[cfe-commits] Patch: Warn on zero-length memaccess

Chris Pickel sfiera at sfzmail.com
Wed Jun 13 10:21:18 PDT 2012 

Hi, cfe-commits,

After spending far too long tracking down a bug which was ultimately
caused by the line:

  memset(&x, sizeof(x), 0);  // Should be memset(&x, 0, sizeof(x))

I wrote a clang patch which adds a diagnostic for this situation. It
warns on any call to a memaccess function (memset, memcpy, memcmp,
&c.) in which a literal "0" is passed as the size. Like other
memaccess diagnostics, it can be suppressed by casting &x to void*.

The git-formatted patch is attached, but it fails a few tests, and I'm
not sure what the correct fix is. The test log is attached too; a
summary is:

Analysis/bstring.c:
    "TRUE" warnings expected in addition to zero-length memaccess warnings

Analysis/string.c
    Warns on __builtin_strncpy instead of strcpy
    But if I change the expectation, then it warns on strcpy instead

SemaCXX/warn-zero-length-memaccess:
SemaCXX/zero-length-arrays:
    Implicit copy-constructors appear to generate calls to
__builtin_memcpy(…, 0)
    This warning shouldn't really be checking __builtin_memcpy()
    On the other hand, should __builtin_memcpy(…, 0) be generated to begin with?
-------------- next part --------------
Making Clang 'lit.site.cfg' file...
Making Clang 'Unit/lit.site.cfg' file...
--- Running clang tests for x86_64-apple-darwin11.4.0 ---
lit.py: lit.cfg:175: note: using clang: '/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang'
-- Testing: 4727 tests, 2 threads --
Testing: 
FAIL: Clang :: Analysis/bstring.c (92 of 4727)
******************** TEST 'Clang :: Analysis/bstring.c' FAILED ********************
Script:
--
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/bstring.c
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/bstring.c
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/bstring.c
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/bstring.c
--
Exit Code: 1
Command Output (stderr):
--
error: 'warning' diagnostics seen but not expected: 
  Line 373: TRUE
  Line 374: TRUE
  Line 375: TRUE
3 errors generated.
--

********************
Testing: 0 
FAIL: Clang :: Analysis/string.c (226 of 4727)
******************** TEST 'Clang :: Analysis/string.c' FAILED ********************
Script:
--
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/string.c
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/string.c
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/string.c
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=experimental.security.taint,core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/Analysis/string.c
--
Exit Code: 1
Command Output (stderr):
--
error: 'warning' diagnostics expected but not seen: 
  Line 537: length in 'strncpy' call is zero
error: 'warning' diagnostics seen but not expected: 
  Line 537: length in '__builtin_strncpy' call is zero
2 errors generated.
--

********************
Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80
FAIL: Clang :: SemaCXX/warn-zero-length-memaccess.cpp (4002 of 4727)
******************** TEST 'Clang :: SemaCXX/warn-zero-length-memaccess.cpp' FAILED ********************
Script:
--
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -fsyntax-only -verify -Wzero-length-memaccess /Users/sfiera/Projects/llvm-git/tools/clang/test/SemaCXX/warn-zero-length-memaccess.cpp
--
Exit Code: 1
Command Output (stderr):
--
error: 'warning' diagnostics seen but not expected: 
  Line 15: length in '__builtin_memcpy' call is zero
1 error generated.
--

********************
Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80
FAIL: Clang :: SemaCXX/zero-length-arrays.cpp (4003 of 4727)
******************** TEST 'Clang :: SemaCXX/zero-length-arrays.cpp' FAILED ********************
Script:
--
/Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/clang -cc1 -internal-isystem /Users/sfiera/Projects/llvm-git/Debug+Asserts/bin/../lib/clang/3.2/include -fsyntax-only -verify /Users/sfiera/Projects/llvm-git/tools/clang/test/SemaCXX/zero-length-arrays.cpp
--
Exit Code: 1
Command Output (stderr):
--
error: 'warning' diagnostics seen but not expected: 
  Line 14: length in '__builtin_memcpy' call is zero
  Line 14: length in '__builtin_memcpy' call is zero
  Line 14: length in '__builtin_memcpy' call is zero
3 errors generated.
--

********************
Testing: 0 .. 10.. 20.. 30.. 40.. 50.. 60.. 70.. 80.. 90.. 
Testing Time: 266.66s
********************
Failing Tests (4):
    Clang :: Analysis/bstring.c
    Clang :: Analysis/string.c
    Clang :: SemaCXX/warn-zero-length-memaccess.cpp
    Clang :: SemaCXX/zero-length-arrays.cpp

  Expected Passes    : 4696
  Expected Failures  : 27
  Unexpected Failures: 4
make[1]: *** [all] Error 1
make: *** [test] Error 2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Warn-on-zero-length-memaccess.patch
Type: application/octet-stream
Size: 8196 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20120613/16b8303b/attachment.obj>

More information about the cfe-commits mailing list