will be invalid.
Signature(ArgTypes ArgTys, RetType RetTy) {
for (Optional<QualType> Arg : ArgTys) {
if (!Arg) {
Invalid = true;
return;
} else {
assertArgTypeSuitableForSignature(*Arg);
this->ArgTys.push_back(*Arg);
}
}
if (!RetTy) {
Invalid = true;
return;
} else {
assertRetTypeSuitableForSignature(*RetTy);
this->RetTy = *RetTy;
} }
} }
bool isInvalid() const { return Invalid; }
bool matches(const FunctionDecl *FD) const; bool matches(const FunctionDecl *FD) const;
private: private:
static void assertArgTypeSuitableForSignature(QualType T) { static void assertArgTypeSuitableForSignature(QualType T) {
assert((T.isNull() || !T->isVoidType()) && assert((T.isNull() || !T->isVoidType()) &&
"We should have no void types in the spec"); "We should have no void types in the spec");
assert((T.isNull() || T.isCanonical()) && assert((T.isNull() || T.isCanonical()) &&
"We should only have canonical types in the spec"); "We should only have canonical types in the spec");
Show All 37 Linesclass StdLibraryFunctionsChecker
/// The signature and argument constraints together contain information /// The signature and argument constraints together contain information
/// about which functions are handled by the summary. The signature can use /// about which functions are handled by the summary. The signature can use
/// "wildcards", i.e. Irrelevant types. Irrelevant type of a parameter in /// "wildcards", i.e. Irrelevant types. Irrelevant type of a parameter in
/// a signature means that type is not compared to the type of the parameter /// a signature means that type is not compared to the type of the parameter
/// in the found FunctionDecl. Argument constraints may specify additional /// in the found FunctionDecl. Argument constraints may specify additional
/// rules for the given parameter's type, those rules are checked once the /// rules for the given parameter's type, those rules are checked once the
/// signature is matched. /// signature is matched.
class Summary { class Summary {
// FIXME Probably the Signature should not be part of the Summary,
// We can remove once all overload of addToFunctionSummaryMap requires the
// Signature explicitly given.
Optional<Signature> Sign; Optional<Signature> Sign;
const InvalidationKind InvalidationKd; const InvalidationKind InvalidationKd;
Cases CaseConstraints; Cases CaseConstraints;
ConstraintSet ArgConstraints; ConstraintSet ArgConstraints;
// The function to which the summary applies. This is set after lookup and // The function to which the summary applies. This is set after lookup and
// match to the signature. // match to the signature.
const FunctionDecl *FD = nullptr; const FunctionDecl *FD = nullptr;
public: public:
Summary(ArgTypes ArgTys, QualType RetTy, InvalidationKind InvalidationKd) Summary(ArgTypes ArgTys, RetType RetTy, InvalidationKind InvalidationKd)
: Sign(Signature(ArgTys, RetTy)), InvalidationKd(InvalidationKd) {} : Sign(Signature(ArgTys, RetTy)), InvalidationKd(InvalidationKd) {}
Summary(InvalidationKind InvalidationKd) : InvalidationKd(InvalidationKd) {} Summary(InvalidationKind InvalidationKd) : InvalidationKd(InvalidationKd) {}
// FIXME Remove, once all overload of addToFunctionSummaryMap requires the
// Signature explicitly given.
Summary &setSignature(const Signature &S) { Summary &setSignature(const Signature &S) {
Sign = S; Sign = S;
return *this; return *this;
} }
Summary &Case(ConstraintSet &&CS) { Summary &Case(ConstraintSet &&CS) {
CaseConstraints.push_back(std::move(CS)); CaseConstraints.push_back(std::move(CS));
return *this; return *this;
Show All 19 Lines bool matchesAndSet(const FunctionDecl *FD) {
bool Result = Sign->matches(FD) && validateByConstraints(FD); bool Result = Sign->matches(FD) && validateByConstraints(FD);
if (Result) { if (Result) {
assert(!this->FD && "FD must not be set more than once"); assert(!this->FD && "FD must not be set more than once");
this->FD = FD; this->FD = FD;
} }
return Result; return Result;
} }
// FIXME Remove, once all overload of addToFunctionSummaryMap requires the
// Signature explicitly given.
bool hasInvalidSignature() {
assert(Sign && "Signature must be set before this query");
return Sign->isInvalid();
}
private: private:
// Once we know the exact type of the function then do sanity check on all // Once we know the exact type of the function then do sanity check on all
// the given constraints. // the given constraints.
bool validateByConstraints(const FunctionDecl *FD) const { bool validateByConstraints(const FunctionDecl *FD) const {
for (const ConstraintSet &Case : CaseConstraints) for (const ConstraintSet &Case : CaseConstraints)
for (const ValueConstraintPtr &Constraint : Case) for (const ValueConstraintPtr &Constraint : Case)
if (!Constraint->checkValidity(FD)) if (!Constraint->checkValidity(FD))
return false; return false;
▲ Show 20 LinesShow All 58 Lines▼ Show 20 Lines
const StdLibraryFunctionsChecker::ArgNo StdLibraryFunctionsChecker::Ret = const StdLibraryFunctionsChecker::ArgNo StdLibraryFunctionsChecker::Ret =
std::numeric_limits<ArgNo>::max(); std::numeric_limits<ArgNo>::max();
} // end of anonymous namespace } // end of anonymous namespace
ProgramStateRef StdLibraryFunctionsChecker::RangeConstraint::applyAsOutOfRange( ProgramStateRef StdLibraryFunctionsChecker::RangeConstraint::applyAsOutOfRange(
ProgramStateRef State, const CallEvent &Call, ProgramStateRef State, const CallEvent &Call,
const Summary &Summary) const { const Summary &Summary) const {
if (Ranges.empty())
return State;
ProgramStateManager &Mgr = State->getStateManager(); ProgramStateManager &Mgr = State->getStateManager();
SValBuilder &SVB = Mgr.getSValBuilder(); SValBuilder &SVB = Mgr.getSValBuilder();
BasicValueFactory &BVF = SVB.getBasicValueFactory(); BasicValueFactory &BVF = SVB.getBasicValueFactory();
ConstraintManager &CM = Mgr.getConstraintManager(); ConstraintManager &CM = Mgr.getConstraintManager();
QualType T = Summary.getArgType(getArgNo()); QualType T = Summary.getArgType(getArgNo());
SVal V = getArgSVal(Call, getArgNo()); SVal V = getArgSVal(Call, getArgNo());
Show All 11 LinesProgramStateRef StdLibraryFunctionsChecker::RangeConstraint::applyAsOutOfRange(
} }
return State; return State;
} }
ProgramStateRef StdLibraryFunctionsChecker::RangeConstraint::applyAsWithinRange( ProgramStateRef StdLibraryFunctionsChecker::RangeConstraint::applyAsWithinRange(
ProgramStateRef State, const CallEvent &Call, ProgramStateRef State, const CallEvent &Call,
const Summary &Summary) const { const Summary &Summary) const {
if (Ranges.empty())
return State;
ProgramStateManager &Mgr = State->getStateManager(); ProgramStateManager &Mgr = State->getStateManager();
SValBuilder &SVB = Mgr.getSValBuilder(); SValBuilder &SVB = Mgr.getSValBuilder();
BasicValueFactory &BVF = SVB.getBasicValueFactory(); BasicValueFactory &BVF = SVB.getBasicValueFactory();
ConstraintManager &CM = Mgr.getConstraintManager(); ConstraintManager &CM = Mgr.getConstraintManager();
QualType T = Summary.getArgType(getArgNo()); QualType T = Summary.getArgType(getArgNo());
SVal V = getArgSVal(Call, getArgNo()); SVal V = getArgSVal(Call, getArgNo());
▲ Show 20 LinesShow All 144 Lines▼ Show 20 Lines case NoEvalCall:
// evaluated by another checker, or evaluated conservatively. // evaluated by another checker, or evaluated conservatively.
return false; return false;
} }
llvm_unreachable("Unknown invalidation kind!"); llvm_unreachable("Unknown invalidation kind!");
} }
bool StdLibraryFunctionsChecker::Signature::matches( bool StdLibraryFunctionsChecker::Signature::matches(
const FunctionDecl *FD) const { const FunctionDecl *FD) const {
assert(!isInvalid());
// Check number of arguments: // Check number of arguments:
if (FD->param_size() != ArgTys.size()) if (FD->param_size() != ArgTys.size())
return false; return false;
// Check return type. // Check return type.
if (!isIrrelevant(RetTy)) if (!isIrrelevant(RetTy))
if (RetTy != FD->getReturnType().getCanonicalType()) if (RetTy != FD->getReturnType().getCanonicalType())
return false; return false;
Show All 28 Lines
StdLibraryFunctionsChecker::findFunctionSummary(const CallEvent &Call, StdLibraryFunctionsChecker::findFunctionSummary(const CallEvent &Call,
CheckerContext &C) const { CheckerContext &C) const {
const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(Call.getDecl()); const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(Call.getDecl());
if (!FD) if (!FD)
return None; return None;
return findFunctionSummary(FD, C); return findFunctionSummary(FD, C);
} }
static llvm::Optional<QualType> lookupType(StringRef Name, void StdLibraryFunctionsChecker::initFunctionSummaries(
const ASTContext &ACtx) { CheckerContext &C) const {
if (!FunctionSummaryMap.empty())
return;
SValBuilder &SVB = C.getSValBuilder();
BasicValueFactory &BVF = SVB.getBasicValueFactory();
const ASTContext &ACtx = BVF.getContext();
// Helper class to lookup a type by its name.
class LookupType {
const ASTContext &ACtx;
public:
LookupType(const ASTContext &ACtx) : ACtx(ACtx) {}
// Find the type. If not found then the optional is not set.
llvm::Optional<QualType> operator()(StringRef Name) {
IdentifierInfo &II = ACtx.Idents.get(Name); IdentifierInfo &II = ACtx.Idents.get(Name);
auto LookupRes = ACtx.getTranslationUnitDecl()->lookup(&II); auto LookupRes = ACtx.getTranslationUnitDecl()->lookup(&II);
if (LookupRes.size() == 0) if (LookupRes.size() == 0)
return None; return None;
// Prioritze typedef declarations. // Prioritze typedef declarations.
// This is needed in case of C struct typedefs. E.g.: // This is needed in case of C struct typedefs. E.g.:
// typedef struct FILE FILE; // typedef struct FILE FILE;
// In this case, we have a RecordDecl 'struct FILE' with the name 'FILE' and // In this case, we have a RecordDecl 'struct FILE' with the name 'FILE'
// we have a TypedefDecl with the name 'FILE'. // and we have a TypedefDecl with the name 'FILE'.
for (Decl *D : LookupRes) for (Decl *D : LookupRes)
if (auto *TD = dyn_cast<TypedefNameDecl>(D)) if (auto *TD = dyn_cast<TypedefNameDecl>(D))
return ACtx.getTypeDeclType(TD).getCanonicalType(); return ACtx.getTypeDeclType(TD).getCanonicalType();
// Find the first TypeDecl. // Find the first TypeDecl.
// There maybe cases when a function has the same name as a struct. // There maybe cases when a function has the same name as a struct.
// E.g. in POSIX: `struct stat` and the function `stat()`: // E.g. in POSIX: `struct stat` and the function `stat()`:
// int stat(const char *restrict path, struct stat *restrict buf); // int stat(const char *restrict path, struct stat *restrict buf);
for (Decl *D : LookupRes) for (Decl *D : LookupRes)
if (auto *TD = dyn_cast<TypeDecl>(D)) if (auto *TD = dyn_cast<TypeDecl>(D))
return ACtx.getTypeDeclType(TD).getCanonicalType(); return ACtx.getTypeDeclType(TD).getCanonicalType();
return None; return None;
} }
} lookupTy(ACtx);
void StdLibraryFunctionsChecker::initFunctionSummaries( // Below are auxiliary classes to handle optional types that we get as a
CheckerContext &C) const { // result of the lookup.
if (!FunctionSummaryMap.empty()) class GetRestrictTy {
return; const ASTContext &ACtx;
SValBuilder &SVB = C.getSValBuilder();
BasicValueFactory &BVF = SVB.getBasicValueFactory();
const ASTContext &ACtx = BVF.getContext();
auto getRestrictTy = [&ACtx](QualType Ty) { public:
GetRestrictTy(const ASTContext &ACtx) : ACtx(ACtx) {}
QualType operator()(QualType Ty) {
return ACtx.getLangOpts().C99 ? ACtx.getRestrictType(Ty) : Ty; return ACtx.getLangOpts().C99 ? ACtx.getRestrictType(Ty) : Ty;
}; }
Optional<QualType> operator()(Optional<QualType> Ty) {
if (Ty)
return operator()(*Ty);
return None;
}
} getRestrictTy(ACtx);
class GetPointerTy {
const ASTContext &ACtx;
public:
GetPointerTy(const ASTContext &ACtx) : ACtx(ACtx) {}
QualType operator()(QualType Ty) { return ACtx.getPointerType(Ty); }
Optional<QualType> operator()(Optional<QualType> Ty) {
if (Ty)
return operator()(*Ty);
return None;
}
} getPointerTy(ACtx);
class {
balazskeUnsubmitted
Done
ReplyInline Actions

