[PATCH] D122150: [clang][analyzer] Add checker for bad use of 'errno'.

Tue Mar 22 02:35:07 PDT 2022

balazske added reviewers: martong, steakhal, NoQ.
balazske added a comment.
Herald added a subscriber: rnkovacs.

This checker is made to add a partial support for CERT rule ERR30-C <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152351> . One part of the rule is "check errno only after the function returns a value indicating failure".

To make this check possible the function (one that sets //errno// in some way) should be modeled by another checker that knows when a failure-indication value is returned from the function. In (but only in) that case the function sets value of //errno//. Return value of the function call should be constrained by the modeling checker to the failure-indicating values if the errno value is set, otherwise to some other values (a state split is needed).

The new API allows to set the //errno value// only together with an "errno check state". This state indicates how to handle the //errno value// by the ErrnoChecker. This information is available at the modeling of the errno-setting function. The CERT rule specifies classes of functions, including "functions that set errno and return an out-of-band error indicator" and "set errno and return an in-band error indicator". At the out-of-band case the errno value is not required to be checked, failure can be observed by check of the return value. At the in-band case the return value at failure is a valid return value too, here errno must be checked to observe if the function has failed. This case is modeled by the `Errno_MustBeChecked` //errno check state//. At many functions value of errno may be undefined after the function call if the function has not failed (the function is not required to not change errno), this is modeled by the `Errno_MustNotBeChecked` value.

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D122150/new/

https://reviews.llvm.org/D122150