github-actions[bot] wrote: <!--LLVM CODE FORMAT COMMENT: {clang-format}-->
:warning: C/C++ code formatter, clang-format found issues in your code. :warning: <details> <summary> You can test this locally with the following command: </summary> ``````````bash git-clang-format --diff 39babbffc9f44244efaeca8951782a2a6ef814db 470cb4bbdeaa2f5238b28966a8557d7920f21bf1 --extensions cpp,h,c -- clang/lib/StaticAnalyzer/taint_focused/taintcalls.c clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp `````````` </details> <details> <summary> View the diff from clang-format here. </summary> ``````````diff diff --git a/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h b/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h index 0b979ecd94..812b48d62a 100644 --- a/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h +++ b/clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h @@ -293,8 +293,7 @@ public: ShowConfigOptionsList(false), ShouldEmitErrorsOnInvalidConfigValue(false), AnalyzeAll(false), AnalyzerDisplayProgress(false), AnalyzerNoteAnalysisEntryPoints(false), - AnalyzerFocusedTaint(false), - AnalyzerInlineTaintOnly(false), + AnalyzerFocusedTaint(false), AnalyzerInlineTaintOnly(false), AnalyzerAlwaysInlineTainted(false), eagerlyAssumeBinOpBifurcation(false), TrimGraph(false), visualizeExplodedGraphWithGraphViz(false), UnoptimizedCFG(false), diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h index 27d23714c1..4be764c103 100644 --- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h +++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h @@ -42,7 +42,7 @@ class AnalysisManager : public BugReporterData { ConstraintManagerCreator CreateConstraintMgr; CheckerManager *CheckerMgr; - std::set<FunctionDecl*> TaintRelatedFunctions; + std::set<FunctionDecl *> TaintRelatedFunctions; public: AnalyzerOptions &options; @@ -60,10 +60,10 @@ public: AnaCtxMgr.clear(); } - void setTaintRelatedFunctions(std::set<FunctionDecl*> TaintedFunctions){ + void setTaintRelatedFunctions(std::set<FunctionDecl *> TaintedFunctions) { TaintRelatedFunctions = TaintedFunctions; } - std::set<FunctionDecl*> getTaintRelatedFunctions(){ + std::set<FunctionDecl *> getTaintRelatedFunctions() { return TaintRelatedFunctions; } diff --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp index 85b5796cc1..40ffda0f00 100644 --- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp @@ -81,10 +81,9 @@ static ArgIdxTy fromArgumentCount(unsigned Count) { /// Handles the resolution of indexes of type ArgIdxTy to Expr*-s. static const Expr *GetArgExpr(ArgIdxTy ArgIdx, const CallEvent &Call) { - return ArgIdx == ReturnValueIndex ? Call.getOriginExpr() - : Call.getArgExpr(ArgIdx); - }; - + return ArgIdx == ReturnValueIndex ? Call.getOriginExpr() + : Call.getArgExpr(ArgIdx); +}; /// Check if the region the expression evaluates to is the standard input, /// and thus, is tainted. @@ -865,7 +864,6 @@ void GenericTaintChecker::checkPreCall(const CallEvent &Call, void GenericTaintChecker::checkPostCall(const CallEvent &Call, CheckerContext &C) const { - // Set the marked values as tainted. The return value only accessible from // checkPostStmt. ProgramStateRef State = C.getState(); @@ -876,13 +874,12 @@ void GenericTaintChecker::checkPostCall(const CallEvent &Call, // stored in the state as TaintArgsOnPostVisit set. TaintArgsOnPostVisitTy TaintArgsMap = State->get<TaintArgsOnPostVisit>(); - const ArgIdxTy CallNumArgs = fromArgumentCount(Call.getNumArgs()); - const ImmutableSet<ArgIdxTy> *TaintArgs = TaintArgsMap.lookup(CurrentFrame); auto &F = State->getStateManager().get_context<ArgIdxFactory>(); - ImmutableSet<ArgIdxTy> ApproxTaintedArgs = F.add(F.getEmptySet(), ReturnValueIndex); + ImmutableSet<ArgIdxTy> ApproxTaintedArgs = + F.add(F.getEmptySet(), ReturnValueIndex); if (!C.wasInlined && !TaintArgs) { llvm::errs() << "PostCall<"; @@ -903,21 +900,22 @@ void GenericTaintChecker::checkPostCall(const CallEvent &Call, llvm::errs() << "Making return value and writable params tainted.\n"; llvm::errs() << "Number of params:" << CallNumArgs; - for (ArgIdxTy I = ReturnValueIndex+1; I < CallNumArgs; ++I) { + for (ArgIdxTy I = ReturnValueIndex + 1; I < CallNumArgs; ++I) { const Expr *E = GetArgExpr(I, Call); if (!E) continue; SVal ArgSVal = C.getSVal(E); - //checking if the argument is a non-const pointer + // checking if the argument is a non-const pointer auto LValue = ArgSVal.getAs<Loc>(); if (!LValue) continue; - const QualType ArgTy = LValue->getType(State->getStateManager().getContext()); - if (ArgTy->isPointerType() && !ArgTy.isConstQualified()){ - llvm::errs() << "Param "<< I; + const QualType ArgTy = + LValue->getType(State->getStateManager().getContext()); + if (ArgTy->isPointerType() && !ArgTy.isConstQualified()) { + llvm::errs() << "Param " << I; llvm::errs() << "is a non const qualified pointer, so tainting it\n"; ArgTy->dump(); - llvm::errs()<<"\n"; + llvm::errs() << "\n"; ApproxTaintedArgs = F.add(ApproxTaintedArgs, I); } } @@ -1191,8 +1189,8 @@ void ento::registerTaintPropagationChecker(CheckerManager &Mgr) { Mgr.registerChecker<GenericTaintChecker>(); GenericTaintChecker *checker = Mgr.getChecker<GenericTaintChecker>(); checker->AggressiveTaintPropagation = - Mgr.getAnalyzerOptions().getCheckerBooleanOption(checker, - "AggressiveTaintPropagation"); + Mgr.getAnalyzerOptions().getCheckerBooleanOption( + checker, "AggressiveTaintPropagation"); } bool ento::shouldRegisterTaintPropagationChecker(const CheckerManager &mgr) { diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp index ce43548b2c..068c091c3f 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp @@ -1078,26 +1078,25 @@ bool ExprEngine::shouldInlineCall(const CallEvent &Call, const Decl *D, AnalysisDeclContextManager &ADCMgr = AMgr.getAnalysisDeclContextManager(); AnalysisDeclContext *CalleeADC = ADCMgr.getContext(D); - bool TaintRelatedFun=false; + bool TaintRelatedFun = false; if (Opts.AnalyzerInlineTaintOnly) { - std::set<FunctionDecl*> TaintedFunctions = AMgr.getTaintRelatedFunctions(); - // if the function is not taint related skip it. - auto *FD = dyn_cast<FunctionDecl>(const_cast<Decl*>(D)); - if (TaintedFunctions.find(FD) == TaintedFunctions.end()) { - llvm::errs() - << "Skipping inlining of not taint related function from the analysis:\n"; - llvm::errs() << FD->getNameInfo().getAsString() << "\n"; - return false; - } else { - TaintRelatedFun=true; - llvm::errs() - << "tyring to inline taint related function:\n"; - llvm::errs() << FD->getNameInfo().getAsString() << "\n"; - //leave the other budget limits to kick in - //otherwise the analysis may hang - //return true; - } + std::set<FunctionDecl *> TaintedFunctions = AMgr.getTaintRelatedFunctions(); + // if the function is not taint related skip it. + auto *FD = dyn_cast<FunctionDecl>(const_cast<Decl *>(D)); + if (TaintedFunctions.find(FD) == TaintedFunctions.end()) { + llvm::errs() << "Skipping inlining of not taint related function from " + "the analysis:\n"; + llvm::errs() << FD->getNameInfo().getAsString() << "\n"; + return false; + } else { + TaintRelatedFun = true; + llvm::errs() << "tyring to inline taint related function:\n"; + llvm::errs() << FD->getNameInfo().getAsString() << "\n"; + // leave the other budget limits to kick in + // otherwise the analysis may hang + // return true; + } } // The auto-synthesized bodies are essential to inline as they are // usually small and commonly used. Note: we should do this check early on to @@ -1143,8 +1142,9 @@ bool ExprEngine::shouldInlineCall(const CallEvent &Call, const Decl *D, bool IsRecursive = false; unsigned StackDepth = 0; examineStackFrames(D, Pred->getLocationContext(), IsRecursive, StackDepth); - if (!