[clang] [clang][analyzer] Change default value of checker option in unix.StdCLibraryFunctions. (PR #80457)

via cfe-commits cfe-commits at lists.llvm.org
Mon Feb 12 08:27:09 PST 2024 

NagyDonat wrote:

I analyzed the results uploaded by @balazske and found the following:

### memcached

The new ModelPosix=true produces two new bug reports [(1) assuming that fileno() can fail](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=memcached_1.6.8_modelposix_defaulton&newcheck=memcached_1.6.8_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464001&report-hash=2bf08110160cdf74b43d1443a243c170&report-filepath=%2aauthfile.c) and [(2) errno is undefined after close()](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=memcached_1.6.8_modelposix_defaulton&newcheck=memcached_1.6.8_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464024&report-hash=0317376f1ccbb4ad49347cc505972a1e&report-filepath=%2amemcached.c). These are arguably true positives, although it's unclear whether fileno() can fail or not ("These functions should not fail and do not set  the  external  variable errno.   (However,  in case fileno() detects that its argument is not a valid stream, it must return -1 and set errno to EBADF.)" -- e.g. the manpage on my linux claims both that it should not fail and that it can fail.).

### tmux

The new ModelPosix=true produces [yet another errno undefined after close()](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=tmux_2.6_modelposix_defaulton&newcheck=tmux_2.6_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464058&report-hash=c2945236a92091b2bc3f3e45831171b9&report-filepath=%2aclient.c) and a case where the [checker assumes that opening "/dev/null" can fail](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=tmux_2.6_modelposix_defaulton&newcheck=tmux_2.6_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464065&report-hash=1ad575b0810ef8658405d7e625d05d55&report-filepath=%2acmd-pipe-pane.c). The first is a TP, the second is FP in practice but is a reasonable report.
### curl
There are 9 new reports with ModelPosix=true:
  - one very confusing report on an [extraordinarily ugly macro](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464096&report-hash=7f1932ded5a624fc700c23f9773b2e8a&report-filepath=%2asockfilt.c) -- probably FP, but the author "asked for it" with this mess,
  - there are two [bitwiseshift](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464097&report-hash=246fc7928949c326a376755a369179de&report-filepath=%2asockfilt.c) [reports](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464098&report-hash=f6f35cd5508bdbb8bf7f63bd72193217&report-filepath=%2asockfilt.c) on ugly black magic that breaks if we assume that `fileno()` returns `-1`,
  - one that looks like a [straightforward TP caught among confusing code branches](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464099&report-hash=710c0fca72ffec642cbcfcc8311a8fbd&report-filepath=%2asockfilt.c),
  - a [71-step monster](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464102&report-hash=d4a4bda38c5a6fdaabe2c1867158b106&report-filepath=%2atftpd.c) that's also probably TP, but hard to understand,
  - two straightforward failure of "`open()`" not checked reports [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464104&report-hash=6a154ab1f902166b53ddfe5d0683d270&report-filepath=%2alib568.c) [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464107&report-hash=84e8d41aa8e091f6d738fedccc48fe50&report-filepath=%2alib572.c) in test code, these seem to be TPs
  - an [`isatty(fileno())` issue](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464106&report-hash=711f723dd493d590bceee945f32c564b&report-filepath=%2atool_operate.c),
  - a [`fstat(fileno(), ...)` issue](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=curl_curl-7_66_0_modelposix_defaulton&newcheck=curl_curl-7_66_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464117&report-hash=2757f3449ab3879b10a536a943e0a9be&report-filepath=%2alib582.c).

### twin

Two new reports with ModelPosix=true, one [tricky mmap issue that appears to be TP](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=twin_v0.8.1_modelposix_defaulton&newcheck=twin_v0.8.1_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464149&report-hash=50a98122502701302b7b75a6a56342e8&report-filepath=%2ashm.c) if we consider the function in isolation and assume that its `len` argument can be 0 and yet another [checker assumes that opening "/dev/null" can fail](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=twin_v0.8.1_modelposix_defaulton&newcheck=twin_v0.8.1_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464153&report-hash=855e986c5adafa0975432d38d5facc20&report-filepath=%2ahw_tty.c) report (FP in practice).