Why has this class different layout than GetPointerTy and GetRestrictTy (beneath that here is no ASTContext)? It would be better if all these classes look the same way: First is the operator with QualType, then operator with Optional that calls the other version of the operator. And all of these can be "unnamed" classes?

balazske: Why has this class different layout than `GetPointerTy` and `GetRestrictTy` (beneath that here…
martongAuthorUnsubmitted
Done
ReplyInline Actions

I'd had the same thoughts before, and was thinking about that maybe a class template would suffice for all these, but then I realized the following:

To make a type const, we don't need the ASTContext, that is the reason of the difference.
However, to make a type restricted or a pointer, we need the ASTContext. This is a legacy non-symmetry from the AST.

And all of these can be "unnamed" classes?

GetPointerTy and GetRestrictTy need the ASTContext in their constructor. And you cannot define a constructor to an unnamed class because you cannot write down the nonexistent name.

martong: I'd had the same thoughts before, and was thinking about that maybe a class template would…
public:
Optional<QualType> operator()(Optional<QualType> Ty) {
return Ty ? Optional<QualType>(Ty->withConst()) : None;
}
QualType operator()(QualType Ty) { return Ty.withConst(); }
} getConstTy;
class GetMaxValue {
BasicValueFactory &BVF;
public:
GetMaxValue(BasicValueFactory &BVF) : BVF(BVF) {}
Optional<RangeInt> operator()(QualType Ty) {
return BVF.getMaxValue(Ty).getLimitedValue();
}
Optional<RangeInt> operator()(Optional<QualType> Ty) {
if (Ty) {
return operator()(*Ty);
}
return None;
}
} getMaxValue(BVF);
// These types are useful for writing specifications quickly, // These types are useful for writing specifications quickly,
// New specifications should probably introduce more types. // New specifications should probably introduce more types.
// Some types are hard to obtain from the AST, eg. "ssize_t". // Some types are hard to obtain from the AST, eg. "ssize_t".
// In such cases it should be possible to provide multiple variants // In such cases it should be possible to provide multiple variants
// of function summary for common cases (eg. ssize_t could be int or long // of function summary for common cases (eg. ssize_t could be int or long
// or long long, so three summary variants would be enough). // or long long, so three summary variants would be enough).
// Of course, function variants are also useful for C++ overloads. // Of course, function variants are also useful for C++ overloads.
const QualType VoidTy = ACtx.VoidTy; const QualType VoidTy = ACtx.VoidTy;
const QualType CharTy = ACtx.CharTy;
const QualType WCharTy = ACtx.WCharTy;
const QualType IntTy = ACtx.IntTy; const QualType IntTy = ACtx.IntTy;
const QualType UnsignedIntTy = ACtx.UnsignedIntTy; const QualType UnsignedIntTy = ACtx.UnsignedIntTy;
const QualType LongTy = ACtx.LongTy; const QualType LongTy = ACtx.LongTy;
const QualType LongLongTy = ACtx.LongLongTy; const QualType LongLongTy = ACtx.LongLongTy;
const QualType SizeTy = ACtx.getSizeType(); const QualType SizeTy = ACtx.getSizeType();
const QualType VoidPtrTy = ACtx.VoidPtrTy; // void * const QualType VoidPtrTy = getPointerTy(VoidTy); // void *
const QualType IntPtrTy = ACtx.getPointerType(IntTy); // int * const QualType IntPtrTy = getPointerTy(IntTy); // int *
balazskeUnsubmitted
Done
ReplyInline Actions

Is it better to use ACtx.VoidPtrTy?

balazske: Is it better to use `ACtx.VoidPtrTy`?
martongAuthorUnsubmitted
Done
ReplyInline Actions

I'd like to use the ACtx as less as possible: just to get the basic types. And from that on we can use our convenience API (GetConstTy, GetPointerTy, etc) to define all of the derived types... and we can do that in a declarative form (like ASTMatchters).
Also, the declarative definition of these types now look the same regardless the type is "derived" from a looked-up type or from a built-in type.

