diff options
| author | Anna Zaks <ganna@apple.com> | 2012-01-04 23:54:01 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-01-04 23:54:01 +0000 |
| commit | eb31a76d1cdaaf8874c549dc6bd964ff270d3822 (patch) | |
| tree | 2431945856d47f0454cf15617fe52bd33e15b095 /test/Analysis | |
| parent | f063a3b783e22effa7972d05830cee942b2499ce (diff) | |
| download | clang-eb31a76d1cdaaf8874c549dc6bd964ff270d3822.tar.gz | |
[analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.
Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.
Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:
* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars
* invalidated by functions defined in system headers:
B: errno
* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/Analysis')
| -rw-r--r-- | test/Analysis/global-region-invalidation.c | 75 | ||||
| -rw-r--r-- | test/Analysis/misc-ps.c | 18 | ||||
| -rw-r--r-- | test/Analysis/system-header-simulator.h | 10 |
3 files changed, 85 insertions, 18 deletions
diff --git a/test/Analysis/global-region-invalidation.c b/test/Analysis/global-region-invalidation.c new file mode 100644 index 0000000000..184ffb870f --- /dev/null +++ b/test/Analysis/global-region-invalidation.c @@ -0,0 +1,75 @@ +// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core,deadcode,experimental.security.taint,debug.TaintTest -verify %s + +// Note, we do need to include headers here, since the analyzer checks if the function declaration is located in a system header. +#include "system-header-simulator.h" + +// Test that system header does not invalidate the internal global. +int size_rdar9373039 = 1; +int rdar9373039() { + int x; + int j = 0; + + for (int i = 0 ; i < size_rdar9373039 ; ++i) + x = 1; + + // strlen doesn't invalidate the value of 'size_rdar9373039'. + int extra = (2 + strlen ("Clang") + ((4 - ((unsigned int) (2 + strlen ("Clang")) % 4)) % 4)) + (2 + strlen ("1.0") + ((4 - ((unsigned int) (2 + strlen ("1.0")) % 4)) % 4)); + + for (int i = 0 ; i < size_rdar9373039 ; ++i) + j += x; // no-warning + + return j; +} + +// Test stdin does not get invalidated by a system call nor by an internal call. +void foo(); +int stdinTest() { + int i = 0; + fscanf(stdin, "%d", &i); + foo(); + int m = i; // expected-warning + {{tainted}} + fscanf(stdin, "%d", &i); + int j = i; // expected-warning + {{tainted}} + return m + j; // expected-warning + {{tainted}} +} + +// Test errno gets invalidated by a system call. +int testErrnoSystem() { + int i; + int *p = 0; + fscanf(stdin, "%d", &i); + if (errno == 0) { + fscanf(stdin, "%d", &i); // errno gets invalidated here. + return 5 / errno; // no-warning + } + return 0; +} + +// Test that errno gets invalidated by internal calls. +int testErrnoInternal() { + int i; + int *p = 0; + fscanf(stdin, "%d", &i); + if (errno == 0) { + foo(); // errno gets invalidated here. + return 5 / errno; // no-warning + } + return 0; +} + +// Test that const integer does not get invalidated. +const int x = 0; +int constIntGlob() { + const int *m = &x; + foo(); + return 3 / *m; // expected-warning {{Division by zero}} +} + +extern const int x; +int constIntGlobExtern() { + if (x == 0) { + foo(); + return 5 / x; // expected-warning {{Division by zero}} + } + return 0; +} diff --git a/test/Analysis/misc-ps.c b/test/Analysis/misc-ps.c index c10037381a..8a36efb995 100644 --- a/test/Analysis/misc-ps.c +++ b/test/Analysis/misc-ps.c @@ -1,24 +1,6 @@ // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=deadcode -verify %s -unsigned long strlen(const char *); - int size_rdar9373039 = 1; -int rdar9373039() { - int x; - int j = 0; - - for (int i = 0 ; i < size_rdar9373039 ; ++i) - x = 1; - - // strlen doesn't invalidate the value of 'size_rdar9373039'. - int extra = (2 + strlen ("Clang") + ((4 - ((unsigned int) (2 + strlen ("Clang")) % 4)) % 4)) + (2 + strlen ("1.0") + ((4 - ((unsigned int) (2 + strlen ("1.0")) % 4)) % 4)); - - for (int i = 0 ; i < size_rdar9373039 ; ++i) - j += x; // no-warning - - return j; -} - int foo_rdar9373039(const char *); int rdar93730392() { diff --git a/test/Analysis/system-header-simulator.h b/test/Analysis/system-header-simulator.h new file mode 100644 index 0000000000..68c66574df --- /dev/null +++ b/test/Analysis/system-header-simulator.h @@ -0,0 +1,10 @@ +#pragma clang system_header + +typedef struct _FILE FILE; +extern FILE *stdin; +int fscanf(FILE *restrict stream, const char *restrict format, ...); + +// Note, on some platforms errno macro gets replaced with a function call. +extern int errno; + +unsigned long strlen(const char *); |