[clang][analyzer] Move checker alpha.unix.StdCLibraryFunctions out of alpha. (#66207)

[clang][analyzer] StdLibraryFunctionsChecker: Allow NULL buffer in `fread` and `fwrite` if size is zero.

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D154509

[clang][analyzer] Add all success/failure messages to StdLibraryFunctionsChecker.

Success or failure messages are now shown at all checked functions, if the call
(return value) is interesting.
Addit

[clang][analyzer] Add all success/failure messages to StdLibraryFunctionsChecker.

Success or failure messages are now shown at all checked functions, if the call
(return value) is interesting.
Additionally new functions are added: open, openat, socket, shutdown

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D154423

show more ...

[clang][analyzer] Display notes in StdLibraryFunctionsChecker only if interesting

The note tag that was previously added in all cases when a standard function call
is found is displayed now only if

[clang][analyzer] Display notes in StdLibraryFunctionsChecker only if interesting

The note tag that was previously added in all cases when a standard function call
is found is displayed now only if the function call (return value) is "interesting".
This results in less unneeded notes but some of the previously good notes disappear
too. This is because interestingness is not always set as it should be.

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D153776

show more ...

[clang][analyzer] Add and change NoteTags in StdLibraryFunctionsChecker.

Change 1: ErrnoChecker notes show only messages related to errno,
not to assumption of success or failure of functions.
Chang

[clang][analyzer] Add and change NoteTags in StdLibraryFunctionsChecker.

Change 1: ErrnoChecker notes show only messages related to errno,
not to assumption of success or failure of functions.
Change 2: StdLibraryFunctionsChecker adds its own note about success
or failure of functions, and the errno related note, independently.
Change 3: Every modeled function in StdLibraryFunctionsChecker
should have a note tag message in all "cases". This is not implemented yet,
only for file (stream) related functions.

Reviewed By: donat.nagy

Differential Revision: https://reviews.llvm.org/D153612

show more ...

[clang][analyzer] Merge apiModeling.StdCLibraryFunctions and StdCLibraryFunctionArgs checkers into one.

Main reason for this change is that these checkers were implemented in the same class
but had

[clang][analyzer] Merge apiModeling.StdCLibraryFunctions and StdCLibraryFunctionArgs checkers into one.

Main reason for this change is that these checkers were implemented in the same class
but had different dependency ordering. (NonNullParamChecker should run before StdCLibraryFunctionArgs
to get more special warning about null arguments, but the apiModeling.StdCLibraryFunctions was a modeling
checker that should run before other non-modeling checkers. The modeling checker changes state in a way
that makes it impossible to detect a null argument by NonNullParamChecker.)
To make it more simple, the modeling part is removed as separate checker and can be only used if
checker StdCLibraryFunctions is turned on, that produces the warnings too. Modeling the functions
without bug detection (for invalid argument) is not possible. The modeling of standard functions
does not happen by default from this change on.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D151225

show more ...

[clang][analyzer] Display buffer sizes in StdCLibraryFunctionArgs checker

If a wrong (too small) buffer argument is found, the dynamic buffer size and
values of connected arguments are displayed in

[clang][analyzer] Display buffer sizes in StdCLibraryFunctionArgs checker

If a wrong (too small) buffer argument is found, the dynamic buffer size and
values of connected arguments are displayed in the warning message, if
these are simple known integer values.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D149321

show more ...

[clang][analyzer] Handle special value AT_FDCWD in affected standard functions

Some file and directory related functions have an integer file descriptor argument
that can be a valid file descriptor

[clang][analyzer] Handle special value AT_FDCWD in affected standard functions

Some file and directory related functions have an integer file descriptor argument
that can be a valid file descriptor or a special value AT_FDCWD. This value is
relatively often used in open source projects and is usually defined as a negative
number, and the checker reports false warnings (a valid file descriptor is not
negative) if this fix is not included.

Reviewed By: steakhal

Differential Revision: https://reviews.llvm.org/D149160

show more ...

[clang][analyzer] Cleanup tests of StdCLibraryFunctionsChecker (NFC)

Function declarations are moved into common header that can be reused
to avoid repetitions in different test files.
Some small pr

[clang][analyzer] Cleanup tests of StdCLibraryFunctionsChecker (NFC)

Function declarations are moved into common header that can be reused
to avoid repetitions in different test files.
Some small problems in the tests were found and fixed.

Reviewed By: steakhal

Differential Revision: https://reviews.llvm.org/D149158

show more ...

[clang][analyzer] Improve bug reports of StdLibraryFunctionsChecker.

Add an additional explanation of what is wrong if a constraint is
not satisfied, in some cases.
Additionally the bug report gener

[clang][analyzer] Improve bug reports of StdLibraryFunctionsChecker.

Add an additional explanation of what is wrong if a constraint is
not satisfied, in some cases.
Additionally the bug report generation is changed to use raw_ostream.

Reviewed By: Szelethus, NoQ

Differential Revision: https://reviews.llvm.org/D144003

show more ...

[clang][analyzer] Make messages of StdCLibraryFunctionsChecker user-friendly

Warnings and notes of checker alpha.unix.StdLibraryFunctionArgs are
improved. Previously one warning and one note was emi

[clang][analyzer] Make messages of StdCLibraryFunctionsChecker user-friendly

Warnings and notes of checker alpha.unix.StdLibraryFunctionArgs are
improved. Previously one warning and one note was emitted for every
finding, now one warning is emitted only that contains a detailed
description of the found issue.

Reviewed By: Szelethus

Differential Revision: https://reviews.llvm.org/D143194

show more ...

[clang][analyzer] No new nodes when bug is detected in StdLibraryFunctionsChecker.

The checker applies constraints in a sequence and adds new nodes for these states.
If a constraint violation is fou

[clang][analyzer] No new nodes when bug is detected in StdLibraryFunctionsChecker.

The checker applies constraints in a sequence and adds new nodes for these states.
If a constraint violation is found this sequence should be stopped with a sink
(error) node. Instead the `generateErrorNode` did add a new error node as a new
branch that is parallel to the other node sequence, the other branch was not
stopped and analysis was continuing on that invalid branch.
To add an error node after any previous node a new version of `generateErrorNode`
is needed, this function is added here and used by `StdLibraryFunctionsChecker`.
The added test executes a situation where the checker adds a number of
constraints before it finds a constraint violation.

Reviewed By: NoQ

Differential Revision: https://reviews.llvm.org/D137722

show more ...

[analyzer][StdLibraryFunctionsChecker] Add NoteTags for applied arg
constraints

In this patch I add a new NoteTag for each applied argument constraint.
This way, any other checker that reports a bug

[analyzer][StdLibraryFunctionsChecker] Add NoteTags for applied arg
constraints

In this patch I add a new NoteTag for each applied argument constraint.
This way, any other checker that reports a bug - where the applied
constraint is relevant - will display the corresponding note. With this
change we provide more information for the users to understand some
bug reports easier.

Differential Revision: https://reviews.llvm.org/D101526

Reviewed By: NoQ

show more ...

[analyzer] Add path note tags to standard library function summaries.

The patch is straightforward except the tiny fix in BugReporterVisitors.cpp
that suppresses a default note for "Assuming pointer

[analyzer] Add path note tags to standard library function summaries.

The patch is straightforward except the tiny fix in BugReporterVisitors.cpp
that suppresses a default note for "Assuming pointer value is null" when
a note tag from the checker is present. This is probably the right thing to do
but also definitely not a complete solution to the problem of different sources
of path notes being unaware of each other, which is a large and annoying issue
that we have to deal with. Note tags really help there because they're nicely
introspectable. The problem is demonstrated by the newly added getenv() test.

Differential Revision: https://reviews.llvm.org/D122285

show more ...

A significant number of our tests in C accidentally use functions
without prototypes. This patch converts the function signatures to have
a prototype for the situations where the test is not specific

A significant number of our tests in C accidentally use functions
without prototypes. This patch converts the function signatures to have
a prototype for the situations where the test is not specific to K&R C
declarations. e.g.,

void func();

becomes

void func(void);

This is the ninth batch of tests being updated (there are a
significant number of other tests left to be updated).

show more ...

[analyzer][StdLibraryFunctionsChecker] Track dependent arguments

When we report an argument constraint violation, we should track those
other arguments that participate in the evaluation of the viol

[analyzer][StdLibraryFunctionsChecker] Track dependent arguments

When we report an argument constraint violation, we should track those
other arguments that participate in the evaluation of the violation. By
default, we depend only on the argument that is constrained, however,
there are some special cases like the buffer size constraint that might
be encoded in another argument(s).

Differential Revision: https://reviews.llvm.org/D101358

show more ...

[Analyzer][StdLibraryFunctionsChecker] Describe arg constraints

In this patch, I provide a detailed explanation for each argument
constraint. This explanation is added in an extra 'note' tag, which

[Analyzer][StdLibraryFunctionsChecker] Describe arg constraints

In this patch, I provide a detailed explanation for each argument
constraint. This explanation is added in an extra 'note' tag, which is
displayed alongside the warning.
Since these new notes describe clearly the constraint, there is no need
to provide the number of the argument (e.g. 'Arg3') within the warning.
However, I decided to keep the name of the constraint in the warning (but
this could be a subject of discussion) in order to be able to identify
the different kind of constraint violations easily in a bug database
(e.g. CodeChecker).