martong: I'd like to use the `ACtx` as less as possible: just to get the basic types. And from that on…
const QualType UnsignedIntPtrTy = const QualType UnsignedIntPtrTy =
ACtx.getPointerType(UnsignedIntTy); // unsigned int * getPointerTy(UnsignedIntTy); // unsigned int *
const QualType VoidPtrRestrictTy = getRestrictTy(VoidPtrTy); const QualType VoidPtrRestrictTy = getRestrictTy(VoidPtrTy);
const QualType ConstVoidPtrTy = const QualType ConstVoidPtrTy =
ACtx.getPointerType(ACtx.VoidTy.withConst()); // const void * getPointerTy(getConstTy(VoidTy)); // const void *
const QualType CharPtrTy = ACtx.getPointerType(ACtx.CharTy); // char * const QualType CharPtrTy = getPointerTy(CharTy); // char *
const QualType CharPtrRestrictTy = getRestrictTy(CharPtrTy); const QualType CharPtrRestrictTy = getRestrictTy(CharPtrTy);
const QualType ConstCharPtrTy = const QualType ConstCharPtrTy =
ACtx.getPointerType(ACtx.CharTy.withConst()); // const char * getPointerTy(getConstTy(CharTy)); // const char *
const QualType ConstCharPtrRestrictTy = getRestrictTy(ConstCharPtrTy); const QualType ConstCharPtrRestrictTy = getRestrictTy(ConstCharPtrTy);
const QualType Wchar_tPtrTy = ACtx.getPointerType(ACtx.WCharTy); // wchar_t * const QualType Wchar_tPtrTy = getPointerTy(WCharTy); // wchar_t *
const QualType ConstWchar_tPtrTy = const QualType ConstWchar_tPtrTy =
ACtx.getPointerType(ACtx.WCharTy.withConst()); // const wchar_t * getPointerTy(getConstTy(WCharTy)); // const wchar_t *
const QualType ConstVoidPtrRestrictTy = getRestrictTy(ConstVoidPtrTy); const QualType ConstVoidPtrRestrictTy = getRestrictTy(ConstVoidPtrTy);
const RangeInt IntMax = BVF.getMaxValue(IntTy).getLimitedValue(); const RangeInt IntMax = BVF.getMaxValue(IntTy).getLimitedValue();
const RangeInt UnsignedIntMax = const RangeInt UnsignedIntMax =
BVF.getMaxValue(UnsignedIntTy).getLimitedValue(); BVF.getMaxValue(UnsignedIntTy).getLimitedValue();
const RangeInt LongMax = BVF.getMaxValue(LongTy).getLimitedValue(); const RangeInt LongMax = BVF.getMaxValue(LongTy).getLimitedValue();
const RangeInt LongLongMax = BVF.getMaxValue(LongLongTy).getLimitedValue(); const RangeInt LongLongMax = BVF.getMaxValue(LongLongTy).getLimitedValue();
const RangeInt SizeMax = BVF.getMaxValue(SizeTy).getLimitedValue(); const RangeInt SizeMax = BVF.getMaxValue(SizeTy).getLimitedValue();
Show All 26 Lines AddToFunctionSummaryMap(const ASTContext &ACtx, FunctionSummaryMapType &FSM,
: ACtx(ACtx), Map(FSM), DisplayLoadedSummaries(DisplayLoadedSummaries) { : ACtx(ACtx), Map(FSM), DisplayLoadedSummaries(DisplayLoadedSummaries) {
} }
// Add a summary to a FunctionDecl found by lookup. The lookup is performed // Add a summary to a FunctionDecl found by lookup. The lookup is performed
// by the given Name, and in the global scope. The summary will be attached // by the given Name, and in the global scope. The summary will be attached
// to the found FunctionDecl only if the signatures match. // to the found FunctionDecl only if the signatures match.
// //
// Returns true if the summary has been added, false otherwise. // Returns true if the summary has been added, false otherwise.
// FIXME remove all overloads without the explicit Signature parameter.
bool operator()(StringRef Name, Summary S) { bool operator()(StringRef Name, Summary S) {
if (S.hasInvalidSignature())
return false;
IdentifierInfo &II = ACtx.Idents.get(Name); IdentifierInfo &II = ACtx.Idents.get(Name);
auto LookupRes = ACtx.getTranslationUnitDecl()->lookup(&II); auto LookupRes = ACtx.getTranslationUnitDecl()->lookup(&II);
if (LookupRes.size() == 0) if (LookupRes.size() == 0)
return false; return false;
for (Decl *D : LookupRes) { for (Decl *D : LookupRes) {
if (auto *FD = dyn_cast<FunctionDecl>(D)) { if (auto *FD = dyn_cast<FunctionDecl>(D)) {
if (S.matchesAndSet(FD)) { if (S.matchesAndSet(FD)) {
auto Res = Map.insert({FD->getCanonicalDecl(), S}); auto Res = Map.insert({FD->getCanonicalDecl(), S});
assert(Res.second && "Function already has a summary set!"); assert(Res.second && "Function already has a summary set!");
(void)Res; (void)Res;
if (DisplayLoadedSummaries) { if (DisplayLoadedSummaries) {
llvm::errs() << "Loaded summary for: "; llvm::errs() << "Loaded summary for: ";
FD->print(llvm::errs()); FD->print(llvm::errs());
llvm::errs() << "\n"; llvm::errs() << "\n";
} }
return true; return true;
} }
} }
} }
return false; return false;
} }
// Add the summary with the Signature explicitly given.
bool operator()(StringRef Name, Signature Sign, Summary Sum) { bool operator()(StringRef Name, Signature Sign, Summary Sum) {
return operator()(Name, Sum.setSignature(Sign)); return operator()(Name, Sum.setSignature(Sign));
} }
// Add several summaries for the given name. // Add several summaries for the given name.
void operator()(StringRef Name, const std::vector<Summary> &Summaries) { void operator()(StringRef Name, const std::vector<Summary> &Summaries) {
for (const Summary &S : Summaries) for (const Summary &S : Summaries)
operator()(Name, S); operator()(Name, S);
} }
} addToFunctionSummaryMap(ACtx, FunctionSummaryMap, DisplayLoadedSummaries); } addToFunctionSummaryMap(ACtx, FunctionSummaryMap, DisplayLoadedSummaries);
// We are finally ready to define specifications for all supported functions.
//
// The signature needs to have the correct number of arguments.
// However, we insert `Irrelevant' when the type is insignificant.
//
// Argument ranges should always cover all variants. If return value
// is completely unknown, omit it from the respective range set.
//
// All types in the spec need to be canonical.
//
// Every item in the list of range sets represents a particular
// execution path the analyzer would need to explore once
// the call is modeled - a new program state is constructed
// for every range set, and each range line in the range set
// corresponds to a specific constraint within this state.
//
// Upon comparing to another argument, the other argument is casted
// to the current argument's type. This avoids proper promotion but
// seems useful. For example, read() receives size_t argument,
// and its return value, which is of type ssize_t, cannot be greater
// than this argument. If we made a promotion, and the size argument
// is equal to, say, 10, then we'd impose a range of [0, 10] on the
// return value, however the correct range is [-1, 10].
//
// Please update the list of functions in the header after editing!
// Below are helpers functions to create the summaries. // Below are helpers functions to create the summaries.
auto ArgumentCondition = [](ArgNo ArgN, RangeKind Kind, auto ArgumentCondition = [](ArgNo ArgN, RangeKind Kind,
IntRangeVector Ranges) { IntRangeVector Ranges) {
return std::make_shared<RangeConstraint>(ArgN, Kind, Ranges); return std::make_shared<RangeConstraint>(ArgN, Kind, Ranges);
}; };
auto BufferSize = [](auto... Args) { auto BufferSize = [](auto... Args) {
return std::make_shared<BufferSizeConstraint>(Args...); return std::make_shared<BufferSizeConstraint>(Args...);
}; };
struct { struct {
auto operator()(RangeKind Kind, IntRangeVector Ranges) { auto operator()(RangeKind Kind, IntRangeVector Ranges) {
return std::make_shared<RangeConstraint>(Ret, Kind, Ranges); return std::make_shared<RangeConstraint>(Ret, Kind, Ranges);
} }
auto operator()(BinaryOperator::Opcode Op, ArgNo OtherArgN) { auto operator()(BinaryOperator::Opcode Op, ArgNo OtherArgN) {
return std::make_shared<ComparisonConstraint>(Ret, Op, OtherArgN); return std::make_shared<ComparisonConstraint>(Ret, Op, OtherArgN);
} }
} ReturnValueCondition; } ReturnValueCondition;
auto Range = [](RangeInt b, RangeInt e) { struct {
auto operator()(RangeInt b, RangeInt e) {
return IntRangeVector{std::pair<RangeInt, RangeInt>{b, e}}; return IntRangeVector{std::pair<RangeInt, RangeInt>{b, e}};
}; }
auto operator()(RangeInt b, Optional<RangeInt> e) {
if (e)
return IntRangeVector{std::pair<RangeInt, RangeInt>{b, *e}};
return IntRangeVector{};
balazskeUnsubmitted
Not Done
ReplyInline Actions

This return of empty vector and possibility of adding empty vector to range constraint is a new thing, probably it is better to check at create of range constraint (or other place) for empty range (in this case the summary could be made invalid)? But this occurs probably never because the matching type (of the max value) should be used at the same function and if the type is there the max value should be too.

balazske: This return of empty vector and possibility of adding empty vector to range constraint is a new…
martongAuthorUnsubmitted
Done
ReplyInline Actions

Alright, I added an assert to RangeConstraint::getRanges:

     const IntRangeVector &getRanges() const {
+      // When using max values for a type, the type normally should be part of
+      // the signature. Thus we must had looked up previously the type. If the
+      // type is not found then the range would be empty, but then the summary
+      // should be invalid too.
+      assert(Args.size() && "Empty range is meaningless");
       return Args;
     }
martong: Alright, I added an assert to RangeConstraint::getRanges: ``` const IntRangeVector…
}
} Range;
auto SingleValue = [](RangeInt v) { auto SingleValue = [](RangeInt v) {
return IntRangeVector{std::pair<RangeInt, RangeInt>{v, v}}; return IntRangeVector{std::pair<RangeInt, RangeInt>{v, v}};
}; };
auto LessThanOrEq = BO_LE; auto LessThanOrEq = BO_LE;
auto NotNull = [&](ArgNo ArgN) { auto NotNull = [&](ArgNo ArgN) {
return std::make_shared<NotNullConstraint>(ArgN); return std::make_shared<NotNullConstraint>(ArgN);
}; };
Optional<QualType> FileTy = lookupType("FILE", ACtx); Optional<QualType> FileTy = lookupTy("FILE");
Optional<QualType> FilePtrTy, FilePtrRestrictTy; Optional<QualType> FilePtrTy = getPointerTy(FileTy);
if (FileTy) { Optional<QualType> FilePtrRestrictTy = getRestrictTy(FilePtrTy);
// FILE *
FilePtrTy = ACtx.getPointerType(*FileTy);
// FILE *restrict
FilePtrRestrictTy = getRestrictTy(*FilePtrTy);
}
using RetType = QualType;
// Templates for summaries that are reused by many functions. // Templates for summaries that are reused by many functions.
auto Getc = [&]() { auto Getc = [&]() {
return Summary(ArgTypes{*FilePtrTy}, RetType{IntTy}, NoEvalCall) return Summary(ArgTypes{FilePtrTy}, RetType{IntTy}, NoEvalCall)
.Case({ReturnValueCondition(WithinRange, .Case({ReturnValueCondition(WithinRange,
{{EOFv, EOFv}, {0, UCharRangeMax}})}); {{EOFv, EOFv}, {0, UCharRangeMax}})});
}; };
auto Read = [&](RetType R, RangeInt Max) { auto Read = [&](RetType R, RangeInt Max) {
return Summary(ArgTypes{Irrelevant, Irrelevant, SizeTy}, RetType{R}, return Summary(ArgTypes{Irrelevant, Irrelevant, SizeTy}, RetType{R},
NoEvalCall) NoEvalCall)
.Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)), .Case({ReturnValueCondition(LessThanOrEq, ArgNo(2)),
ReturnValueCondition(WithinRange, Range(-1, Max))}); ReturnValueCondition(WithinRange, Range(-1, Max))});
}; };
auto Fread = [&]() { auto Fread = [&]() {
return Summary( return Summary(
ArgTypes{VoidPtrRestrictTy, SizeTy, SizeTy, *FilePtrRestrictTy}, ArgTypes{VoidPtrRestrictTy, SizeTy, SizeTy, FilePtrRestrictTy},
RetType{SizeTy}, NoEvalCall) RetType{SizeTy}, NoEvalCall)
.Case({ .Case({
ReturnValueCondition(LessThanOrEq, ArgNo(2)), ReturnValueCondition(LessThanOrEq, ArgNo(2)),
}) })
.ArgConstraint(NotNull(ArgNo(0))); .ArgConstraint(NotNull(ArgNo(0)));
}; };
auto Fwrite = [&]() { auto Fwrite = [&]() {
return Summary(ArgTypes{ConstVoidPtrRestrictTy, SizeTy, SizeTy, return Summary(ArgTypes{ConstVoidPtrRestrictTy, SizeTy, SizeTy,
*FilePtrRestrictTy}, FilePtrRestrictTy},
RetType{SizeTy}, NoEvalCall) RetType{SizeTy}, NoEvalCall)
.Case({ .Case({
ReturnValueCondition(LessThanOrEq, ArgNo(2)), ReturnValueCondition(LessThanOrEq, ArgNo(2)),
}) })
.ArgConstraint(NotNull(ArgNo(0))); .ArgConstraint(NotNull(ArgNo(0)));
}; };
auto Getline = [&](RetType R, RangeInt Max) { auto Getline = [&](RetType R, RangeInt Max) {
return Summary(ArgTypes{Irrelevant, Irrelevant, Irrelevant}, RetType{R}, return Summary(ArgTypes{Irrelevant, Irrelevant, Irrelevant}, RetType{R},
NoEvalCall) NoEvalCall)
.Case({ReturnValueCondition(WithinRange, {{-1, -1}, {1, Max}})}); .Case({ReturnValueCondition(WithinRange, {{-1, -1}, {1, Max}})});
}; };
// We are finally ready to define specifications for all supported functions.
//
// Argument ranges should always cover all variants. If return value
// is completely unknown, omit it from the respective range set.
//
// Every item in the list of range sets represents a particular
// execution path the analyzer would need to explore once
// the call is modeled - a new program state is constructed
// for every range set, and each range line in the range set
// corresponds to a specific constraint within this state.
// The isascii() family of functions. // The isascii() family of functions.
// The behavior is undefined if the value of the argument is not // The behavior is undefined if the value of the argument is not
// representable as unsigned char or is not equal to EOF. See e.g. C99 // representable as unsigned char or is not equal to EOF. See e.g. C99
// 7.4.1.2 The isalpha function (p: 181-182). // 7.4.1.2 The isalpha function (p: 181-182).
addToFunctionSummaryMap( addToFunctionSummaryMap(
"isalnum", "isalnum",
Summary(ArgTypes{IntTy}, RetType{IntTy}, EvalCallAsPure) Summary(ArgTypes{IntTy}, RetType{IntTy}, EvalCallAsPure)
// Boils down to isupper() or islower() or isdigit(). // Boils down to isupper() or islower() or isdigit().
▲ Show 20 LinesShow All 131 Lines▼ Show 20 Lines addToFunctionSummaryMap(
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
0U, WithinRange, {{EOFv, EOFv}, {0, UCharRangeMax}}))); 0U, WithinRange, {{EOFv, EOFv}, {0, UCharRangeMax}})));
addToFunctionSummaryMap( addToFunctionSummaryMap(
"toascii", Summary(ArgTypes{IntTy}, RetType{IntTy}, EvalCallAsPure) "toascii", Summary(ArgTypes{IntTy}, RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
0U, WithinRange, {{EOFv, EOFv}, {0, UCharRangeMax}}))); 0U, WithinRange, {{EOFv, EOFv}, {0, UCharRangeMax}})));
// The getc() family of functions that returns either a char or an EOF. // The getc() family of functions that returns either a char or an EOF.
if (FilePtrTy) {
addToFunctionSummaryMap("getc", Getc()); addToFunctionSummaryMap("getc", Getc());
addToFunctionSummaryMap("fgetc", Getc()); addToFunctionSummaryMap("fgetc", Getc());
}
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getchar", Summary(ArgTypes{}, RetType{IntTy}, NoEvalCall) "getchar", Summary(ArgTypes{}, RetType{IntTy}, NoEvalCall)
.Case({ReturnValueCondition( .Case({ReturnValueCondition(
WithinRange, {{EOFv, EOFv}, {0, UCharRangeMax}})})); WithinRange, {{EOFv, EOFv}, {0, UCharRangeMax}})}));
// read()-like functions that never return more than buffer size. // read()-like functions that never return more than buffer size.
if (FilePtrRestrictTy) {
addToFunctionSummaryMap("fread", Fread()); addToFunctionSummaryMap("fread", Fread());
addToFunctionSummaryMap("fwrite", Fwrite()); addToFunctionSummaryMap("fwrite", Fwrite());
}
// We are not sure how ssize_t is defined on every platform, so we // We are not sure how ssize_t is defined on every platform, so we
// provide three variants that should cover common cases. // provide three variants that should cover common cases.
// FIXME these are actually defined by POSIX and not by the C standard, we // FIXME these are actually defined by POSIX and not by the C standard, we
// should handle them together with the rest of the POSIX functions. // should handle them together with the rest of the POSIX functions.
addToFunctionSummaryMap("read", {Read(IntTy, IntMax), Read(LongTy, LongMax), addToFunctionSummaryMap("read", {Read(IntTy, IntMax), Read(LongTy, LongMax),
Read(LongLongTy, LongLongMax)}); Read(LongLongTy, LongLongMax)});
addToFunctionSummaryMap("write", {Read(IntTy, IntMax), Read(LongTy, LongMax), addToFunctionSummaryMap("write", {Read(IntTy, IntMax), Read(LongTy, LongMax),
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Lines addToFunctionSummaryMap(
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int fsync(int fildes); // int fsync(int fildes);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fsync", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall) "fsync", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
Optional<QualType> Off_tTy = lookupType("off_t", ACtx); Optional<QualType> Off_tTy = lookupTy("off_t");
if (Off_tTy)
// int truncate(const char *path, off_t length); // int truncate(const char *path, off_t length);
addToFunctionSummaryMap("truncate", addToFunctionSummaryMap(
Summary(ArgTypes{ConstCharPtrTy, *Off_tTy}, "truncate",
RetType{IntTy}, NoEvalCall) Summary(ArgTypes{ConstCharPtrTy, Off_tTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int symlink(const char *oldpath, const char *newpath); // int symlink(const char *oldpath, const char *newpath);
addToFunctionSummaryMap("symlink", addToFunctionSummaryMap("symlink",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int symlinkat(const char *oldpath, int newdirfd, const char *newpath); // int symlinkat(const char *oldpath, int newdirfd, const char *newpath);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"symlinkat", "symlinkat",
Summary(ArgTypes{ConstCharPtrTy, IntTy, ConstCharPtrTy}, RetType{IntTy}, Summary(ArgTypes{ConstCharPtrTy, IntTy, ConstCharPtrTy}, RetType{IntTy},
NoEvalCall) NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(1, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(2)))); .ArgConstraint(NotNull(ArgNo(2))));
if (Off_tTy)
// int lockf(int fd, int cmd, off_t len); // int lockf(int fd, int cmd, off_t len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"lockf", "lockf",
Summary(ArgTypes{IntTy, IntTy, *Off_tTy}, RetType{IntTy}, NoEvalCall) Summary(ArgTypes{IntTy, IntTy, Off_tTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
Optional<QualType> Mode_tTy = lookupType("mode_t", ACtx); Optional<QualType> Mode_tTy = lookupTy("mode_t");
balazskeUnsubmitted
Done
ReplyInline Actions

It is better to get every type at the start before adding functions, or group the functions and get some types at the start of these groups but mark the groups at least with comments.

balazske: It is better to get every type at the start before adding functions, or group the functions and…
martongAuthorUnsubmitted
Done
ReplyInline Actions

Well, with looked-up types I followed the usual convention to define a variable right before using it. This means that we lookup a type just before we try to add the function which first uses that type.

However, builtin types are defined at the beginning, because they are used very often.

martong: Well, with looked-up types I followed the usual convention to define a variable right before…
balazskeUnsubmitted
Not Done
ReplyInline Actions

I still like it better if all the type variables are created at one place (can be more easy to maintain if order changes and we have one block of types and one of functions) but this is no reason to block this change.

balazske: I still like it better if all the type variables are created at one place (can be more easy to…
martongAuthorUnsubmitted
Done
ReplyInline Actions

I see your point, still I'd keep this way, because I this way the functions and the types they use are close to each other in the source.

martong: I see your point, still I'd keep this way, because I this way the functions and the types they…
if (Mode_tTy)
// int creat(const char *pathname, mode_t mode); // int creat(const char *pathname, mode_t mode);
addToFunctionSummaryMap("creat", addToFunctionSummaryMap("creat", Summary(ArgTypes{ConstCharPtrTy, Mode_tTy},
Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// unsigned int sleep(unsigned int seconds); // unsigned int sleep(unsigned int seconds);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sleep", "sleep",
Summary(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}, NoEvalCall) Summary(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax)))); ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax))));
Optional<QualType> DirTy = lookupType("DIR", ACtx); Optional<QualType> DirTy = lookupTy("DIR");
Optional<QualType> DirPtrTy; Optional<QualType> DirPtrTy = getPointerTy(DirTy);
if (DirTy)
DirPtrTy = ACtx.getPointerType(*DirTy);
if (DirPtrTy)
// int dirfd(DIR *dirp); // int dirfd(DIR *dirp);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"dirfd", Summary(ArgTypes{*DirPtrTy}, RetType{IntTy}, NoEvalCall) "dirfd", Summary(ArgTypes{DirPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// unsigned int alarm(unsigned int seconds); // unsigned int alarm(unsigned int seconds);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"alarm", "alarm",
Summary(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}, NoEvalCall) Summary(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax)))); ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax))));
if (DirPtrTy)
// int closedir(DIR *dir); // int closedir(DIR *dir);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"closedir", Summary(ArgTypes{*DirPtrTy}, RetType{IntTy}, NoEvalCall) "closedir", Summary(ArgTypes{DirPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// char *strdup(const char *s); // char *strdup(const char *s);
addToFunctionSummaryMap("strdup", Summary(ArgTypes{ConstCharPtrTy}, addToFunctionSummaryMap("strdup", Summary(ArgTypes{ConstCharPtrTy},
RetType{CharPtrTy}, NoEvalCall) RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// char *strndup(const char *s, size_t n); // char *strndup(const char *s, size_t n);
addToFunctionSummaryMap( addToFunctionSummaryMap(
Show All 20 Lines if (ModelPOSIX) {
// char *getcwd(char *buf, size_t size); // char *getcwd(char *buf, size_t size);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getcwd", "getcwd",
Summary(ArgTypes{CharPtrTy, SizeTy}, RetType{CharPtrTy}, NoEvalCall) Summary(ArgTypes{CharPtrTy, SizeTy}, RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, SizeMax)))); ArgumentCondition(1, WithinRange, Range(0, SizeMax))));
if (Mode_tTy) {
// int mkdir(const char *pathname, mode_t mode); // int mkdir(const char *pathname, mode_t mode);
addToFunctionSummaryMap("mkdir", addToFunctionSummaryMap("mkdir", Summary(ArgTypes{ConstCharPtrTy, Mode_tTy},
Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int mkdirat(int dirfd, const char *pathname, mode_t mode); // int mkdirat(int dirfd, const char *pathname, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap("mkdirat",
"mkdirat", Summary(ArgTypes{IntTy, ConstCharPtrTy, *Mode_tTy}, Summary(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
}
Optional<QualType> Dev_tTy = lookupType("dev_t", ACtx); Optional<QualType> Dev_tTy = lookupTy("dev_t");
if (Mode_tTy && Dev_tTy) {
// int mknod(const char *pathname, mode_t mode, dev_t dev); // int mknod(const char *pathname, mode_t mode, dev_t dev);
addToFunctionSummaryMap( addToFunctionSummaryMap("mknod",
"mknod", Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy, *Dev_tTy}, Summary(ArgTypes{ConstCharPtrTy, Mode_tTy, Dev_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev); // int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev);
addToFunctionSummaryMap("mknodat", Summary(ArgTypes{IntTy, ConstCharPtrTy, addToFunctionSummaryMap(
*Mode_tTy, *Dev_tTy}, "mknodat", Summary(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy, Dev_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
}
if (Mode_tTy) {
// int chmod(const char *path, mode_t mode); // int chmod(const char *path, mode_t mode);
addToFunctionSummaryMap("chmod", addToFunctionSummaryMap("chmod", Summary(ArgTypes{ConstCharPtrTy, Mode_tTy},
Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags); // int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchmodat", Summary(ArgTypes{IntTy, ConstCharPtrTy, *Mode_tTy, IntTy}, "fchmodat",
Summary(ArgTypes{IntTy, ConstCharPtrTy, Mode_tTy, IntTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int fchmod(int fildes, mode_t mode); // int fchmod(int fildes, mode_t mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchmod", "fchmod", Summary(ArgTypes{IntTy, Mode_tTy}, RetType{IntTy}, NoEvalCall)
Summary(ArgTypes{IntTy, *Mode_tTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
}
Optional<QualType> Uid_tTy = lookupType("uid_t", ACtx); Optional<QualType> Uid_tTy = lookupTy("uid_t");
Optional<QualType> Gid_tTy = lookupType("gid_t", ACtx); Optional<QualType> Gid_tTy = lookupTy("gid_t");
if (Uid_tTy && Gid_tTy) {
// int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group, // int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group,
// int flags); // int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchownat", "fchownat",
Summary(ArgTypes{IntTy, ConstCharPtrTy, *Uid_tTy, *Gid_tTy, IntTy}, Summary(ArgTypes{IntTy, ConstCharPtrTy, Uid_tTy, Gid_tTy, IntTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int chown(const char *path, uid_t owner, gid_t group); // int chown(const char *path, uid_t owner, gid_t group);
addToFunctionSummaryMap( addToFunctionSummaryMap("chown",
"chown", Summary(ArgTypes{ConstCharPtrTy, *Uid_tTy, *Gid_tTy}, Summary(ArgTypes{ConstCharPtrTy, Uid_tTy, Gid_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int lchown(const char *path, uid_t owner, gid_t group); // int lchown(const char *path, uid_t owner, gid_t group);
addToFunctionSummaryMap( addToFunctionSummaryMap("lchown",
"lchown", Summary(ArgTypes{ConstCharPtrTy, *Uid_tTy, *Gid_tTy}, Summary(ArgTypes{ConstCharPtrTy, Uid_tTy, Gid_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int fchown(int fildes, uid_t owner, gid_t group); // int fchown(int fildes, uid_t owner, gid_t group);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fchown", Summary(ArgTypes{IntTy, *Uid_tTy, *Gid_tTy}, RetType{IntTy}, "fchown",
NoEvalCall) Summary(ArgTypes{IntTy, Uid_tTy, Gid_tTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(
Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
}
// int rmdir(const char *pathname); // int rmdir(const char *pathname);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"rmdir", Summary(ArgTypes{ConstCharPtrTy}, RetType{IntTy}, NoEvalCall) "rmdir", Summary(ArgTypes{ConstCharPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int chdir(const char *path); // int chdir(const char *path);
addToFunctionSummaryMap( addToFunctionSummaryMap(
Show All 26 Lines if (ModelPOSIX) {
// int unlinkat(int fd, const char *path, int flag); // int unlinkat(int fd, const char *path, int flag);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"unlinkat", "unlinkat",
Summary(ArgTypes{IntTy, ConstCharPtrTy, IntTy}, RetType{IntTy}, Summary(ArgTypes{IntTy, ConstCharPtrTy, IntTy}, RetType{IntTy},
NoEvalCall) NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
Optional<QualType> StructStatTy = lookupType("stat", ACtx); Optional<QualType> StructStatTy = lookupTy("stat");
Optional<QualType> StructStatPtrTy, StructStatPtrRestrictTy; Optional<QualType> StructStatPtrTy = getPointerTy(StructStatTy);
if (StructStatTy) { Optional<QualType> StructStatPtrRestrictTy = getRestrictTy(StructStatPtrTy);
StructStatPtrTy = ACtx.getPointerType(*StructStatTy);
StructStatPtrRestrictTy = getRestrictTy(*StructStatPtrTy);
}
if (StructStatPtrTy)
// int fstat(int fd, struct stat *statbuf); // int fstat(int fd, struct stat *statbuf);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fstat", "fstat",
Summary(ArgTypes{IntTy, *StructStatPtrTy}, RetType{IntTy}, NoEvalCall) Summary(ArgTypes{IntTy, StructStatPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
if (StructStatPtrRestrictTy) {
// int stat(const char *restrict path, struct stat *restrict buf); // int stat(const char *restrict path, struct stat *restrict buf);
addToFunctionSummaryMap( addToFunctionSummaryMap("stat", Summary(ArgTypes{ConstCharPtrRestrictTy,
"stat", StructStatPtrRestrictTy},
Summary(ArgTypes{ConstCharPtrRestrictTy, *StructStatPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int lstat(const char *restrict path, struct stat *restrict buf); // int lstat(const char *restrict path, struct stat *restrict buf);
addToFunctionSummaryMap( addToFunctionSummaryMap("lstat", Summary(ArgTypes{ConstCharPtrRestrictTy,
"lstat", StructStatPtrRestrictTy},
Summary(ArgTypes{ConstCharPtrRestrictTy, *StructStatPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int fstatat(int fd, const char *restrict path, // int fstatat(int fd, const char *restrict path,
// struct stat *restrict buf, int flag); // struct stat *restrict buf, int flag);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fstatat", Summary(ArgTypes{IntTy, ConstCharPtrRestrictTy, "fstatat",
*StructStatPtrRestrictTy, IntTy}, Summary(ArgTypes{IntTy, ConstCharPtrRestrictTy, StructStatPtrRestrictTy,
IntTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2)))); .ArgConstraint(NotNull(ArgNo(2))));
}
if (DirPtrTy) {
// DIR *opendir(const char *name); // DIR *opendir(const char *name);
addToFunctionSummaryMap("opendir", Summary(ArgTypes{ConstCharPtrTy}, addToFunctionSummaryMap("opendir", Summary(ArgTypes{ConstCharPtrTy},
RetType{*DirPtrTy}, NoEvalCall) RetType{DirPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// DIR *fdopendir(int fd); // DIR *fdopendir(int fd);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fdopendir", Summary(ArgTypes{IntTy}, RetType{*DirPtrTy}, NoEvalCall) "fdopendir", Summary(ArgTypes{IntTy}, RetType{DirPtrTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))); Range(0, IntMax))));
}
// int isatty(int fildes); // int isatty(int fildes);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"isatty", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall) "isatty", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
if (FilePtrTy) {
// FILE *popen(const char *command, const char *type); // FILE *popen(const char *command, const char *type);
addToFunctionSummaryMap("popen", addToFunctionSummaryMap("popen",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{*FilePtrTy}, NoEvalCall) RetType{FilePtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int pclose(FILE *stream); // int pclose(FILE *stream);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"pclose", Summary(ArgTypes{*FilePtrTy}, RetType{IntTy}, NoEvalCall) "pclose", Summary(ArgTypes{FilePtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
}
// int close(int fildes); // int close(int fildes);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"close", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall) "close", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// long fpathconf(int fildes, int name); // long fpathconf(int fildes, int name);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fpathconf", "fpathconf",
Summary(ArgTypes{IntTy, IntTy}, RetType{LongTy}, NoEvalCall) Summary(ArgTypes{IntTy, IntTy}, RetType{LongTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// long pathconf(const char *path, int name); // long pathconf(const char *path, int name);
addToFunctionSummaryMap("pathconf", Summary(ArgTypes{ConstCharPtrTy, IntTy}, addToFunctionSummaryMap("pathconf", Summary(ArgTypes{ConstCharPtrTy, IntTy},
RetType{LongTy}, NoEvalCall) RetType{LongTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
if (FilePtrTy)
// FILE *fdopen(int fd, const char *mode); // FILE *fdopen(int fd, const char *mode);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fdopen", Summary(ArgTypes{IntTy, ConstCharPtrTy}, "fdopen",
RetType{*FilePtrTy}, NoEvalCall) Summary(ArgTypes{IntTy, ConstCharPtrTy}, RetType{FilePtrTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
if (DirPtrTy) {
// void rewinddir(DIR *dir); // void rewinddir(DIR *dir);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"rewinddir", Summary(ArgTypes{*DirPtrTy}, RetType{VoidTy}, NoEvalCall) "rewinddir", Summary(ArgTypes{DirPtrTy}, RetType{VoidTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// void seekdir(DIR *dirp, long loc); // void seekdir(DIR *dirp, long loc);
addToFunctionSummaryMap("seekdir", Summary(ArgTypes{*DirPtrTy, LongTy}, addToFunctionSummaryMap("seekdir", Summary(ArgTypes{DirPtrTy, LongTy},
RetType{VoidTy}, NoEvalCall) RetType{VoidTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
}
// int rand_r(unsigned int *seedp); // int rand_r(unsigned int *seedp);
addToFunctionSummaryMap("rand_r", Summary(ArgTypes{UnsignedIntPtrTy}, addToFunctionSummaryMap("rand_r", Summary(ArgTypes{UnsignedIntPtrTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int strcasecmp(const char *s1, const char *s2); // int strcasecmp(const char *s1, const char *s2);
addToFunctionSummaryMap("strcasecmp", addToFunctionSummaryMap("strcasecmp",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy}, Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{IntTy}, EvalCallAsPure) RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))); .ArgConstraint(NotNull(ArgNo(1))));
// int strncasecmp(const char *s1, const char *s2, size_t n); // int strncasecmp(const char *s1, const char *s2, size_t n);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"strncasecmp", Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy, SizeTy}, "strncasecmp", Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy, SizeTy},
RetType{IntTy}, EvalCallAsPure) RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
2, WithinRange, Range(0, SizeMax)))); 2, WithinRange, Range(0, SizeMax))));
if (FilePtrTy && Off_tTy) {
// int fileno(FILE *stream); // int fileno(FILE *stream);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"fileno", Summary(ArgTypes{*FilePtrTy}, RetType{IntTy}, NoEvalCall) "fileno", Summary(ArgTypes{FilePtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int fseeko(FILE *stream, off_t offset, int whence); // int fseeko(FILE *stream, off_t offset, int whence);
addToFunctionSummaryMap("fseeko", addToFunctionSummaryMap(
Summary(ArgTypes{*FilePtrTy, *Off_tTy, IntTy}, "fseeko",
RetType{IntTy}, NoEvalCall) Summary(ArgTypes{FilePtrTy, Off_tTy, IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// off_t ftello(FILE *stream); // off_t ftello(FILE *stream);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"ftello", Summary(ArgTypes{*FilePtrTy}, RetType{*Off_tTy}, NoEvalCall) "ftello", Summary(ArgTypes{FilePtrTy}, RetType{Off_tTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
}
if (Off_tTy) {
Optional<RangeInt> Off_tMax = BVF.getMaxValue(*Off_tTy).getLimitedValue();
Optional<RangeInt> Off_tMax = getMaxValue(Off_tTy);
// void *mmap(void *addr, size_t length, int prot, int flags, int fd, // void *mmap(void *addr, size_t length, int prot, int flags, int fd,
// off_t offset); // off_t offset);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mmap", "mmap",
Summary(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, *Off_tTy}, Summary(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, Off_tTy},
RetType{VoidPtrTy}, NoEvalCall) RetType{VoidPtrTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(1, SizeMax))) ArgumentCondition(4, WithinRange, Range(0, Off_tMax))));
.ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, *Off_tMax))));
}
Optional<QualType> Off64_tTy = lookupType("off64_t", ACtx); Optional<QualType> Off64_tTy = lookupTy("off64_t");
Optional<RangeInt> Off64_tMax; Optional<RangeInt> Off64_tMax = getMaxValue(Off_tTy);
if (Off64_tTy) {
Off64_tMax = BVF.getMaxValue(*Off_tTy).getLimitedValue();
// void *mmap64(void *addr, size_t length, int prot, int flags, int fd, // void *mmap64(void *addr, size_t length, int prot, int flags, int fd,
// off64_t offset); // off64_t offset);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"mmap64", "mmap64",
Summary(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, *Off64_tTy}, Summary(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, Off64_tTy},
RetType{VoidPtrTy}, NoEvalCall) RetType{VoidPtrTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(1, SizeMax))) ArgumentCondition(4, WithinRange, Range(0, Off64_tMax))));
.ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, *Off64_tMax))));
}
// int pipe(int fildes[2]); // int pipe(int fildes[2]);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"pipe", Summary(ArgTypes{IntPtrTy}, RetType{IntTy}, NoEvalCall) "pipe", Summary(ArgTypes{IntPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
if (Off_tTy)
// off_t lseek(int fildes, off_t offset, int whence); // off_t lseek(int fildes, off_t offset, int whence);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"lseek", Summary(ArgTypes{IntTy, *Off_tTy, IntTy}, RetType{*Off_tTy}, "lseek",
NoEvalCall) Summary(ArgTypes{IntTy, Off_tTy, IntTy}, RetType{Off_tTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(
Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
Optional<QualType> Ssize_tTy = lookupType("ssize_t", ACtx); Optional<QualType> Ssize_tTy = lookupTy("ssize_t");
if (Ssize_tTy) {
// ssize_t readlink(const char *restrict path, char *restrict buf, // ssize_t readlink(const char *restrict path, char *restrict buf,
// size_t bufsize); // size_t bufsize);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"readlink", "readlink",
Summary(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy}, Summary(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
RetType{*Ssize_tTy}, NoEvalCall) RetType{Ssize_tTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))) .ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))) /*BufSize=*/ArgNo(2)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, SizeMax)))); ArgumentCondition(2, WithinRange, Range(0, SizeMax))));
// ssize_t readlinkat(int fd, const char *restrict path, // ssize_t readlinkat(int fd, const char *restrict path,
// char *restrict buf, size_t bufsize); // char *restrict buf, size_t bufsize);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"readlinkat", Summary(ArgTypes{IntTy, ConstCharPtrRestrictTy, "readlinkat",
CharPtrRestrictTy, SizeTy}, Summary(
RetType{*Ssize_tTy}, NoEvalCall) ArgTypes{IntTy, ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
.ArgConstraint(ArgumentCondition(0, WithinRange, RetType{Ssize_tTy}, NoEvalCall)
Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))) .ArgConstraint(NotNull(ArgNo(2)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2),
/*BufSize=*/ArgNo(3))) /*BufSize=*/ArgNo(3)))
.ArgConstraint(ArgumentCondition( .ArgConstraint(
3, WithinRange, Range(0, SizeMax)))); ArgumentCondition(3, WithinRange, Range(0, SizeMax))));
}
// int renameat(int olddirfd, const char *oldpath, int newdirfd, const char // int renameat(int olddirfd, const char *oldpath, int newdirfd, const char
// *newpath); // *newpath);
addToFunctionSummaryMap("renameat", Summary(ArgTypes{IntTy, ConstCharPtrTy, addToFunctionSummaryMap("renameat", Summary(ArgTypes{IntTy, ConstCharPtrTy,
IntTy, ConstCharPtrTy}, IntTy, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(3)))); .ArgConstraint(NotNull(ArgNo(3))));
// char *realpath(const char *restrict file_name, // char *realpath(const char *restrict file_name,
// char *restrict resolved_name); // char *restrict resolved_name);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"realpath", Summary(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy}, "realpath", Summary(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy},
RetType{CharPtrTy}, NoEvalCall) RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
QualType CharPtrConstPtr = ACtx.getPointerType(CharPtrTy.withConst()); QualType CharPtrConstPtr = getPointerTy(getConstTy(CharPtrTy));
// int execv(const char *path, char *const argv[]); // int execv(const char *path, char *const argv[]);
addToFunctionSummaryMap("execv", addToFunctionSummaryMap("execv",
Summary(ArgTypes{ConstCharPtrTy, CharPtrConstPtr}, Summary(ArgTypes{ConstCharPtrTy, CharPtrConstPtr},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int execvp(const char *file, char *const argv[]); // int execvp(const char *file, char *const argv[]);
addToFunctionSummaryMap("execvp", addToFunctionSummaryMap("execvp",
Summary(ArgTypes{ConstCharPtrTy, CharPtrConstPtr}, Summary(ArgTypes{ConstCharPtrTy, CharPtrConstPtr},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))); .ArgConstraint(NotNull(ArgNo(0))));
// int getopt(int argc, char * const argv[], const char *optstring); // int getopt(int argc, char * const argv[], const char *optstring);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getopt", "getopt",
Summary(ArgTypes{IntTy, CharPtrConstPtr, ConstCharPtrTy}, Summary(ArgTypes{IntTy, CharPtrConstPtr, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2)))); .ArgConstraint(NotNull(ArgNo(2))));
Optional<QualType> StructSockaddrTy = lookupType("sockaddr", ACtx); Optional<QualType> StructSockaddrTy = lookupTy("sockaddr");
Optional<QualType> StructSockaddrPtrTy, ConstStructSockaddrPtrTy, Optional<QualType> StructSockaddrPtrTy = getPointerTy(StructSockaddrTy);
StructSockaddrPtrRestrictTy, ConstStructSockaddrPtrRestrictTy; Optional<QualType> ConstStructSockaddrPtrTy =
if (StructSockaddrTy) { getPointerTy(getConstTy(StructSockaddrTy));
StructSockaddrPtrTy = ACtx.getPointerType(*StructSockaddrTy); Optional<QualType> StructSockaddrPtrRestrictTy =
ConstStructSockaddrPtrTy = getRestrictTy(StructSockaddrPtrTy);
ACtx.getPointerType(StructSockaddrTy->withConst()); Optional<QualType> ConstStructSockaddrPtrRestrictTy =
StructSockaddrPtrRestrictTy = getRestrictTy(*StructSockaddrPtrTy); getRestrictTy(ConstStructSockaddrPtrTy);
ConstStructSockaddrPtrRestrictTy = Optional<QualType> Socklen_tTy = lookupTy("socklen_t");
getRestrictTy(*ConstStructSockaddrPtrTy); Optional<QualType> Socklen_tPtrTy = getPointerTy(Socklen_tTy);
} Optional<QualType> Socklen_tPtrRestrictTy = getRestrictTy(Socklen_tPtrTy);
Optional<QualType> Socklen_tTy = lookupType("socklen_t", ACtx); Optional<RangeInt> Socklen_tMax = getMaxValue(Socklen_tTy);
Optional<QualType> Socklen_tPtrTy, Socklen_tPtrRestrictTy;
Optional<RangeInt> Socklen_tMax;
if (Socklen_tTy) {
Socklen_tMax = BVF.getMaxValue(*Socklen_tTy).getLimitedValue();
Socklen_tPtrTy = ACtx.getPointerType(*Socklen_tTy);
Socklen_tPtrRestrictTy = getRestrictTy(*Socklen_tPtrTy);
}
// In 'socket.h' of some libc implementations with C99, sockaddr parameter // In 'socket.h' of some libc implementations with C99, sockaddr parameter
// is a transparent union of the underlying sockaddr_ family of pointers // is a transparent union of the underlying sockaddr_ family of pointers
// instead of being a pointer to struct sockaddr. In these cases, the // instead of being a pointer to struct sockaddr. In these cases, the
// standardized signature will not match, thus we try to match with another // standardized signature will not match, thus we try to match with another
// signature that has the joker Irrelevant type. We also remove those // signature that has the joker Irrelevant type. We also remove those
// constraints which require pointer types for the sockaddr param. // constraints which require pointer types for the sockaddr param.
if (StructSockaddrPtrRestrictTy && Socklen_tPtrRestrictTy) { auto Accept =
auto Accept = Summary(NoEvalCall) Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)));
Range(0, IntMax)));
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"accept", "accept",
// int accept(int socket, struct sockaddr *restrict address, // int accept(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
Signature(ArgTypes{IntTy, *StructSockaddrPtrRestrictTy, Signature(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
*Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Accept)) Accept))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"accept", "accept",
Signature(ArgTypes{IntTy, Irrelevant, *Socklen_tPtrRestrictTy}, Signature(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}), RetType{IntTy}),
Accept); Accept);
// int bind(int socket, const struct sockaddr *address, socklen_t // int bind(int socket, const struct sockaddr *address, socklen_t
// address_len); // address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"bind", "bind",
Summary(ArgTypes{IntTy, *ConstStructSockaddrPtrTy, *Socklen_tTy}, Summary(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(1), /*BufSize=*/ArgNo(2))) BufferSize(/*Buffer=*/ArgNo(1), /*BufSize=*/ArgNo(2)))
.ArgConstraint(ArgumentCondition(2, WithinRange, .ArgConstraint(
Range(0, *Socklen_tMax))))) ArgumentCondition(2, WithinRange, Range(0, Socklen_tMax)))))
// Do not add constraints on sockaddr. // Do not add constraints on sockaddr.
addToFunctionSummaryMap( addToFunctionSummaryMap(
"bind", Summary(ArgTypes{IntTy, Irrelevant, *Socklen_tTy}, "bind", Summary(ArgTypes{IntTy, Irrelevant, Socklen_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(ArgumentCondition( .ArgConstraint(ArgumentCondition(
2, WithinRange, Range(0, *Socklen_tMax)))); 2, WithinRange, Range(0, Socklen_tMax))));
// int getpeername(int socket, struct sockaddr *restrict address, // int getpeername(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"getpeername", "getpeername", Summary(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Summary(ArgTypes{IntTy, *StructSockaddrPtrRestrictTy, Socklen_tPtrRestrictTy},
*Socklen_tPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(ArgumentCondition(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) 0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))))) .ArgConstraint(NotNull(ArgNo(2)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getpeername", "getpeername",
Summary(ArgTypes{IntTy, Irrelevant, *Socklen_tPtrRestrictTy}, Summary(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int getsockname(int socket, struct sockaddr *restrict address, // int getsockname(int socket, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"getsockname", "getsockname", Summary(ArgTypes{IntTy, StructSockaddrPtrRestrictTy,
Summary(ArgTypes{IntTy, *StructSockaddrPtrRestrictTy, Socklen_tPtrRestrictTy},
*Socklen_tPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(ArgumentCondition(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) 0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))) .ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))))) .ArgConstraint(NotNull(ArgNo(2)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getsockname", "getsockname",
Summary(ArgTypes{IntTy, Irrelevant, *Socklen_tPtrRestrictTy}, Summary(ArgTypes{IntTy, Irrelevant, Socklen_tPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int connect(int socket, const struct sockaddr *address, socklen_t // int connect(int socket, const struct sockaddr *address, socklen_t
// address_len); // address_len);
if (!addToFunctionSummaryMap( if (!addToFunctionSummaryMap(
"connect", "connect",
Summary(ArgTypes{IntTy, *ConstStructSockaddrPtrTy, *Socklen_tTy}, Summary(ArgTypes{IntTy, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))) ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))))) .ArgConstraint(NotNull(ArgNo(1)))))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"connect", Summary(ArgTypes{IntTy, Irrelevant, *Socklen_tTy}, "connect", Summary(ArgTypes{IntTy, Irrelevant, Socklen_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))); Range(0, IntMax))));
auto Recvfrom = Summary(NoEvalCall) auto Recvfrom =
.ArgConstraint(ArgumentCondition(0, WithinRange, Summary(NoEvalCall)
Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))); /*BufSize=*/ArgNo(2)));
if (Ssize_tTy && if (!addToFunctionSummaryMap(
!addToFunctionSummaryMap(
"recvfrom", "recvfrom",
// ssize_t recvfrom(int socket, void *restrict buffer, // ssize_t recvfrom(int socket, void *restrict buffer,
// size_t length, // size_t length,
// int flags, struct sockaddr *restrict address, // int flags, struct sockaddr *restrict address,
// socklen_t *restrict address_len); // socklen_t *restrict address_len);
Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy,
*StructSockaddrPtrRestrictTy, StructSockaddrPtrRestrictTy,
*Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{*Ssize_tTy}), RetType{Ssize_tTy}),
Recvfrom)) Recvfrom))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recvfrom", "recvfrom",
Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, VoidPtrRestrictTy, SizeTy, IntTy,
Irrelevant, *Socklen_tPtrRestrictTy}, Irrelevant, Socklen_tPtrRestrictTy},
RetType{*Ssize_tTy}), RetType{Ssize_tTy}),
Recvfrom); Recvfrom);
auto Sendto = Summary(NoEvalCall) auto Sendto =
.ArgConstraint( Summary(NoEvalCall)
ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2))); /*BufSize=*/ArgNo(2)));
if (Ssize_tTy && if (!addToFunctionSummaryMap(
!addToFunctionSummaryMap(
"sendto", "sendto",
// ssize_t sendto(int socket, const void *message, size_t length, // ssize_t sendto(int socket, const void *message, size_t length,
// int flags, const struct sockaddr *dest_addr, // int flags, const struct sockaddr *dest_addr,
// socklen_t dest_len); // socklen_t dest_len);
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy,
*ConstStructSockaddrPtrTy, *Socklen_tTy}, ConstStructSockaddrPtrTy, Socklen_tTy},
RetType{*Ssize_tTy}), RetType{Ssize_tTy}),
Sendto)) Sendto))
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sendto", "sendto",
Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Irrelevant, Signature(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy, Irrelevant,
*Socklen_tTy}, Socklen_tTy},
RetType{*Ssize_tTy}), RetType{Ssize_tTy}),
Sendto); Sendto);
}
// int listen(int sockfd, int backlog); // int listen(int sockfd, int backlog);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"listen", Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, NoEvalCall) "listen", Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))); ArgumentCondition(0, WithinRange, Range(0, IntMax))));
if (Ssize_tTy)
// ssize_t recv(int sockfd, void *buf, size_t len, int flags); // ssize_t recv(int sockfd, void *buf, size_t len, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recv", Summary(ArgTypes{IntTy, VoidPtrTy, SizeTy, IntTy}, "recv",
RetType{*Ssize_tTy}, NoEvalCall) Summary(ArgTypes{IntTy, VoidPtrTy, SizeTy, IntTy}, RetType{Ssize_tTy},
.ArgConstraint( NoEvalCall)
ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))); /*BufSize=*/ArgNo(2))));
Optional<QualType> StructMsghdrTy = lookupType("msghdr", ACtx); Optional<QualType> StructMsghdrTy = lookupTy("msghdr");
Optional<QualType> StructMsghdrPtrTy, ConstStructMsghdrPtrTy; Optional<QualType> StructMsghdrPtrTy = getPointerTy(StructMsghdrTy);
if (StructMsghdrTy) { Optional<QualType> ConstStructMsghdrPtrTy =
StructMsghdrPtrTy = ACtx.getPointerType(*StructMsghdrTy); getPointerTy(getConstTy(StructMsghdrTy));
ConstStructMsghdrPtrTy = ACtx.getPointerType(StructMsghdrTy->withConst());
}
if (Ssize_tTy && StructMsghdrPtrTy)
// ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags); // ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"recvmsg", Summary(ArgTypes{IntTy, *StructMsghdrPtrTy, IntTy}, "recvmsg", Summary(ArgTypes{IntTy, StructMsghdrPtrTy, IntTy},
RetType{*Ssize_tTy}, NoEvalCall) RetType{Ssize_tTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))); Range(0, IntMax))));
if (Ssize_tTy && ConstStructMsghdrPtrTy)
// ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags); // ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"sendmsg", Summary(ArgTypes{IntTy, *ConstStructMsghdrPtrTy, IntTy}, "sendmsg", Summary(ArgTypes{IntTy, ConstStructMsghdrPtrTy, IntTy},
RetType{*Ssize_tTy}, NoEvalCall) RetType{Ssize_tTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, .ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))); Range(0, IntMax))));
if (Socklen_tTy)
// int setsockopt(int socket, int level, int option_name, // int setsockopt(int socket, int level, int option_name,
// const void *option_value, socklen_t option_len); // const void *option_value, socklen_t option_len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"setsockopt", "setsockopt",
Summary(ArgTypes{IntTy, IntTy, IntTy, ConstVoidPtrTy, *Socklen_tTy}, Summary(ArgTypes{IntTy, IntTy, IntTy, ConstVoidPtrTy, Socklen_tTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4))) BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, *Socklen_tMax)))); ArgumentCondition(4, WithinRange, Range(0, Socklen_tMax))));
if (Socklen_tPtrRestrictTy)
// int getsockopt(int socket, int level, int option_name, // int getsockopt(int socket, int level, int option_name,
// void *restrict option_value, // void *restrict option_value,
// socklen_t *restrict option_len); // socklen_t *restrict option_len);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getsockopt", Summary(ArgTypes{IntTy, IntTy, IntTy, VoidPtrRestrictTy, "getsockopt", Summary(ArgTypes{IntTy, IntTy, IntTy, VoidPtrRestrictTy,
*Socklen_tPtrRestrictTy}, Socklen_tPtrRestrictTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(3))) .ArgConstraint(NotNull(ArgNo(3)))
.ArgConstraint(NotNull(ArgNo(4)))); .ArgConstraint(NotNull(ArgNo(4))));
if (Ssize_tTy)
// ssize_t send(int sockfd, const void *buf, size_t len, int flags); // ssize_t send(int sockfd, const void *buf, size_t len, int flags);
addToFunctionSummaryMap( addToFunctionSummaryMap(
"send", Summary(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy}, "send",
RetType{*Ssize_tTy}, NoEvalCall) Summary(ArgTypes{IntTy, ConstVoidPtrTy, SizeTy, IntTy},
.ArgConstraint( RetType{Ssize_tTy}, NoEvalCall)
ArgumentCondition(0, WithinRange, Range(0, IntMax))) .ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1), .ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))); /*BufSize=*/ArgNo(2))));
// int socketpair(int domain, int type, int protocol, int sv[2]); // int socketpair(int domain, int type, int protocol, int sv[2]);
addToFunctionSummaryMap("socketpair", addToFunctionSummaryMap("socketpair",
Summary(ArgTypes{IntTy, IntTy, IntTy, IntPtrTy}, Summary(ArgTypes{IntTy, IntTy, IntTy, IntPtrTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(3)))); .ArgConstraint(NotNull(ArgNo(3))));
if (ConstStructSockaddrPtrRestrictTy && Socklen_tTy)
// int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen, // int getnameinfo(const struct sockaddr *restrict sa, socklen_t salen,
// char *restrict node, socklen_t nodelen, // char *restrict node, socklen_t nodelen,
// char *restrict service, // char *restrict service,
// socklen_t servicelen, int flags); // socklen_t servicelen, int flags);
// //
// This is defined in netdb.h. And contrary to 'socket.h', the sockaddr // This is defined in netdb.h. And contrary to 'socket.h', the sockaddr
// parameter is never handled as a transparent union in netdb.h // parameter is never handled as a transparent union in netdb.h
addToFunctionSummaryMap( addToFunctionSummaryMap(
"getnameinfo", "getnameinfo",
Summary(ArgTypes{*ConstStructSockaddrPtrRestrictTy, *Socklen_tTy, Summary(ArgTypes{ConstStructSockaddrPtrRestrictTy, Socklen_tTy,
CharPtrRestrictTy, *Socklen_tTy, CharPtrRestrictTy, CharPtrRestrictTy, Socklen_tTy, CharPtrRestrictTy,
*Socklen_tTy, IntTy}, Socklen_tTy, IntTy},
RetType{IntTy}, NoEvalCall) RetType{IntTy}, NoEvalCall)
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(0), /*BufSize=*/ArgNo(1))) BufferSize(/*Buffer=*/ArgNo(0), /*BufSize=*/ArgNo(1)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, *Socklen_tMax))) ArgumentCondition(1, WithinRange, Range(0, Socklen_tMax)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(2), /*BufSize=*/ArgNo(3))) BufferSize(/*Buffer=*/ArgNo(2), /*BufSize=*/ArgNo(3)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(3, WithinRange, Range(0, *Socklen_tMax))) ArgumentCondition(3, WithinRange, Range(0, Socklen_tMax)))
.ArgConstraint( .ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(4), /*BufSize=*/ArgNo(5))) BufferSize(/*Buffer=*/ArgNo(4), /*BufSize=*/ArgNo(5)))
.ArgConstraint( .ArgConstraint(
ArgumentCondition(5, WithinRange, Range(0, *Socklen_tMax)))); ArgumentCondition(5, WithinRange, Range(0, Socklen_tMax))));
} }
// Functions for testing. // Functions for testing.
if (ChecksEnabled[CK_StdCLibraryFunctionsTesterChecker]) { if (ChecksEnabled[CK_StdCLibraryFunctionsTesterChecker]) {
addToFunctionSummaryMap( addToFunctionSummaryMap(
"__two_constrained_args", "__two_constrained_args",
Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, EvalCallAsPure) Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(ArgumentCondition(0U, WithinRange, SingleValue(1))) .ArgConstraint(ArgumentCondition(0U, WithinRange, SingleValue(1)))
▲ Show 20 LinesShow All 57 LinesShow Last 20 Lines

clang/test/Analysis/std-c-library-functions-POSIX-lookup.c

  • This file was added.
// RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=apiModeling.StdCLibraryFunctions \
// RUN: -analyzer-config apiModeling.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config apiModeling.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s --allow-empty
// We test here the implementation of our summary API with Optional types. In
// this TU we do not provide declaration for any of the functions that have
// summaries. The implementation should be able to handle the nonexistent
// declarations in a way that the summary is not added to the map. We expect no
// crashes (i.e. no optionals should be 'dereferenced') and no output.
martongAuthorUnsubmitted
Done
ReplyInline Actions

Probably I should use FileCheck with --allow-empty and with CHECK-EMPTY

martong: Probably I should use FileCheck with --allow-empty and with CHECK-EMPTY
// Must have at least one call expression to initialize the summary map.
int bar(void);
void foo() {
bar();
}
// CHECK-NOT: Loaded summary for: