Not sure if you've seen it, this broke the Windows build: http://lab.llvm.org:8011/builders/clang-x64-ninja-win7/builds/5880/steps/build%20stage%201/logs/stdio
FAILED: C:\PROGRA~2\MICROS~3.0\VC\bin\amd64\cl.exe /nologo /TP -DGTEST_HAS_RTTI=0 -DUNICODE -D_CRT_NONSTDC_NO_DEPRECATE -D_CRT_NONSTDC_NO_WARNINGS -D_CRT_SECURE_NO_DEPRECATE -D_CRT_SECURE_NO_WARNINGS -D_GNU_SOURCE -D_HAS_EXCEPTIONS=0 -D_SCL_SECURE_NO_DEPRECATE -D_SCL_SECURE_NO_WARNINGS -D_UNICODE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -Itools\clang\tools\extra\clang-tidy\android -ID:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\extra\clang-tidy\android -ID:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include -Itools\clang\include -Iinclude -ID:\buildslave\clang-x64-ninja-win7\llvm\include /DWIN32 /D_WINDOWS /Zc:inline /Zc:strictStrings /Oi /Zc:rvalueCast /W4 -wd4141 -wd4146 -wd4180 -wd4244 -wd4258 -wd4267 -wd4291 -wd4345 -wd4351 -wd4355 -wd4456 -wd4457 -wd4458 -wd4459 -wd4503 -wd4624 -wd4722 -wd4800 -wd4100 -wd4127 -wd4512 -wd4505 -wd4610 -wd4510 -wd4702 -wd4245 -wd4706 -wd4310 -wd4701 -wd4703 -wd4389 -wd4611 -wd4805 -wd4204 -wd4577 -wd4091 -wd4592 -wd4319 -wd4324 -w14062 -we4238 /MD /O2 /Ob2 -UNDEBUG /EHs-c- /GR- /showIncludes /Fotools\clang\tools\extra\clang-tidy\android\CMakeFiles\clangTidyAndroidModule.dir\CloexecCheck.cpp.obj /Fdtools\clang\tools\extra\clang-tidy\android\CMakeFiles\clangTidyAndroidModule.dir\ /FS -c D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\extra\clang-tidy\android\CloexecCheck.cpp D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\extra\clang-tidy\android\CloexecCheck.cpp(99): error C2666: 'clang::operator <<': 4 overloads have similar conversions D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclObjC.h(2612): note: could be 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const clang::ObjCImplementationDecl &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclObjC.h(2429): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const clang::ObjCCategoryImplDecl &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclCXX.h(3698): note: or 'const clang::PartialDiagnostic &clang::operator <<(const clang::PartialDiagnostic &,clang::AccessSpecifier)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclCXX.h(3695): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::AccessSpecifier)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Attr.h(202): note: or 'const clang::PartialDiagnostic &clang::operator <<(const clang::PartialDiagnostic &,const clang::Attr *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Attr.h(195): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::Attr *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Sema/CodeCompleteConsumer.h(802): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const clang::CodeCompletionString &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/CanonicalType.h(204): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::CanQualType)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/TemplateBase.h(646): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::TemplateArgument &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Decl.h(3961): note: or 'const clang::PartialDiagnostic &clang::operator <<(const clang::PartialDiagnostic &,const clang::NamedDecl *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Decl.h(3955): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::NamedDecl *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Decl.h(404): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const clang::NamedDecl &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Type.h(6024): note: or 'const clang::PartialDiagnostic &clang::operator <<(const clang::PartialDiagnostic &,clang::QualType)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Type.h(6015): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::QualType)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/TemplateName.h(309): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::TemplateName)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/NestedNameSpecifier.h(507): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::NestedNameSpecifier *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclarationName.h(570): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,clang::DeclarationNameInfo)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclarationName.h(563): note: or 'const clang::PartialDiagnostic &clang::operator <<(const clang::PartialDiagnostic &,clang::DeclarationName)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclarationName.h(554): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::DeclarationName)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclarationName.h(313): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,clang::DeclarationName)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/PartialDiagnostic.h(408): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::PartialDiagnostic &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/ObjCRuntime.h(361): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const clang::ObjCRuntime &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/VersionTuple.h(165): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const clang::VersionTuple &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1202): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::DiagNullabilityKind)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1191): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,llvm::ArrayRef<clang::FixItHint>)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1185): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::FixItHint &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1179): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::CharSourceRange &)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1172): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,llvm::ArrayRef<clang::SourceRange>)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1166): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::SourceRange)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1145): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::IdentifierInfo *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1139): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,clang::tok::TokenKind)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1133): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,unsigned int)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1117): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,int)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1110): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const char *)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1104): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,llvm::StringRef)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/Diagnostic.h(1098): note: or 'const clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder &,const clang::AddFlagValue)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/Basic/DiagnosticOptions.h(58): note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,clang::DiagnosticLevelMask)' D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\extra\clang-tidy\android\CloexecCheck.cpp(99): note: while trying to match the argument list '(const clang::DiagnosticBuilder, const char)' ninja: build stopped: subcommand failed. On Thu, Aug 10, 2017 at 1:18 PM, Yan Wang via cfe-commits < cfe-commits@lists.llvm.org> wrote: > Author: yawanng > Date: Thu Aug 10 10:18:10 2017 > New Revision: 310630 > > URL: http://llvm.org/viewvc/llvm-project?rev=310630&view=rev > Log: > [clang-tidy] Refactor the code and add a close-on-exec check on > memfd_create() in Android module. > > Summary: > 1. Refactor the structure of the code by adding a base class for all > close-on-exec checks, which implements most of the needed functions. > 2. memfd_create() is better to set MFD_CLOEXEC flag to avoid file > descriptor leakage. > > Reviewers: alexfh, aaron.ballman, hokein > > Reviewed By: alexfh, hokein > > Subscribers: Eugene.Zelenko, chh, cfe-commits, srhines, mgorny, > JDevlieghere, xazax.hun > > Tags: #clang-tools-extra > > Differential Revision: https://reviews.llvm.org/D35372 > > Added: > clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp > clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h > clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.cpp > clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.h > clang-tools-extra/trunk/docs/clang-tidy/checks/android- > cloexec-memfd-create.rst > clang-tools-extra/trunk/test/clang-tidy/android-cloexec- > memfd-create.cpp > Modified: > clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp > clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt > clang-tools-extra/trunk/docs/ReleaseNotes.rst > clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst > > Modified: clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/clang-tidy/android/AndroidTidyModule.cpp?rev= > 310630&r1=310629&r2=310630&view=diff > ============================================================ > ================== > --- clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp > (original) > +++ clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp Thu > Aug 10 10:18:10 2017 > @@ -12,6 +12,7 @@ > #include "../ClangTidyModuleRegistry.h" > #include "CloexecCreatCheck.h" > #include "CloexecFopenCheck.h" > +#include "CloexecMemfdCreateCheck.h" > #include "CloexecOpenCheck.h" > #include "CloexecSocketCheck.h" > > @@ -27,6 +28,8 @@ public: > void addCheckFactories(ClangTidyCheckFactories &CheckFactories) > override { > CheckFactories.registerCheck<CloexecCreatCheck>("android- > cloexec-creat"); > CheckFactories.registerCheck<CloexecFopenCheck>("android- > cloexec-fopen"); > + CheckFactories.registerCheck<CloexecMemfdCreateCheck>( > + "android-cloexec-memfd-create"); > CheckFactories.registerCheck<CloexecOpenCheck>("android- > cloexec-open"); > CheckFactories.registerCheck<CloexecSocketCheck>("android- > cloexec-socket"); > } > > Modified: clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/clang-tidy/android/CMakeLists.txt?rev=310630&r1= > 310629&r2=310630&view=diff > ============================================================ > ================== > --- clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt (original) > +++ clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt Thu Aug 10 > 10:18:10 2017 > @@ -2,8 +2,10 @@ set(LLVM_LINK_COMPONENTS support) > > add_clang_library(clangTidyAndroidModule > AndroidTidyModule.cpp > + CloexecCheck.cpp > CloexecCreatCheck.cpp > CloexecFopenCheck.cpp > + CloexecMemfdCreateCheck.cpp > CloexecOpenCheck.cpp > CloexecSocketCheck.cpp > > > Added: clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/clang-tidy/android/CloexecCheck.cpp?rev=310630&view=auto > ============================================================ > ================== > --- clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp (added) > +++ clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp Thu Aug > 10 10:18:10 2017 > @@ -0,0 +1,105 @@ > +//===--- CloexecCheck.cpp - clang-tidy-------------------- > -----------------===// > +// > +// The LLVM Compiler Infrastructure > +// > +// This file is distributed under the University of Illinois Open Source > +// License. See LICENSE.TXT for details. > +// > +//===------------------------------------------------------ > ----------------===// > + > +#include "CloexecCheck.h" > +#include "../utils/ASTUtils.h" > +#include "clang/AST/ASTContext.h" > +#include "clang/ASTMatchers/ASTMatchFinder.h" > +#include "clang/Lex/Lexer.h" > + > +using namespace clang::ast_matchers; > + > +namespace clang { > +namespace tidy { > +namespace android { > + > +namespace { > + > +const char *const FuncDeclBindingStr = "funcDecl"; > +const char *const FuncBindingStr = "func"; > + > +// Helper function to form the correct string mode for Type3. > +// Build the replace text. If it's string constant, add <Mode> directly > in the > +// end of the string. Else, add <Mode>. > +std::string buildFixMsgForStringFlag(const Expr *Arg, const SourceManager > &SM, > + const LangOptions &LangOpts, char > Mode) { > + if (Arg->getLocStart().isMacroID()) > + return (Lexer::getSourceText( > + CharSourceRange::getTokenRange(Arg->getSourceRange()), > SM, > + LangOpts) + > + " \"" + Twine(Mode) + "\"") > + .str(); > + > + StringRef SR = cast<StringLiteral>(Arg->IgnoreParenCasts())-> > getString(); > + return ("\"" + SR + Twine(Mode) + "\"").str(); > +} > +} // namespace > + > +void CloexecCheck::registerMatchersImpl( > + MatchFinder *Finder, internal::Matcher<FunctionDecl> Function) { > + // We assume all the checked APIs are C functions. > + Finder->addMatcher( > + callExpr( > + callee(functionDecl(isExternC(), Function).bind( > FuncDeclBindingStr))) > + .bind(FuncBindingStr), > + this); > +} > + > +void CloexecCheck::insertMacroFlag(const MatchFinder::MatchResult > &Result, > + StringRef MacroFlag, int ArgPos) { > + const auto *MatchedCall = Result.Nodes.getNodeAs< > CallExpr>(FuncBindingStr); > + const auto *FlagArg = MatchedCall->getArg(ArgPos); > + const auto *FD = Result.Nodes.getNodeAs<FunctionDecl>( > FuncDeclBindingStr); > + SourceManager &SM = *Result.SourceManager; > + > + if (utils::exprHasBitFlagWithSpelling(FlagArg->IgnoreParenCasts(), SM, > + Result.Context->getLangOpts(), > + MacroFlag)) > + return; > + > + SourceLocation EndLoc = > + Lexer::getLocForEndOfToken(SM.getFileLoc(FlagArg->getLocEnd()), 0, > SM, > + Result.Context->getLangOpts()); > + > + diag(EndLoc, "%0 should use %1 where possible") > + << FD << MacroFlag > + << FixItHint::CreateInsertion(EndLoc, (Twine(" | ") + > MacroFlag).str()); > +} > + > +void CloexecCheck::replaceFunc(const MatchFinder::MatchResult &Result, > + StringRef WarningMsg, StringRef