[clang] [clang][analyzer] Check initialization and argument passing in FixedAddressChecker (PR #110977)
Balázs Kéri via cfe-commits
cfe-commits at lists.llvm.org
Fri Oct 4 01:31:06 PDT 2024
https://github.com/balazske updated https://github.com/llvm/llvm-project/pull/110977
>From 36d99fc59b675737ce952087b7a71ec6e4b579a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?= <balazs.keri at ericsson.com>
Date: Mon, 30 Sep 2024 16:51:35 +0200
Subject: [PATCH 1/3] [clang][analyzer] Check initialization and argument
passing in FixedAddressChecker
---
.../Checkers/FixedAddressChecker.cpp | 63 +++++++++++++------
clang/test/Analysis/ptr-arith.c | 9 ++-
2 files changed, 52 insertions(+), 20 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
index f7fd92db7757e5..aee85c59ddd630 100644
--- a/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
@@ -8,6 +8,8 @@
//
// This files defines FixedAddressChecker, a builtin checker that checks for
// assignment of a fixed address to a pointer.
+// Using a fixed address is not portable because that address will probably
+// not be valid in all environments or platforms.
// This check corresponds to CWE-587.
//
//===----------------------------------------------------------------------===//
@@ -23,38 +25,35 @@ using namespace ento;
namespace {
class FixedAddressChecker
- : public Checker< check::PreStmt<BinaryOperator> > {
+ : public Checker<check::PreStmt<BinaryOperator>, check::PreStmt<DeclStmt>,
+ check::PreStmt<CallExpr>> {
const BugType BT{this, "Use fixed address"};
+ void checkUseOfFixedAddress(QualType DstType, const Expr *SrcExpr,
+ CheckerContext &C) const;
+
public:
void checkPreStmt(const BinaryOperator *B, CheckerContext &C) const;
+ void checkPreStmt(const DeclStmt *D, CheckerContext &C) const;
+ void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
};
}
-void FixedAddressChecker::checkPreStmt(const BinaryOperator *B,
- CheckerContext &C) const {
- // Using a fixed address is not portable because that address will probably
- // not be valid in all environments or platforms.
-
- if (B->getOpcode() != BO_Assign)
- return;
-
- QualType T = B->getType();
- if (!T->isPointerType())
+void FixedAddressChecker::checkUseOfFixedAddress(QualType DstType,
+ const Expr *SrcExpr,
+ CheckerContext &C) const {
+ if (!DstType->isPointerType())
return;
- // Omit warning if the RHS has already pointer type. Without this passing
- // around one fixed value in several pointer variables would produce several
- // redundant warnings.
- if (B->getRHS()->IgnoreParenCasts()->getType()->isPointerType())
+ if (SrcExpr->IgnoreParenCasts()->getType()->isPointerType())
return;
- SVal RV = C.getSVal(B->getRHS());
+ SVal RV = C.getSVal(SrcExpr);
if (!RV.isConstant() || RV.isZeroConstant())
return;
- if (C.getSourceManager().isInSystemMacro(B->getRHS()->getBeginLoc()))
+ if (C.getSourceManager().isInSystemMacro(SrcExpr->getBeginLoc()))
return;
if (ExplodedNode *N = C.generateNonFatalErrorNode()) {
@@ -63,11 +62,39 @@ void FixedAddressChecker::checkPreStmt(const BinaryOperator *B,
"Using a fixed address is not portable because that address will "
"probably not be valid in all environments or platforms.";
auto R = std::make_unique<PathSensitiveBugReport>(BT, Msg, N);
- R->addRange(B->getRHS()->getSourceRange());
+ R->addRange(SrcExpr->getSourceRange());
C.emitReport(std::move(R));
}
}
+void FixedAddressChecker::checkPreStmt(const BinaryOperator *B,
