[clang] [analyzer] Modernize, improve and promote chroot checker (PR #117791)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 27 01:29:46 PST 2024
================
@@ -104,15 +146,35 @@ void ChrootChecker::evalChdir(const CallEvent &Call, CheckerContext &C) const {
R = R->StripCasts();
if (const StringRegion* StrRegion= dyn_cast<StringRegion>(R)) {
const StringLiteral* Str = StrRegion->getStringLiteral();
- if (Str->getString() == "/")
- state = Mgr.addGDM(state, ChrootChecker::getTag(),
- (void*) JAIL_ENTERED);
+ if (Str->getString() == "/") {
+ state = state->set<ChrootState>(JAIL_ENTERED);
+ }
}
}
C.addTransition(state);
}
+const ExplodedNode *ChrootChecker::getAcquisitionSite(const ExplodedNode *N,
+ CheckerContext &C) {
+ ProgramStateRef State = N->getState();
+ // When bug type is resource leak, exploded node N may not have state info
+ // for leaked file descriptor, but predecessor should have it.
+ if (!State->get<ChrootCall>())
+ N = N->getFirstPred();
+
+ const ExplodedNode *Pred = N;
+ while (N) {
+ State = N->getState();
+ if (!State->get<ChrootCall>())
+ return Pred;
+ Pred = N;
+ N = N->getFirstPred();
+ }
----------------
steakhal wrote:
TBH the node you really want to find is where you have `ChrootCall` set, but in the pred node it's not yet set.
This loop would accept a node if its parent and also its parent don't have `ChrootCall` set - which is not exactly what we want.
BTW I'm surprised to have this egraph walk, which is usually done by BugReportVisitors. In such a visitor you would have an easier time for implementing this.
https://github.com/llvm/llvm-project/pull/117791
More information about the cfe-commits
mailing list