### vim

 7 new reports with ModelPosix=true:
  - three `fstat(fileno(), ..)` issues [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464395&report-hash=1092ccc16c6600fc6c156f4e4b02f99b&report-filepath=%2aviminfo.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464396&report-hash=9cec0c47adc2efde73725c84e487084a&report-filepath=%2aviminfo.c), [(3)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464482&report-hash=fc7fc38a0a34d5348843b6c6be4ea5f0&report-filepath=%2ablob.c),
  - two `fchown(fileno(), ...)` issues [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464397&report-hash=e4ff9f42f80d60736f77a32129f42c6c&report-filepath=%2aviminfo.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464398&report-hash=abb4a54f7a5a26d99221863bd357ea2e&report-filepath=%2aviminfo.c),
  - one [report](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464466&report-hash=e15776574d709197d3c07be5bcb7ae40&report-filepath=%2aos_unix.c) that's impossible to understand because the relevant things happen in a function that was pruned (but probably FP),
  - an ["errno becomes undefined after successful call" TP](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=vim_v8.2.1920_modelposix_defaulton&newcheck=vim_v8.2.1920_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464483&report-hash=4c9f128cc6c50dc1b0c1f588116ffacd&report-filepath=%2achannel.c).
Note that `vim` is paranoid enough to handle the case when opening "/dev/null" fails.

### openssl

3 new reports with ModelPosix=true:
  - two `fstat(fileno(), ...)` issues: [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=openssl_openssl-3.0.0-alpha7_modelposix_defaulton&newcheck=openssl_openssl-3.0.0-alpha7_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464899&report-hash=27d04c736b98774749db3ca645b6c7dc&report-filepath=%2aapps.c) and [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=openssl_openssl-3.0.0-alpha7_modelposix_defaulton&newcheck=openssl_openssl-3.0.0-alpha7_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464938&report-hash=8b3b4600c9a4c86b6d09feb6871b5e0c&report-filepath=%2arandfile.c),
  - one issue where [the failure of `fdopen()` is not handled](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=openssl_openssl-3.0.0-alpha7_modelposix_defaulton&newcheck=openssl_openssl-3.0.0-alpha7_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3464910&report-hash=ff13fa0ac017eee4e09acad8407399b4&report-filepath=%2aspeed.c).

### sqlite

One new report with ModelPosix=true where [the checker assumes that `ftell()` returns -1](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=sqlite_version-3.33.0_modelposix_defaulton&newcheck=sqlite_version-3.33.0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3465357&report-hash=dd6b2a8526eb76410fbb533971bc1d88&report-filepath=%2alemon.c) and this leads to a `malloc(0)` call. 

### ffmpeg
  - the old ModelPosix=false produced [one FP](https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?run=ffmpeg_n4.3.1_modelposix_defaulton&newcheck=ffmpeg_n4.3.1_modelposix_defaultoff&is-unique=on&diff-mode=New) that disappeared for unknown reasons. This seems to be a "honest mistake" of the analyzer (it doesn't know that `ff_neterrno()` cannot return 0 = success), I don't know how ModelPosix affected it.
  - on the other hand the new ModelPosix=true produces a [second argument of mmap is 0 error](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=ffmpeg_n4.3.1_modelposix_defaulton&newcheck=ffmpeg_n4.3.1_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3465814&report-hash=908f965d980d60292af95db0fa10cd5f&report-filepath=%2av4l2_buffers.c) that is almost surely a false positive. The root cause is probably the rough / incorrect modeling of regions and subregions.