FixMsg) { > + const auto *MatchedCall = Result.Nodes.getNodeAs< > CallExpr>(FuncBindingStr); > + diag(MatchedCall->getLocStart(), WarningMsg) > + << FixItHint::CreateReplacement(MatchedCall->getSourceRange(), > FixMsg); > +} > + > +void CloexecCheck::insertStringFlag( > + const ast_matchers::MatchFinder::MatchResult &Result, const char > Mode, > + const int ArgPos) { > + const auto *MatchedCall = Result.Nodes.getNodeAs< > CallExpr>(FuncBindingStr); > + const auto *FD = Result.Nodes.getNodeAs<FunctionDecl>( > FuncDeclBindingStr); > + const auto *ModeArg = MatchedCall->getArg(ArgPos); > + > + // Check if the <Mode> may be in the mode string. > + const auto *ModeStr = dyn_cast<StringLiteral>( > ModeArg->IgnoreParenCasts()); > + if (!ModeStr || (ModeStr->getString().find(Mode) != StringRef::npos)) > + return; > + > + const std::string &ReplacementText = buildFixMsgForStringFlag( > + ModeArg, *Result.SourceManager, Result.Context->getLangOpts(), > Mode); > + > + diag(ModeArg->getLocStart(), "use %0 mode '%1' to set O_CLOEXEC") > + << FD << Mode > + << FixItHint::CreateReplacement(ModeArg->getSourceRange(), > + ReplacementText); > +} > + > +} // namespace android > +} // namespace tidy > +} // namespace clang > > Added: clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/clang-tidy/android/CloexecCheck.h?rev=310630&view=auto > ============================================================ > ================== > --- clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h (added) > +++ clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h Thu Aug 10 > 10:18:10 2017 > @@ -0,0 +1,95 @@ > +//===--- CloexecCheck.h - clang-tidy-----------------------------*- C++ > -*-===// > +// > +// The LLVM Compiler Infrastructure > +// > +// This file is distributed under the University of Illinois Open Source > +// License. See LICENSE.TXT for details. > +// > +//===------------------------------------------------------ > ----------------===// > +/// > +/// \file > +/// This file contains the declaration of the CloexecCheck class, which > is the > +/// base class for all of the close-on-exec checks in Android module. > +/// > +//===------------------------------------------------------ > ----------------===// > + > +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_H > +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_H > + > +#include "../ClangTidy.h" > + > +namespace clang { > +namespace tidy { > +namespace android { > + > +/// \brief The base class for all close-on-exec checks in Android module. > +/// To be specific, there are some functions that need the close-on-exec > flag to > +/// prevent the file descriptor leakage on fork+exec and this class > provides > +/// utilities to identify and fix these C functions. > +class CloexecCheck : public ClangTidyCheck { > +public: > + CloexecCheck(StringRef Name, ClangTidyContext *Context) > + : ClangTidyCheck(Name, Context) {} > + > +protected: > + void > + registerMatchersImpl(ast_matchers::MatchFinder *Finder, > + ast_matchers::internal::Matcher<FunctionDecl> > Function); > + > + /// Currently, we have three types of fixes. > + /// > + /// Type1 is to insert the necessary macro flag in the flag argument. > For > + /// example, 'O_CLOEXEC' is required in function 'open()', so > + /// \code > + /// open(file, O_RDONLY); > + /// \endcode > + /// should be > + /// \code > + /// open(file, O_RDONLY | O_CLOEXE); > + /// \endcode > + /// > + /// \param [out] Result MatchResult from AST matcher. > + /// \param MacroFlag The macro name of the flag. > + /// \param ArgPos The 0-based position of the flag argument. > + void insertMacroFlag(const ast_matchers::MatchFinder::MatchResult > &Result, > + StringRef MarcoFlag, int ArgPos); > + > + /// Type2 is to replace the API to another function that has required > the > + /// ability. For example: > + /// \code > + /// creat(path, mode); > + /// \endcode > + /// should be > + /// \code > + /// open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, mode) > + /// \endcode > + /// > + /// \param [out] Result MatchResult from AST matcher. > + /// \param WarningMsg The warning message. > + /// \param FixMsg The fix message. > + void replaceFunc(const ast_matchers::MatchFinder::MatchResult &Result, > + StringRef WarningMsg, StringRef FixMsg); > + > + /// Type3 is also to add a flag to the corresponding argument, but this > time, > + /// the flag is some string and each char represents a mode rather than > a > + /// macro. For example, 'fopen' needs char 'e' in its mode argument > string, so > + /// \code > + /// fopen(in_file, "r"); > + /// \endcode > + /// should be > + /// \code > + /// fopen(in_file, "re"); > + /// \endcode > + /// > + /// \param [out] Result MatchResult from AST matcher. > + /// \param Mode The required mode char. > + /// \param ArgPos The 0-based position of the flag argument. > + void insertStringFlag(const ast_matchers::MatchFinder::MatchResult > &Result, > + char Mode, const int ArgPos); > +}; > + > +} // namespace android > +} // namespace tidy > +} // namespace clang > + > +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_H > > Added: clang-tools-extra/trunk/clang-tidy/android/ > CloexecMemfdCreateCheck.cpp > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/clang-tidy/android/CloexecMemfdCreateCheck.cpp?rev=310630&view=auto > ============================================================ > ================== > --- clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.cpp > (added) > +++ clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.cpp > Thu Aug 10 10:18:10 2017 > @@ -0,0 +1,32 @@ > +//===--- CloexecMemfdCreateCheck.cpp - clang-tidy-------------------- > ------===// > +// > +// The LLVM Compiler Infrastructure > +// > +// This file is distributed under the University of Illinois Open Source > +// License. See LICENSE.TXT for details. > +// > +//===------------------------------------------------------ > ----------------===// > + > +#include "CloexecMemfdCreateCheck.h" > + > +using namespace clang::ast_matchers; > + > +namespace clang { > +namespace tidy { > +namespace android { > + > +void CloexecMemfdCreateCheck::registerMatchers(MatchFinder *Finder) { > + auto CharPointerType = hasType(pointerType(pointee(isAnyCharacter()))); > + registerMatchersImpl( > + Finder, functionDecl(returns(isInteger()), hasName("memfd_create"), > + hasParameter(0, CharPointerType), > + hasParameter(1, hasType(isInteger())))); > +} > + > +void CloexecMemfdCreateCheck::check(const MatchFinder::MatchResult > &Result) { > + insertMacroFlag(Result, "MFD_CLOEXEC", /*ArgPos=*/1); > +} > + > +} // namespace android > +} // namespace tidy > +} // namespace clang > > Added: clang-tools-extra/trunk/clang-tidy/android/ > CloexecMemfdCreateCheck.h > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/clang-tidy/android/CloexecMemfdCreateCheck.h?rev=310630&view=auto > ============================================================ > ================== > --- clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.h > (added) > +++ clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.h > Thu Aug 10 10:18:10 2017 > @@ -0,0 +1,35 @@ > +//===--- CloexecMemfdCreateCheck.h - clang-tidy-----------------*- C++ > -*-===// > +// > +// The LLVM Compiler Infrastructure > +// > +// This file is distributed under the University of Illinois Open Source > +// License. See LICENSE.TXT for details. > +// > +//===------------------------------------------------------ > ----------------===// > + > +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_MEMFD_CREATE_H > +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_MEMFD_CREATE_H > + > +#include "CloexecCheck.h" > + > +namespace clang { > +namespace tidy { > +namespace android { > + > +/// Finds code that uses memfd_create() without using the MFD_CLOEXEC > flag. > +/// > +/// For the user-facing documentation see: > +/// http://clang.llvm.org/extra/clang-tidy/checks/android- > cloexec-memfd-create.html > +class CloexecMemfdCreateCheck : public CloexecCheck { > +public: > + CloexecMemfdCreateCheck(StringRef Name, ClangTidyContext *Context) > + : CloexecCheck(Name, Context) {} > + void registerMatchers(ast_matchers::MatchFinder *Finder) override; > + void check(const ast_matchers::MatchFinder::MatchResult &Result) > override; > +}; > + > +} // namespace android > +} // namespace tidy > +} // namespace clang > + > +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_MEMFD_ > CREATE_H > > Modified: clang-tools-extra/trunk/docs/ReleaseNotes.rst > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/docs/ReleaseNotes.rst?rev=310630&r1=310629&r2=310630&view=diff > ============================================================ > ================== > --- clang-tools-extra/trunk/docs/ReleaseNotes.rst (original) > +++ clang-tools-extra/trunk/docs/ReleaseNotes.rst Thu Aug 10 10:18:10 2017 > @@ -70,6 +70,12 @@ Improvements to clang-tidy > ``AllowConditionalIntegerCasts`` -> ``AllowIntegerConditions``, > ``AllowConditionalPointerCasts`` -> ``AllowPointerConditions``. > > +- New `android-cloexec-memfd_create > + <http://clang.llvm.org/extra/clang-tidy/checks/android- > cloexec-memfd_create.html>`_ check > + > + Checks if the required file flag ``MFD_CLOEXEC`` is present in the > argument of > + ``memfd_create()``. > + > - New `bugprone-integer-division > <http://clang.llvm.org/extra/clang-tidy/checks/bugprone- > integer-division.html>`_ check > > > Added: clang-tools-extra/trunk/docs/clang-tidy/checks/android- > cloexec-memfd-create.rst > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/docs/clang-tidy/checks/android-cloexec-memfd-create. > rst?rev=310630&view=auto > ============================================================ > ================== > --- > clang-tools-extra/trunk/docs/clang-tidy/checks/android-cloexec-memfd-create.rst > (added) > +++ > clang-tools-extra/trunk/docs/clang-tidy/checks/android-cloexec-memfd-create.rst > Thu Aug 10 10:18:10 2017 > @@ -0,0 +1,18 @@ > +.. title:: clang-tidy - android-cloexec-memfd-create > + > +android-cloexec-memfd-create > +============================ > + > +``memfd_create()`` should include ``MFD_CLOEXEC`` in its type argument to > avoid > +the file descriptor leakage. Without this flag, an opened sensitive file > would > +remain open across a fork+exec to a lower-privileged SELinux domain. > + > +Examples: > + > +.. code-block:: c++ > + > + memfd_create(name, MFD_ALLOW_SEALING); > + > + // becomes > + > + memfd_create(name, MFD_ALLOW_SEALING | MFD_CLOEXEC); > > Modified: clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/docs/clang-tidy/checks/list.rst?rev=310630&r1=310629& > r2=310630&view=diff > ============================================================ > ================== > --- clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst (original) > +++ clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst Thu Aug 10 > 10:18:10 2017 > @@ -6,6 +6,7 @@ Clang-Tidy Checks > .. toctree:: > android-cloexec-creat > android-cloexec-fopen > + android-cloexec-memfd-create > android-cloexec-open > android-cloexec-socket > boost-use-to-string > > Added: clang-tools-extra/trunk/test/clang-tidy/android-cloexec- > memfd-create.cpp > URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/ > trunk/test/clang-tidy/android-cloexec-memfd-create.cpp?rev= > 310630&view=auto > ============================================================ > ================== > --- clang-tools-extra/trunk/test/clang-tidy/android-cloexec-memfd-create.cpp > (added) > +++ clang-tools-extra/trunk/test/clang-tidy/android-cloexec-memfd-create.cpp > Thu Aug 10 10:18:10 2017 > @@ -0,0 +1,63 @@ > +// RUN: %check_clang_tidy %s android-cloexec-memfd-create %t > + > +#define MFD_ALLOW_SEALING 1 > +#define __O_CLOEXEC 3 > +#define MFD_CLOEXEC __O_CLOEXEC > +#define TEMP_FAILURE_RETRY(exp) \ > + ({ \ > + int _rc; \ > + do { \ > + _rc = (exp); \ > + } while (_rc == -1); \ > + }) > +#define NULL 0 > + > +extern "C" int memfd_create(const char *name, unsigned int flags); > + > +void a() { > + memfd_create(NULL, MFD_ALLOW_SEALING); > + // CHECK-MESSAGES: :[[@LINE-1]]:39: warning: 'memfd_create' should use > MFD_CLOEXEC where possible [android-cloexec-memfd-create] > + // CHECK-FIXES: memfd_create(NULL, MFD_ALLOW_SEALING | MFD_CLOEXEC) > + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING)); > + // CHECK-MESSAGES: :[[@LINE-1]]:58: warning: 'memfd_create' > + // CHECK-FIXES: TEMP_FAILURE_RETRY(memfd_create(NULL, > MFD_ALLOW_SEALING | MFD_CLOEXEC)) > +} > + > +void f() { > + memfd_create(NULL, 3); > + // CHECK-MESSAGES: :[[@LINE-1]]:23: warning: 'memfd_create' > + // CHECK-FIXES: memfd_create(NULL, 3 | MFD_CLOEXEC) > + TEMP_FAILURE_RETRY(memfd_create(NULL, 3)); > + // CHECK-MESSAGES: :[[@LINE-1]]:42: warning: 'memfd_create' > + // CHECK-FIXES: TEMP_FAILURE_RETRY(memfd_create(NULL, 3 | MFD_CLOEXEC)) > + > + int flag = 3; > + memfd_create(NULL, flag); > + TEMP_FAILURE_RETRY(memfd_create(NULL, flag)); > +} > + > +namespace i { > +int memfd_create(const char *name, unsigned int flags); > + > +void d() { > + memfd_create(NULL, MFD_ALLOW_SEALING); > + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING)); > +} > + > +} // namespace i > + > +void e() { > + memfd_create(NULL, MFD_CLOEXEC); > + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_CLOEXEC)); > + memfd_create(NULL, MFD_ALLOW_SEALING | MFD_CLOEXEC); > + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING | > MFD_CLOEXEC)); > +} > + > +class G { > +public: > + int memfd_create(const char *name, unsigned int flags); > + void d() { > + memfd_create(NULL, MFD_ALLOW_SEALING); > + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING)); > + } > +}; > > > _______________________________________________ > cfe-commits mailing list > cfe-commits@lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits >
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
