https://github.com/gamesh411 updated https://github.com/llvm/llvm-project/pull/168704
From dae8506bc6eafa1fcc10e03e3bf7678c17a0babe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?= <[email protected]> Date: Wed, 19 Nov 2025 10:47:40 +0100 Subject: [PATCH 1/4] [clang][analyzer] Add ReportInC99AndEarlier option to DeprecatedOrUnsafeBufferHandling checker The checker may report warnings for deprecated buffer handling functions (memcpy, memset, memmove, etc.) even when not compiling with C11 standard if the new option "ReportInC99AndEarlier" is set to true. These functions became deprecated in C11, but may still be problematic in earlier C standards. --- clang/docs/analyzer/checkers.rst | 7 +++ .../clang/StaticAnalyzer/Checkers/Checkers.td | 21 +++++--- .../Checkers/CheckSecuritySyntaxOnly.cpp | 22 ++++++++- .../Analysis/Inputs/system-header-simulator.h | 1 + clang/test/Analysis/analyzer-config.c | 1 + ...ecated-buffer-handling-allow-without-c11.c | 48 +++++++++++++++++++ 6 files changed, 92 insertions(+), 8 deletions(-) create mode 100644 clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index 31edf9e99dc7d..d93cfe5806ebb 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -1785,6 +1785,13 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C) strncpy(buf, "a", 1); // warn } +The ``AllowWithoutC11`` option allows reporting warnings for these functions even when not compiling with C11 standard. These functions are deprecated in C11, but may still be problematic in earlier C standards. + +To enable this option, use: +``-analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true``. + +By default, this option is set to *false*. + .. _security-MmapWriteExec: security.MmapWriteExec (C) diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td index ffae3b9310979..310dac5340a18 100644 --- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td +++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td @@ -901,12 +901,21 @@ def UncheckedReturn : Checker<"UncheckedReturn">, Dependencies<[SecuritySyntaxChecker]>, Documentation<HasDocumentation>; -def DeprecatedOrUnsafeBufferHandling : - Checker<"DeprecatedOrUnsafeBufferHandling">, - HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " - "functions">, - Dependencies<[SecuritySyntaxChecker]>, - Documentation<HasDocumentation>; +def DeprecatedOrUnsafeBufferHandling + : Checker<"DeprecatedOrUnsafeBufferHandling">, + HelpText<"Warn on uses of unsecure or deprecated buffer manipulating " + "functions">, + Dependencies<[SecuritySyntaxChecker]>, + CheckerOptions< + [CmdLineOption< + Boolean, "AllowWithoutC11", + "Allow reporting deprecated or unsafe buffer handling " + "functions even when not compiling with C11 standard. " + "These functions are deprecated in C11, but may still be " + "problematic in earlier C standards.", + "false", Released>, +]>, + Documentation<HasDocumentation>; def decodeValueOfObjCType : Checker<"decodeValueOfObjCType">, HelpText<"Warn on uses of the '-decodeValueOfObjCType:at:' method">, diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp index 5e75c1c4a3abd..e07c9dcbad9fe 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp @@ -50,6 +50,8 @@ struct ChecksFilter { bool check_UncheckedReturn = false; bool check_decodeValueOfObjCType = false; + bool allowDeprecatedOrUnsafeBufferHandlingWithoutC11 = false; + CheckerNameRef checkName_bcmp; CheckerNameRef checkName_bcopy; CheckerNameRef checkName_bzero; @@ -754,7 +756,8 @@ void WalkAST::checkDeprecatedOrUnsafeBufferHandling(const CallExpr *CE, if (!filter.check_DeprecatedOrUnsafeBufferHandling) return; - if (!BR.getContext().getLangOpts().C11) + if (!