[all-commits] [llvm/llvm-project] 7fc150: [analyzer] Bifurcate on getenv() calls

Balazs Benics via All-commits all-commits at lists.llvm.org
Wed Oct 13 01:51:28 PDT 2021 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 7fc150309d27b0f98239bec758b895efda8c0481
      https://github.com/llvm/llvm-project/commit/7fc150309d27b0f98239bec758b895efda8c0481
  Author: Balazs Benics <balazs.benics at sigmatechnology.se>
  Date:   2021-10-13 (Wed, 13 Oct 2021)

  Changed paths:
    M clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
    M clang/test/Analysis/std-c-library-functions.c

  Log Message:
  -----------
  [analyzer] Bifurcate on getenv() calls

The `getenv()` function might return `NULL` just like any other function.
However, in case of `getenv()` a state-split seems justified since the
programmer should expect the failure of this function.

`secure_getenv(const char *name)` behaves the same way but is not handled
right now.
Note that `std::getenv()` is also not handled.

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D111245


  Commit: edde4efc66df2257f0b2351d5f98b4fbb2ced620
      https://github.com/llvm/llvm-project/commit/edde4efc66df2257f0b2351d5f98b4fbb2ced620
  Author: Balazs Benics <balazs.benics at sigmatechnology.se>
  Date:   2021-10-13 (Wed, 13 Oct 2021)

  Changed paths:
    M clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.def
    M clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
    M clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
    M clang/test/Analysis/analyzer-config.c
    A clang/test/Analysis/assume-controlled-environment.c

  Log Message:
  -----------
  [analyzer] Introduce the assume-controlled-environment config option

If the `assume-controlled-environment` is `true`, we should expect `getenv()`
to succeed, and the result should not be considered tainted.
By default, the option will be `false`.

Reviewed By: NoQ, martong

Differential Revision: https://reviews.llvm.org/D111296


Compare: https://github.com/llvm/llvm-project/compare/fc2ba5e53d47...edde4efc66df

More information about the All-commits mailing list