This is an archive of the discontinued LLVM Phabricator instance.

Differential D90691

[analyzer] Add new checker for unchecked return value.
Needs ReviewPublic

Authored by balazske on Nov 3 2020, 8:53 AM.

Details

Reviewers
Szelethus
martong
baloghadamsoftware
NoQ
vsavchenko
Summary

Add a checker that checks if a function is used without examining
its return value. The set of functions is taken from CERT rule
ERR33-C "Detect and handle standard library errors". This is a
simplified check for the problem.

Diff Detail

Unit TestsFailed

TimeTest
490 mslinux > HWAddressSanitizer-x86_64.TestCases::sizes.cpp

Event Timeline

balazske created this revision.Nov 3 2020, 8:53 AM
Herald added a reviewer: Szelethus. · View Herald TranscriptNov 3 2020, 8:53 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added subscribers: cfe-commits, steakhal, ASDenysPetrov and 13 others. · View Herald Transcript
balazske requested review of this revision.Nov 3 2020, 8:53 AM
balazske added a comment.Nov 3 2020, 9:00 AM

This is a very simplified form of the check that is implemented in D72705 but still may be useful in practical cases. This check could be a clang-tidy check but it is planned that the checker takes use of the planned new attributes to determine if a function should be checked.

Harbormaster completed remote builds in B77419: Diff 302599.Nov 3 2020, 9:45 AM
balazske added reviewers: martong, baloghadamsoftware.Nov 5 2020, 8:13 AM
Herald added a subscriber: rnkovacs. · View Herald TranscriptNov 5 2020, 8:13 AM
baloghadamsoftware added inline comments.Nov 6 2020, 3:13 AM
clang/lib/StaticAnalyzer/Checkers/UncheckedReturnValueChecker.cpp
41

Please note that the CallExpr does not necessarily stands alone. It may be wrapped into an ExprWithCleanUps. We should consider these CallExprs as unchecked too.

85

Hmm, why StringMap<>? Why not CallDescriptionMap<>?

clang/test/Analysis/unchecked-return-value.cpp
10

Please use some valid format here. E.g. scanf("%*c");

16

Please add such simple test case for all the functions we try to check. (One call is enough for every such function, either in std:: or on the top namespace.)

balazske updated this revision to Diff 303444.Nov 6 2020, 7:07 AM

Small fixes in test.

balazske marked 2 inline comments as done.Nov 6 2020, 7:09 AM
balazske added inline comments.
clang/lib/StaticAnalyzer/Checkers/UncheckedReturnValueChecker.cpp
41

It looks like that the matcher finds these occurrences too. A test was added for it.

85

CallDescriptionMap is only usable with CallEvent that is not used in this checker. Or it can be extended with lookup from FunctionDecl?

Harbormaster completed remote builds in B77882: Diff 303444.Nov 6 2020, 7:58 AM
balazske marked an inline comment as done.Nov 11 2020, 5:46 AM

Maybe it is better to have this check for every system function that has non-void return value (except specific functions)? This check is applicable to CERT rule ERR33-C, POS54-C and EXP12-C too (it is restricted but can find a part of the problems).

balazske added a comment.Nov 16 2020, 1:56 AM

Ping

Szelethus added reviewers: NoQ, vsavchenko.Feb 10 2021, 8:02 PM

Looks like a neat checker! I guess the only question is the function matching, and I don't dislike it in its current state. @martong, do you have any thoughts on this?

On another note, have you checked this on some projects yet? I expect that we might need to tone down on some of the functions if this ends up being too noisy.

clang/lib/StaticAnalyzer/Checkers/UncheckedReturnValueChecker.cpp
67–68

I suppose we need this to compensate for the fact that we can't reliably match on standard C functions. Unfortunately, using CallDescription wouldn't necessarily solve this: D81745.

85

Good point. @martong, you have used FunctionDecl based checking, do you have any thoughts here?

vsavchenko added a comment.Feb 11 2021, 12:44 AM

Great job!
I'd like to see more tests with the following cases:

  • more expressions with function calls - ternary expression, arithmetic, array literals, initializer lists, etc.
  • using/not using it in if statement with initializer
  • using/not using it in different parts of GNU statement expressions
  • calls in different parts of exception handling (both C++ and Obj-C)
  • calls in lambdas/blocks/coroutines
  • calls in different parts of C++ range-for loop
  • calls in different parts of Obj-C for loop over collections
  • calls under labels
  • calls in attributed statements (e.g. [[clang::nomerge]] foo())
  • calls in goto statements
  • calls in Obj-C @synchronized and @autoreleasepool statements
NoQ added a comment.Feb 11 2021, 7:06 AM

but it is planned that the checker takes use of the planned new attributes to determine if a function should be checked

This is literally __attribute__((warn_unused_result)) for which there already is a compiler warning.

balazske added a comment.Feb 15 2021, 2:57 AM

There is a clang-tidy check bugprone-unused-return-value that may be confusing in relation to this checker. It does similar job for a selected set of functions and with different reason.

Revision Contents

PathSize
clang/
docs/
analyzer/
18 lines
include/
clang/
StaticAnalyzer/
Checkers/
5 lines
lib/
StaticAnalyzer/
Checkers/
1 line
178 lines
test/
Analysis/
Inputs/
6 lines
69 lines

Diff 302599

clang/docs/analyzer/checkers.rst

Show First 20 LinesShow All 657 Lines▼ Show 20 Lines
Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP). Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP).
.. code-block:: c .. code-block:: c
void test() { void test() {
for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn
} }
security.UncheckedReturnValue
"""""""""""""""""""""""""""""
Warn on uses of functions whose return values must be checked (CERT: ERR33-C).
The detection is limited to the case when the return value of the function
is completely ignored. The detection is applied in C++ code too.
List of checked functions is:
FIXME: Fill the list.
.. code-block:: c
void f();
void test() {
atexit(f); // warn: return value of atexit should be checked
}
.. _security-insecureAPI-UncheckedReturn: .. _security-insecureAPI-UncheckedReturn:
security.insecureAPI.UncheckedReturn (C) security.insecureAPI.UncheckedReturn (C)
"""""""""""""""""""""""""""""""""""""""" """"""""""""""""""""""""""""""""""""""""
Warn on uses of functions whose return values must be always checked. Warn on uses of functions whose return values must be always checked.
This check detects ignored return value at calls to
'setuid', 'setgid', 'seteuid', 'setegid', 'setreuid', 'setregid'.
.. code-block:: c .. code-block:: c
void test() { void test() {
setuid(1); // warn setuid(1); // warn
} }
.. _security-insecureAPI-bcmp: .. _security-insecureAPI-bcmp:
▲ Show 20 LinesShow All 2,007 LinesShow Last 20 Lines

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 LinesShow All 920 Lines▼ Show 20 Lines
let ParentPackage = Security in { let ParentPackage = Security in {
def FloatLoopCounter : Checker<"FloatLoopCounter">, def FloatLoopCounter : Checker<"FloatLoopCounter">,
HelpText<"Warn on using a floating point value as a loop counter (CERT: " HelpText<"Warn on using a floating point value as a loop counter (CERT: "
"FLP30-C, FLP30-CPP)">, "FLP30-C, FLP30-CPP)">,
Dependencies<[SecuritySyntaxChecker]>, Dependencies<[SecuritySyntaxChecker]>,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
def UncheckedReturnValueChecker : Checker<"UncheckedReturnValue">,
HelpText<"Warn on uses of functions whose return values must be always "
"checked.">,
Documentation<HasDocumentation>;
} // end "security" } // end "security"
let ParentPackage = POS in { let ParentPackage = POS in {
def PutenvWithAuto : Checker<"34c">, def PutenvWithAuto : Checker<"34c">,
HelpText<"Finds calls to the 'putenv' function which pass a pointer to " HelpText<"Finds calls to the 'putenv' function which pass a pointer to "
"an automatic variable as the argument.">, "an automatic variable as the argument.">,
Documentation<HasDocumentation>; Documentation<HasDocumentation>;
▲ Show 20 LinesShow All 739 LinesShow Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/CMakeLists.txt

Show First 20 LinesShow All 103 Lines▼ Show 20 Linesadd_clang_library(clangStaticAnalyzerCheckers
StdLibraryFunctionsChecker.cpp StdLibraryFunctionsChecker.cpp
STLAlgorithmModeling.cpp STLAlgorithmModeling.cpp
StreamChecker.cpp StreamChecker.cpp
Taint.cpp Taint.cpp
TaintTesterChecker.cpp TaintTesterChecker.cpp
TestAfterDivZeroChecker.cpp TestAfterDivZeroChecker.cpp
TraversalChecker.cpp TraversalChecker.cpp
TrustNonnullChecker.cpp TrustNonnullChecker.cpp
UncheckedReturnValueChecker.cpp
UndefBranchChecker.cpp UndefBranchChecker.cpp
UndefCapturedBlockVarChecker.cpp UndefCapturedBlockVarChecker.cpp
UndefResultChecker.cpp UndefResultChecker.cpp
UndefinedArraySubscriptChecker.cpp UndefinedArraySubscriptChecker.cpp
UndefinedAssignmentChecker.cpp UndefinedAssignmentChecker.cpp
UninitializedObject/UninitializedObjectChecker.cpp UninitializedObject/UninitializedObjectChecker.cpp
UninitializedObject/UninitializedPointee.cpp UninitializedObject/UninitializedPointee.cpp
UnixAPIChecker.cpp UnixAPIChecker.cpp
Show All 24 Lines

clang/lib/StaticAnalyzer/Checkers/UncheckedReturnValueChecker.cpp

  • This file was added.
//===- ReturnValueChecker - Applies guaranteed return values ----*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This defines UncheckedReturnValueChecker, which checks for calls to functions
// whose return value has to be observed by the program but is ignored.
//
//===----------------------------------------------------------------------===//
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/ASTMatchers/ASTMatchers.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringMap.h"
using namespace clang;
using namespace ento;
using namespace ast_matchers;
namespace {
static bool isInNoNamespace(const FunctionDecl *FD) {
const DeclContext *DC = FD->getDeclContext();
while (DC && DC->isTransparentContext())
DC = DC->getParent();
assert(DC && "Function should have a declaration context.");
return DC->isTranslationUnit();
}
class UncheckedReturnValueChecker : public Checker<check::ASTCodeBody> {
public:
void checkASTCodeBody(const Decl *D, AnalysisManager &AM,
BugReporter &BR) const {
auto FoundCall = callExpr().bind("call");
baloghadamsoftwareUnsubmitted
Done
ReplyInline Actions

Please note that the CallExpr does not necessarily stands alone. It may be wrapped into an ExprWithCleanUps. We should consider these CallExprs as unchecked too.

baloghadamsoftware: Please note that the `CallExpr` does not necessarily stands alone. It may be wrapped into an…
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

It looks like that the matcher finds these occurrences too. A test was added for it.

balazske: It looks like that the matcher finds these occurrences too. A test was added for it.
auto CallInCompound = compoundStmt(forEach(FoundCall));
auto CallInIf = ifStmt(anyOf(hasThen(FoundCall), hasElse(FoundCall)));
auto CallInFor = forStmt(anyOf(hasBody(FoundCall), hasLoopInit(FoundCall),
hasIncrement(FoundCall)));
auto CallInForRange = cxxForRangeStmt(hasBody(FoundCall));
auto CallInWhile = whileStmt(hasBody(FoundCall));
auto CallInDo = doStmt(hasBody(FoundCall));
auto CallInCase = caseStmt(has(FoundCall));
auto CallInAnyStmt =
stmt(anyOf(CallInCompound, CallInIf, CallInFor, CallInForRange,
CallInWhile, CallInDo, CallInCase));
auto Matches =
match(stmt(findAll(CallInAnyStmt)), *D->getBody(), AM.getASTContext());
for (BoundNodes Match : Matches) {
const auto *CE = Match.getNodeAs<CallExpr>("call");
assert(CE);
const FunctionDecl *FD = CE->getDirectCallee();
if (!FD)
continue;
FD = FD->getCanonicalDecl();
if (!AM.getSourceManager().isInSystemHeader(FD->getLocation()))
continue;
if (!FD->isInStdNamespace() && !isInNoNamespace(FD))
continue;
SzelethusUnsubmitted
Not Done
ReplyInline Actions

I suppose we need this to compensate for the fact that we can't reliably match on standard C functions. Unfortunately, using CallDescription wouldn't necessarily solve this: D81745.

Szelethus: I suppose we need this to compensate for the fact that we can't reliably match on standard C…
if (isFunctionToCheck(FD)) {
// Issue a warning.
SmallString<512> buf;
llvm::raw_svector_ostream os(buf);
os << "Return value is not checked in call to '" << *FD << "'.";
PathDiagnosticLocation CELoc = PathDiagnosticLocation::createBegin(
CE, BR.getSourceManager(), AM.getAnalysisDeclContext(D));
BR.EmitBasicReport(D, getCheckerName(), "Unchecked return value",
categories::SecurityError, os.str(), CELoc);
}
}
}
private:
llvm::StringMap<int> FunctionsToCheck = {
baloghadamsoftwareUnsubmitted
Not Done
ReplyInline Actions

Hmm, why StringMap<>? Why not CallDescriptionMap<>?

baloghadamsoftware: Hmm, why `StringMap<>`? Why not `CallDescriptionMap<>`?
balazskeAuthorUnsubmitted
Done
ReplyInline Actions

CallDescriptionMap is only usable with CallEvent that is not used in this checker. Or it can be extended with lookup from FunctionDecl?

balazske: `CallDescriptionMap` is only usable with `CallEvent` that is not used in this checker. Or it…
SzelethusUnsubmitted
Not Done
ReplyInline Actions

Good point. @martong, you have used FunctionDecl based checking, do you have any thoughts here?

Szelethus: Good point. @martong, you have used `FunctionDecl` based checking, do you have any thoughts…
{"aligned_alloc", 2}, {"asctime_s", 3}, {"at_quick_exit", 1},
{"atexit", 1}, {"bsearch", 5}, {"bsearch_s", 6},
{"btowc", 1}, {"c16rtomb", 3}, {"c32rtomb", 3},
{"calloc", 2}, {"clock", 0}, {"cnd_broadcast", 1},
{"cnd_init", 1}, {"cnd_signal", 1}, {"cnd_timedwait", 3},
{"cnd_wait", 2}, {"ctime_s", 3}, {"fclose", 1},
{"fflush", 1}, {"fgetc", 1}, {"fgetpos", 2},
{"fgets", 3}, {"fgetwc", 1}, {"fopen", 2},
{"fopen_s", 3}, {"fprintf", -1}, {"fprintf_s", -1},
{"fputc", 2}, {"fputs", 2}, {"fputwc", 2},
{"fputws", 2}, {"fread", 4}, {"freopen", 3},
{"freopen_s", 4}, {"fscanf", -1}, {"fscanf_s", -1},
{"fseek", 3}, {"fsetpos", 2}, {"ftell", 1},
{"fwprintf", -1}, {"fwprintf_s", -1}, {"fwrite", 4},
{"fwscanf", -1}, {"fwscanf_s", -1}, {"getc", 1},
{"getchar", 0}, {"getenv", 1}, {"getenv_s", 4},
{"gets_s", 2}, {"getwc", 1}, {"getwchar", 0},
{"gmtime", 1}, {"gmtime_s", 2}, {"localtime", 1},
{"localtime_s", 2}, {"malloc", 1}, {"mblen", 2},
{"mbrlen", 3}, {"mbrtoc16", 4}, {"mbrtoc32", 4},
{"mbrtowc", 4}, {"mbsrtowcs", 4}, {"mbsrtowcs_s", 6},
{"mbstowcs", 3}, {"mbstowcs_s", 5}, {"mbtowc", 3},
{"memchr", 3}, {"mktime", 1}, {"mtx_init", 2},
{"mtx_lock", 1}, {"mtx_timedlock", 2}, {"mtx_trylock", 1},
{"mtx_unlock", 1}, {"printf_s", -1}, {"putc", 2},
{"putwc", 2}, {"raise", 1}, {"realloc", 2},
{"remove", 1}, {"rename", 2}, {"setlocale", 2},
{"setvbuf", 4}, {"scanf", -1}, {"scanf_s", -1},
{"signal", 2}, {"snprintf", -1}, {"snprintf_s", -1},
{"snwprintf_s", -1}, {"sprintf", -1}, {"sprintf_s", -1},
{"sscanf", -1}, {"sscanf_s", -1}, {"strchr", 2},
{"strerror_s", 3}, {"strftime", 4}, {"strpbrk", 2},
{"strrchr", 2}, {"strstr", 2}, {"strtod", 2},
{"strtof", 2}, {"strtoimax", 3}, {"strtok", 2},
{"strtok_s", 4}, {"strtol", 3}, {"strtold", 2},
{"strtoll", 3}, {"strtoumax", 3}, {"strtoul", 3},
{"strtoull", 3}, {"strxfrm", 3}, {"swprintf", -1},
{"swprintf_s", -1}, {"swscanf", -1}, {"swscanf_s", -1},
{"thrd_create", 3}, {"thrd_detach", 1}, {"thrd_join", 2},
{"thrd_sleep", 2}, {"time", 1}, {"timespec_get", 2},
{"tmpfile", 0}, {"tmpfile_s", 1}, {"tmpnam", 1},
{"tmpnam_s", 2}, {"tss_create", 2}, {"tss_get", 1},
{"tss_set", 2}, {"ungetc", 2}, {"ungetwc", 2},
{"vfprintf", 3}, {"vfprintf_s", 3}, {"vfscanf", 3},
{"vfscanf_s", 3}, {"vfwprintf", 3}, {"vfwprintf_s", 3},
{"vfwscanf", 3}, {"vfwscanf_s", 3}, {"vprintf", 2},
{"vprintf_s", 2}, {"vscanf", 2}, {"vscanf_s", 2},
{"vsnprintf", 4}, {"vsnprintf_s", 4}, {"vsnwprintf_s", 4},
{"vsprintf", 3}, {"vsprintf_s", 4}, {"vsscanf", 3},
{"vsscanf_s", 3}, {"vswprintf", 4}, {"vswprintf_s", 4},
{"vswscanf", 3}, {"vswscanf_s", 3}, {"vwprintf_s", 2},
{"vwscanf", 2}, {"vwscanf_s", 2}, {"wcrtomb", 3},
{"wcrtomb_s", 5}, {"wcschr", 2}, {"wcsftime", 4},
{"wcspbrk", 2}, {"wcsrchr", 2}, {"wcsrtombs", 4},
{"wcsrtombs_s", 5}, {"wcsstr", 2}, {"wcstod", 2},
{"wcstof", 2}, {"wcstoimax", 3}, {"wcstok", 3},
{"wcstok_s", 4}, {"wcstol", 3}, {"wcstold", 2},
{"wcstoll", 3}, {"wcstombs", 3}, {"wcstombs_s", 5},
{"wcstoumax", 3}, {"wcstoul", 3}, {"wcstoull", 3},
{"wcsxfrm", 3}, {"wctob", 1}, {"wctomb", 2},
{"wctomb_s", 4}, {"wctrans", 1}, {"wctype", 1},
{"wmemchr", 3}, {"wprintf_s", -1}, {"wscanf", -1},
{"wscanf_s", -1}};
bool isFunctionToCheck(const FunctionDecl *FD) const {
// Ignore functions without a name.
const IdentifierInfo *II = FD->getIdentifier();
if (!II)
return false;
auto FoundFunction = FunctionsToCheck.find(II->getName());
if (FoundFunction == FunctionsToCheck.end())
return false;
// Value -1 indicates that the function should be variadic.
if (FoundFunction->second == -1)
return FD->isVariadic();
// Check parameter count.
return FD->getNumParams() == static_cast<unsigned>(FoundFunction->second);
}
};
} // namespace
void ento::registerUncheckedReturnValueChecker(CheckerManager &Mgr) {
Mgr.registerChecker<UncheckedReturnValueChecker>();
}
bool ento::shouldRegisterUncheckedReturnValueChecker(
const CheckerManager &mgr) {
return true;
}

clang/test/Analysis/Inputs/system-header-simulator-cxx.h

Show First 20 LinesShow All 1,133 Lines▼ Show 20 Linespublic:
operator()( ForwardIt2 first, ForwardIt2 last ) const; operator()( ForwardIt2 first, ForwardIt2 last ) const;
}; };
template <typename> class packaged_task; template <typename> class packaged_task;
template <typename Ret, typename... Args> class packaged_task<Ret(Args...)> { template <typename Ret, typename... Args> class packaged_task<Ret(Args...)> {
// TODO: Add some actual implementation. // TODO: Add some actual implementation.
}; };
int scanf(const char *format, ...);
} // namespace std } // namespace std
namespace other_ns {
int scanf(const char *format, ...);
}

clang/test/Analysis/unchecked-return-value.cpp

  • This file was added.
// RUN: %clang_cc1 -analyze -analyzer-checker=security.UncheckedReturnValue -verify %s
#include "Inputs/system-header-simulator-cxx.h"
#include "Inputs/system-header-simulator.h"
extern void extern_f(int);
int btowc(int);
int f1(int X) {
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
baloghadamsoftwareUnsubmitted
Done
ReplyInline Actions

Please use some valid format here. E.g. scanf("%*c");

baloghadamsoftware: Please use some valid format here. E.g. `scanf("%*c");`
std::scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
other_ns::scanf("");
{
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
}
baloghadamsoftwareUnsubmitted
Not Done
ReplyInline Actions

Please add such simple test case for all the functions we try to check. (One call is enough for every such function, either in std:: or on the top namespace.)

baloghadamsoftware: Please add such simple test case for all the functions we try to check. (One call is enough for…
if (X) {
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
}
if (X)
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
if (scanf("")) {
}
if (scanf("") > 1) {
}
while (true)
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
while (scanf("")) {
}
do
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
while (true);
do {
} while (scanf(""));
for (int Y = 1; Y < 10; ++Y)
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
for (int Y = 1; Y < 10; scanf("")) { // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
}
for (int Y = 1; scanf(""); ++Y) {
}
int Y = 0;
for (scanf(""); Y < 10; ++Y) { // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
}
std::vector<int> Vec;
for (int I : Vec)
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
switch (scanf("")) {
}
switch (X) {
case 1:
scanf(""); // expected-warning {{Return value is not checked in call to 'scanf' [security.UncheckedReturnValue]}}
break;
}
int Z1 = scanf("");
Z1 = scanf("");
extern_f(scanf(""));
btowc(22); // no warning for non-system function
return scanf("");
}