(BR.getContext().getLangOpts().C11 || + filter.allowDeprecatedOrUnsafeBufferHandlingWithoutC11)) return; // Issue a warning. ArgIndex == -1: Deprecated but not unsafe (has size @@ -1113,5 +1116,20 @@ REGISTER_CHECKER(rand) REGISTER_CHECKER(vfork) REGISTER_CHECKER(FloatLoopCounter) REGISTER_CHECKER(UncheckedReturn) -REGISTER_CHECKER(DeprecatedOrUnsafeBufferHandling) + +void ento::registerDeprecatedOrUnsafeBufferHandling(CheckerManager &mgr) { + SecuritySyntaxChecker *checker = mgr.getChecker<SecuritySyntaxChecker>(); + checker->filter.check_DeprecatedOrUnsafeBufferHandling = true; + checker->filter.checkName_DeprecatedOrUnsafeBufferHandling = + mgr.getCurrentCheckerName(); + checker->filter.allowDeprecatedOrUnsafeBufferHandlingWithoutC11 = + mgr.getAnalyzerOptions().getCheckerBooleanOption( + mgr.getCurrentCheckerName(), "AllowWithoutC11"); +} + +bool ento::shouldRegisterDeprecatedOrUnsafeBufferHandling( + const CheckerManager &mgr) { + return true; +} + REGISTER_CHECKER(decodeValueOfObjCType) diff --git a/clang/test/Analysis/Inputs/system-header-simulator.h b/clang/test/Analysis/Inputs/system-header-simulator.h index fadc09f65d536..e048a6a892c48 100644 --- a/clang/test/Analysis/Inputs/system-header-simulator.h +++ b/clang/test/Analysis/Inputs/system-header-simulator.h @@ -82,6 +82,7 @@ char *strcpy(char *restrict, const char *restrict); char *strncpy(char *restrict dst, const char *restrict src, size_t n); char *strsep(char **restrict stringp, const char *restrict delim); void *memcpy(void *restrict dst, const void *restrict src, size_t n); +void *memmove(void *dst, const void *src, size_t n); void *memset(void *s, int c, size_t n); typedef unsigned long __darwin_pthread_key_t; diff --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c index 7936273415ad4..60ca162fb3f24 100644 --- a/clang/test/Analysis/analyzer-config.c +++ b/clang/test/Analysis/analyzer-config.c @@ -121,6 +121,7 @@ // CHECK-NEXT: region-store-small-struct-limit = 2 // CHECK-NEXT: report-in-main-source-file = false // CHECK-NEXT: security.cert.env.InvalidPtr:InvalidatingGetEnv = false +// CHECK-NEXT: security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11 = false // CHECK-NEXT: serialize-stats = false // CHECK-NEXT: silence-checkers = "" // CHECK-NEXT: stable-report-filename = false diff --git a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c new file mode 100644 index 0000000000000..880e4bbf81302 --- /dev/null +++ b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c @@ -0,0 +1,48 @@ +// Test 1: Without C11 and without flag - should NOT warn +// RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \ +// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ +// RUN: -DEXPECT_NO_WARNINGS + +// Test 2: Without C11 but with flag enabled - should warn +// RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \ +// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ +// RUN: -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true \ +// RUN: -DEXPECT_WARNINGS + +// Test 3: With C11 - should warn (existing behavior) +// RUN: %clang_analyze_cc1 %s -verify -std=gnu11 \ +// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ +// RUN: -DEXPECT_WARNINGS + +#include "Inputs/system-header-simulator.h" + +extern char buf[128]; +extern char src[128]; + +void test_memcpy(void) { + memcpy(buf, src, 10); +#ifdef EXPECT_WARNINGS + // expected-warning@-2{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} +#else + // expected-no-diagnostics +#endif +} + +void test_memset(void) { + memset(buf, 0, 10); +#ifdef EXPECT_WARNINGS + // expected-warning@-2{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} +#else + // expected-no-diagnostics +#endif +} + +void test_memmove(void) { + memmove(buf, src, 10); +#ifdef EXPECT_WARNINGS + // expected-warning@-2{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} +#else + // expected-no-diagnostics +#endif +} + From c17348a68c5a9090bbf69068acb80a720f3cba8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?= <[email protected]> Date: Wed, 26 Nov 2025 13:25:41 +0100 Subject: [PATCH 2/4] eliminate macro-based test case separation not quite as suggested, but I think this is expressive now without being too complicated --- ...ecated-buffer-handling-allow-without-c11.c | 38 +++++++------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c index 880e4bbf81302..57cc05a7cf555 100644 --- a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c +++ b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c @@ -1,48 +1,38 @@ // Test 1: Without C11 and without flag - should NOT warn -// RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \ -// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ -// RUN: -DEXPECT_NO_WARNINGS +// RUN: %clang_analyze_cc1 %s -verify=c99-noflag -std=gnu99 \ +// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling // Test 2: Without C11 but with flag enabled - should warn -// RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \ +// RUN: %clang_analyze_cc1 %s -verify=c99-withflag -std=gnu99 \ // RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ -// RUN: -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true \ -// RUN: -DEXPECT_WARNINGS +// RUN: -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true // Test 3: With C11 - should warn (existing behavior) -// RUN: %clang_analyze_cc1 %s -verify -std=gnu11 \ -// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ -// RUN: -DEXPECT_WARNINGS +// RUN: %clang_analyze_cc1 %s -verify=c11 -std=gnu11 \ +// RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling #include "Inputs/system-header-simulator.h" extern char buf[128]; extern char src[128]; +// c99-noflag-no-diagnostics + void test_memcpy(void) { memcpy(buf, src, 10); -#ifdef EXPECT_WARNINGS - // expected-warning@-2{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} -#else - // expected-no-diagnostics -#endif + // c99-withflag-warning@-1{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} + // c11-warning@-2{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} } void test_memset(void) { memset(buf, 0, 10); -#ifdef EXPECT_WARNINGS - // expected-warning@-2{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} -#else - // expected-no-diagnostics -#endif + // c99-withflag-warning@-1{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} + // c11-warning@-2{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} } void test_memmove(void) { memmove(buf, src, 10); -#ifdef EXPECT_WARNINGS - // expected-warning@-2{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} -#else - // expected-no-diagnostics -#endif + // c99-withflag-warning@-1{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} + // c11-warning@-2{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} } From 193c40f5dc005778a309b0a711206c2fc6a04bff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?= <[email protected]> Date: Wed, 26 Nov 2025 13:54:11 +0100 Subject: [PATCH 3/4] rename flag --- clang/docs/analyzer/checkers.rst | 4 ++-- clang/include/clang/StaticAnalyzer/Checkers/Checkers.td | 4 ++-- clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp | 2 +- clang/test/Analysis/analyzer-config.c | 2 +- .../security-deprecated-buffer-handling-allow-without-c11.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index d93cfe5806ebb..244fdb62a162d 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -1785,10 +1785,10 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C) strncpy(buf, "a", 1); // warn } -The ``AllowWithoutC11`` option allows reporting warnings for these functions even when not compiling with C11 standard. These functions are deprecated in C11, but may still be problematic in earlier C standards. +The ``ReportInC99AndEarlier`` option allows reporting warnings for these functions even when not compiling with C11 standard. These functions became deprecated in C11, but may still be problematic in earlier C standards. To enable this option, use: -``-analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true``. +``-analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportInC99AndEarlier=true``. By default, this option is set to *false*. diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td index 310dac5340a18..1b7751221fb7b 100644 --- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td +++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td @@ -908,10 +908,10 @@ def DeprecatedOrUnsafeBufferHandling Dependencies<[SecuritySyntaxChecker]>, CheckerOptions< [CmdLineOption< - Boolean, "AllowWithoutC11", + Boolean, "ReportInC99AndEarlier", "Allow reporting deprecated or unsafe buffer handling " "functions even when not compiling with C11 standard. " - "These functions are deprecated in C11, but may still be " + "These functions became deprecated in C11, but may still be " "problematic in earlier C standards.", "false", Released>, ]>, diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp index e07c9dcbad9fe..e6dbb8baa7e67 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp @@ -1124,7 +1124,7 @@ void ento::registerDeprecatedOrUnsafeBufferHandling(CheckerManager &mgr) { mgr.getCurrentCheckerName(); checker->filter.allowDeprecatedOrUnsafeBufferHandlingWithoutC11 = mgr.getAnalyzerOptions().getCheckerBooleanOption( - mgr.getCurrentCheckerName(), "AllowWithoutC11"); + mgr.getCurrentCheckerName(), "ReportInC99AndEarlier"); } bool ento::shouldRegisterDeprecatedOrUnsafeBufferHandling( diff --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c index 60ca162fb3f24..adc90894557f6 100644 --- a/clang/test/Analysis/analyzer-config.c +++ b/clang/test/Analysis/analyzer-config.c @@ -121,7 +121,7 @@ // CHECK-NEXT: region-store-small-struct-limit = 2 // CHECK-NEXT: report-in-main-source-file = false // CHECK-NEXT: security.cert.env.InvalidPtr:InvalidatingGetEnv = false -// CHECK-NEXT: security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11 = false +// CHECK-NEXT: security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportInC99AndEarlier = false // CHECK-NEXT: serialize-stats = false // CHECK-NEXT: silence-checkers = "" // CHECK-NEXT: stable-report-filename = false diff --git a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c index 57cc05a7cf555..fae3b498913ec 100644 --- a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c +++ b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c @@ -5,7 +5,7 @@ // Test 2: Without C11 but with flag enabled - should warn // RUN: %clang_analyze_cc1 %s -verify=c99-withflag -std=gnu99 \ // RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ -// RUN: -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true +// RUN: -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportInC99AndEarlier=true // Test 3: With C11 - should warn (existing behavior) // RUN: %clang_analyze_cc1 %s -verify=c11 -std=gnu11 \ From baf884d57661ac8626c90e154f9987f1736a5a73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?= <[email protected]> Date: Wed, 26 Nov 2025 14:53:34 +0100 Subject: [PATCH 4/4] remove redundancy --- ...y-deprecated-buffer-handling-allow-without-c11.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c index fae3b498913ec..f8686798f6819 100644 --- a/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c +++ b/clang/test/Analysis/security-deprecated-buffer-handling-allow-without-c11.c @@ -3,12 +3,12 @@ // RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling // Test 2: Without C11 but with flag enabled - should warn -// RUN: %clang_analyze_cc1 %s -verify=c99-withflag -std=gnu99 \ +// RUN: %clang_analyze_cc1 %s -verify=common -std=gnu99 \ // RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ // RUN: -analyzer-config security.insecureAPI.DeprecatedOrUnsafeBufferHandling:ReportInC99AndEarlier=true // Test 3: With C11 - should warn (existing behavior) -// RUN: %clang_analyze_cc1 %s -verify=c11 -std=gnu11 \ +// RUN: %clang_analyze_cc1 %s -verify=common -std=gnu11 \ // RUN: -analyzer-checker=security.insecureAPI.DeprecatedOrUnsafeBufferHandling #include "Inputs/system-header-simulator.h" @@ -20,19 +20,16 @@ extern char src[128]; void test_memcpy(void) { memcpy(buf, src, 10); - // c99-withflag-warning@-1{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} - // c11-warning@-2{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} + // common-warning@-1{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard}} } void test_memset(void) { memset(buf, 0, 10); - // c99-withflag-warning@-1{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} - // c11-warning@-2{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} + // common-warning@-1{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard}} } void test_memmove(void) { memmove(buf, src, 10); - // c99-withflag-warning@-1{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} - // c11-warning@-2{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} + // common-warning@-1{{Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard}} } _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
