[clang][analyzer] Improve StdLibraryFunctionsChecker 'readlink' modeling. (#71373)

The functions 'readlink' and 'readlinkat' do return 0 only if the
'bufsize' argument is 0.

[analyzer] Fix StdLibraryFunctionsChecker crash on surprising sink node (#66109)

Recent changes in StdLibraryFunctionsChecker introduced a situation
where the checker sequentially performed two sta

[analyzer] Fix StdLibraryFunctionsChecker crash on surprising sink node (#66109)

Recent changes in StdLibraryFunctionsChecker introduced a situation
where the checker sequentially performed two state transitions to add
two separate note tags.

In the unlikely case when the updated state (the variable `NewState`)
was posteriorly overconstrained, the engine marked the node after the
first state transition as a sink to stop the "natural" graph exploration
after that point.

However, in this particular case the checker tried to directly add a
second node, and this triggered an assertion in the `addPredecessor()`
method of `ExplodedNode`.

This commit introduces an explicit `isSink()` check to avoid this crash.
To avoid similar bugs in the future, perhaps it would be possible to
tweak `addTransition()` and ensure that it returns `nullptr` when it
would return a sink node (to unify the two possible error conditions).

This crash was observed in an analysis of the curl project (in a very
long and complex function), and there I validated that this is the root
cause, but I don't have a self-contained testcase that can trigger the
creation of a PosteriorlyOverconstrained node in this situation.

show more ...

[clang][analyzer] Improve StdCLibraryFunctions socket send/recv functions.

The modeling of send, recv, sendmsg, recvmsg, sendto, recvfrom is changed:
These functions do not return 0, except if the m

[clang][analyzer] Improve StdCLibraryFunctions socket send/recv functions.

The modeling of send, recv, sendmsg, recvmsg, sendto, recvfrom is changed:
These functions do not return 0, except if the message length is 0.
(In sendmsg, recvmsg the length is not checkable but it is more likely
that a message with 0 length is invalid for these functions.)

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D155715

show more ...

[clang][analyzer] StdLibraryFunctionsChecker: Allow NULL buffer in `fread` and `fwrite` if size is zero.

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D154509

[clang][analyzer] Add all success/failure messages to StdLibraryFunctionsChecker.

Success or failure messages are now shown at all checked functions, if the call
(return value) is interesting.
Addit

[clang][analyzer] Add all success/failure messages to StdLibraryFunctionsChecker.

Success or failure messages are now shown at all checked functions, if the call
(return value) is interesting.
Additionally new functions are added: open, openat, socket, shutdown

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D154423

show more ...

[clang][analyzer] Display notes in StdLibraryFunctionsChecker only if interesting

The note tag that was previously added in all cases when a standard function call
is found is displayed now only if

[clang][analyzer] Display notes in StdLibraryFunctionsChecker only if interesting

The note tag that was previously added in all cases when a standard function call
is found is displayed now only if the function call (return value) is "interesting".
This results in less unneeded notes but some of the previously good notes disappear
too. This is because interestingness is not always set as it should be.

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D153776

show more ...

[clang][analyzer] Add and change NoteTags in StdLibraryFunctionsChecker.

Change 1: ErrnoChecker notes show only messages related to errno,
not to assumption of success or failure of functions.
Chang

[clang][analyzer] Add and change NoteTags in StdLibraryFunctionsChecker.

Change 1: ErrnoChecker notes show only messages related to errno,
not to assumption of success or failure of functions.
Change 2: StdLibraryFunctionsChecker adds its own note about success
or failure of functions, and the errno related note, independently.
Change 3: Every modeled function in StdLibraryFunctionsChecker
should have a note tag message in all "cases". This is not implemented yet,
only for file (stream) related functions.

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D153612

show more ...

[analyzer][NFC] Move away from using raw-for loops inside StaticAnalyzer

I'm involved with the Static Analyzer for the most part.
I think we should embrace newer language standard features and gradu

[analyzer][NFC] Move away from using raw-for loops inside StaticAnalyzer

I'm involved with the Static Analyzer for the most part.
I think we should embrace newer language standard features and gradually
move forward.

Differential Revision: https://reviews.llvm.org/D154325

show more ...

[clang][analyzer] Merge apiModeling.StdCLibraryFunctions and StdCLibraryFunctionArgs checkers into one.

Main reason for this change is that these checkers were implemented in the same class
but had

[clang][analyzer] Merge apiModeling.StdCLibraryFunctions and StdCLibraryFunctionArgs checkers into one.

Main reason for this change is that these checkers were implemented in the same class
but had different dependency ordering. (NonNullParamChecker should run before StdCLibraryFunctionArgs
to get more special warning about null arguments, but the apiModeling.StdCLibraryFunctions was a modeling
checker that should run before other non-modeling checkers. The modeling checker changes state in a way
that makes it impossible to detect a null argument by NonNullParamChecker.)
To make it more simple, the modeling part is removed as separate checker and can be only used if
checker StdCLibraryFunctions is turned on, that produces the warnings too. Modeling the functions
without bug detection (for invalid argument) is not possible. The modeling of standard functions
does not happen by default from this change on.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D151225

show more ...

[clang][analyzer] Display buffer sizes in StdCLibraryFunctionArgs checker

If a wrong (too small) buffer argument is found, the dynamic buffer size and
values of connected arguments are displayed in

[clang][analyzer] Display buffer sizes in StdCLibraryFunctionArgs checker

If a wrong (too small) buffer argument is found, the dynamic buffer size and
values of connected arguments are displayed in the warning message, if
these are simple known integer values.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D149321

show more ...

[clang][analyzer] Handle special value AT_FDCWD in affected standard functions

Some file and directory related functions have an integer file descriptor argument
that can be a valid file descriptor

[clang][analyzer] Handle special value AT_FDCWD in affected standard functions

Some file and directory related functions have an integer file descriptor argument
that can be a valid file descriptor or a special value AT_FDCWD. This value is
relatively often used in open source projects and is usually defined as a negative
number, and the checker reports false warnings (a valid file descriptor is not
negative) if this fix is not included.

Reviewed By: steakhal

Differential Revision: https://reviews.llvm.org/D149160

show more ...

[clang][analyzer] Improve bug reports of StdLibraryFunctionsChecker.

Add an additional explanation of what is wrong if a constraint is
not satisfied, in some cases.
Additionally the bug report gener

[clang][analyzer] Improve bug reports of StdLibraryFunctionsChecker.

Add an additional explanation of what is wrong if a constraint is
not satisfied, in some cases.
Additionally the bug report generation is changed to use raw_ostream.

Reviewed By: Szelethus, NoQ

Differential Revision: https://reviews.llvm.org/D144003

show more ...

[clang][analyzer][NFC] Refactor code of StdLibraryFunctionsChecker.

The code was difficult to maintain (big internal class definitions
with long inline functions, other functions of the same class a

[clang][analyzer][NFC] Refactor code of StdLibraryFunctionsChecker.

The code was difficult to maintain (big internal class definitions
with long inline functions, other functions of the same class at
different location far away, irregular ordering of classes and
function definitions). It is now improved to some extent.
New functions are added to RangeConstraint to remove code repetition,
these are useful for planned new features too.
Comments are improved.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D143751

show more ...

[clang][analyzer] Make messages of StdCLibraryFunctionsChecker user-friendly

Warnings and notes of checker alpha.unix.StdLibraryFunctionArgs are
improved. Previously one warning and one note was emi

[clang][analyzer] Make messages of StdCLibraryFunctionsChecker user-friendly

Warnings and notes of checker alpha.unix.StdLibraryFunctionArgs are
improved. Previously one warning and one note was emitted for every
finding, now one warning is emitted only that contains a detailed
description of the found issue.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D143194

show more ...

[clang] Use std::optional instead of llvm::Optional (NFC)

This patch replaces (llvm::|)Optional< with std::optional<. I'll post
a separate patch to remove #include "llvm/ADT/Optional.h".

This is p

[clang] Use std::optional instead of llvm::Optional (NFC)

This patch replaces (llvm::|)Optional< with std::optional<. I'll post
a separate patch to remove #include "llvm/ADT/Optional.h".

This is part of an effort to migrate from llvm::Optional to
std::optional:

https://discourse.llvm.org/t/deprecating-llvm-optional-x-hasvalue-getvalue-getvalueor/63716

show more ...

[clang][analyzer] Add stream related functions to StdLibraryFunctionsChecker.

Additional stream handling functions are added.
These are partially evaluated by StreamChecker, result of the addition i

[clang][analyzer] Add stream related functions to StdLibraryFunctionsChecker.

Additional stream handling functions are added.
These are partially evaluated by StreamChecker, result of the addition is
check for more preconditions and construction of success and failure branches
with specific errno handling.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D140387

show more ...

[clang][analyzer] No new nodes when bug is detected in StdLibraryFunctionsChecker.

The checker applies constraints in a sequence and adds new nodes for these states.
If a constraint violation is fou

[clang][analyzer] No new nodes when bug is detected in StdLibraryFunctionsChecker.

The checker applies constraints in a sequence and adds new nodes for these states.
If a constraint violation is found this sequence should be stopped with a sink
(error) node. Instead the `generateErrorNode` did add a new error node as a new
branch that is parallel to the other node sequence, the other branch was not
stopped and analysis was continuing on that invalid branch.
To add an error node after any previous node a new version of `generateErrorNode`
is needed, this function is added here and used by `StdLibraryFunctionsChecker`.
The added test executes a situation where the checker adds a number of
constraints before it finds a constraint violation.

Reviewed By: NoQ

Differential Revision: https://reviews.llvm.org/D137722

show more ...

[Checkers] Use std::optional in StdLibraryFunctionsChecker.cpp (NFC)

This is part of an effort to migrate from llvm::Optional to
std::optional:

https://discourse.llvm.org/t/deprecating-llvm-optiona

[Checkers] Use std::optional in StdLibraryFunctionsChecker.cpp (NFC)

This is part of an effort to migrate from llvm::Optional to
std::optional:

https://discourse.llvm.org/t/deprecating-llvm-optional-x-hasvalue-getvalue-getvalueor/63716

show more ...

[StaticAnalyzer] Use std::nullopt instead of None (NFC)

This patch mechanically replaces None with std::nullopt where the
compiler would warn if None were deprecated. The intent is to reduce
the am

[StaticAnalyzer] Use std::nullopt instead of None (NFC)

This patch mechanically replaces None with std::nullopt where the
compiler would warn if None were deprecated. The intent is to reduce
the amount of manual work required in migrating from Optional to
std::optional.

This is part of an effort to migrate from llvm::Optional to
std::optional:

https://discourse.llvm.org/t/deprecating-llvm-optional-x-hasvalue-getvalue-getvalueor/63716

show more ...

[analyzer][StdLibraryFunctionsChecker] Add NoteTags for applied arg
constraints

In this patch I add a new NoteTag for each applied argument constraint.
This way, any other checker that reports a bug

[analyzer][StdLibraryFunctionsChecker] Add NoteTags for applied arg
constraints

In this patch I add a new NoteTag for each applied argument constraint.
This way, any other checker that reports a bug - where the applied
constraint is relevant - will display the corresponding note. With this
change we provide more information for the users to understand some
bug reports easier.

Differential Revision: https://reviews.llvm.org/D101526

Reviewed By: NoQ

show more ...

[clang][analyzer] Errno modeling code refactor (NFC).

Some of the code used in StdLibraryFunctionsChecker is applicable to
other checkers, this is put into common functions. Errno related
parts of t

[clang][analyzer] Errno modeling code refactor (NFC).

Some of the code used in StdLibraryFunctionsChecker is applicable to
other checkers, this is put into common functions. Errno related
parts of the checker are simplified and renamed. Documentations in
errno_modeling functions are updated.

This change makes it available to have more checkers that perform
modeling of some standard functions. These can set the errno state
with common functions and the bug report messages (note tags) can
look similar.

Reviewed By: steakhal, martong

Differential Revision: https://reviews.llvm.org/D131879

show more ...

[clang] Remove redundant virtual specifies (NFC)

Identified with modernize-use-override.

[clang][analyzer] Fix StdLibraryFunctionsChecker 'mkdir' return value.

The functions 'mkdir', 'mknod', 'mkdirat', 'mknodat' return 0 on success
and -1 on failure. The checker modeled these functions

[clang][analyzer] Fix StdLibraryFunctionsChecker 'mkdir' return value.

The functions 'mkdir', 'mknod', 'mkdirat', 'mknodat' return 0 on success
and -1 on failure. The checker modeled these functions with a >= 0
return value on success which is changed to 0 only. This fix makes
ErrnoChecker work better for these functions.

Reviewed By: steakhal

Differential Revision: https://reviews.llvm.org/D127277

show more ...

[clang][Analyzer] Add errno state to standard functions modeling.

This updates StdLibraryFunctionsChecker to set the state of 'errno'
by using the new errno_modeling functionality.
The errno value i

[clang][Analyzer] Add errno state to standard functions modeling.

This updates StdLibraryFunctionsChecker to set the state of 'errno'
by using the new errno_modeling functionality.
The errno value is set in the PostCall callback. Setting it in call::Eval
did not work for some reason and then every function should be
EvalCallAsPure which may be bad to do. Now the errno value and state
is not allowed to be checked in any PostCall checker callback because
it is unspecified if the errno was set already or will be set later
by this checker.

Reviewed By: martong, steakhal

Differential Revision: https://reviews.llvm.org/D125400

show more ...

[analyzer][NFC] Prefer using isa<> instead getAs<> in conditions

Depends on D125709

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D127742