[analyzer][StdLibraryFunctionsChecker] Add POSIX networking functions

Summary:
Adding networking functions from the POSIX standard (2017). This includes
functions that deal with sockets from socket.

[analyzer][StdLibraryFunctionsChecker] Add POSIX networking functions

Summary:
Adding networking functions from the POSIX standard (2017). This includes
functions that deal with sockets from socket.h, netdb.h.

In 'socket.h' of some libc implementations (e.g. glibc) with C99, sockaddr
parameter is a transparent union of the underlying sockaddr_ family of pointers
instead of being a pointer to struct sockaddr. In these cases, the standardized
signature will not match, thus we try to match with another signature that has
the joker Irrelevant type. In the case of transparent unions, we also not add
those constraints which require pointer types for the sockaddr param.

Interestingly, in 'netdb.h' sockaddr is not handled as a transparent union.

Tags: #clang

Differential Revision: https://reviews.llvm.org/D83407

show more ...

Make helpers static. NFC.

[analyzer][StdLibraryFunctionsChecker] Add POSIX file handling functions

Adding file handling functions from the POSIX standard (2017).
A new checker option is introduced to enable them.
In follow-u

[analyzer][StdLibraryFunctionsChecker] Add POSIX file handling functions

Adding file handling functions from the POSIX standard (2017).
A new checker option is introduced to enable them.
In follow-up patches I am going to upstream networking, pthread, and other
groups of POSIX functions.

Differential Revision: https://reviews.llvm.org/D82288

show more ...

[analyzer] StdLibraryFunctionsChecker: Add support to lookup types

Summary:
In this patch I am trying to get rid of the `Irrelevant` types from the
signatures of the functions from the standard C li

[analyzer] StdLibraryFunctionsChecker: Add support to lookup types

Summary:
In this patch I am trying to get rid of the `Irrelevant` types from the
signatures of the functions from the standard C library. For that I've
introduced `lookupType()` to be able to lookup arbitrary types in the global
scope. This makes it possible to define the signatures precisely.

Note 1) `fread`'s signature is now fixed to have the proper `FILE *restrict`
type when C99 is the language.
Note 2) There are still existing `Irrelevant` types, but they are all from
POSIX. I am planning to address those together with the missing POSIX functions
(in D79433).

Reviewers: xazax.hun, NoQ, Szelethus, balazske

Subscribers: whisperity, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, steakhal, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D80016

show more ...

[analyzer] StdLibraryFunctionsChecker: Add sanity checks for constraints

Summary:
Once we found a matching FunctionDecl for the given summary then we
validate the given constraints against that Func

[analyzer] StdLibraryFunctionsChecker: Add sanity checks for constraints

Summary:
Once we found a matching FunctionDecl for the given summary then we
validate the given constraints against that FunctionDecl. E.g. we
validate that a NotNull constraint is applied only on arguments that
have pointer types.

This is needed because when we matched the signature of the summary we
were working with incomplete function types, i.e. some intricate type
could have been marked as `Irrelevant` in the signature.

Reviewers: NoQ, Szelethus, balazske

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, steakhal, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77658

show more ...

[analyzer] ApiModeling: Add buffer size arg constraint with multiplier involved

Summary:
Further develop the buffer size argumentum constraint so it can handle sizes
that we can get by multiplying t

[analyzer] ApiModeling: Add buffer size arg constraint with multiplier involved

Summary:
Further develop the buffer size argumentum constraint so it can handle sizes
that we can get by multiplying two variables.

Reviewers: Szelethus, NoQ, steakhal

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77148

show more ...

[analyzer] ApiModeling: Add buffer size arg constraint

Summary:
Introducing a new argument constraint to confine buffer sizes. It is typical in
C APIs that a parameter represents a buffer and anothe

[analyzer] ApiModeling: Add buffer size arg constraint

Summary:
Introducing a new argument constraint to confine buffer sizes. It is typical in
C APIs that a parameter represents a buffer and another param holds the size of
the buffer (or the size of the data we want to handle from the buffer).

Reviewers: NoQ, Szelethus, Charusso, steakhal

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77066

show more ...

Give helpers internal linkage. NFC.

[analyzer] StdLibraryFunctionsChecker: Add option to display loaded summaries

Reviewers: NoQ, Szelethus, baloghadamsoftware, balazske

Subscribers: whisperity, xazax.hun, szepet, rnkovacs, a.sidorin

[analyzer] StdLibraryFunctionsChecker: Add option to display loaded summaries

Reviewers: NoQ, Szelethus, baloghadamsoftware, balazske

Subscribers: whisperity, xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, steakhal, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D78118

show more ...

[analyzer] StdLibraryFunctionsChecker: Associate summaries to FunctionDecls

Summary:
Currently we map function summaries to names (i.e. strings). We can
associate more summaries with different signa

[analyzer] StdLibraryFunctionsChecker: Associate summaries to FunctionDecls

Summary:
Currently we map function summaries to names (i.e. strings). We can
associate more summaries with different signatures to one name, this way
we support overloading. During a call event we check whether the
signature of the summary matches the signature of the callee and we
apply the summary only in that case.

