I think on Linux overload resolution was selecting 'DiagnosticBuilder&operator<<(DiagnosticBuilder&DB,int)' for you, which is probably not right anyway. I didn't find any tests for this diagnostic, so I couldn't fix it, and ended up reverting the change in r310661.
On Thu, Aug 10, 2017 at 12:15 PM, Yan Wang via cfe-commits < cfe-commits@lists.llvm.org> wrote: > Yes. Sorry for the broken. But it works well in my Linux machine. Maybe I > should revert it first. > > Thanks, > Yan Wang > > On Thu, Aug 10, 2017 at 12:07 PM, Nico Weber <tha...@chromium.org> wrote: > >> Not sure if you've seen it, this broke the Windows build: >> http://lab.llvm.org:8011/builders/clang-x64-ninja-win7/build >> s/5880/steps/build%20stage%201/logs/stdio >> >> FAILED: C:\PROGRA~2\MICROS~3.0\VC\bin\amd64\cl.exe /nologo /TP >> -DGTEST_HAS_RTTI=0 -DUNICODE -D_CRT_NONSTDC_NO_DEPRECATE >> -D_CRT_NONSTDC_NO_WARNINGS -D_CRT_SECURE_NO_DEPRECATE >> -D_CRT_SECURE_NO_WARNINGS -D_GNU_SOURCE -D_HAS_EXCEPTIONS=0 >> -D_SCL_SECURE_NO_DEPRECATE -D_SCL_SECURE_NO_WARNINGS -D_UNICODE >> -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS >> -Itools\clang\tools\extra\clang-tidy\android >> -ID:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\extra\clang-tidy\android >> -ID:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include >> -Itools\clang\include -Iinclude >> -ID:\buildslave\clang-x64-ninja-win7\llvm\include >> /DWIN32 /D_WINDOWS /Zc:inline /Zc:strictStrings /Oi /Zc:rvalueCast /W4 >> -wd4141 -wd4146 -wd4180 -wd4244 -wd4258 -wd4267 -wd4291 -wd4345 -wd4351 >> -wd4355 -wd4456 -wd4457 -wd4458 -wd4459 -wd4503 -wd4624 -wd4722 -wd4800 >> -wd4100 -wd4127 -wd4512 -wd4505 -wd4610 -wd4510 -wd4702 -wd4245 -wd4706 >> -wd4310 -wd4701 -wd4703 -wd4389 -wd4611 -wd4805 -wd4204 -wd4577 -wd4091 >> -wd4592 -wd4319 -wd4324 -w14062 -we4238 /MD /O2 /Ob2 -UNDEBUG /EHs-c- >> /GR- /showIncludes /Fotools\clang\tools\extra\cla >> ng-tidy\android\CMakeFiles\clangTidyAndroidModule.dir\CloexecCheck.cpp.obj >> /Fdtools\clang\tools\extra\clang-tidy\android\CMakeFiles\clangTidyAndroidModule.dir\ >> /FS -c D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\ex >> tra\clang-tidy\android\CloexecCheck.cpp >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\ex >> tra\clang-tidy\android\CloexecCheck.cpp(99): error C2666: >> 'clang::operator <<': 4 overloads have similar conversions >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclObjC.h(2612): >> note: could be 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream >> &,const clang::ObjCImplementationDecl &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclObjC.h(2429): >> note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream >> &,const clang::ObjCCategoryImplDecl &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclCXX.h(3698): >> note: or 'const clang::PartialDiagnostic &clang::operator <<(const >> clang::PartialDiagnostic &,clang::AccessSpecifier)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/DeclCXX.h(3695): >> note: or 'const clang::DiagnosticBuilder &clang::operator <<(const >> clang::DiagnosticBuilder &,clang::AccessSpecifier)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Attr.h(202): >> note: or 'const clang::PartialDiagnostic &clang::operator <<(const >> clang::PartialDiagnostic &,const clang::Attr *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Attr.h(195): >> note: or 'const clang::DiagnosticBuilder &clang::operator <<(const >> clang::DiagnosticBuilder &,const clang::Attr *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Sema/CodeCompleteConsumer.h(802): note: or >> 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream &,const >> clang::CodeCompletionString &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/AST/CanonicalType.h(204): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,clang::CanQualType)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/TemplateBase.h(646): >> note: or 'const clang::DiagnosticBuilder &clang::operator <<(const >> clang::DiagnosticBuilder &,const clang::TemplateArgument &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Decl.h(3961): >> note: or 'const clang::PartialDiagnostic &clang::operator <<(const >> clang::PartialDiagnostic &,const clang::NamedDecl *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Decl.h(3955): >> note: or 'const clang::DiagnosticBuilder &clang::operator <<(const >> clang::DiagnosticBuilder &,const clang::NamedDecl *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Decl.h(404): >> note: or 'llvm::raw_ostream &clang::operator <<(llvm::raw_ostream >> &,const clang::NamedDecl &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Type.h(6024): >> note: or 'const clang::PartialDiagnostic &clang::operator <<(const >> clang::PartialDiagnostic &,clang::QualType)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/Type.h(6015): >> note: or 'const clang::DiagnosticBuilder &clang::operator <<(const >> clang::DiagnosticBuilder &,clang::QualType)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\clang/AST/TemplateName.h(309): >> note: or 'const clang::DiagnosticBuilder &clang::operator <<(const >> clang::DiagnosticBuilder &,clang::TemplateName)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/AST/NestedNameSpecifier.h(507): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,clang::NestedNameSpecifier *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/AST/DeclarationName.h(570): note: or 'llvm::raw_ostream >> &clang::operator <<(llvm::raw_ostream &,clang::DeclarationNameInfo)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/AST/DeclarationName.h(563): note: or 'const >> clang::PartialDiagnostic &clang::operator <<(const clang::PartialDiagnostic >> &,clang::DeclarationName)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/AST/DeclarationName.h(554): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,clang::DeclarationName)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/AST/DeclarationName.h(313): note: or 'llvm::raw_ostream >> &clang::operator <<(llvm::raw_ostream &,clang::DeclarationName)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/PartialDiagnostic.h(408): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,const clang::PartialDiagnostic &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/ObjCRuntime.h(361): note: or 'llvm::raw_ostream >> &clang::operator <<(llvm::raw_ostream &,const clang::ObjCRuntime &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/VersionTuple.h(165): note: or 'llvm::raw_ostream >> &clang::operator <<(llvm::raw_ostream &,const clang::VersionTuple &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1202): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,clang::DiagNullabilityKind)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1191): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,llvm::ArrayRef<clang::FixItHint>)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1185): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,const clang::FixItHint &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1179): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,const clang::CharSourceRange &)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1172): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,llvm::ArrayRef<clang::SourceRange>)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1166): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,clang::SourceRange)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1145): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,const clang::IdentifierInfo *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1139): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,clang::tok::TokenKind)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1133): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,unsigned int)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1117): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,int)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1110): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,const char *)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1104): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,llvm::StringRef)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/Diagnostic.h(1098): note: or 'const >> clang::DiagnosticBuilder &clang::operator <<(const clang::DiagnosticBuilder >> &,const clang::AddFlagValue)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\include\ >> clang/Basic/DiagnosticOptions.h(58): note: or 'llvm::raw_ostream >> &clang::operator <<(llvm::raw_ostream &,clang::DiagnosticLevelMask)' >> D:\buildslave\clang-x64-ninja-win7\llvm\tools\clang\tools\ex >> tra\clang-tidy\android\CloexecCheck.cpp(99): note: while trying to match >> the argument list '(const clang::DiagnosticBuilder, const char)' >> ninja: build stopped: subcommand failed. >> >> On Thu, Aug 10, 2017 at 1:18 PM, Yan Wang via cfe-commits < >> cfe-commits@lists.llvm.org> wrote: >> >>> Author: yawanng >>> Date: Thu Aug 10 10:18:10 2017 >>> New Revision: 310630 >>> >>> URL: http://llvm.org/viewvc/llvm-project?rev=310630&view=rev >>> Log: >>> [clang-tidy] Refactor the code and add a close-on-exec check on >>> memfd_create() in Android module. >>> >>> Summary: >>> 1. Refactor the structure of the code by adding a base class for all >>> close-on-exec checks, which implements most of the needed functions. >>> 2. memfd_create() is better to set MFD_CLOEXEC flag to avoid file >>> descriptor leakage. >>> >>> Reviewers: alexfh, aaron.ballman, hokein >>> >>> Reviewed By: alexfh, hokein >>> >>> Subscribers: Eugene.Zelenko, chh, cfe-commits, srhines, mgorny, >>> JDevlieghere, xazax.hun >>> >>> Tags: #clang-tools-extra >>> >>> Differential Revision: https://reviews.llvm.org/D35372 >>> >>> Added: >>> clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp >>> clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h >>> clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreat >>> eCheck.cpp >>> clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.h >>> clang-tools-extra/trunk/docs/clang-tidy/checks/android-cloex >>> ec-memfd-create.rst >>> clang-tools-extra/trunk/test/clang-tidy/android-cloexec-memf >>> d-create.cpp >>> Modified: >>> clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp >>> clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt >>> clang-tools-extra/trunk/docs/ReleaseNotes.rst >>> clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst >>> >>> Modified: clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule >>> .cpp >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> clang-tidy/android/AndroidTidyModule.cpp?rev=310630&r1=31062 >>> 9&r2=310630&view=diff >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp >>> (original) >>> +++ clang-tools-extra/trunk/clang-tidy/android/AndroidTidyModule.cpp >>> Thu Aug 10 10:18:10 2017 >>> @@ -12,6 +12,7 @@ >>> #include "../ClangTidyModuleRegistry.h" >>> #include "CloexecCreatCheck.h" >>> #include "CloexecFopenCheck.h" >>> +#include "CloexecMemfdCreateCheck.h" >>> #include "CloexecOpenCheck.h" >>> #include "CloexecSocketCheck.h" >>> >>> @@ -27,6 +28,8 @@ public: >>> void addCheckFactories(ClangTidyCheckFactories &CheckFactories) >>> override { >>> CheckFactories.registerCheck<CloexecCreatCheck>("android-cl >>> oexec-creat"); >>> CheckFactories.registerCheck<CloexecFopenCheck>("android-cl >>> oexec-fopen"); >>> + CheckFactories.registerCheck<CloexecMemfdCreateCheck>( >>> + "android-cloexec-memfd-create"); >>> CheckFactories.registerCheck<CloexecOpenCheck>("android-clo >>> exec-open"); >>> CheckFactories.registerCheck<CloexecSocketCheck>("android-c >>> loexec-socket"); >>> } >>> >>> Modified: clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> clang-tidy/android/CMakeLists.txt?rev=310630&r1=310629&r2=31 >>> 0630&view=diff >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt (original) >>> +++ clang-tools-extra/trunk/clang-tidy/android/CMakeLists.txt Thu Aug >>> 10 10:18:10 2017 >>> @@ -2,8 +2,10 @@ set(LLVM_LINK_COMPONENTS support) >>> >>> add_clang_library(clangTidyAndroidModule >>> AndroidTidyModule.cpp >>> + CloexecCheck.cpp >>> CloexecCreatCheck.cpp >>> CloexecFopenCheck.cpp >>> + CloexecMemfdCreateCheck.cpp >>> CloexecOpenCheck.cpp >>> CloexecSocketCheck.cpp >>> >>> >>> Added: clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> clang-tidy/android/CloexecCheck.cpp?rev=310630&view=auto >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp (added) >>> +++ clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.cpp Thu Aug >>> 10 10:18:10 2017 >>> @@ -0,0 +1,105 @@ >>> +//===--- CloexecCheck.cpp - clang-tidy-------------------- >>> -----------------===// >>> +// >>> +// The LLVM Compiler Infrastructure >>> +// >>> +// This file is distributed under the University of Illinois Open Source >>> +// License. See LICENSE.TXT for details. >>> +// >>> +//===------------------------------------------------------ >>> ----------------===// >>> + >>> +#include "CloexecCheck.h" >>> +#include "../utils/ASTUtils.h" >>> +#include "clang/AST/ASTContext.h" >>> +#include "clang/ASTMatchers/ASTMatchFinder.h" >>> +#include "clang/Lex/Lexer.h" >>> + >>> +using namespace clang::ast_matchers; >>> + >>> +namespace clang { >>> +namespace tidy { >>> +namespace android { >>> + >>> +namespace { >>> + >>> +const char *const FuncDeclBindingStr = "funcDecl"; >>> +const char *const FuncBindingStr = "func"; >>> + >>> +// Helper function to form the correct string mode for Type3. >>> +// Build the replace text. If it's string constant, add <Mode> directly >>> in the >>> +// end of the string. Else, add <Mode>. >>> +std::string buildFixMsgForStringFlag(const Expr *Arg, const >>> SourceManager &SM, >>> + const LangOptions &LangOpts, char >>> Mode) { >>> + if (Arg->getLocStart().isMacroID()) >>> + return (Lexer::getSourceText( >>> + CharSourceRange::getTokenRange(Arg->getSourceRange()), >>> SM, >>> + LangOpts) + >>> + " \"" + Twine(Mode) + "\"") >>> + .str(); >>> + >>> + StringRef SR = cast<StringLiteral>(Arg->Ignor >>> eParenCasts())->getString(); >>> + return ("\"" + SR + Twine(Mode) + "\"").str(); >>> +} >>> +} // namespace >>> + >>> +void CloexecCheck::registerMatchersImpl( >>> + MatchFinder *Finder, internal::Matcher<FunctionDecl> Function) { >>> + // We assume all the checked APIs are C functions. >>> + Finder->addMatcher( >>> + callExpr( >>> + callee(functionDecl(isExternC(), >>> Function).bind(FuncDeclBindingStr))) >>> + .bind(FuncBindingStr), >>> + this); >>> +} >>> + >>> +void CloexecCheck::insertMacroFlag(const MatchFinder::MatchResult >>> &Result, >>> + StringRef MacroFlag, int ArgPos) { >>> + const auto *MatchedCall = Result.Nodes.getNodeAs<CallExp >>> r>(FuncBindingStr); >>> + const auto *FlagArg = MatchedCall->getArg(ArgPos); >>> + const auto *FD = Result.Nodes.getNodeAs<Functio >>> nDecl>(FuncDeclBindingStr); >>> + SourceManager &SM = *Result.SourceManager; >>> + >>> + if (utils::exprHasBitFlagWithSpelling(FlagArg->IgnoreParenCasts(), >>> SM, >>> + Result.Context->getLangOpts(), >>> + MacroFlag)) >>> + return; >>> + >>> + SourceLocation