balazske created this revision.
Herald added subscribers: cfe-commits, martong, Charusso, gamesh411, dkrupp,
donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware,
xazax.hun.
Herald added a reviewer: Szelethus.
Herald added a project: clang.
balazske added a parent revision: D75163: [analyzer][StreamChecker] Adding
precall and refactoring..
This is a way to handle stream error state in StreamChecker.
This is initial and work-in-progress,
only store of the error is implemented and create of error states
for function 'fseek'. This principle should work for other functions
and for testing if a function is called in error state.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D75356
Files:
clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
Index: clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
@@ -47,6 +47,26 @@
void Profile(llvm::FoldingSetNodeID &ID) const { ID.AddInteger(K); }
};
+struct StreamErrorState {
+ // The error state of an opened stream.
+ // EofError: EOF condition (feof returns true)
+ // OtherError: other (non-EOF) error (ferror returns true)
+ // AnyError: EofError or OtherError
+ enum Kind { EofError, OtherError, AnyError } K;
+
+ StreamErrorState(Kind k) : K(k) {}
+
+ bool isEof() const { return K == EofError; }
+ bool isOther() const { return K == OtherError; }
+ bool isAny() const { return K == AnyError; }
+
+ bool operator==(const StreamErrorState &X) const { return K == X.K; }
+
+ static StreamErrorState getOther() { return StreamErrorState(OtherError); }
+
+ void Profile(llvm::FoldingSetNodeID &ID) const { ID.AddInteger(K); }
+};
+
class StreamChecker;
struct FnDescription;
using FnCheck = std::function<void(const StreamChecker *, const FnDescription *,
@@ -69,6 +89,41 @@
return Call.getArgSVal(Desc->StreamArgNo);
}
+class MakeRetVal {
+ const CallExpr *CE = nullptr;
+ std::unique_ptr<DefinedSVal> RetVal;
+ SymbolRef RetSym;
+
+public:
+ MakeRetVal(const CallEvent &Call, CheckerContext &C)
+ : CE{dyn_cast_or_null<CallExpr>(Call.getOriginExpr())} {
+ if (!CE)
+ return;
+ SValBuilder &SVB = C.getSValBuilder();
+ const LocationContext *LCtx = C.getPredecessor()->getLocationContext();
+ RetVal = std::make_unique<DefinedSVal>(
+ SVB.conjureSymbolVal(nullptr, CE, LCtx, C.blockCount())
+ .castAs<DefinedSVal>());
+ RetSym = RetVal->getAsSymbol();
+ assert(RetSym && "RetVal must be a symbol here.");
+ }
+
+ operator bool() const { return CE; }
+
+ const CallExpr *getCallExpr() const {
+ assert(CE && "Return value not computed.");
+ return CE;
+ }
+ const DefinedSVal &getRetVal() const {
+ assert(RetVal && "Return value not computed.");
+ return *RetVal;
+ }
+ SymbolRef getRetSym() const {
+ assert(RetVal && "Return value not computed.");
+ return RetSym;
+ }
+};
+
class StreamChecker
: public Checker<check::PreCall, eval::Call, check::DeadSymbols> {
mutable std::unique_ptr<BuiltinBug> BT_nullfp, BT_illegalwhence,
@@ -89,7 +144,7 @@
{&StreamChecker::preDefault, &StreamChecker::evalFclose, 0}},
{{"fread", 4}, {&StreamChecker::preDefault, nullptr, 3}},
{{"fwrite", 4}, {&StreamChecker::preDefault, nullptr, 3}},
- {{"fseek", 3}, {&StreamChecker::preFseek, nullptr, 0}},
+ {{"fseek", 3}, {&StreamChecker::preFseek, &StreamChecker::evalFseek, 0}},
{{"ftell", 1}, {&StreamChecker::preDefault, nullptr, 0}},
{{"rewind", 1}, {&StreamChecker::preDefault, nullptr, 0}},
{{"fgetpos", 2}, {&StreamChecker::preDefault, nullptr, 0}},
@@ -102,15 +157,20 @@
void preDefault(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const;
- void preFseek(const FnDescription *Desc, const CallEvent &Call,
- CheckerContext &C) const;
- void preFreopen(const FnDescription *Desc, const CallEvent &Call,
- CheckerContext &C) const;
void evalFopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const;
+
+ void preFreopen(const FnDescription *Desc, const CallEvent &Call,
+ CheckerContext &C) const;
void evalFreopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const;
+
+ void preFseek(const FnDescription *Desc, const CallEvent &Call,
+ CheckerContext &C) const;
+ void evalFseek(const FnDescription *Desc, const CallEvent &Call,
+ CheckerContext &C) const;
+
void evalFclose(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const;
@@ -156,8 +216,14 @@
} // end anonymous namespace
+// Store the state of the stream.
REGISTER_MAP_WITH_PROGRAMSTATE(StreamMap, SymbolRef, StreamState)
+// Store the error state of the stream.
+// Used only for streams in opened state.
+// The entry exists only if there is error for the stream.
+REGISTER_MAP_WITH_PROGRAMSTATE(StreamErrorMap, SymbolRef, StreamErrorState)
+
void StreamChecker::checkPreCall(const CallEvent &Call,
CheckerContext &C) const {
const FnDescription *Desc = lookupFn(Call);
@@ -191,64 +257,43 @@
C.addTransition(State);
}
-void StreamChecker::preFseek(const FnDescription *Desc, const CallEvent &Call,
- CheckerContext &C) const {
- ProgramStateRef State = C.getState();
- SVal StreamVal = getStreamArg(Desc, Call);
- State = ensureStreamNonNull(StreamVal, C, State);
- if (!State)
- return;
- State = ensureStreamOpened(StreamVal, C, State);
- if (!State)
- return;
- State = ensureFseekWhenceCorrect(Call.getArgSVal(2), C, State);
- if (!State)
- return;
-
- C.addTransition(State);
-}
-
-void StreamChecker::preFreopen(const FnDescription *Desc, const CallEvent &Call,
- CheckerContext &C) const {
- // Do not allow NULL as passed stream pointer but allow a closed stream.
- ProgramStateRef State = C.getState();
- State = ensureStreamNonNull(getStreamArg(Desc, Call), C, State);
- if (!State)
- return;
-
- C.addTransition(State);
-}
-
void StreamChecker::evalFopen(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
- SValBuilder &SVB = C.getSValBuilder();
- const LocationContext *LCtx = C.getPredecessor()->getLocationContext();
- auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
- if (!CE)
+ MakeRetVal RV(Call, C);
+ if (!RV)
return;
- DefinedSVal RetVal = SVB.conjureSymbolVal(nullptr, CE, LCtx, C.blockCount())
- .castAs<DefinedSVal>();
- SymbolRef RetSym = RetVal.getAsSymbol();
- assert(RetSym && "RetVal must be a symbol here.");
-
- State = State->BindExpr(CE, C.getLocationContext(), RetVal);
+ State =
+ State->BindExpr(RV.getCallExpr(), C.getLocationContext(), RV.getRetVal());
// Bifurcate the state into two: one with a valid FILE* pointer, the other
// with a NULL.
ProgramStateRef StateNotNull, StateNull;
std::tie(StateNotNull, StateNull) =
- C.getConstraintManager().assumeDual(State, RetVal);
+ C.getConstraintManager().assumeDual(State, RV.getRetVal());
- StateNotNull = StateNotNull->set<StreamMap>(RetSym, StreamState::getOpened());
- StateNull = StateNull->set<StreamMap>(RetSym, StreamState::getOpenFailed());
+ StateNotNull =
+ StateNotNull->set<StreamMap>(RV.getRetSym(), StreamState::getOpened());
+ StateNull =
+ StateNull->set<StreamMap>(RV.getRetSym(), StreamState::getOpenFailed());
C.addTransition(StateNotNull);
C.addTransition(StateNull);
}
+void StreamChecker::preFreopen(const FnDescription *Desc, const CallEvent &Call,
+ CheckerContext &C) const {
+ // Do not allow NULL as passed stream pointer but allow a closed stream.
+ ProgramStateRef State = C.getState();
+ State = ensureStreamNonNull(getStreamArg(Desc, Call), C, State);
+ if (!State)
+ return;
+
+ C.addTransition(State);
+}
+
void StreamChecker::evalFreopen(const FnDescription *Desc,
const CallEvent &Call,
CheckerContext &C) const {
@@ -269,6 +314,10 @@
if (!StreamSym)
return;
+ // Reset the error state.
+ // After reopen, the EOF and I/O error is not set.
+ State = State->remove<StreamErrorMap>(StreamSym);
+
// Generate state for non-failed case.
// Return value is the passed stream pointer.
// According to the documentations, the stream is closed first
@@ -289,6 +338,56 @@
C.addTransition(StateRetNull);
}
+void StreamChecker::preFseek(const FnDescription *Desc, const CallEvent &Call,
+ CheckerContext &C) const {
+ ProgramStateRef State = C.getState();
+ SVal StreamVal = getStreamArg(Desc, Call);
+ State = ensureStreamNonNull(StreamVal, C, State);
+ if (!State)
+ return;
+ State = ensureStreamOpened(StreamVal, C, State);
+ if (!State)
+ return;
+ State = ensureFseekWhenceCorrect(Call.getArgSVal(2), C, State);
+ if (!State)
+ return;
+
+ C.addTransition(State);
+}
+
+void StreamChecker::evalFseek(const FnDescription *Desc, const CallEvent &Call,
+ CheckerContext &C) const {
+ ProgramStateRef State = C.getState();
+ SymbolRef Sym = getStreamArg(Desc, Call).getAsSymbol();
+ if (!Sym)
+ return;
+
+ MakeRetVal RV(Call, C);
+ if (!RV)
+ return;
+
+ // Clear error state.
+ State = State->remove<StreamErrorMap>(Sym);
+
+ // Make expression result.
+ State =
+ State->BindExpr(RV.getCallExpr(), C.getLocationContext(), RV.getRetVal());
+
+ // Bifurcate the state into failed and non-failed.
+ // Return zero on success, nonzero on error.
+ ProgramStateRef StateNotFailed, StateFailed;
+ std::tie(StateFailed, StateNotFailed) =
+ C.getConstraintManager().assumeDual(State, RV.getRetVal());
+
+ // Record the failed status, only if failed.
+ // fseek clears the EOF flag, sets only error flag.
+ StateFailed = StateFailed->set<StreamErrorMap>(RV.getRetSym(),
+ StreamErrorState::getOther());
+
+ C.addTransition(StateNotFailed);
+ C.addTransition(StateFailed);
+}
+
void StreamChecker::evalFclose(const FnDescription *Desc, const CallEvent &Call,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
@@ -300,6 +399,9 @@
if (!SS)
return;
+ // Clear error state.
+ State = State->remove<StreamErrorMap>(Sym);
+
// Close the File Descriptor.
// Regardless if the close fails or not, stream becomes "closed"
// and can not be used any more.
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
