[clang] [clang][analyzer] Improve modeling of 'popen' and 'pclose' in StdLibraryFunctionsChecker (PR #78895)

Thu Jan 25 00:15:29 PST 2024

================
@@ -2211,6 +2221,15 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
                   ErrnoNEZeroIrrelevant, GenericFailureMsg)
             .ArgConstraint(NotNull(ArgNo(0))));
 
+    // int pclose(FILE *stream);
+    addToFunctionSummaryMap(
+        "pclose", Signature(ArgTypes{FilePtrTy}, RetType{IntTy}),
+        Summary(NoEvalCall)
+            .Case({ReturnValueCondition(WithinRange, {{0, IntMax}})},
+                  ErrnoMustNotBeChecked, GenericSuccessMsg)
+            .Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
+            .ArgConstraint(NotNull(ArgNo(0))));
+
----------------
balazske wrote:

The POSIX documentation does not tell if it is possible to get negative value from `fclose` other than -1. Because -1 is reserved for indication of error, it should not be a regular return value (if yes, there should be mentioned that `errno` is not changed at success, to make detection of error possible). If negative non-error return value is allowed, it can not be -1.
It looks like that negative return values from the process appear as positive values like in the example above. The returned value is not the value passed to `exit`, that can be extracted by `WEXITSTATUS` (see `waitpid`).

https://github.com/llvm/llvm-project/pull/78895
