[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen updated https://github.com/llvm/llvm-project/pull/83675 >From 39a9b19e266275624e472bd3fbd5fdab542a5c31 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 49 ++ clang/test/Analysis/bstring.c | 67 +++ 2 files changed, 116 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 63844563de44f1..25b7e131d84619 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -186,6 +186,8 @@ class CStringChecker : public Checker< eval::Call, ::evalSprintf}, {{CDM::CLibraryMaybeHardened, {"snprintf"}, std::nullopt, 3}, ::evalSnprintf}, + {{CDM::CLibraryMaybeHardened, {"getentropy"}, 2}, + ::evalGetentropy}, }; // These require a bit of special handling. @@ -240,6 +242,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2535,6 +2538,52 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + SValBuilder = C.getSValBuilder(); + + std::optional SizeVal = C.getSVal(Size.Expression).getAs(); + if (!SizeVal) +return; + + std::optional MaxLength = SVB.makeIntVal(256, C.getASTContext().IntTy).getAs(); + QualType SizeTy = Size.Expression->getType(); + + SVal Buff = C.getSVal(Buffer.Expression); + auto [StateZeroSize, StateNonZeroSize] = + assumeZero(C, State, *SizeVal, SizeTy); + + if (StateZeroSize && !StateNonZeroSize) { +State = invalidateDestinationBufferBySize(C, State, Buffer.Expression, Buff, *SizeVal, SizeTy); +C.addTransition(State); +return; + } + + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + QualType cmpTy = C.getSValBuilder().getConditionType(); + auto [sizeAboveLimit, sizeNotAboveLimit] = State->assume( +SVB + .evalBinOpNN(State, BO_GT, *SizeVal, *MaxLength, cmpTy) + .castAs()); + if (sizeAboveLimit && !sizeNotAboveLimit) { +emitOutOfBoundsBug(C, sizeAboveLimit, Buffer.Expression, "must be smaller than or equal to 256"); + } else { +State = invalidateDestinationBufferBySize(C, sizeNotAboveLimit, Buffer.Expression, +Buff, +*SizeVal, SizeTy); +C.addTransition(State); + } +} + //===--===// // The driver method, and other Checker callbacks. //===--===// diff --git a/clang/test/Analysis/bstring.c b/clang/test/Analysis/bstring.c index f015e0b5d9fb7b..1c4810b499b0a9 100644 --- a/clang/test/Analysis/bstring.c +++ b/clang/test/Analysis/bstring.c @@ -529,3 +529,70 @@ void nocrash_on_locint_offset(void *addr, void* from, struct S s) { size_t iAdd = (size_t) addr; memcpy(((void *) &(s.f)), from, iAdd); } + +//===--===// +// getentropy() +//===--===// + +int getentropy(void *d, size_t n); + +int getentropy0(void) { + char buf[16] = {0}; + + int r = getentropy(buf, sizeof(buf)); // no-warning + return r; +} + +int getentropy1(void) { + char buf[257] = {0}; + + int r = getentropy(buf, 256); // no-warning + return r; +} + +int getentropy2(void) { + char buf[1024] = {0}; + + int r = getentropy(buf, sizeof(buf)); // expected-warning{{must be smaller than or equal to 256}} + return r; +} + +int getentropy3(void) { + char buf[256] = {0}; + + int r = getentropy(buf, 0); // no-warning + return r; +} + +int getentropy4(size_t arg) { + char buf[256] = {0}; + + int r = getentropy(buf, arg); // no-warning + return r; +} + +int do_something(size_t arg) { + char buf[256] = {0}; + int r = getentropy(buf, arg); // no-warning + return r; +} + +int getentropy5(size_t arg) { + char buf[257] = {0}; + + // split the state and introduce a separate execution path where arg > 256 +
[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen updated https://github.com/llvm/llvm-project/pull/83675 >From 010c0c2acddbe36a84382284835e94bffe94b040 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH 1/3] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 43 +++ 1 file changed, 43 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 59be236ca1c769..cea99fad3e8436 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,6 +165,7 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, + {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, }; // These require a bit of special handling. @@ -219,6 +220,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2515,6 +2517,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , +const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + constexpr int BufferMaxSize = 256; + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + auto SizeLoc = SizeVal.getAs(); + auto size = SizeLoc->getValue().getExtValue(); + + if (size > BufferMaxSize) { +ErrorMessage Message; +llvm::raw_svector_ostream Os(Message); +Os << " destination buffer size is greater than " << BufferMaxSize; +emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message); +return; + } + + State = invalidateDestinationBufferBySize(C, State, Buffer.Expression, +C.getSVal(Buffer.Expression), +SizeVal, SizeTy); + + C.addTransition(State); +} + //===--===// // The driver method, and other Checker callbacks. //===--===// >From 2866da018b137f2c099f733920a1e15b7e41d289 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 6 Mar 2024 17:38:25 + Subject: [PATCH 2/3] few fixes and tests additions --- .../Checkers/CStringChecker.cpp | 51 +++ clang/test/Analysis/bstring.c | 39 ++ 2 files changed, 70 insertions(+), 20 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index cea99fad3e8436..4d0492bcaf159e 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,7 +165,8 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, - {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, + {{CDM::CLibrary, {"getentropy"}, 2}, + std::bind(::evalGetentropy, _1, _2, _3, CK_Regular)}, }; // These require a bit of special handling. @@ -220,7 +221,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; - void evalGetentropy(CheckerContext , const CallEvent ) const; + void evalGetentropy(CheckerContext , const CallEvent , CharKind CK) const; // Utility methods std::pair @@ -2518,11 +2519,13 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , } void CStringChecker::evalGetentropy(CheckerContext , -
[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen updated https://github.com/llvm/llvm-project/pull/83675 >From 5e99ec4cbc47b513c54f2579529aed611cd8b847 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH 1/3] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 43 +++ 1 file changed, 43 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 59be236ca1c7695..cea99fad3e84367 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,6 +165,7 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, + {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, }; // These require a bit of special handling. @@ -219,6 +220,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2515,6 +2517,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , +const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + constexpr int BufferMaxSize = 256; + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + auto SizeLoc = SizeVal.getAs(); + auto size = SizeLoc->getValue().getExtValue(); + + if (size > BufferMaxSize) { +ErrorMessage Message; +llvm::raw_svector_ostream Os(Message); +Os << " destination buffer size is greater than " << BufferMaxSize; +emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message); +return; + } + + State = invalidateDestinationBufferBySize(C, State, Buffer.Expression, +C.getSVal(Buffer.Expression), +SizeVal, SizeTy); + + C.addTransition(State); +} + //===--===// // The driver method, and other Checker callbacks. //===--===// >From 7c9e5463947ceb7fa17bfeab7df243411907904b Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 6 Mar 2024 17:38:25 + Subject: [PATCH 2/3] few fixes and tests additions --- .../Checkers/CStringChecker.cpp | 51 +++ clang/test/Analysis/bstring.c | 39 ++ 2 files changed, 70 insertions(+), 20 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index cea99fad3e84367..4d0492bcaf159e4 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,7 +165,8 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, - {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, + {{CDM::CLibrary, {"getentropy"}, 2}, + std::bind(::evalGetentropy, _1, _2, _3, CK_Regular)}, }; // These require a bit of special handling. @@ -220,7 +221,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; - void evalGetentropy(CheckerContext , const CallEvent ) const; + void evalGetentropy(CheckerContext , const CallEvent , CharKind CK) const; // Utility methods std::pair @@ -2518,11 +2519,13 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , } void CStringChecker::evalGetentropy(CheckerContext , -
