[clang] [clang][analyzer] Move checker alpha.unix.StdCLibraryFunctions out of alpha. (PR #66207)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 22 03:34:32 PDT 2023
DonatNagyE wrote:
I tested this commit on several open-source projects, comparing it and its parent with a configuration that enables the non-alpha checkers (so StdCLibraryFunctions becomes enabled when this commit moves it out of alpha).
The results show that this checker doesn't produce random noise and can provide some useful results:
| Project | New reports | Lost reports | Changes |
| --- | --- | --- | --- |
| memcached | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_baseline&newcheck=memcached_1.6.8_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=memcached_1.6.8_baseline&newcheck=memcached_1.6.8_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| tmux | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_baseline&newcheck=tmux_2.6_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tmux_2.6_baseline&newcheck=tmux_2.6_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| twin | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_baseline&newcheck=twin_v0.8.1_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=twin_v0.8.1_baseline&newcheck=twin_v0.8.1_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| vim | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_baseline&newcheck=vim_v8.2.1920_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=vim_v8.2.1920_baseline&newcheck=vim_v8.2.1920_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| openssl | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_baseline&newcheck=openssl_openssl-3.0.0-alpha7_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=openssl_openssl-3.0.0-alpha7_baseline&newcheck=openssl_openssl-3.0.0-alpha7_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| sqlite | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_baseline&newcheck=sqlite_version-3.33.0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=sqlite_version-3.33.0_baseline&newcheck=sqlite_version-3.33.0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| ffmpeg | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_baseline&newcheck=ffmpeg_n4.3.1_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_baseline&newcheck=ffmpeg_n4.3.1_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| postgres | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | 5 new TPs [1]
| tinyxml2 | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_baseline&newcheck=tinyxml2_8.0.0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=tinyxml2_8.0.0_baseline&newcheck=tinyxml2_8.0.0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| libwebm | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_baseline&newcheck=libwebm_libwebm-1.0.0.27_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=libwebm_libwebm-1.0.0.27_baseline&newcheck=libwebm_libwebm-1.0.0.27_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| xerces | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_baseline&newcheck=xerces_v3.2.3_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=xerces_v3.2.3_baseline&newcheck=xerces_v3.2.3_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| bitcoin | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_baseline&newcheck=bitcoin_v0.20.1_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=bitcoin_v0.20.1_baseline&newcheck=bitcoin_v0.20.1_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
| protobuf | [New reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_baseline&newcheck=protobuf_v3.13.0_with_std_library_functions&is-unique=on&diff-mode=New) | [Lost reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=protobuf_v3.13.0_baseline&newcheck=protobuf_v3.13.0_with_std_library_functions&is-unique=on&diff-mode=Resolved) | no effect |
[1] One [unix.StdCLibraryFunctions report](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=New&report-id=2751977&report-hash=1928ba718d9742340937d425ec3978c6&report-filepath=%2apg_backup_custom.c) and four very similar TOCTOU bugs reported by core.NonNullParamChecker ([one example](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_baseline&newcheck=postgres_REL_13_0_with_std_library_functions&is-unique=on&diff-mode=New&report-id=2751787&report-hash=c469e10d32261326b999f84ee5f2d5fa&report-filepath=%2aoption.c)). These are all real issues, although it'd be very difficult to trigger them in practice. Note that we're testing stable versions of open-source projects, so it's not surprising that we don't see serious issues.
https://github.com/llvm/llvm-project/pull/66207
More information about the cfe-commits
mailing list