EndLoc = >>> + Lexer::getLocForEndOfToken(SM.getFileLoc(FlagArg->getLocEnd()), >>> 0, SM, >>> + Result.Context->getLangOpts()); >>> + >>> + diag(EndLoc, "%0 should use %1 where possible") >>> + << FD << MacroFlag >>> + << FixItHint::CreateInsertion(EndLoc, (Twine(" | ") + >>> MacroFlag).str()); >>> +} >>> + >>> +void CloexecCheck::replaceFunc(const MatchFinder::MatchResult &Result, >>> + StringRef WarningMsg, StringRef FixMsg) { >>> + const auto *MatchedCall = Result.Nodes.getNodeAs<CallExp >>> r>(FuncBindingStr); >>> + diag(MatchedCall->getLocStart(), WarningMsg) >>> + << FixItHint::CreateReplacement(MatchedCall->getSourceRange(), >>> FixMsg); >>> +} >>> + >>> +void CloexecCheck::insertStringFlag( >>> + const ast_matchers::MatchFinder::MatchResult &Result, const char >>> Mode, >>> + const int ArgPos) { >>> + const auto *MatchedCall = Result.Nodes.getNodeAs<CallExp >>> r>(FuncBindingStr); >>> + const auto *FD = Result.Nodes.getNodeAs<Functio >>> nDecl>(FuncDeclBindingStr); >>> + const auto *ModeArg = MatchedCall->getArg(ArgPos); >>> + >>> + // Check if the <Mode> may be in the mode string. >>> + const auto *ModeStr = dyn_cast<StringLiteral>(ModeAr >>> g->IgnoreParenCasts()); >>> + if (!ModeStr || (ModeStr->getString().find(Mode) != StringRef::npos)) >>> + return; >>> + >>> + const std::string &ReplacementText = buildFixMsgForStringFlag( >>> + ModeArg, *Result.SourceManager, Result.Context->getLangOpts(), >>> Mode); >>> + >>> + diag(ModeArg->getLocStart(), "use %0 mode '%1' to set O_CLOEXEC") >>> + << FD << Mode >>> + << FixItHint::CreateReplacement(ModeArg->getSourceRange(), >>> + ReplacementText); >>> +} >>> + >>> +} // namespace android >>> +} // namespace tidy >>> +} // namespace clang >>> >>> Added: clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> clang-tidy/android/CloexecCheck.h?rev=310630&view=auto >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h (added) >>> +++ clang-tools-extra/trunk/clang-tidy/android/CloexecCheck.h Thu Aug >>> 10 10:18:10 2017 >>> @@ -0,0 +1,95 @@ >>> +//===--- CloexecCheck.h - clang-tidy-----------------------------*- >>> C++ -*-===// >>> +// >>> +// The LLVM Compiler Infrastructure >>> +// >>> +// This file is distributed under the University of Illinois Open Source >>> +// License. See LICENSE.TXT for details. >>> +// >>> +//===------------------------------------------------------ >>> ----------------===// >>> +/// >>> +/// \file >>> +/// This file contains the declaration of the CloexecCheck class, which >>> is the >>> +/// base class for all of the close-on-exec checks in Android module. >>> +/// >>> +//===------------------------------------------------------ >>> ----------------===// >>> + >>> +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_H >>> +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_H >>> + >>> +#include "../ClangTidy.h" >>> + >>> +namespace clang { >>> +namespace tidy { >>> +namespace android { >>> + >>> +/// \brief The base class for all close-on-exec checks in Android >>> module. >>> +/// To be specific, there are some functions that need the >>> close-on-exec flag to >>> +/// prevent the file descriptor leakage on fork+exec and this class >>> provides >>> +/// utilities to identify and fix these C functions. >>> +class CloexecCheck : public ClangTidyCheck { >>> +public: >>> + CloexecCheck(StringRef Name, ClangTidyContext *Context) >>> + : ClangTidyCheck(Name, Context) {} >>> + >>> +protected: >>> + void >>> + registerMatchersImpl(ast_matchers::MatchFinder *Finder, >>> + ast_matchers::internal::Matcher<FunctionDecl> >>> Function); >>> + >>> + /// Currently, we have three types of fixes. >>> + /// >>> + /// Type1 is to insert the necessary macro flag in the flag argument. >>> For >>> + /// example, 'O_CLOEXEC' is required in function 'open()', so >>> + /// \code >>> + /// open(file, O_RDONLY); >>> + /// \endcode >>> + /// should be >>> + /// \code >>> + /// open(file, O_RDONLY | O_CLOEXE); >>> + /// \endcode >>> + /// >>> + /// \param [out] Result MatchResult from AST matcher. >>> + /// \param MacroFlag The macro name of the flag. >>> + /// \param ArgPos The 0-based position of the flag argument. >>> + void insertMacroFlag(const ast_matchers::MatchFinder::MatchResult >>> &Result, >>> + StringRef MarcoFlag, int ArgPos); >>> + >>> + /// Type2 is to replace the API to another function that has required >>> the >>> + /// ability. For example: >>> + /// \code >>> + /// creat(path, mode); >>> + /// \endcode >>> + /// should be >>> + /// \code >>> + /// open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, mode) >>> + /// \endcode >>> + /// >>> + /// \param [out] Result MatchResult from AST matcher. >>> + /// \param WarningMsg The warning message. >>> + /// \param FixMsg The fix message. >>> + void replaceFunc(const ast_matchers::MatchFinder::MatchResult >>> &Result, >>> + StringRef WarningMsg, StringRef FixMsg); >>> + >>> + /// Type3 is also to add a flag to the corresponding argument, but >>> this time, >>> + /// the flag is some string and each char represents a mode rather >>> than a >>> + /// macro. For example, 'fopen' needs char 'e' in its mode argument >>> string, so >>> + /// \code >>> + /// fopen(in_file, "r"); >>> + /// \endcode >>> + /// should be >>> + /// \code >>> + /// fopen(in_file, "re"); >>> + /// \endcode >>> + /// >>> + /// \param [out] Result MatchResult from AST matcher. >>> + /// \param Mode The required mode char. >>> + /// \param ArgPos The 0-based position of the flag argument. >>> + void insertStringFlag(const ast_matchers::MatchFinder::MatchResult >>> &Result, >>> + char Mode, const int ArgPos); >>> +}; >>> + >>> +} // namespace android >>> +} // namespace tidy >>> +} // namespace clang >>> + >>> +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_H >>> >>> Added: clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreat >>> eCheck.cpp >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> clang-tidy/android/CloexecMemfdCreateCheck.cpp?rev=310630&view=auto >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.cpp >>> (added) >>> +++ clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.cpp >>> Thu Aug 10 10:18:10 2017 >>> @@ -0,0 +1,32 @@ >>> +//===--- CloexecMemfdCreateCheck.cpp - clang-tidy-------------------- >>> ------===// >>> +// >>> +// The LLVM Compiler Infrastructure >>> +// >>> +// This file is distributed under the University of Illinois Open Source >>> +// License. See LICENSE.TXT for details. >>> +// >>> +//===------------------------------------------------------ >>> ----------------===// >>> + >>> +#include "CloexecMemfdCreateCheck.h" >>> + >>> +using namespace clang::ast_matchers; >>> + >>> +namespace clang { >>> +namespace tidy { >>> +namespace android { >>> + >>> +void CloexecMemfdCreateCheck::registerMatchers(MatchFinder *Finder) { >>> + auto CharPointerType = hasType(pointerType(pointee(is >>> AnyCharacter()))); >>> + registerMatchersImpl( >>> + Finder, functionDecl(returns(isInteger()), >>> hasName("memfd_create"), >>> + hasParameter(0, CharPointerType), >>> + hasParameter(1, hasType(isInteger())))); >>> +} >>> + >>> +void CloexecMemfdCreateCheck::check(const MatchFinder::MatchResult >>> &Result) { >>> + insertMacroFlag(Result, "MFD_CLOEXEC", /*ArgPos=*/1); >>> +} >>> + >>> +} // namespace android >>> +} // namespace tidy >>> +} // namespace clang >>> >>> Added: clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreat >>> eCheck.h >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> clang-tidy/android/CloexecMemfdCreateCheck.h?rev=310630&view=auto >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.h >>> (added) >>> +++ clang-tools-extra/trunk/clang-tidy/android/CloexecMemfdCreateCheck.h >>> Thu Aug 10 10:18:10 2017 >>> @@ -0,0 +1,35 @@ >>> +//===--- CloexecMemfdCreateCheck.h - clang-tidy-----------------*- C++ >>> -*-===// >>> +// >>> +// The LLVM Compiler Infrastructure >>> +// >>> +// This file is distributed under the University of Illinois Open Source >>> +// License. See LICENSE.TXT for details. >>> +// >>> +//===------------------------------------------------------ >>> ----------------===// >>> + >>> +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_MEMFD_CREA >>> TE_H >>> +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_MEMFD_CREA >>> TE_H >>> + >>> +#include "CloexecCheck.h" >>> + >>> +namespace clang { >>> +namespace tidy { >>> +namespace android { >>> + >>> +/// Finds code that uses memfd_create() without using the MFD_CLOEXEC >>> flag. >>> +/// >>> +/// For the user-facing documentation see: >>> +/// http://clang.llvm.org/extra/clang-tidy/checks/android-cloexe >>> c-memfd-create.html >>> +class CloexecMemfdCreateCheck : public CloexecCheck { >>> +public: >>> + CloexecMemfdCreateCheck(StringRef Name, ClangTidyContext *Context) >>> + : CloexecCheck(Name, Context) {} >>> + void registerMatchers(ast_matchers::MatchFinder *Finder) override; >>> + void check(const ast_matchers::MatchFinder::MatchResult &Result) >>> override; >>> +}; >>> + >>> +} // namespace android >>> +} // namespace tidy >>> +} // namespace clang >>> + >>> +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_MEMFD_CREA >>> TE_H >>> >>> Modified: clang-tools-extra/trunk/docs/ReleaseNotes.rst >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> docs/ReleaseNotes.rst?rev=310630&r1=310629&r2=310630&view=diff >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/docs/ReleaseNotes.rst (original) >>> +++ clang-tools-extra/trunk/docs/ReleaseNotes.rst Thu Aug 10 10:18:10 >>> 2017 >>> @@ -70,6 +70,12 @@ Improvements to clang-tidy >>> ``AllowConditionalIntegerCasts`` -> ``AllowIntegerConditions``, >>> ``AllowConditionalPointerCasts`` -> ``AllowPointerConditions``. >>> >>> +- New `android-cloexec-memfd_create >>> + <http://clang.llvm.org/extra/clang-tidy/checks/android-cloex >>> ec-memfd_create.html>`_ check >>> + >>> + Checks if the required file flag ``MFD_CLOEXEC`` is present in the >>> argument of >>> + ``memfd_create()``. >>> + >>> - New `bugprone-integer-division >>> <http://clang.llvm.org/extra/clang-tidy/checks/bugprone-int >>> eger-division.html>`_ check >>> >>> >>> Added: clang-tools-extra/trunk/docs/clang-tidy/checks/android-cloex >>> ec-memfd-create.rst >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> docs/clang-tidy/checks/android-cloexec-memfd-create.rst?rev= >>> 310630&view=auto >>> ============================================================ >>> ================== >>> --- >>> clang-tools-extra/trunk/docs/clang-tidy/checks/android-cloexec-memfd-create.rst >>> (added) >>> +++ >>> clang-tools-extra/trunk/docs/clang-tidy/checks/android-cloexec-memfd-create.rst >>> Thu Aug 10 10:18:10 2017 >>> @@ -0,0 +1,18 @@ >>> +.. title:: clang-tidy - android-cloexec-memfd-create >>> + >>> +android-cloexec-memfd-create >>> +============================ >>> + >>> +``memfd_create()`` should include ``MFD_CLOEXEC`` in its type argument >>> to avoid >>> +the file descriptor leakage. Without this flag, an opened sensitive >>> file would >>> +remain open across a fork+exec to a lower-privileged SELinux domain. >>> + >>> +Examples: >>> + >>> +.. code-block:: c++ >>> + >>> + memfd_create(name, MFD_ALLOW_SEALING); >>> + >>> + // becomes >>> + >>> + memfd_create(name, MFD_ALLOW_SEALING | MFD_CLOEXEC); >>> >>> Modified: clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> docs/clang-tidy/checks/list.rst?rev=310630&r1=310629&r2=310630&view=diff >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst (original) >>> +++ clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst Thu Aug 10 >>> 10:18:10 2017 >>> @@ -6,6 +6,7 @@ Clang-Tidy Checks >>> .. toctree:: >>> android-cloexec-creat >>> android-cloexec-fopen >>> + android-cloexec-memfd-create >>> android-cloexec-open >>> android-cloexec-socket >>> boost-use-to-string >>> >>> Added: clang-tools-extra/trunk/test/clang-tidy/android-cloexec-memf >>> d-create.cpp >>> URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/ >>> test/clang-tidy/android-cloexec-memfd-create.cpp?rev=310630&view=auto >>> ============================================================ >>> ================== >>> --- clang-tools-extra/trunk/test/clang-tidy/android-cloexec-memfd-create.cpp >>> (added) >>> +++ clang-tools-extra/trunk/test/clang-tidy/android-cloexec-memfd-create.cpp >>> Thu Aug 10 10:18:10 2017 >>> @@ -0,0 +1,63 @@ >>> +// RUN: %check_clang_tidy %s android-cloexec-memfd-create %t >>> + >>> +#define MFD_ALLOW_SEALING 1 >>> +#define __O_CLOEXEC 3 >>> +#define MFD_CLOEXEC __O_CLOEXEC >>> +#define TEMP_FAILURE_RETRY(exp) \ >>> + ({ \ >>> + int _rc; \ >>> + do { \ >>> + _rc = (exp); \ >>> + } while (_rc == -1); \ >>> + }) >>> +#define NULL 0 >>> + >>> +extern "C" int memfd_create(const char *name, unsigned int flags); >>> + >>> +void a() { >>> + memfd_create(NULL, MFD_ALLOW_SEALING); >>> + // CHECK-MESSAGES: :[[@LINE-1]]:39: warning: 'memfd_create' should >>> use MFD_CLOEXEC where possible [android-cloexec-memfd-create] >>> + // CHECK-FIXES: memfd_create(NULL, MFD_ALLOW_SEALING | MFD_CLOEXEC) >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING)); >>> + // CHECK-MESSAGES: :[[@LINE-1]]:58: warning: 'memfd_create' >>> + // CHECK-FIXES: TEMP_FAILURE_RETRY(memfd_create(NULL, >>> MFD_ALLOW_SEALING | MFD_CLOEXEC)) >>> +} >>> + >>> +void f() { >>> + memfd_create(NULL, 3); >>> + // CHECK-MESSAGES: :[[@LINE-1]]:23: warning: 'memfd_create' >>> + // CHECK-FIXES: memfd_create(NULL, 3 | MFD_CLOEXEC) >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, 3)); >>> + // CHECK-MESSAGES: :[[@LINE-1]]:42: warning: 'memfd_create' >>> + // CHECK-FIXES: TEMP_FAILURE_RETRY(memfd_create(NULL, 3 | >>> MFD_CLOEXEC)) >>> + >>> + int flag = 3; >>> + memfd_create(NULL, flag); >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, flag)); >>> +} >>> + >>> +namespace i { >>> +int memfd_create(const char *name, unsigned int flags); >>> + >>> +void d() { >>> + memfd_create(NULL, MFD_ALLOW_SEALING); >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING)); >>> +} >>> + >>> +} // namespace i >>> + >>> +void e() { >>> + memfd_create(NULL, MFD_CLOEXEC); >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_CLOEXEC)); >>> + memfd_create(NULL, MFD_ALLOW_SEALING | MFD_CLOEXEC); >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING | >>> MFD_CLOEXEC)); >>> +} >>> + >>> +class G { >>> +public: >>> + int memfd_create(const char *name, unsigned int flags); >>> + void d() { >>> + memfd_create(NULL, MFD_ALLOW_SEALING); >>> + TEMP_FAILURE_RETRY(memfd_create(NULL, MFD_ALLOW_SEALING)); >>> + } >>> +}; >>> >>> >>> _______________________________________________ >>> cfe-commits mailing list >>> cfe-commits@lists.llvm.org >>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits >>> >> >> > > _______________________________________________ > cfe-commits mailing list > cfe-commits@lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits > >
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
