[clang] [clang][analyzer] Improve modeling of 'popen' and 'pclose' in StdLibraryFunctionsChecker (PR #78895)
Ben Shi via cfe-commits
cfe-commits at lists.llvm.org
Wed Jan 24 20:28:43 PST 2024
================
@@ -2211,6 +2221,15 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
ErrnoNEZeroIrrelevant, GenericFailureMsg)
.ArgConstraint(NotNull(ArgNo(0))));
+ // int pclose(FILE *stream);
+ addToFunctionSummaryMap(
+ "pclose", Signature(ArgTypes{FilePtrTy}, RetType{IntTy}),
+ Summary(NoEvalCall)
+ .Case({ReturnValueCondition(WithinRange, {{0, IntMax}})},
+ ErrnoMustNotBeChecked, GenericSuccessMsg)
+ .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
+ .ArgConstraint(NotNull(ArgNo(0))));
+
----------------
benshi001 wrote:
I have tried if the return value can be negative on both linux and MacOS, it seems `pclose` always returns positive values on success, even if the child process called `exit(-3)`.
Here are my test cases,
```
// father.c, gcc father.c -o father
#include <stdio.h>
#include <stdlib.h>
int main() {
FILE *fp = popen("/tmp/child.out", "w");
if (fp) {
int r = pclose(fp);
printf("%d\n", r);
}
return 0;
}
```
```
// child.c, gcc child.c -o child
#include <stdio.h>
#include <stdlib.h>
int main() {
exit(-3);
return -3;
}
```
And actually the `child` returns `64768(253 << 8)` to the father.
So I think my current conditions are OK.
https://github.com/llvm/llvm-project/pull/78895
More information about the cfe-commits
mailing list