In this patch we change this mapping to associate a summary to a
FunctionDecl. We do lookup operations when the summary map is
initialized. We lookup the given name and we match the signature of the
given summary against the lookup results. If the summary matches the
FunctionDecl (got from the lookup result) then we add that to the
summary map. During a call event we compare FunctionDecl pointers.
Advantages of this new refactor:
- Cleaner mapping and structure for the checker.
- Possibly way more efficient handling of call events.
- A summary is added only if that is relevant for the given TU.
- We can get the concrete FunctionDecl by the time when we create the
summary, this opens up possibilities of further sanity checks
regarding the summary cases and argument constraints.
- Opens up to future work when we'd like to store summaries from IR to a
FunctionDecl (or from the Attributor results of the given
FunctionDecl).

Note, we cannot support old C functions without prototypes.

Reviewers: NoQ, Szelethus, balazske, jdoerfert, sstefan1, uenoku

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, steakhal, uenoku, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77641

show more ...

[analyzer] StdLibraryFunctionsChecker: match signature based on FunctionDecl

Summary:
Currently we match the summary signature based on the arguments in the CallExpr.
There are a few problems with t

[analyzer] StdLibraryFunctionsChecker: match signature based on FunctionDecl

Summary:
Currently we match the summary signature based on the arguments in the CallExpr.
There are a few problems with this approach.
1) Variadic arguments are handled badly. Consider the below code:
int foo(void *stream, const char *format, ...);
void test_arg_constraint_on_variadic_fun() {
foo(0, "%d%d", 1, 2); // CallExpr
}
Here the call expression holds 4 arguments, whereas the function declaration
has only 2 `ParmVarDecl`s. So there is no way to create a summary that
matches the call expression, because the discrepancy in the number of
arguments causes a mismatch.
2) The call expression does not handle the `restrict` type qualifier.
In C99, fwrite's signature is the following:
size_t fwrite(const void *restrict, size_t, size_t, FILE *restrict);
However, in a call expression, like below, the type of the argument does not
have the restrict qualifier.
void test_fread_fwrite(FILE *fp, int *buf) {
size_t x = fwrite(buf, sizeof(int), 10, fp);
}
This can result in an unmatches signature, so the summary is not applied.
The solution is to match the summary against the referened callee
`FunctionDecl` that we can query from the `CallExpr`.

Further patches will continue with additional refactoring where I am going to
do a lookup during the checker initialization and the signature match will
happen there. That way, we will not check the signature during every call,
rather we will compare only two `FunctionDecl` pointers.

Reviewers: NoQ, Szelethus, gamesh411, baloghadamsoftware

Subscribers: whisperity, xazax.hun, kristof.beyls, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, steakhal, danielkiss, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77410

show more ...

[analyzer] StdLibraryFunctionsChecker: Add test for function with default parameter

Reviewers: Szelethus, baloghadamsoftware, gamesh411, steakhal, balazske

Subscribers: whisperity, xazax.hun, szepe

[analyzer] StdLibraryFunctionsChecker: Add test for function with default parameter

Reviewers: Szelethus, baloghadamsoftware, gamesh411, steakhal, balazske

Subscribers: whisperity, xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77411

show more ...

[analyzer] StdLibraryFunctionsChecker: fix bug with arg constraints

Summary:
Previously we induced a state split if there were multiple argument
constraints given for a function. This was because we

[analyzer] StdLibraryFunctionsChecker: fix bug with arg constraints

Summary:
Previously we induced a state split if there were multiple argument
constraints given for a function. This was because we called
`addTransition` inside the for loop.
The fix is to is to store the state and apply the next argument
constraint on that. And once the loop is finished we call `addTransition`.

Reviewers: NoQ, Szelethus, baloghadamsoftware

Subscribers: whisperity, xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, C

Tags: #clang

Differential Revision: https://reviews.llvm.org/D76790

show more ...

[analyzer] Fix StdLibraryFunctionsChecker NotNull Constraint Check

Summary:
This check was causing a crash in a test case where the 0th argument was
uninitialized ('Assertion `T::isKind(*this)' at l

[analyzer] Fix StdLibraryFunctionsChecker NotNull Constraint Check

Summary:
This check was causing a crash in a test case where the 0th argument was
uninitialized ('Assertion `T::isKind(*this)' at line SVals.h:104). This
was happening since the argument was actually undefined, but the castAs
assumes the value is DefinedOrUnknownSVal.

The fix appears to be simply to check for an undefined value and skip
the check allowing the uninitalized value checker to detect the error.

I included a test case that I verified to produce the negative case
prior to the fix, and passes with the fix.

Reviewers: martong, NoQ

Subscribers: xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, Charusso, ASDenysPetrov, baloghadamsoftware, dkrupp, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77012

show more ...

[analyzer][NFC] Change LangOptions to CheckerManager in the shouldRegister* functions

Some checkers may not only depend on language options but also analyzer options.
To make this possible this patc

[analyzer][NFC] Change LangOptions to CheckerManager in the shouldRegister* functions

Some checkers may not only depend on language options but also analyzer options.
To make this possible this patch changes the parameter of the shouldRegister*
function to CheckerManager to be able to query the analyzer options when
deciding whether the checker should be registered.

Differential Revision: https://reviews.llvm.org/D75271

show more ...

Attempt to fix failing build-bot with [-Werror,-Wcovered-switch-default]

[analyzer] StdLibraryFunctionsChecker: Add NotNull Arg Constraint

Reviewers: NoQ, Szelethus, balazske, gamesh411, baloghadamsoftware, steakhal

Subscribers: whisperity, xazax.hun, szepet, rnkovacs,

[analyzer] StdLibraryFunctionsChecker: Add NotNull Arg Constraint

Reviewers: NoQ, Szelethus, balazske, gamesh411, baloghadamsoftware, steakhal

Subscribers: whisperity, xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D75063

show more ...

[analyzer] StdLibraryFunctionsChecker: Add argument constraints

Differential Revision:
https://reviews.llvm.org/D73898

[analyzer] StdLibraryFunctionsChecker refactor w/ inheritance

Summary:
Currently, ValueRange is very hard to extend with new kind of constraints.
For instance, it forcibly encapsulates relations bet

[analyzer] StdLibraryFunctionsChecker refactor w/ inheritance

Summary:
Currently, ValueRange is very hard to extend with new kind of constraints.
For instance, it forcibly encapsulates relations between arguments and the
return value (ComparesToArgument) besides handling the regular value
ranges (OutOfRange, WithinRange).
ValueRange in this form is not suitable to add new constraints on
arguments like "not-null".

This refactor introduces a new base class ValueConstraint with an
abstract apply function. Descendants must override this. There are 2
descendants: RangeConstraint and ComparisonConstraint. In the following
patches I am planning to add the NotNullConstraint, and additional
virtual functions like `negate()` and `warning()`.

Reviewers: NoQ, Szelethus, balazske, gamesh411, baloghadamsoftware, steakhal

Subscribers: whisperity, xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D74973

show more ...

[analyzer] Fix modeling some library functions when UCHAR_MAX > INT_MAX.

This makes life easier for downstream users who maintain exotic
target platforms.

Patch by Vince Bridgers!

Differential Rev

[analyzer] Fix modeling some library functions when UCHAR_MAX > INT_MAX.

This makes life easier for downstream users who maintain exotic
target platforms.

Patch by Vince Bridgers!

Differential Revision: https://reviews.llvm.org/D75529

show more ...

[analyzer] Fix a strange compile error on a certain Clang-7.0.0

error: default initialization of an object of const type
'const clang::QualType' without a user-provided
default constru

[analyzer] Fix a strange compile error on a certain Clang-7.0.0

error: default initialization of an object of const type
'const clang::QualType' without a user-provided
default constructor

Irrelevant; // A placeholder, whenever we do not care about the type.
^
{}

show more ...

[analyzer] StdLibraryFunctionsChecker: Use platform dependent EOF and UCharMax

Summary:
Both EOF and the max value of unsigned char is platform dependent. In this
patch we try our best to deduce the

[analyzer] StdLibraryFunctionsChecker: Use platform dependent EOF and UCharMax

Summary:
Both EOF and the max value of unsigned char is platform dependent. In this
patch we try our best to deduce the value of EOF from the Preprocessor,
if we can't we fall back to -1.

Reviewers: Szelethus, NoQ

Subscribers: whisperity, xazax.hun, kristof.beyls, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalh

Tags: #clang

Differential Revision: https://reviews.llvm.org/D74473

show more ...

[analyzer] StdLibraryFunctionsChecker refactor: remove macros

Reviewers: NoQ

Tags: #clang

Differential Revision: https://reviews.llvm.org/D73897

[analyzer] NFC: Change evalCall() to provide a CallEvent.

This changes the checker callback signature to use the modern, easy to
use interface. Additionally, this unblocks future work on allowing
ch

[analyzer] NFC: Change evalCall() to provide a CallEvent.

This changes the checker callback signature to use the modern, easy to
use interface. Additionally, this unblocks future work on allowing
checkers to implement evalCall() for calls that don't correspond to any
call-expression or require additional information that's only available
as part of the CallEvent, such as C++ constructors and destructors.

Differential Revision: https://reviews.llvm.org/D62440

llvm-svn: 363893

show more ...

[analyzer] Supply all checkers with a shouldRegister function

Introduce the boolean ento::shouldRegister##CHECKERNAME(const LangOptions &LO)
function very similarly to ento::register##CHECKERNAME. T

[analyzer] Supply all checkers with a shouldRegister function

Introduce the boolean ento::shouldRegister##CHECKERNAME(const LangOptions &LO)
function very similarly to ento::register##CHECKERNAME. This will force every
checker to implement this function, but maybe it isn't that bad: I saw a lot of
ObjC or C++ specific checkers that should probably not register themselves based
on some LangOptions (mine too), but they do anyways.

A big benefit of this is that all registry functions now register their checker,
once it is called, registration is guaranteed.

This patch is a part of a greater effort to reinvent checker registration, more
info here: D54438#1315953

Differential Revision: https://reviews.llvm.org/D55424

llvm-svn: 352277

show more ...