(Opts.AnalyzerAlwaysInlineTainted && TaintRelatedFun && (StackDepth < 3*Opts.InlineMaxStackDepth)) - && (StackDepth >= Opts.InlineMaxStackDepth) && + if (!(Opts.AnalyzerAlwaysInlineTainted && TaintRelatedFun && + (StackDepth < 3 * Opts.InlineMaxStackDepth)) && + (StackDepth >= Opts.InlineMaxStackDepth) && (!isSmall(CalleeADC) || IsRecursive)) return false; diff --git a/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp b/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp index 2af0654e0a..61c348bc93 100644 --- a/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp +++ b/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp @@ -33,7 +33,6 @@ #include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h" #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" -#include <llvm/ADT/DepthFirstIterator.h> #include "clang/StaticAnalyzer/Core/PathSensitive/FunctionSummary.h" #include "llvm/ADT/PostOrderIterator.h" #include "llvm/ADT/ScopeExit.h" @@ -43,6 +42,7 @@ #include "llvm/Support/Program.h" #include "llvm/Support/Timer.h" #include "llvm/Support/raw_ostream.h" +#include <llvm/ADT/DepthFirstIterator.h> #include <memory> #include <queue> #include <utility> @@ -245,10 +245,8 @@ public: ExprEngine::InliningModes getInliningModeForFunction(const Decl *D, const SetOfConstDecls &Visited); - - std::set<FunctionDecl*> getDeclsForTaintAnalysis(CallGraph &CG); - bool isTaintRelatedFunction(const FunctionDecl* FD); - + std::set<FunctionDecl *> getDeclsForTaintAnalysis(CallGraph &CG); + bool isTaintRelatedFunction(const FunctionDecl *FD); /// Build the call graph for all the top level decls of this TU and /// use it to define the order in which the functions should be visited. @@ -442,21 +440,27 @@ AnalysisConsumer::getInliningModeForFunction(const Decl *D, return ExprEngine::Inline_Regular; } -bool AnalysisConsumer::isTaintRelatedFunction(const FunctionDecl* FD){ - std::set<std::string> sources = {"scanf","gets","getch","read","fopen","fdopen","freopen","getchar", - "gets_s","scanf_s","getcwd","readlink","gethostname","getnameinfo","readlinkat","get_current_dir_name", - "getseuserbyname","getgroups","getlogin","getlogin_r","popen","getenv"}; - std::set<std::string> sinks = {"system", "execv","popen","malloc","calloc","memcpy","strcpy","strncpy"}; +bool AnalysisConsumer::isTaintRelatedFunction(const FunctionDecl *FD) { + std::set<std::string> sources = { + "scanf", "gets", "getch", "read", + "fopen", "fdopen", "freopen", "getchar", + "gets_s", "scanf_s", "getcwd", "readlink", + "gethostname", "getnameinfo", "readlinkat", "get_current_dir_name", + "getseuserbyname", "getgroups", "getlogin", "getlogin_r", + "popen", "getenv"}; + std::set<std::string> sinks = {"system", "execv", "popen", "malloc", + "calloc", "memcpy", "strcpy", "strncpy"}; if (!FD || !FD->getCanonicalDecl()) return false; std::string FN = FD->getCanonicalDecl()->getNameAsString(); - //llvm::errs()<<"Inspecting function if tainted " << FN << "\n"; + // llvm::errs()<<"Inspecting function if tainted " << FN << "\n"; return (sources.count(FN) || sinks.count(FN)); } // returns functions declarations required for taint analysis -std::set<FunctionDecl*> AnalysisConsumer::getDeclsForTaintAnalysis(CallGraph &CG) { - std::set<FunctionDecl*> TaintedFunctions; +std::set<FunctionDecl *> +AnalysisConsumer::getDeclsForTaintAnalysis(CallGraph &CG) { + std::set<FunctionDecl *> TaintedFunctions; for (auto N = llvm::df_begin(&CG), EI = llvm::df_end(&CG); N != EI; N++) { Decl *D = N->getDecl(); // Skip the abstract root node. @@ -467,26 +471,31 @@ std::set<FunctionDecl*> AnalysisConsumer::getDeclsForTaintAnalysis(CallGraph &CG if (!FD) continue; if (FD->getDefinition()) { - llvm::errs() << "Visiting function: " << FD->getNameInfo().getAsString() << "\n"; + llvm::errs() << "Visiting function: " << FD->getNameInfo().getAsString() + << "\n"; } - for (auto Callee : N->callees()){ + for (auto Callee : N->callees()) { FunctionDecl *CFD = dyn_cast<FunctionDecl>(Callee.Callee->getDecl()); if (!CFD) continue; if (isTaintRelatedFunction(CFD)) TaintedFunctions.insert(FD); - if (TaintedFunctions.find(CFD)!=TaintedFunctions.end())//if child is tainted, the parent is also tainted + if (TaintedFunctions.find(CFD) != + TaintedFunctions + .end()) // if child is tainted, the parent is also tainted TaintedFunctions.insert(FD); } - - if (isTaintRelatedFunction(FD)){ - llvm::errs()<<"Called Function "<<FD->getCanonicalDecl()->getNameAsString()<<" is tainted\n"; + if (isTaintRelatedFunction(FD)) { + llvm::errs() << "Called Function " + << FD->getCanonicalDecl()->getNameAsString() + << " is tainted\n"; TaintedFunctions.insert(FD); } else - llvm::errs()<<"Called Function "<<FD->getCanonicalDecl()->getNameAsString()<<" is NOT tainted\n"; - + llvm::errs() << "Called Function " + << FD->getCanonicalDecl()->getNameAsString() + << " is NOT tainted\n"; } return TaintedFunctions; } @@ -502,13 +511,13 @@ void AnalysisConsumer::HandleDeclsCallGraph(const unsigned LocalTUDeclsSize) { CG.addToCallGraph(LocalTUDecls[i]); } - std::set<FunctionDecl*> TaintedFunctions; - if (Opts.AnalyzerFocusedTaint||Opts.AnalyzerInlineTaintOnly){ + std::set<FunctionDecl *> TaintedFunctions; + if (Opts.AnalyzerFocusedTaint || Opts.AnalyzerInlineTaintOnly) { TaintedFunctions = getDeclsForTaintAnalysis(CG); Mgr->setTaintRelatedFunctions(TaintedFunctions); - llvm::errs()<<"Tainted functions:\n"; - for (FunctionDecl* FD:TaintedFunctions){ - llvm::errs()<<FD->getNameInfo().getAsString() << "\n"; + llvm::errs() << "Tainted functions:\n"; + for (FunctionDecl *FD : TaintedFunctions) { + llvm::errs() << FD->getNameInfo().getAsString() << "\n"; } } @@ -530,7 +539,6 @@ void AnalysisConsumer::HandleDeclsCallGraph(const unsigned LocalTUDeclsSize) { if (!D) continue; - // Skip the functions which have been processed already or previously // inlined. if (shouldSkipFunction(D, Visited, VisitedAsTopLevel)) diff --git a/clang/lib/StaticAnalyzer/taint_focused/taintcalls.c b/clang/lib/StaticAnalyzer/taint_focused/taintcalls.c index d0e1e980d6..8657d8489c 100644 --- a/clang/lib/StaticAnalyzer/taint_focused/taintcalls.c +++ b/clang/lib/StaticAnalyzer/taint_focused/taintcalls.c @@ -1,25 +1,21 @@ -#include <stdlib.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> char buf[1024]; -int fetchTaintedString(char *txt){ - scanf("%s", txt); -} +int fetchTaintedString(char *txt) { scanf("%s", txt); } -int exec(char* cmd){ - system(cmd);//warn here +int exec(char *cmd) { + system(cmd); // warn here } -void topLevel(){ +void topLevel() { char cmd[2048] = "/bin/cat "; char filename[1024]; - fetchTaintedString (filename); + fetchTaintedString(filename); strcat(cmd, filename); exec(cmd); } -void printNum(int data){ - printf("Data:%d\n",data); -} \ No newline at end of file +void printNum(int data) { printf("Data:%d\n", data); } \ No newline at end of file `````````` </details> https://github.com/llvm/llvm-project/pull/112215 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits