caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[analyzer] UnixAPIMisuseChecker Get O_CREAT from preprocessor (#81855)

Browse Source 
Now calling `open` with the `O_CREAT` flag and no mode parameter will
raise an issue in any system that defines `O_CREAT`.

The value for this flag is obtained after the full source code has been
parsed, leveraging `checkASTDecl`.
Hence, any `#define` or `#undefine` of `O_CREAT` following an `open` may
alter the results. Nevertheless, since redefining reserved identifiers
is UB, this is probably ok.
This commit is contained in:
Alejandro Álvarez Ayllón
2024-02-20 10:25:01 +01:00
committed by GitHub
parent c7799fadfe
commit 37c19f9a35
4 changed files with 404 additions and 357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
clang/lib/StaticAnalyzer/Checkers/UnixAPIChecker.cpp
View File

@@ -18,6 +18,7 @@
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerHelpers.h"
#include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/SmallString.h"
#include "llvm/ADT/StringExtras.h"
@@ -39,13 +40,18 @@ enum class OpenVariant {
namespace {
class UnixAPIMisuseChecker : public Checker< check::PreStmt<CallExpr> > {
class UnixAPIMisuseChecker
: public Checker<check::PreStmt<CallExpr>,
check::ASTDecl<TranslationUnitDecl>> {
const BugType BT_open{this, "Improper use of 'open'", categories::UnixAPI};
const BugType BT_pthreadOnce{this, "Improper use of 'pthread_once'",
categories::UnixAPI};
mutable std::optional<uint64_t> Val_O_CREAT;
public:
void checkASTDecl(const TranslationUnitDecl *TU, AnalysisManager &Mgr,
BugReporter &BR) const;
void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
void CheckOpen(CheckerContext &C, const CallExpr *CE) const;
@@ -55,11 +61,8 @@ public:
void CheckOpenVariant(CheckerContext &C,
const CallExpr *CE, OpenVariant Variant) const;
void ReportOpenBug(CheckerContext &C,
ProgramStateRef State,
const char *Msg,
void ReportOpenBug(CheckerContext &C, ProgramStateRef State, const char *Msg,
SourceRange SR) const;
};
class UnixAPIPortabilityChecker : public Checker< check::PreStmt<CallExpr> > {
@@ -90,7 +93,21 @@ private:
const char *fn) const;
};
} //end anonymous namespace
} // end anonymous namespace
void UnixAPIMisuseChecker::checkASTDecl(const TranslationUnitDecl *TU,
AnalysisManager &Mgr,
BugReporter &) const {
// The definition of O_CREAT is platform specific.
// Try to get the macro value from the preprocessor.
Val_O_CREAT = tryExpandAsInteger("O_CREAT", Mgr.getPreprocessor());
// If we failed, fall-back to known values.
if (!Val_O_CREAT) {
if (TU->getASTContext().getTargetInfo().getTriple().getVendor() ==
llvm::Triple::Apple)
Val_O_CREAT = 0x0200;
}
}
//===----------------------------------------------------------------------===//
// "open" (man 2 open)
@@ -204,19 +221,8 @@ void UnixAPIMisuseChecker::CheckOpenVariant(CheckerContext &C,
return;
}
// The definition of O_CREAT is platform specific. We need a better way
// of querying this information from the checking environment.
if (!Val_O_CREAT) {
if (C.getASTContext().getTargetInfo().getTriple().getVendor()
== llvm::Triple::Apple)
Val_O_CREAT = 0x0200;
else {
// FIXME: We need a more general way of getting the O_CREAT value.
// We could possibly grovel through the preprocessor state, but
// that would require passing the Preprocessor object to the ExprEngine.
// See also: MallocChecker.cpp / M_ZERO.
return;
}
return;
}
// Now check if oflags has O_CREAT set.

678
clang/test/Analysis/Inputs/expected-plists/unix-fns.c.plist
View File

File diff suppressed because it is too large Load Diff

39
clang/test/Analysis/unix-fns-o_creat.c Normal file
View File

@@ -0,0 +1,39 @@
// RUN: %clang_analyze_cc1 -verify -analyzer-checker=core,unix.API -analyzer-output=text %s
// Verify that the UnixAPIChecker finds the missing mode value regardless
// of the particular values of these macros, particularly O_CREAT.
#define O_RDONLY 0x2000
#define O_WRONLY 0x8000
#define O_CREAT 0x0002
extern int open(const char *path, int flags, ...);
void missing_mode_1(const char *path) {
(void)open(path, O_CREAT); // expected-warning{{Call to 'open' requires a 3rd argument when the 'O_CREAT' flag is set}} \
expected-note{{Call to 'open' requires a 3rd argument when the 'O_CREAT' flag is set}}
}
extern int some_flag;
void missing_mode_2(const char *path) {
int mode = O_WRONLY;
if (some_flag) { // expected-note {{Assuming 'some_flag' is not equal to 0}} \
expected-note {{Taking true branch}}
mode |= O_CREAT;
}
(void)open(path, mode); // expected-warning{{Call to 'open' requires a 3rd argument when the 'O_CREAT' flag is set}} \
expected-note{{Call to 'open' requires a 3rd argument when the 'O_CREAT' flag is set}}
}
void no_creat(const char* path) {
int mode = O_RDONLY;
(void)open(path, mode); // ok
}
void mode_is_there(const char *path) {
int mode = O_WRONLY;
if (some_flag) {
mode |= O_CREAT;
}
(void)open(path, mode, 0770); // ok
}

2
clang/test/Analysis/unix-fns.c
View File

@@ -1,5 +1,7 @@
// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -analyzer-checker=core,unix.API,osx.API,optin.portability %s -analyzer-output=plist -analyzer-config faux-bodies=true -fblocks -verify -o %t.plist
// RUN: %normalize_plist <%t.plist | diff -ub %S/Inputs/expected-plists/unix-fns.c.plist -
// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux -analyzer-checker=core,unix.API,osx.API,optin.portability %s -analyzer-output=plist -analyzer-config faux-bodies=true -fblocks -verify -o %t.plist
// RUN: %normalize_plist <%t.plist | diff -ub %S/Inputs/expected-plists/unix-fns.c.plist -
// RUN: mkdir -p %t.dir
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.API,osx.API,optin.portability -analyzer-output=html -analyzer-config faux-bodies=true -fblocks -o %t.dir %s
// RUN: rm -fR %t.dir