[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen updated https://github.com/llvm/llvm-project/pull/83675 >From 1b2fec2c9a41be4ad216d7032189f561eed3f751 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH 1/3] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 43 +++ 1 file changed, 43 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 59be236ca1c769..cea99fad3e8436 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,6 +165,7 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, + {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, }; // These require a bit of special handling. @@ -219,6 +220,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2515,6 +2517,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , +const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + constexpr int BufferMaxSize = 256; + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + auto SizeLoc = SizeVal.getAs(); + auto size = SizeLoc->getValue().getExtValue(); + + if (size > BufferMaxSize) { +ErrorMessage Message; +llvm::raw_svector_ostream Os(Message); +Os << " destination buffer size is greater than " << BufferMaxSize; +emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message); +return; + } + + State = invalidateDestinationBufferBySize(C, State, Buffer.Expression, +C.getSVal(Buffer.Expression), +SizeVal, SizeTy); + + C.addTransition(State); +} + //===--===// // The driver method, and other Checker callbacks. //===--===// >From 4c626fa147aade7725e04dc633b53aefcd1347b0 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 6 Mar 2024 17:38:25 + Subject: [PATCH 2/3] few fixes and tests additions --- .../Checkers/CStringChecker.cpp | 51 +++ clang/test/Analysis/bstring.c | 39 ++ 2 files changed, 70 insertions(+), 20 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index cea99fad3e8436..4d0492bcaf159e 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,7 +165,8 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, - {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, + {{CDM::CLibrary, {"getentropy"}, 2}, + std::bind(::evalGetentropy, _1, _2, _3, CK_Regular)}, }; // These require a bit of special handling. @@ -220,7 +221,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; - void evalGetentropy(CheckerContext , const CallEvent ) const; + void evalGetentropy(CheckerContext , const CallEvent , CharKind CK) const; // Utility methods std::pair @@ -2518,11 +2519,13 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , } void CStringChecker::evalGetentropy(CheckerContext , -
[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen updated https://github.com/llvm/llvm-project/pull/83675 >From 1b2fec2c9a41be4ad216d7032189f561eed3f751 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH 1/2] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 43 +++ 1 file changed, 43 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 59be236ca1c769..cea99fad3e8436 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,6 +165,7 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, + {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, }; // These require a bit of special handling. @@ -219,6 +220,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2515,6 +2517,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , +const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + constexpr int BufferMaxSize = 256; + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + auto SizeLoc = SizeVal.getAs(); + auto size = SizeLoc->getValue().getExtValue(); + + if (size > BufferMaxSize) { +ErrorMessage Message; +llvm::raw_svector_ostream Os(Message); +Os << " destination buffer size is greater than " << BufferMaxSize; +emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message); +return; + } + + State = invalidateDestinationBufferBySize(C, State, Buffer.Expression, +C.getSVal(Buffer.Expression), +SizeVal, SizeTy); + + C.addTransition(State); +} + //===--===// // The driver method, and other Checker callbacks. //===--===// >From 4c626fa147aade7725e04dc633b53aefcd1347b0 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 6 Mar 2024 17:38:25 + Subject: [PATCH 2/2] few fixes and tests additions --- .../Checkers/CStringChecker.cpp | 51 +++ clang/test/Analysis/bstring.c | 39 ++ 2 files changed, 70 insertions(+), 20 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index cea99fad3e8436..4d0492bcaf159e 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -165,7 +165,8 @@ class CStringChecker : public Checker< eval::Call, {{CDM::CLibrary, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDM::CLibrary, {"sprintf"}, 2}, ::evalSprintf}, {{CDM::CLibrary, {"snprintf"}, 2}, ::evalSnprintf}, - {{CDM::CLibrary, {"getentropy"}, 2}, ::evalGetentropy}, + {{CDM::CLibrary, {"getentropy"}, 2}, + std::bind(::evalGetentropy, _1, _2, _3, CK_Regular)}, }; // These require a bit of special handling. @@ -220,7 +221,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; - void evalGetentropy(CheckerContext , const CallEvent ) const; + void evalGetentropy(CheckerContext , const CallEvent , CharKind CK) const; // Utility methods std::pair @@ -2518,11 +2519,13 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , } void CStringChecker::evalGetentropy(CheckerContext , -
[clang] [clang][AST] fix dereference on class/struct layouts check. (PR #83686)
https://github.com/devnexen closed https://github.com/llvm/llvm-project/pull/83686 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][AST] fix dereference on class/struct layouts check. (PR #83686)
devnexen wrote: it seems [there is an ongoing fix](https://github.com/llvm/llvm-project/pull/83688), could you possibly try so we can just close this one. https://github.com/llvm/llvm-project/pull/83686 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][AST] fix dereference on class/struct layouts check. (PR #83686)
https://github.com/devnexen created https://github.com/llvm/llvm-project/pull/83686 close #83671. >From 49c888993ee4ce566db8f5b8d4932cee81b8f701 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 18:00:10 + Subject: [PATCH] [clang][AST] fix dereference on class/struct layouts check. close #83671. --- clang/lib/AST/RecordLayoutBuilder.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/clang/lib/AST/RecordLayoutBuilder.cpp b/clang/lib/AST/RecordLayoutBuilder.cpp index a3b7431f7ffd6d..195f17d2e5a42f 100644 --- a/clang/lib/AST/RecordLayoutBuilder.cpp +++ b/clang/lib/AST/RecordLayoutBuilder.cpp @@ -205,15 +205,15 @@ void EmptySubobjectMap::ComputeEmptySubobjectSizes() { // Check the fields. for (const FieldDecl *FD : Class->fields()) { +const CXXRecordDecl *MemberDecl; const RecordType *RT = Context.getBaseElementType(FD->getType())->getAs(); -// We only care about record types. -if (!RT) +// We only care about members layout. +if (!RT || !(MemberDecl = RT->getAsCXXRecordDecl())) continue; CharUnits EmptySize; -const CXXRecordDecl *MemberDecl = RT->getAsCXXRecordDecl(); const ASTRecordLayout = Context.getASTRecordLayout(MemberDecl); if (MemberDecl->isEmpty()) { // If the class decl is empty, get its size. ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen updated https://github.com/llvm/llvm-project/pull/83675 >From 685c7e56c1ce8d2e11c0f9a97f6c4d24f63a05b8 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 43 +++ 1 file changed, 43 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index b7b64c3da4f6c8..5b4c3912f13006 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -166,6 +166,7 @@ class CStringChecker : public Checker< eval::Call, {{CDF_MaybeBuiltin, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDF_MaybeBuiltin, {"sprintf"}, 2}, ::evalSprintf}, {{CDF_MaybeBuiltin, {"snprintf"}, 2}, ::evalSnprintf}, + {{CDF_MaybeBuiltin, {"getentropy"}, 2}, ::evalGetentropy}, }; // These require a bit of special handling. @@ -220,6 +221,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , +const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + constexpr int BufferMaxSize = 256; + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + auto SizeLoc = SizeVal.getAs(); + auto size = SizeLoc->getValue().getExtValue(); + + if (size > BufferMaxSize) { +ErrorMessage Message; +llvm::raw_svector_ostream Os(Message); +Os << " destination buffer size is greater than " << BufferMaxSize; +emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message); +return; + } + + State = invalidateDestinationBufferBySize(C, State, Buffer.Expression, +C.getSVal(Buffer.Expression), +SizeVal, SizeTy); + + C.addTransition(State); +} + //===--===// // The driver method, and other Checker callbacks. //===--===// ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)
https://github.com/devnexen created https://github.com/llvm/llvm-project/pull/83675 since it went way beyond just openbsd, adding basic check for possible misusage. >From f9e571bfa3e64d9fb54e965f3c363aef40fa3b80 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Mar 2024 14:56:15 + Subject: [PATCH] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. since it went way beyond just openbsd, adding basic check for possible misusage. --- .../Checkers/CStringChecker.cpp | 42 +++ 1 file changed, 42 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index b7b64c3da4f6c8..b6b0878459f0c2 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -166,6 +166,7 @@ class CStringChecker : public Checker< eval::Call, {{CDF_MaybeBuiltin, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDF_MaybeBuiltin, {"sprintf"}, 2}, ::evalSprintf}, {{CDF_MaybeBuiltin, {"snprintf"}, 2}, ::evalSnprintf}, + {{CDF_MaybeBuiltin, {"getentropy"}, 2}, ::evalGetentropy}, }; // These require a bit of special handling. @@ -220,6 +221,7 @@ class CStringChecker : public Checker< eval::Call, void evalSnprintf(CheckerContext , const CallEvent ) const; void evalSprintfCommon(CheckerContext , const CallEvent , bool IsBounded, bool IsBuiltin) const; + void evalGetentropy(CheckerContext , const CallEvent ) const; // Utility methods std::pair @@ -2516,6 +2518,46 @@ void CStringChecker::evalSprintfCommon(CheckerContext , const CallEvent , C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext , const CallEvent ) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + constexpr int BufferMaxSize = 256; + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = +assumeZero(C, State, SizeVal, SizeTy); + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) +return; + + State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write); + if (!State) +return; + + auto SizeLoc = SizeVal.getAs(); + auto size = SizeLoc->getValue().getExtValue(); + + if (size > BufferMaxSize) { +ErrorMessage Message; +llvm::raw_svector_ostream Os(Message); +Os << " destination buffer size is greater than " << BufferMaxSize; +emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message); +return; + } + + State = invalidateDestinationBufferBySize( + C, State, Buffer.Expression, C.getSVal(Buffer.Expression), SizeVal, + SizeTy); + + C.addTransition(State); +} + //===--===// // The driver method, and other Checker callbacks. //===--===// ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][StaticAnalyzer] adding timingasafe* api calls interception. (PR #76414)
https://github.com/devnexen created https://github.com/llvm/llvm-project/pull/76414 timingsafe_bcmp and timingsafe_memcmp have the same signature as their counterparts. >From eacd951c068cdc25b025a4234bc34e846a3676b1 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 26 Dec 2023 22:22:32 + Subject: [PATCH] [clang][StaticAnalyzer] adding timingasafe* api calls interception. timingsafe_bcmp and timingsafe_memcmp have the same signature as their counterparts. --- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp | 4 1 file changed, 4 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 31f5b03dcdeba8..ee51bc5c10a126 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -134,6 +134,8 @@ class CStringChecker : public Checker< eval::Call, std::bind(::evalMempcpy, _1, _2, _3, CK_Wide)}, {{CDF_MaybeBuiltin, {"memcmp"}, 3}, std::bind(::evalMemcmp, _1, _2, _3, CK_Regular)}, + {{CDF_MaybeBuiltin, {"timingsafe_memcmp"}, 3}, + std::bind(::evalMemcmp, _1, _2, _3, CK_Regular)}, {{CDF_MaybeBuiltin, {"wmemcmp"}, 3}, std::bind(::evalMemcmp, _1, _2, _3, CK_Wide)}, {{CDF_MaybeBuiltin, {"memmove"}, 3}, @@ -162,6 +164,8 @@ class CStringChecker : public Checker< eval::Call, {{CDF_MaybeBuiltin, {"bcopy"}, 3}, ::evalBcopy}, {{CDF_MaybeBuiltin, {"bcmp"}, 3}, std::bind(::evalMemcmp, _1, _2, _3, CK_Regular)}, + {{CDF_MaybeBuiltin, {"timingsafe_bcmp"}, 3}, + std::bind(::evalMemcmp, _1, _2, _3, CK_Regular)}, {{CDF_MaybeBuiltin, {"bzero"}, 2}, ::evalBzero}, {{CDF_MaybeBuiltin, {"explicit_bzero"}, 2}, ::evalBzero}, {{CDF_MaybeBuiltin, {"sprintf"}, 2}, ::evalSprintf}, ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] 13e2296 - [clang] update of the DragonFlyBSD's driver for the 5.8.x releases
Author: David Carlier Date: 2020-10-19T14:04:49+01:00 New Revision: 13e22961f8b45fb76e6d60c0f987a07009815f02 URL: https://github.com/llvm/llvm-project/commit/13e22961f8b45fb76e6d60c0f987a07009815f02 DIFF: https://github.com/llvm/llvm-project/commit/13e22961f8b45fb76e6d60c0f987a07009815f02.diff LOG: [clang] update of the DragonFlyBSD's driver for the 5.8.x releases Reviewers: sepavloff, jyknight Reviewed By: sepavloff Differential Revision: https://reviews.llvm.org/D89690 Added: Modified: clang/lib/Driver/ToolChains/DragonFly.cpp Removed: diff --git a/clang/lib/Driver/ToolChains/DragonFly.cpp b/clang/lib/Driver/ToolChains/DragonFly.cpp index 08176e507eed..9568b47e89e6 100644 --- a/clang/lib/Driver/ToolChains/DragonFly.cpp +++ b/clang/lib/Driver/ToolChains/DragonFly.cpp @@ -120,11 +120,11 @@ void dragonfly::Linker::ConstructJob(Compilation , const JobAction , AddLinkerInputs(getToolChain(), Inputs, Args, CmdArgs, JA); if (!Args.hasArg(options::OPT_nostdlib, options::OPT_nodefaultlibs)) { -CmdArgs.push_back("-L/usr/lib/gcc50"); +CmdArgs.push_back("-L/usr/lib/gcc80"); if (!Args.hasArg(options::OPT_static)) { CmdArgs.push_back("-rpath"); - CmdArgs.push_back("/usr/lib/gcc50"); + CmdArgs.push_back("/usr/lib/gcc80"); } if (D.CCCIsCXX()) { @@ -189,7 +189,7 @@ DragonFly::DragonFly(const Driver , const llvm::Triple , getFilePaths().push_back(getDriver().Dir + "/../lib"); getFilePaths().push_back("/usr/lib"); - getFilePaths().push_back("/usr/lib/gcc50"); + getFilePaths().push_back("/usr/lib/gcc80"); } Tool *DragonFly::buildAssembler() const { ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r370035 - [ReleaseNotes] MemorySanitizer support of ASLR on FreeBSD
Author: devnexen Date: Tue Aug 27 03:04:03 2019 New Revision: 370035 URL: http://llvm.org/viewvc/llvm-project?rev=370035=rev Log: [ReleaseNotes] MemorySanitizer support of ASLR on FreeBSD Reviewers: sylvestre.ledru, kcc Reviewed By: sylvestre.ledru Differential Revision: https://reviews.llvm.org/D66792 Modified: cfe/trunk/docs/MemorySanitizer.rst Modified: cfe/trunk/docs/MemorySanitizer.rst URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/MemorySanitizer.rst?rev=370035=370034=370035=diff == --- cfe/trunk/docs/MemorySanitizer.rst (original) +++ cfe/trunk/docs/MemorySanitizer.rst Tue Aug 27 03:04:03 2019 @@ -204,6 +204,9 @@ Limitations non-position-independent executables, and could fail on some Linux kernel versions with disabled ASLR. Refer to documentation for older versions for more details. +* MemorySanitizer might be incompatible with position-independent executables + from FreeBSD 13 but there is a check done at runtime and throws a warning + in this case. Current Status == ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang-tools-extra] r352031 - [extra] unit tests enable crash-recovery cases on FreeBSD
Author: devnexen Date: Wed Jan 23 23:58:42 2019 New Revision: 352031 URL: http://llvm.org/viewvc/llvm-project?rev=352031=rev Log: [extra] unit tests enable crash-recovery cases on FreeBSD Seems the previous statement does not hold up anymore. Reviewers: steveire Reviewed By: steveire Differential Revision: https://reviews.llvm.org/D57102 Modified: clang-tools-extra/trunk/test/lit.cfg Modified: clang-tools-extra/trunk/test/lit.cfg URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/test/lit.cfg?rev=352031=352030=352031=diff == --- clang-tools-extra/trunk/test/lit.cfg (original) +++ clang-tools-extra/trunk/test/lit.cfg Wed Jan 23 23:58:42 2019 @@ -99,11 +99,9 @@ config.environment['LD_LIBRARY_PATH'] = if lit_config.useValgrind: config.target_triple += '-vg' +config.available_features.add('crash-recovery') # Set available features we allow tests to conditionalize on. # -# As of 2011.08, crash-recovery tests still do not pass on FreeBSD. -if platform.system() not in ['FreeBSD']: -config.available_features.add('crash-recovery') # Shell execution if execute_external: ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r348884 - [analyzer][CStringChecker] evaluate explicit_bzero
Author: devnexen Date: Tue Dec 11 10:57:07 2018 New Revision: 348884 URL: http://llvm.org/viewvc/llvm-project?rev=348884=rev Log: [analyzer][CStringChecker] evaluate explicit_bzero - explicit_bzero has limited scope/usage only for security/crypto purposes but is non-optimisable version of memset/0 and bzero. - explicit_memset has similar signature and semantics as memset but is also a non-optimisable version. Reviewers: NoQ Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D54592 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp cfe/trunk/test/Analysis/string.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp?rev=348884=348883=348884=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp Tue Dec 11 10:57:07 2018 @@ -124,6 +124,7 @@ public: void evalStdCopyBackward(CheckerContext , const CallExpr *CE) const; void evalStdCopyCommon(CheckerContext , const CallExpr *CE) const; void evalMemset(CheckerContext , const CallExpr *CE) const; + void evalBzero(CheckerContext , const CallExpr *CE) const; // Utility methods std::pair @@ -158,7 +159,7 @@ public: static bool SummarizeRegion(raw_ostream , ASTContext , const MemRegion *MR); - static bool memsetAux(const Expr *DstBuffer, const Expr *CharE, + static bool memsetAux(const Expr *DstBuffer, SVal CharE, const Expr *Size, CheckerContext , ProgramStateRef ); @@ -1005,11 +1006,10 @@ bool CStringChecker::SummarizeRegion(raw } } -bool CStringChecker::memsetAux(const Expr *DstBuffer, const Expr *CharE, +bool CStringChecker::memsetAux(const Expr *DstBuffer, SVal CharVal, const Expr *Size, CheckerContext , ProgramStateRef ) { SVal MemVal = C.getSVal(DstBuffer); - SVal CharVal = C.getSVal(CharE); SVal SizeVal = C.getSVal(Size); const MemRegion *MR = MemVal.getAsRegion(); if (!MR) @@ -2184,13 +2184,59 @@ void CStringChecker::evalMemset(CheckerC // According to the values of the arguments, bind the value of the second // argument to the destination buffer and set string length, or just // invalidate the destination buffer. - if (!memsetAux(Mem, CharE, Size, C, State)) + if (!memsetAux(Mem, C.getSVal(CharE), Size, C, State)) return; State = State->BindExpr(CE, LCtx, MemVal); C.addTransition(State); } +void CStringChecker::evalBzero(CheckerContext , const CallExpr *CE) const { + if (CE->getNumArgs() != 2) +return; + + CurrentFunctionDescription = "memory clearance function"; + + const Expr *Mem = CE->getArg(0); + const Expr *Size = CE->getArg(1); + SVal Zero = C.getSValBuilder().makeZeroVal(C.getASTContext().IntTy); + + ProgramStateRef State = C.getState(); + + // See if the size argument is zero. + SVal SizeVal = C.getSVal(Size); + QualType SizeTy = Size->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = +assumeZero(C, State, SizeVal, SizeTy); + + // If the size is zero, there won't be any actual memory access, + // In this case we just return. + if (StateZeroSize && !StateNonZeroSize) { +C.addTransition(StateZeroSize); +return; + } + + // Get the value of the memory area. + SVal MemVal = C.getSVal(Mem); + + // Ensure the memory area is not null. + // If it is NULL there will be a NULL pointer dereference. + State = checkNonNull(C, StateNonZeroSize, Mem, MemVal); + if (!State) +return; + + State = CheckBufferAccess(C, State, Size, Mem); + if (!State) +return; + + if (!memsetAux(Mem, Zero, Size, C, State)) +return; + + C.addTransition(State); +} + static bool isCPPStdLibraryFunction(const FunctionDecl *FD, StringRef Name) { IdentifierInfo *II = FD->getIdentifier(); if (!II) @@ -2224,7 +2270,8 @@ bool CStringChecker::evalCall(const Call evalFunction = ::evalMemcmp; else if (C.isCLibraryFunction(FDecl, "memmove")) evalFunction = ::evalMemmove; - else if (C.isCLibraryFunction(FDecl, "memset")) + else if (C.isCLibraryFunction(FDecl, "memset") || +C.isCLibraryFunction(FDecl, "explicit_memset")) evalFunction = ::evalMemset; else if (C.isCLibraryFunction(FDecl, "strcpy")) evalFunction = ::evalStrcpy; @@ -2262,6 +2309,9 @@ bool CStringChecker::evalCall(const Call evalFunction = ::evalStdCopy; else if (isCPPStdLibraryFunction(FDecl, "copy_backward")) evalFunction = ::evalStdCopyBackward; + else if (C.isCLibraryFunction(FDecl, "bzero") || +C.isCLibraryFunction(FDecl, "explicit_bzero")) +evalFunction = ::evalBzero; // If the callee isn't a string function, let
[clang-tools-extra] r345700 - [clangd] fix non linux build
Author: devnexen Date: Wed Oct 31 02:04:15 2018 New Revision: 345700 URL: http://llvm.org/viewvc/llvm-project?rev=345700=rev Log: [clangd] fix non linux build There is no SCHED_IDLE semantic equivalent in BSD systems. Reviewers: kadircet, sammccall Revieweed By: sammccall Differential Revision: https://reviews.llvm.org/D53922 Modified: clang-tools-extra/trunk/clangd/Threading.cpp Modified: clang-tools-extra/trunk/clangd/Threading.cpp URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/clangd/Threading.cpp?rev=345700=345699=345700=diff == --- clang-tools-extra/trunk/clangd/Threading.cpp (original) +++ clang-tools-extra/trunk/clangd/Threading.cpp Wed Oct 31 02:04:15 2018 @@ -102,7 +102,7 @@ void wait(std::unique_lock & } void setThreadPriority(std::thread , ThreadPriority Priority) { -#ifdef HAVE_PTHREAD_H +#if defined(HAVE_PTHREAD_H) && defined(__linux__) sched_param priority; priority.sched_priority = 0; pthread_setschedparam( ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r342832 - [CStringSyntaxChecker] Check strlcat sizeof check
Author: devnexen Date: Sun Sep 23 01:30:17 2018 New Revision: 342832 URL: http://llvm.org/viewvc/llvm-project?rev=342832=rev Log: [CStringSyntaxChecker] Check strlcat sizeof check Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. Advising the proper usual pattern. Reviewers: george.karpenkov, NoQ, MaskRay Reviewed By: MaskRay Differential Revision: https://reviews.llvm.org/D49722 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=342832=342831=342832=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Sun Sep 23 01:30:17 2018 @@ -90,7 +90,16 @@ class WalkAST: public StmtVisitorgetNumArgs() != 3) return false; + const FunctionDecl *FD = CE->getDirectCallee(); + bool Append = CheckerContext::isCLibraryFunction(FD, "strlcat"); const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenImpCasts()); const auto *LenArgDecl = dyn_cast(LenArg->IgnoreParenLValueCasts()); uint64_t DstOff = 0; + if (isSizeof(LenArg, DstArg)) +return false; // - size_t dstlen = sizeof(dst) if (LenArgDecl) { const auto *LenArgVal = dyn_cast(LenArgDecl->getDecl()); @@ -181,8 +194,14 @@ bool WalkAST::containsBadStrlcpyPattern( if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { ASTContext = BR.getContext(); uint64_t BufferLen = C.getTypeSize(Buffer) / 8; -if ((BufferLen - DstOff) < ILRawVal) - return true; +auto RemainingBufferLen = BufferLen - DstOff; +if (Append) { + if (RemainingBufferLen <= ILRawVal) +return true; +} else { + if (RemainingBufferLen < ILRawVal) +return true; +} } } } @@ -219,8 +238,9 @@ void WalkAST::VisitCallExpr(CallExpr *CE "C String API", os.str(), Loc, LenArg->getSourceRange()); } - } else if (CheckerContext::isCLibraryFunction(FD, "strlcpy")) { -if (containsBadStrlcpyPattern(CE)) { + } else if (CheckerContext::isCLibraryFunction(FD, "strlcpy") || + CheckerContext::isCLibraryFunction(FD, "strlcat")) { +if (containsBadStrlcpyStrlcatPattern(CE)) { const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); PathDiagnosticLocation Loc = @@ -230,13 +250,17 @@ void WalkAST::VisitCallExpr(CallExpr *CE SmallString<256> S; llvm::raw_svector_ostream os(S); - os << "The third argument is larger than the size of the input buffer. "; + os << "The third argument allows to potentially copy more bytes than it should. "; + os << "Replace with the value "; if (!DstName.empty()) -os << "Replace with the value 'sizeof(" << DstName << ")` or lower"; + os << "sizeof(" << DstName << ")"; + else + os << "sizeof()"; + os << " or lower"; BR.EmitBasicReport(FD, Checker, "Anti-pattern in the argument", - "C String API", os.str(), Loc, - LenArg->getSourceRange()); + "C String API", os.str(), Loc, + LenArg->getSourceRange()); } } Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=342832=342831=342832=diff == --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Sun Sep 23 01:30:17 2018 @@ -7,6 +7,7 @@ typedef __SIZE_TYPE__ size_t; char *strncat(char *, const char *, size_t); size_t strlen (const char *s); size_t strlcpy(char *, const char *, size_t); +size_t strlcat(char *, const char *, size_t); void testStrncat(const char *src) { char dest[10]; @@ -27,9 +28,27 @@ void testStrlcpy(const char *src) { strlcpy(dest, src, sizeof(dest)); strlcpy(dest, src, destlen); strlcpy(dest, src, 10); - strlcpy(dest, src, 20); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} - strlcpy(dest, src, badlen); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} + strlcpy(dest, src, 20); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}} +
r340712 - [Xray] Darwin - Enable in the driver side
Author: devnexen Date: Sun Aug 26 22:16:09 2018 New Revision: 340712 URL: http://llvm.org/viewvc/llvm-project?rev=340712=rev Log: [Xray] Darwin - Enable in the driver side Reviewers: dberris Reviered By: dberris Differential Revision: https://reviews.llvm.org/D51269 Modified: cfe/trunk/lib/Driver/ToolChains/Darwin.cpp cfe/trunk/lib/Driver/ToolChains/Darwin.h cfe/trunk/lib/Driver/XRayArgs.cpp cfe/trunk/test/Driver/XRay/lit.local.cfg cfe/trunk/test/Driver/XRay/xray-instrument-os.c Modified: cfe/trunk/lib/Driver/ToolChains/Darwin.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/ToolChains/Darwin.cpp?rev=340712=340711=340712=diff == --- cfe/trunk/lib/Driver/ToolChains/Darwin.cpp (original) +++ cfe/trunk/lib/Driver/ToolChains/Darwin.cpp Sun Aug 26 22:16:09 2018 @@ -1105,6 +1105,13 @@ void DarwinClang::AddLinkRuntimeLibArgs( if (Sanitize.needsEsanRt()) AddLinkSanitizerLibArgs(Args, CmdArgs, "esan"); + const XRayArgs = getXRayArgs(); + if (XRay.needsXRayRt()) { +AddLinkRuntimeLib(Args, CmdArgs, "xray"); +AddLinkRuntimeLib(Args, CmdArgs, "xray-basic"); +AddLinkRuntimeLib(Args, CmdArgs, "xray-fdr"); + } + // Otherwise link libSystem, then the dynamic runtime library, and finally any // target specific static runtime library. CmdArgs.push_back("-lSystem"); Modified: cfe/trunk/lib/Driver/ToolChains/Darwin.h URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/ToolChains/Darwin.h?rev=340712=340711=340712=diff == --- cfe/trunk/lib/Driver/ToolChains/Darwin.h (original) +++ cfe/trunk/lib/Driver/ToolChains/Darwin.h Sun Aug 26 22:16:09 2018 @@ -11,6 +11,7 @@ #define LLVM_CLANG_LIB_DRIVER_TOOLCHAINS_DARWIN_H #include "Cuda.h" +#include "clang/Driver/XRayArgs.h" #include "clang/Driver/Tool.h" #include "clang/Driver/ToolChain.h" Modified: cfe/trunk/lib/Driver/XRayArgs.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/XRayArgs.cpp?rev=340712=340711=340712=diff == --- cfe/trunk/lib/Driver/XRayArgs.cpp (original) +++ cfe/trunk/lib/Driver/XRayArgs.cpp Sun Aug 26 22:16:09 2018 @@ -52,7 +52,8 @@ XRayArgs::XRayArgs(const ToolChain , } } else if (Triple.getOS() == llvm::Triple::FreeBSD || Triple.getOS() == llvm::Triple::OpenBSD || - Triple.getOS() == llvm::Triple::NetBSD) { + Triple.getOS() == llvm::Triple::NetBSD || + Triple.getOS() == llvm::Triple::Darwin) { if (Triple.getArch() != llvm::Triple::x86_64) { D.Diag(diag::err_drv_clang_unsupported) << (std::string(XRayInstrumentOption) + " on " + Triple.str()); Modified: cfe/trunk/test/Driver/XRay/lit.local.cfg URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Driver/XRay/lit.local.cfg?rev=340712=340711=340712=diff == --- cfe/trunk/test/Driver/XRay/lit.local.cfg (original) +++ cfe/trunk/test/Driver/XRay/lit.local.cfg Sun Aug 26 22:16:09 2018 @@ -10,7 +10,7 @@ supported_targets = [ # Only on platforms we support. supported_oses = [ -'Linux', 'FreeBSD' +'Linux', 'FreeBSD', 'Darwin' ] triple_set = set(target_triple_components) Modified: cfe/trunk/test/Driver/XRay/xray-instrument-os.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Driver/XRay/xray-instrument-os.c?rev=340712=340711=340712=diff == --- cfe/trunk/test/Driver/XRay/xray-instrument-os.c (original) +++ cfe/trunk/test/Driver/XRay/xray-instrument-os.c Sun Aug 26 22:16:09 2018 @@ -1,4 +1,4 @@ // RUN: not %clang -o /dev/null -v -fxray-instrument -c %s -// XFAIL: -linux-, -freebsd +// XFAIL: -linux-, -freebsd, -darwin // REQUIRES-ANY: amd64, x86_64, x86_64h, arm, aarch64, arm64 typedef int a; ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r339808 - [CStringSyntaxChecker] Reduces space around error message for strlcat.
Author: devnexen Date: Wed Aug 15 13:09:52 2018 New Revision: 339808 URL: http://llvm.org/viewvc/llvm-project?rev=339808=rev Log: [CStringSyntaxChecker] Reduces space around error message for strlcat. Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=339808=339807=339808=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Wed Aug 15 13:09:52 2018 @@ -273,7 +273,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE if (!LenName.empty()) os << "'" << LenName << "'"; else -os << " "; +os << ""; if (!DstName.empty()) os << " - strlen(" << DstName << ")"; else Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=339808=339807=339808=diff == --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Wed Aug 15 13:09:52 2018 @@ -42,7 +42,7 @@ void testStrlcat(const char *src) { strlcpy(dest, "a", sizeof("a") - 1); strlcat(dest, "", (sizeof("") - 1) - sizeof(dest) - 1); strlcpy(dest, "012345678", sizeof(dest)); - strlcat(dest, "910", sizeof(dest)); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value - strlen(dest) - 1 or lower}} + strlcat(dest, "910", sizeof(dest)); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value - strlen(dest) - 1 or lower}} strlcpy(dest, "0123456789", sizeof(dest)); strlcat(dest, "0123456789", badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value 'badlen' - strlen(dest) - 1 or lower}} strlcat(dest, "0123456789", badlen - strlen(dest) - 1); ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r339641 - [CStringSyntaxChecker] Check strlcat sizeof check
Author: devnexen Date: Mon Aug 13 22:12:53 2018 New Revision: 339641 URL: http://llvm.org/viewvc/llvm-project?rev=339641=rev Log: [CStringSyntaxChecker] Check strlcat sizeof check - Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. - Advising the proper usual pattern. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D49722 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=339641=339640=339641=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Mon Aug 13 22:12:53 2018 @@ -90,7 +90,16 @@ class WalkAST: public StmtVisitorgetNumArgs() != 3) return false; + const FunctionDecl *FD = CE->getDirectCallee(); + bool Append = CheckerContext::isCLibraryFunction(FD, "strlcat"); const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenImpCasts()); const auto *LenArgDecl = dyn_cast(LenArg->IgnoreParenLValueCasts()); uint64_t DstOff = 0; + // - sizeof(dst) + // strlcat appends at most size - strlen(dst) - 1 + if (Append && isSizeof(LenArg, DstArg)) +return true; // - size_t dstlen = sizeof(dst) if (LenArgDecl) { const auto *LenArgVal = dyn_cast(LenArgDecl->getDecl()); @@ -181,7 +196,10 @@ bool WalkAST::containsBadStrlcpyPattern( if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { ASTContext = BR.getContext(); uint64_t BufferLen = C.getTypeSize(Buffer) / 8; -if ((BufferLen - DstOff) < ILRawVal) +auto RemainingBufferLen = BufferLen - DstOff; +if (Append) + RemainingBufferLen -= 1; +if (RemainingBufferLen < ILRawVal) return true; } } @@ -220,7 +238,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE LenArg->getSourceRange()); } } else if (CheckerContext::isCLibraryFunction(FD, "strlcpy")) { -if (containsBadStrlcpyPattern(CE)) { +if (containsBadStrlcpyStrlcatPattern(CE)) { const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); PathDiagnosticLocation Loc = @@ -236,6 +254,34 @@ void WalkAST::VisitCallExpr(CallExpr *CE BR.EmitBasicReport(FD, Checker, "Anti-pattern in the argument", "C String API", os.str(), Loc, + LenArg->getSourceRange()); +} + } else if (CheckerContext::isCLibraryFunction(FD, "strlcat")) { +if (containsBadStrlcpyStrlcatPattern(CE)) { + const Expr *DstArg = CE->getArg(0); + const Expr *LenArg = CE->getArg(2); + PathDiagnosticLocation Loc = +PathDiagnosticLocation::createBegin(LenArg, BR.getSourceManager(), AC); + + StringRef DstName = getPrintableName(DstArg); + StringRef LenName = getPrintableName(LenArg); + + SmallString<256> S; + llvm::raw_svector_ostream os(S); + os << "The third argument allows to potentially copy more bytes than it should. "; + os << "Replace with the value "; + if (!LenName.empty()) +os << "'" << LenName << "'"; + else +os << " "; + if (!DstName.empty()) +os << " - strlen(" << DstName << ")"; + else +os << " - strlen()"; + os << " - 1 or lower"; + + BR.EmitBasicReport(FD, Checker, "Anti-pattern in the argument", + "C String API", os.str(), Loc, LenArg->getSourceRange()); } } Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=339641=339640=339641=diff == --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Mon Aug 13 22:12:53 2018 @@ -7,6 +7,7 @@ typedef __SIZE_TYPE__ size_t; char *strncat(char *, const char *, size_t); size_t strlen (const char *s); size_t strlcpy(char *, const char *, size_t); +size_t strlcat(char *, const char *, size_t); void testStrncat(const char *src) { char dest[10]; @@ -33,3 +34,19 @@ void testStrlcpy(const char *src) { strlcpy(dest + 5, src, 5); strlcpy(dest + 5, src, 10); // expected-warning {{The third argument is larger than the size of the input buffer.}} } + +void testStrlcat(const char *src) { + char dest[10]; + size_t badlen = 10; + size_t ulen; + strlcpy(dest, "a", sizeof("a") - 1); + strlcat(dest, "", (sizeof("") - 1) -
r337927 - Fix tsan doc
Author: devnexen Date: Wed Jul 25 07:27:14 2018 New Revision: 337927 URL: http://llvm.org/viewvc/llvm-project?rev=337927=rev Log: Fix tsan doc Modified: cfe/trunk/docs/ThreadSanitizer.rst Modified: cfe/trunk/docs/ThreadSanitizer.rst URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/ThreadSanitizer.rst?rev=337927=337926=337927=diff == --- cfe/trunk/docs/ThreadSanitizer.rst (original) +++ cfe/trunk/docs/ThreadSanitizer.rst Wed Jul 25 07:27:14 2018 @@ -22,6 +22,7 @@ ThreadSanitizer is supported on the foll * Linux * NetBSD * FreeBSD + Support for other 64-bit architectures is possible, contributions are welcome. Support for 32-bit platforms is problematic and is not planned. ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r337926 - [Docs] Update supported oses for safestack, ubsan, asan, tsan and msan
Author: devnexen Date: Wed Jul 25 06:55:06 2018 New Revision: 337926 URL: http://llvm.org/viewvc/llvm-project?rev=337926=rev Log: [Docs] Update supported oses for safestack, ubsan, asan, tsan and msan Adding oses others than Linux. Modified: cfe/trunk/docs/AddressSanitizer.rst cfe/trunk/docs/MemorySanitizer.rst cfe/trunk/docs/SafeStack.rst cfe/trunk/docs/ThreadSanitizer.rst cfe/trunk/docs/UndefinedBehaviorSanitizer.rst Modified: cfe/trunk/docs/AddressSanitizer.rst URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/AddressSanitizer.rst?rev=337926=337925=337926=diff == --- cfe/trunk/docs/AddressSanitizer.rst (original) +++ cfe/trunk/docs/AddressSanitizer.rst Wed Jul 25 06:55:06 2018 @@ -276,6 +276,7 @@ AddressSanitizer is supported on: * OS X 10.7 - 10.11 (i386/x86\_64) * iOS Simulator * Android ARM +* NetBSD i386/x86\_64 * FreeBSD i386/x86\_64 (tested on FreeBSD 11-current) Ports to various other platforms are in progress. Modified: cfe/trunk/docs/MemorySanitizer.rst URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/MemorySanitizer.rst?rev=337926=337925=337926=diff == --- cfe/trunk/docs/MemorySanitizer.rst (original) +++ cfe/trunk/docs/MemorySanitizer.rst Wed Jul 25 06:55:06 2018 @@ -185,7 +185,11 @@ self-built instrumented libc++ (as a rep Supported Platforms === -MemorySanitizer is supported on Linux x86\_64/MIPS64/AArch64. +MemorySanitizer is supported on the following OS: + +* Linux +* NetBSD +* FreeBSD Limitations === Modified: cfe/trunk/docs/SafeStack.rst URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/SafeStack.rst?rev=337926=337925=337926=diff == --- cfe/trunk/docs/SafeStack.rst (original) +++ cfe/trunk/docs/SafeStack.rst Wed Jul 25 06:55:06 2018 @@ -126,7 +126,7 @@ and link command lines. Supported Platforms --- -SafeStack was tested on Linux, FreeBSD and MacOSX. +SafeStack was tested on Linux, NetBSD, FreeBSD and MacOSX. Low-level API - Modified: cfe/trunk/docs/ThreadSanitizer.rst URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/ThreadSanitizer.rst?rev=337926=337925=337926=diff == --- cfe/trunk/docs/ThreadSanitizer.rst (original) +++ cfe/trunk/docs/ThreadSanitizer.rst Wed Jul 25 06:55:06 2018 @@ -17,7 +17,11 @@ Build LLVM/Clang with `CMake
r337721 - [CStringSyntaxChecker] Improvements of strlcpy check
Author: devnexen Date: Mon Jul 23 11:26:38 2018 New Revision: 337721 URL: http://llvm.org/viewvc/llvm-project?rev=337721=rev Log: [CStringSyntaxChecker] Improvements of strlcpy check Adding an additional check whenwe offset fro the buffer base address. Reviewers: george.karpenkov,NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D49633 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=337721=337720=337721=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Mon Jul 23 11:26:38 2018 @@ -88,6 +88,7 @@ class WalkAST: public StmtVisitor(DstArg->IgnoreParenImpCasts()); const auto *LenArgDecl = dyn_cast(LenArg->IgnoreParenLValueCasts()); + uint64_t DstOff = 0; // - size_t dstlen = sizeof(dst) if (LenArgDecl) { const auto *LenArgVal = dyn_cast(LenArgDecl->getDecl()); @@ -158,14 +160,28 @@ bool WalkAST::containsBadStrlcpyPattern( // - integral value // We try to figure out if the last argument is possibly longer - // than the destination can possibly handle if its size can be defined + // than the destination can possibly handle if its size can be defined. if (const auto *IL = dyn_cast(LenArg->IgnoreParenImpCasts())) { uint64_t ILRawVal = IL->getValue().getZExtValue(); + +// Case when there is pointer arithmetic on the destination buffer +// especially when we offset from the base decreasing the +// buffer length accordingly. +if (!DstArgDecl) { + if (const auto *BE = dyn_cast(DstArg->IgnoreParenImpCasts())) { +DstArgDecl = dyn_cast(BE->getLHS()->IgnoreParenImpCasts()); +if (BE->getOpcode() == BO_Add) { + if ((IL = dyn_cast(BE->getRHS()->IgnoreParenImpCasts( { +DstOff = IL->getValue().getZExtValue(); + } +} + } +} if (DstArgDecl) { if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { ASTContext = BR.getContext(); uint64_t BufferLen = C.getTypeSize(Buffer) / 8; -if (BufferLen < ILRawVal) +if ((BufferLen - DstOff) < ILRawVal) return true; } } Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=337721=337720=337721=diff == --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Mon Jul 23 11:26:38 2018 @@ -31,4 +31,5 @@ void testStrlcpy(const char *src) { strlcpy(dest, src, badlen); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} strlcpy(dest, src, ulen); strlcpy(dest + 5, src, 5); + strlcpy(dest + 5, src, 10); // expected-warning {{The third argument is larger than the size of the input buffer.}} } ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r337611 - [CStringSyntaxChecker] Fix build bot builds != x86 archs
Author: devnexen Date: Fri Jul 20 13:39:49 2018 New Revision: 337611 URL: http://llvm.org/viewvc/llvm-project?rev=337611=rev Log: [CStringSyntaxChecker] Fix build bot builds != x86 archs Reviewers: NoQ,george.karpenkov Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D49588 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=337611=337610=337611=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Fri Jul 20 13:39:49 2018 @@ -147,7 +147,7 @@ bool WalkAST::containsBadStrlcpyPattern( const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); - const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenCasts()); + const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenImpCasts()); const auto *LenArgDecl = dyn_cast(LenArg->IgnoreParenLValueCasts()); // - size_t dstlen = sizeof(dst) if (LenArgDecl) { @@ -159,14 +159,15 @@ bool WalkAST::containsBadStrlcpyPattern( // - integral value // We try to figure out if the last argument is possibly longer // than the destination can possibly handle if its size can be defined - if (const auto *IL = dyn_cast(LenArg->IgnoreParenCasts())) { + if (const auto *IL = dyn_cast(LenArg->IgnoreParenImpCasts())) { uint64_t ILRawVal = IL->getValue().getZExtValue(); -if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { - ASTContext = BR.getContext(); - uint64_t Usize = C.getTypeSizeInChars(DstArg->getType()).getQuantity(); - uint64_t BufferLen = BR.getContext().getTypeSize(Buffer) / Usize; - if (BufferLen < ILRawVal) -return true; +if (DstArgDecl) { + if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { +ASTContext = BR.getContext(); +uint64_t BufferLen = C.getTypeSize(Buffer) / 8; +if (BufferLen < ILRawVal) + return true; + } } } Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=337611=337610=337611=diff == --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Fri Jul 20 13:39:49 2018 @@ -1,4 +1,7 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -triple aarch64_be-none-linux-gnu -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s typedef __SIZE_TYPE__ size_t; char *strncat(char *, const char *, size_t); @@ -27,4 +30,5 @@ void testStrlcpy(const char *src) { strlcpy(dest, src, 20); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} strlcpy(dest, src, badlen); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} strlcpy(dest, src, ulen); + strlcpy(dest + 5, src, 5); } ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r337499 - [CStringSyntaxChecker] Check strlcpy sizeof syntax
Author: devnexen Date: Thu Jul 19 14:50:03 2018 New Revision: 337499 URL: http://llvm.org/viewvc/llvm-project?rev=337499=rev Log: [CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp cfe/trunk/test/Analysis/bsd-string.c cfe/trunk/test/Analysis/cstring-syntax.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=337499=337498=337499=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Thu Jul 19 14:50:03 2018 @@ -80,6 +80,17 @@ class WalkAST: public StmtVisitorgetNumArgs() != 3) +return false; + const Expr *DstArg = CE->getArg(0); + const Expr *LenArg = CE->getArg(2); + + const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenCasts()); + const auto *LenArgDecl = dyn_cast(LenArg->IgnoreParenLValueCasts()); + // - size_t dstlen = sizeof(dst) + if (LenArgDecl) { +const auto *LenArgVal = dyn_cast(LenArgDecl->getDecl()); +if (LenArgVal->getInit()) + LenArg = LenArgVal->getInit(); + } + + // - integral value + // We try to figure out if the last argument is possibly longer + // than the destination can possibly handle if its size can be defined + if (const auto *IL = dyn_cast(LenArg->IgnoreParenCasts())) { +uint64_t ILRawVal = IL->getValue().getZExtValue(); +if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { + ASTContext = BR.getContext(); + uint64_t Usize = C.getTypeSizeInChars(DstArg->getType()).getQuantity(); + uint64_t BufferLen = BR.getContext().getTypeSize(Buffer) / Usize; + if (BufferLen < ILRawVal) +return true; +} + } + + return false; +} + void WalkAST::VisitCallExpr(CallExpr *CE) { const FunctionDecl *FD = CE->getDirectCallee(); if (!FD) @@ -157,6 +200,25 @@ void WalkAST::VisitCallExpr(CallExpr *CE BR.EmitBasicReport(FD, Checker, "Anti-pattern in the argument", "C String API", os.str(), Loc, + LenArg->getSourceRange()); +} + } else if (CheckerContext::isCLibraryFunction(FD, "strlcpy")) { +if (containsBadStrlcpyPattern(CE)) { + const Expr *DstArg = CE->getArg(0); + const Expr *LenArg = CE->getArg(2); + PathDiagnosticLocation Loc = +PathDiagnosticLocation::createBegin(LenArg, BR.getSourceManager(), AC); + + StringRef DstName = getPrintableName(DstArg); + + SmallString<256> S; + llvm::raw_svector_ostream os(S); + os << "The third argument is larger than the size of the input buffer. "; + if (!DstName.empty()) +os << "Replace with the value 'sizeof(" << DstName << ")` or lower"; + + BR.EmitBasicReport(FD, Checker, "Anti-pattern in the argument", + "C String API", os.str(), Loc, LenArg->getSourceRange()); } } Modified: cfe/trunk/test/Analysis/bsd-string.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/bsd-string.c?rev=337499=337498=337499=diff == --- cfe/trunk/test/Analysis/bsd-string.c (original) +++ cfe/trunk/test/Analysis/bsd-string.c Thu Jul 19 14:50:03 2018 @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring.NullArg,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s #define NULL ((void *)0) Modified: cfe/trunk/test/Analysis/cstring-syntax.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=337499=337498=337499=diff == --- cfe/trunk/test/Analysis/cstring-syntax.c (original) +++ cfe/trunk/test/Analysis/cstring-syntax.c Thu Jul 19 14:50:03 2018 @@ -3,6 +3,7 @@ typedef __SIZE_TYPE__ size_t; char *strncat(char *, const char *, size_t); size_t strlen (const char *s); +size_t strlcpy(char *, const char *, size_t); void testStrncat(const char *src) { char dest[10]; @@ -13,3 +14,17 @@ void testStrncat(const char *src) { // Should not crash when sizeof has a type argument. strncat(dest,
r335856 - OpenBSD driver needs ld.lld in sanitizer context
Author: devnexen Date: Thu Jun 28 06:49:41 2018 New Revision: 335856 URL: http://llvm.org/viewvc/llvm-project?rev=335856=rev Log: OpenBSD driver needs ld.lld in sanitizer context Base GNU ld is pretty ancient and does not support --dynamic-list flag. For conveniency, we can it automatically when compile with ubsan sanitizer flag. Reviewers: dberris Reviewed by: dberris Differential Revision: https://reviews.llvm.org/D48574 Modified: cfe/trunk/lib/Driver/ToolChains/OpenBSD.cpp Modified: cfe/trunk/lib/Driver/ToolChains/OpenBSD.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/ToolChains/OpenBSD.cpp?rev=335856=335855=335856=diff == --- cfe/trunk/lib/Driver/ToolChains/OpenBSD.cpp (original) +++ cfe/trunk/lib/Driver/ToolChains/OpenBSD.cpp Thu Jun 28 06:49:41 2018 @@ -230,7 +230,9 @@ void openbsd::Linker::ConstructJob(Compi Args.MakeArgString(getToolChain().GetFilePath("crtendS.o"))); } - const char *Exec = Args.MakeArgString(getToolChain().GetLinkerPath()); + const char *Exec = Args.MakeArgString( + !NeedsSanitizerDeps ? getToolChain().GetLinkerPath() + : getToolChain().GetProgramPath("ld.lld")); C.addCommand(llvm::make_unique(JA, *this, Exec, CmdArgs, Inputs)); } ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r333059 - This is a test commit.
Author: devnexen Date: Tue May 22 21:27:39 2018 New Revision: 333059 URL: http://llvm.org/viewvc/llvm-project?rev=333059=rev Log: This is a test commit. Modified: cfe/trunk/examples/PrintFunctionNames/CMakeLists.txt Modified: cfe/trunk/examples/PrintFunctionNames/CMakeLists.txt URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/examples/PrintFunctionNames/CMakeLists.txt?rev=333059=333058=333059=diff == --- cfe/trunk/examples/PrintFunctionNames/CMakeLists.txt (original) +++ cfe/trunk/examples/PrintFunctionNames/CMakeLists.txt Tue May 22 21:27:39 2018 @@ -1,6 +1,6 @@ # If we don't need RTTI or EH, there's no reason to export anything # from the plugin. -if( NOT MSVC ) # MSVC mangles symbols differently, and +if( NOT MSVC ) # MSVC mangles symbols differently, and # PrintFunctionNames.export contains C++ symbols. if( NOT LLVM_REQUIRES_RTTI ) if( NOT LLVM_REQUIRES_EH ) ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r333060 - [analyzer] CStringChecker fix for strlcpy when no bytes are copied to the dest buffer
Author: devnexen Date: Tue May 22 21:38:25 2018 New Revision: 333060 URL: http://llvm.org/viewvc/llvm-project?rev=333060=rev Log: [analyzer] CStringChecker fix for strlcpy when no bytes are copied to the dest buffer Again, strlc* does not return a pointer so the zero size case doest not fit. Reviewers: NoQ, george.karpenkov Reviewed by: NoQ Differential Revision: https://reviews.llvm.org/D47007 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp cfe/trunk/test/Analysis/bsd-string.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp?rev=333060=333059=333060=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp Tue May 22 21:38:25 2018 @@ -1652,7 +1652,11 @@ void CStringChecker::evalStrcpyCommon(Ch // If the size is known to be zero, we're done. if (StateZeroSize && !StateNonZeroSize) { - StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, DstVal); + if (returnPtr) { +StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, DstVal); + } else { +StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, *lenValNL); + } C.addTransition(StateZeroSize); return; } Modified: cfe/trunk/test/Analysis/bsd-string.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/bsd-string.c?rev=333060=333059=333060=diff == --- cfe/trunk/test/Analysis/bsd-string.c (original) +++ cfe/trunk/test/Analysis/bsd-string.c Tue May 22 21:38:25 2018 @@ -38,3 +38,8 @@ void f6() { size_t len = strlcat(buf, "defg", 4); clang_analyzer_eval(len == 7); // expected-warning{{TRUE}} } + +int f7() { + char buf[8]; + return strlcpy(buf, "1234567", 0); // no-crash +} ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits