[clang] 7fc1503 - [analyzer] Bifurcate on getenv() calls

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Wed Oct 13 01:51:19 PDT 2021 

Author: Balazs Benics
Date: 2021-10-13T10:50:26+02:00
New Revision: 7fc150309d27b0f98239bec758b895efda8c0481

URL: https://github.com/llvm/llvm-project/commit/7fc150309d27b0f98239bec758b895efda8c0481
DIFF: https://github.com/llvm/llvm-project/commit/7fc150309d27b0f98239bec758b895efda8c0481.diff

LOG: [analyzer] Bifurcate on getenv() calls

The `getenv()` function might return `NULL` just like any other function.
However, in case of `getenv()` a state-split seems justified since the
programmer should expect the failure of this function.

`secure_getenv(const char *name)` behaves the same way but is not handled
right now.
Note that `std::getenv()` is also not handled.

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D111245

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
    clang/test/Analysis/std-c-library-functions.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index e758b465af1b4..74adc5882bfbf 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -1433,6 +1433,14 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
                 RetType{Ssize_tTy}),
       GetLineSummary);
 
+  // char *getenv(const char *name);
+  addToFunctionSummaryMap(
+      "getenv", Signature(ArgTypes{ConstCharPtrTy}, RetType{CharPtrTy}),
+      Summary(NoEvalCall)
+          .Case({NotNull(Ret)})
+          .Case({NotNull(Ret)->negate()})
+          .ArgConstraint(NotNull(ArgNo(0))));
+
   if (ModelPOSIX) {
 
     // long a64l(const char *str64);

diff  --git a/clang/test/Analysis/std-c-library-functions.c b/clang/test/Analysis/std-c-library-functions.c
index 9288af9d43b8c..e1800ed390a86 100644
--- a/clang/test/Analysis/std-c-library-functions.c
+++ b/clang/test/Analysis/std-c-library-functions.c
@@ -254,3 +254,11 @@ void test_call_by_pointer() {
   f = ispunct;
   clang_analyzer_eval(f('A')); // expected-warning{{FALSE}}
 }
+
+char *getenv(const char *name);
+void test_getenv() {
+  // getenv() bifurcates here.
+  clang_analyzer_eval(getenv("FOO") == 0);
+  // expected-warning at -1 {{TRUE}}
+  // expected-warning at -2 {{FALSE}}
+}

More information about the cfe-commits mailing list