Differential Revision: https://reviews.llvm.org/D101060

show more ...

[analyzer][StdLibraryFunctionsChecker] Elaborate the summary of fread and fwrite

Add the BufferSize argument constraint to fread and fwrite. This change
itself makes it possible to discover a securi

[analyzer][StdLibraryFunctionsChecker] Elaborate the summary of fread and fwrite

Add the BufferSize argument constraint to fread and fwrite. This change
itself makes it possible to discover a security critical case, described
in SEI-CERT ARR38-C.

We also add the not-null constraint on the 3rd arguments.

In this patch, I also remove those lambdas that don't take any
parameters (Fwrite, Fread, Getc), thus making the code better
structured.

Differential Revision: https://reviews.llvm.org/D87081

show more ...

[analyzer][StdLibraryFunctionsChecker] Add POSIX time handling functions

Differential Revision: https://reviews.llvm.org/D84248

[analyzer] StdLibraryFunctionsChecker: Add support for new functions

`toupper`, `tolower`, `toascii` functions were added to
StdLibraryFunctionsChecker to fully cover CERT STR37-C rule:
https://wiki

[analyzer] StdLibraryFunctionsChecker: Add support for new functions

`toupper`, `tolower`, `toascii` functions were added to
StdLibraryFunctionsChecker to fully cover CERT STR37-C rule:
https://wiki.sei.cmu.edu/confluence/x/BNcxBQ

Differential Revision: https://reviews.llvm.org/D85093

show more ...

[analyzer] Don't allow hidden checkers to emit diagnostics

Hidden checkers (those marked with Hidden in Checkers.td) are meant for
development purposes only, and are only displayed under
-analyzer-c

[analyzer] Don't allow hidden checkers to emit diagnostics

Hidden checkers (those marked with Hidden in Checkers.td) are meant for
development purposes only, and are only displayed under
-analyzer-checker-help-developer, so users shouldn't see reports from them.

I moved StdLibraryFunctionsArg checker to the unix package from apiModeling as
it violated this rule. I believe this change doesn't deserve a different
revision because it is in alpha, and the name is so bad anyways I don't
immediately care where it is, because we'll have to revisit it soon enough.

Differential Revision: https://reviews.llvm.org/D81750

show more ...

[analyzer] StdLibraryFunctionsChecker: Add support to lookup types

Summary:
In this patch I am trying to get rid of the `Irrelevant` types from the
signatures of the functions from the standard C li

[analyzer] StdLibraryFunctionsChecker: Add support to lookup types

Summary:
In this patch I am trying to get rid of the `Irrelevant` types from the
signatures of the functions from the standard C library. For that I've
introduced `lookupType()` to be able to lookup arbitrary types in the global
scope. This makes it possible to define the signatures precisely.

Note 1) `fread`'s signature is now fixed to have the proper `FILE *restrict`
type when C99 is the language.
Note 2) There are still existing `Irrelevant` types, but they are all from
POSIX. I am planning to address those together with the missing POSIX functions
(in D79433).

Reviewers: xazax.hun, NoQ, Szelethus, balazske

Subscribers: whisperity, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, steakhal, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D80016

show more ...

[analyzer] ApiModeling: Add buffer size arg constraint with multiplier involved

Summary:
Further develop the buffer size argumentum constraint so it can handle sizes
that we can get by multiplying t

[analyzer] ApiModeling: Add buffer size arg constraint with multiplier involved

Summary:
Further develop the buffer size argumentum constraint so it can handle sizes
that we can get by multiplying two variables.

Reviewers: Szelethus, NoQ, steakhal

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, Charusso, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77148

show more ...

[analyzer] ApiModeling: Add buffer size arg constraint

Summary:
Introducing a new argument constraint to confine buffer sizes. It is typical in
C APIs that a parameter represents a buffer and anothe

[analyzer] ApiModeling: Add buffer size arg constraint

Summary:
Introducing a new argument constraint to confine buffer sizes. It is typical in
C APIs that a parameter represents a buffer and another param holds the size of
the buffer (or the size of the data we want to handle from the buffer).

Reviewers: NoQ, Szelethus, Charusso, steakhal

Subscribers: whisperity, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, ASDenysPetrov, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77066

show more ...

[analyzer] Move apiModeling.StdCLibraryFunctionArgs to alpha.

It was enabled by default accidentally; still missing some important
features. Also it needs a better package because it doesn't boil do

[analyzer] Move apiModeling.StdCLibraryFunctionArgs to alpha.

It was enabled by default accidentally; still missing some important
features. Also it needs a better package because it doesn't boil down to
API modeling.

Differential Revision: https://reviews.llvm.org/D80213

show more ...