[clang] [analyzer] Modernize, improve and promote chroot checker (PR #117791)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Nov 28 02:35:24 PST 2024
================
@@ -104,15 +146,35 @@ void ChrootChecker::evalChdir(const CallEvent &Call, CheckerContext &C) const {
R = R->StripCasts();
if (const StringRegion* StrRegion= dyn_cast<StringRegion>(R)) {
const StringLiteral* Str = StrRegion->getStringLiteral();
- if (Str->getString() == "/")
- state = Mgr.addGDM(state, ChrootChecker::getTag(),
- (void*) JAIL_ENTERED);
+ if (Str->getString() == "/") {
+ state = state->set<ChrootState>(JAIL_ENTERED);
+ }
}
}
C.addTransition(state);
}
+const ExplodedNode *ChrootChecker::getAcquisitionSite(const ExplodedNode *N,
+ CheckerContext &C) {
+ ProgramStateRef State = N->getState();
+ // When bug type is resource leak, exploded node N may not have state info
+ // for leaked file descriptor, but predecessor should have it.
+ if (!State->get<ChrootCall>())
+ N = N->getFirstPred();
+
+ const ExplodedNode *Pred = N;
+ while (N) {
+ State = N->getState();
+ if (!State->get<ChrootCall>())
+ return Pred;
+ Pred = N;
+ N = N->getFirstPred();
+ }
----------------
vabridgers wrote:
I had to move this graph walk to the visitor since I needed to find the node where chroot was found. I experimented with avoiding this graph walk, but could not find a way. I found the approach I'm using in the current Stream Checker for the same reasons I'm using it, which is to get the location info for the chroot instance and chdir instance for bug reporting. See StreamChecker.cpp, method reportLeaks which uses getAcquisitionSite. That approach usage also uses a visitor.
https://github.com/llvm/llvm-project/pull/117791
More information about the cfe-commits
mailing list