### postgres
Two lost reports (that no longer appear with ModelPosix=true) and **33 (!!) new reports**:
  - a [straightforward leak of a string returned by `strdup()`](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=New&report-id=3467892&report-hash=9278b17f14a2612356e847d5ef5426a0&report-filepath=%2aexec.c) is lost and I don't know why. Perhaps turn this into an unit test to examine what happens?
  - a [low-quality FP](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=New&report-id=3467891&report-hash=99d1b5c03f7dcb9e5f1c872610f2fea6&report-filepath=%2aexec.c) is also lost -- here the FP originates from the usual problems with loop handling and an ugly macro; I don't know why it disappeared but I won't miss it.
  - among the new results, half of them are `isatty(fileno())` reports: [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=30171398477625c36fb6681dc3dece19&report-id=3467102&report-filepath=%2astartup.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=731a3f8370eeb7e30eb20d88a2bf3ee5&report-id=3467103&report-filepath=%2astartup.c), [(3)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=be731f56b6a10b0a125c1e9891e3b067&report-id=3467155&report-filepath=%2afe-print.c), [(4)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=a8dcc0ad2a2d4ddb2941e814e1437d28&report-id=3467156&report-filepath=%2afe-print.c), [(5)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=a87a4a296fa52201ae5bd38de004c944&report-id=3467213&report-filepath=%2acopy.c) [(6)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=a286fe77f018ca733151b4329447e292&report-id=3467234&report-filepath=%2alogging.c), [(7)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=a21882ab0e148dc8b20b02de80c53d35&report-id=3467297&report-filepath=%2autil.c), [(8)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=74648f288c1bd19cce508486eab5a4a6&report-id=3467300&report-filepath=%2aprint.c), [(9)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=b7239a7ed4bad3e5ac52139b4b0e3b22&report-id=3467302&report-filepath=%2aprint.c), [(10)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=bd34cf914dcdf9668f2d11c7def645b0&report-id=3467309&report-filepath=%2aprint.c), [(11)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=b21b53341c1e977a03fbdeb57a9149eb&report-id=3467362&report-filepath=%2apg_rewind.c), [(12)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=42478df85eb3bd6b1edaf801aea6a353&report-id=3467431&report-filepath=%2apg_basebackup.c), [(13)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=99576ba0a94aace069f7f743351792f2&report-id=3467436&report-filepath=%2apg_basebackup.c), [(14)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=cfac85262650cd5dcd25bf6094b54c93&report-id=3467308&report-filepath=%2aprint.c),  [(15)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=d8f94079d24af3de6ff5908345cc75a9&report-id=3467548&report-filepath=%2apgbench.c), [(16)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=cfac85262650cd5dcd25bf6094b54c93&report-id=3467308&report-filepath=%2aprint.c),
  - there are also two `dup(fileno())` failures [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=b2d143a73d80a4d6f4e0a3025896eee8&report-id=3467295&report-filepath=%2apg_backup_tar.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=c21d9b72d333ac244c602082d7293e32&report-id=3467433&report-filepath=%2apg_basebackup.c), 
  -  and four new `dup2(..., fileno())` failures: [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=b41faa3801d8d88050886c8e05a51087&report-id=3467396&report-filepath=%2asyslogger.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=6f75abffc80df91ca93c3a5a10923363&report-id=3467398&report-filepath=%2asyslogger.c), [(3)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=8d46783b045b160ee413d874593ad436&report-id=3467399&report-filepath=%2asyslogger.c), [(4)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=fb2d7966bb3a55ce85ac9d66750896f2&report-id=3467397&report-filepath=%2asyslogger.c),
  - and 5 `fstat(fileno(),...)` issues [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=7a8bd573c2ed7fcf29f85a1ceb9e2095&report-id=3467441&report-filepath=%2asnapmgr.c), [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=4077c786cad9dd5faab6c62d179681a3&report-id=3467514&report-filepath=%2acopy.c) [(3)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=7a8bd573c2ed7fcf29f85a1ceb9e2095&report-id=3467441&report-filepath=%2asnapmgr.c), [(4)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=4077c786cad9dd5faab6c62d179681a3&report-id=3467514&report-filepath=%2acopy.c) and [(5)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=d3be9315d6a34e98912ae913d86927e5&report-id=3467513&report-filepath=%2acopy.c);
  - in addition to all these unhandled `fileno()` failures we also have two new `fdopen(dup(), ...)` issues [(1)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=7bfadbd077fbb56b5cc8cdef7ed5c26d&report-id=3467097&report-filepath=%2apg_backup_archiver.c) , [(2)](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&page=2&report-hash=dca5ab127bd980bd3fadd599014f12b0&report-id=3467098&report-filepath=%2apg_backup_archiver.c),
  - one new ["`errno` is not checked after `rewind()`"](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=a4eb497c95eeb29e3abd902822bbb215&report-id=3467236&report-filepath=%2ainitdb.c) TP,
  - one new ["second argument of `mmap` is 0" FP](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=914e79646cb0de40dab434ba24c8c23c&report-id=3467350&report-filepath=%2adsm_impl.c) that appears because the analyzer assumed a bad constraint in a loop (the usual "if there is a loop, handle zero iterations as a separate branch" bug),
  - one [issue](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=9cbab870e5518b6702fb80d01a81da5d&report-id=3467363&report-filepath=%2aslru.c) where it's unclear if an error reporting function is noreturn or not (if it's noreturn, this is a FP, I'd guess that the analyzer can't determine this without CTU),
  - one [TP wheren `NULL` is used as a filename string](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=58d8278be40f99597b44323d2574c053&report-id=3467400&report-filepath=%2asyslogger.c)
  - one [FP where I think that the engine mishandles a cast](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=postgres_REL_13_0_modelposix_defaulton&newcheck=postgres_REL_13_0_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-hash=32f8e213c6fb419277ec76c40bfa3956&report-id=3467479&report-filepath=%2afe-connect.c) and assumes that `(send(tmpsock, (char *) &crp, sizeof(crp), 0) != (int) sizeof(crp))` can be true even if `send` succeeds and returns the size of `crp` (which is a struct variable).

### xerces

ModelPosix=true introduces two new reports: one [unhandled failure of `ftell`](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=xerces_v3.2.3_modelposix_defaulton&newcheck=xerces_v3.2.3_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3467998&report-hash=4ab640064066880ac7031727869c92f4&report-filepath=%2aThreadTest.cpp) (with a surprising but essentially correct error message) and an [fdopen(dup()) report](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=xerces_v3.2.3_modelposix_defaulton&newcheck=xerces_v3.2.3_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3468054&report-hash=2d6a05592ac4a55974aa7b38c0bd2dcf&report-filepath=%2aPosixFileMgr.cpp).

### bitcoin

We have three new reports: a good old [`isatty(fileno())` issue](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=bitcoin_v0.20.1_modelposix_defaulton&newcheck=bitcoin_v0.20.1_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3468219&report-hash=86e9bd16502739658c438a6529ba69bd&report-filepath=%2astdin.cpp), a [false positive](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=bitcoin_v0.20.1_modelposix_defaulton&newcheck=bitcoin_v0.20.1_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3468220&report-hash=6ad3a20f18f2850293b4cdd867e404e2&report-filepath=%2aenv_posix.cc) where it seems that the analyzer wasn't able to handle an opaque "Status" type, and a [`fdatasync(fileno()` report](https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=bitcoin_v0.20.1_modelposix_defaulton&newcheck=bitcoin_v0.20.1_modelposix_defaultoff&is-unique=on&diff-type=Resolved&report-id=3468259&report-hash=ff63c562034034a8e53463af8ab018cc&report-filepath=%2asystem.cpp).

## Conclusion

Apparently there are many projects that use `fileno()` without handling its failure, so reporting each of these calls is a bit too noisy. I'm not familiar with the relevant parts of the posix standard, but purely reasoning from the observed usage I'd say that we should hide this "strict" fileno-may-fail modeling behind an off-by-default flag (or eliminate it completely).

Apart from this question, the change seems to be reasonable and there are several situations where it produces valuable reports.

https://github.com/llvm/llvm-project/pull/80457

More information about the cfe-commits mailing list