[PATCH] D42645: New simple Checker for mmap calls

Artem Dergachev via Phabricator via cfe-commits Thu, 08 Feb 2018 13:07:45 -0800

NoQ added a comment.

Hmm, maybe it'd also be a good idea to disable the check completely when a 
likely-correct value for the macro cannot be determined.




================
Comment at: lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp:74-75
+      mgr.registerChecker<MmapWriteExecChecker>();
+  Mwec->ProtExecOv =
+    mgr.getAnalyzerOptions().getOptionAsInteger("MmapProtExec", 0x04, Mwec);
+}
----------------
You'd probably want to be able to set both `PROT_READ` and `PROT_EXEC`, to be 
fully flexible.


================
Comment at: test/Analysis/mmap-writeexec.c:1
+// RUN: %clang_analyze_cc1 -triple i686-unknown-linux 
-analyzer-checker=security.MmapWriteExec -analyzer-config 
security.MmapWriteExec:MmapProtExec=1 -DPROT_EXEC=1 -verify %s
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-apple-darwin10 
-analyzer-checker=security.MmapWriteExec -verify %s
----------------
I think you should use an unrelated macro, eg. `-analyzer-config 
security.MmapWriteExec:MmapProtExec=1 -DUSE_ALTERNATIVE_PROT_EXEC_DEFINITION`, 
to trigger different definitions in the tests, i.e.
```
#ifndef USE_ALTERNATIVE_PROT_EXEC_DEFINITION
#define PROT_READ   0x01
#define PROT_EXEC   0x04
#else
#define PROT_READ   0x04
#define PROT_EXEC   0x01
#endif
```


Repository:
  rC Clang

https://reviews.llvm.org/D42645



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D42645: New simple Checker for mmap calls

Reply via email to