+ CheckerContext &C) const {
+ if (B->getOpcode() != BO_Assign)
+ return;
+
+ checkUseOfFixedAddress(B->getType(), B->getRHS(), C);
+}
+
+void FixedAddressChecker::checkPreStmt(const DeclStmt *D,
+ CheckerContext &C) const {
+ for (const auto *D1 : D->decls()) {
+ if (const auto *VD1 = dyn_cast<VarDecl>(D1); VD1 && VD1->hasInit())
+ checkUseOfFixedAddress(VD1->getType(), VD1->getInit(), C);
+ }
+}
+
+void FixedAddressChecker::checkPreStmt(const CallExpr *CE,
+ CheckerContext &C) const {
+ const FunctionDecl *Callee = CE->getDirectCallee();
+ if (!Callee)
+ return;
+ if (CE->getNumArgs() != Callee->getNumParams())
+ return;
+
+ for (auto [Arg, Param] : zip_equal(CE->arguments(), Callee->parameters()))
+ checkUseOfFixedAddress(Param->getType(), Arg, C);
+}
+
void ento::registerFixedAddressChecker(CheckerManager &mgr) {
mgr.registerChecker<FixedAddressChecker>();
}
diff --git a/clang/test/Analysis/ptr-arith.c b/clang/test/Analysis/ptr-arith.c
index b5ccd2c207ead1..1a3e18a64dedc5 100644
--- a/clang/test/Analysis/ptr-arith.c
+++ b/clang/test/Analysis/ptr-arith.c
@@ -39,6 +39,8 @@ domain_port (const char *domain_b, const char *domain_e,
#define FIXED_VALUE (int*) 0x1111
+void f_ptr_param(void *);
+
void f4(void) {
int *p;
p = (int*) 0x10000; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
@@ -55,6 +57,9 @@ void f4(void) {
sigaction(SIGINT, &sa, NULL);
p = FIXED_VALUE; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
+
+ int *p2 = (int*) 1; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
+ f_ptr_param((void *)-1); // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
}
void f5(void) {
@@ -104,8 +109,8 @@ void null_operand(int *a) {
}
void const_locs(void) {
- char *a = (char*)0x1000;
- char *b = (char*)0x1100;
+ char *a = (char*)0x1000; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
+ char *b = (char*)0x1100; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
start:
clang_analyzer_eval(a != b); // expected-warning{{TRUE}}
clang_analyzer_eval(a < b); // expected-warning{{TRUE}}
>From 4bdffb0cd83672a0fea6b7caa3914d1494e076cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?= <balazs.keri at ericsson.com>
Date: Thu, 3 Oct 2024 17:10:13 +0200
Subject: [PATCH 2/3] fixed variable names, using PreCall
---
.../Checkers/FixedAddressChecker.cpp | 36 +++++++++----------
clang/test/Analysis/ptr-arith.c | 3 ++
2 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
index aee85c59ddd630..5d611a795f763c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/FixedAddressChecker.cpp
@@ -18,6 +18,7 @@
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
using namespace clang;
@@ -26,16 +27,16 @@ using namespace ento;
namespace {
class FixedAddressChecker
: public Checker<check::PreStmt<BinaryOperator>, check::PreStmt<DeclStmt>,
- check::PreStmt<CallExpr>> {
+ check::PreCall> {
const BugType BT{this, "Use fixed address"};
void checkUseOfFixedAddress(QualType DstType, const Expr *SrcExpr,
CheckerContext &C) const;
public:
- void checkPreStmt(const BinaryOperator *B, CheckerContext &C) const;
- void checkPreStmt(const DeclStmt *D, CheckerContext &C) const;
- void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
+ void checkPreStmt(const BinaryOperator *BO, CheckerContext &C) const;
+ void checkPreStmt(const DeclStmt *DS, CheckerContext &C) const;
+ void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
};
}
@@ -67,32 +68,27 @@ void FixedAddressChecker::checkUseOfFixedAddress(QualType DstType,
}
}
-void FixedAddressChecker::checkPreStmt(const BinaryOperator *B,
+void FixedAddressChecker::checkPreStmt(const BinaryOperator *BO,
CheckerContext &C) const {
- if (B->getOpcode() != BO_Assign)
+ if (BO->getOpcode() != BO_Assign)
return;
- checkUseOfFixedAddress(B->getType(), B->getRHS(), C);
+ checkUseOfFixedAddress(BO->getType(), BO->getRHS(), C);
}
-void FixedAddressChecker::checkPreStmt(const DeclStmt *D,
+void FixedAddressChecker::checkPreStmt(const DeclStmt *DS,
CheckerContext &C) const {
- for (const auto *D1 : D->decls()) {
- if (const auto *VD1 = dyn_cast<VarDecl>(D1); VD1 && VD1->hasInit())
- checkUseOfFixedAddress(VD1->getType(), VD1->getInit(), C);
+ for (const auto *D : DS->decls()) {
+ if (const auto *VD = dyn_cast<VarDecl>(D); VD && VD->hasInit())
+ checkUseOfFixedAddress(VD->getType(), VD->getInit(), C);
}
}
-void FixedAddressChecker::checkPreStmt(const CallExpr *CE,
+void FixedAddressChecker::checkPreCall(const CallEvent &Call,
CheckerContext &C) const {
- const FunctionDecl *Callee = CE->getDirectCallee();
- if (!Callee)
- return;
- if (CE->getNumArgs() != Callee->getNumParams())
- return;
-
- for (auto [Arg, Param] : zip_equal(CE->arguments(), Callee->parameters()))
- checkUseOfFixedAddress(Param->getType(), Arg, C);
+ for (auto Parm : enumerate(Call.parameters()))
+ checkUseOfFixedAddress(Parm.value()->getType(),
+ Call.getArgExpr(Parm.index()), C);
}
void ento::registerFixedAddressChecker(CheckerManager &mgr) {
diff --git a/clang/test/Analysis/ptr-arith.c b/clang/test/Analysis/ptr-arith.c
index 1a3e18a64dedc5..9964513f3a2c8c 100644
--- a/clang/test/Analysis/ptr-arith.c
+++ b/clang/test/Analysis/ptr-arith.c
@@ -60,6 +60,9 @@ void f4(void) {
int *p2 = (int*) 1; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
f_ptr_param((void *)-1); // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
+
+ void (*f_p)(void *) = f_ptr_param;
+ f_p((void *) -2); // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
}
void f5(void) {
>From 51a2e4470e935f35d06961f0d284afaeae31356b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?= <balazs.keri at ericsson.com>
Date: Fri, 4 Oct 2024 10:30:33 +0200
Subject: [PATCH 3/3] updated failing tests
---
clang/test/Analysis/concrete-address.c | 4 ++--
clang/test/Analysis/misc-ps.m | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/clang/test/Analysis/concrete-address.c b/clang/test/Analysis/concrete-address.c
index 346f5093e44f7a..56bfc4fa89124e 100644
--- a/clang/test/Analysis/concrete-address.c
+++ b/clang/test/Analysis/concrete-address.c
@@ -1,7 +1,7 @@
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core -verify %s
-// expected-no-diagnostics
void foo(void) {
- int *p = (int*) 0x10000; // Should not crash here.
+ // Should not crash at next line.
+ int *p = (int*) 0x10000; // expected-warning{{Using a fixed address is not portable}}
*p = 3;
}
diff --git a/clang/test/Analysis/misc-ps.m b/clang/test/Analysis/misc-ps.m
index 0a8a30cb6175cb..2e9a7a5bb2d204 100644
--- a/clang/test/Analysis/misc-ps.m
+++ b/clang/test/Analysis/misc-ps.m
@@ -1173,7 +1173,7 @@ void baz_pr8440(int n)
// Support direct accesses to non-null memory. Reported in:
// PR 5272
int test_direct_address_load(void) {
- int *p = (int*) 0x4000;
+ int *p = (int*) 0x4000; // expected-warning{{Using a fixed address is not portable}}
return *p; // no-warning
}
More information about the cfe-commits
mailing list