1*0b57cec5SDimitry Andric //===-- StreamChecker.cpp -----------------------------------------*- C++ -*--// 2*0b57cec5SDimitry Andric // 3*0b57cec5SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4*0b57cec5SDimitry Andric // See https://llvm.org/LICENSE.txt for license information. 5*0b57cec5SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6*0b57cec5SDimitry Andric // 7*0b57cec5SDimitry Andric //===----------------------------------------------------------------------===// 8*0b57cec5SDimitry Andric // 9*0b57cec5SDimitry Andric // This file defines checkers that model and check stream handling functions. 10*0b57cec5SDimitry Andric // 11*0b57cec5SDimitry Andric //===----------------------------------------------------------------------===// 12*0b57cec5SDimitry Andric 13*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 14*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 15*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/Checker.h" 16*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/CheckerManager.h" 17*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 18*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 19*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 20*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" 21*0b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h" 22*0b57cec5SDimitry Andric 23*0b57cec5SDimitry Andric using namespace clang; 24*0b57cec5SDimitry Andric using namespace ento; 25*0b57cec5SDimitry Andric 26*0b57cec5SDimitry Andric namespace { 27*0b57cec5SDimitry Andric 28*0b57cec5SDimitry Andric struct StreamState { 29*0b57cec5SDimitry Andric enum Kind { Opened, Closed, OpenFailed, Escaped } K; 30*0b57cec5SDimitry Andric const Stmt *S; 31*0b57cec5SDimitry Andric 32*0b57cec5SDimitry Andric StreamState(Kind k, const Stmt *s) : K(k), S(s) {} 33*0b57cec5SDimitry Andric 34*0b57cec5SDimitry Andric bool isOpened() const { return K == Opened; } 35*0b57cec5SDimitry Andric bool isClosed() const { return K == Closed; } 36*0b57cec5SDimitry Andric //bool isOpenFailed() const { return K == OpenFailed; } 37*0b57cec5SDimitry Andric //bool isEscaped() const { return K == Escaped; } 38*0b57cec5SDimitry Andric 39*0b57cec5SDimitry Andric bool operator==(const StreamState &X) const { 40*0b57cec5SDimitry Andric return K == X.K && S == X.S; 41*0b57cec5SDimitry Andric } 42*0b57cec5SDimitry Andric 43*0b57cec5SDimitry Andric static StreamState getOpened(const Stmt *s) { return StreamState(Opened, s); } 44*0b57cec5SDimitry Andric static StreamState getClosed(const Stmt *s) { return StreamState(Closed, s); } 45*0b57cec5SDimitry Andric static StreamState getOpenFailed(const Stmt *s) { 46*0b57cec5SDimitry Andric return StreamState(OpenFailed, s); 47*0b57cec5SDimitry Andric } 48*0b57cec5SDimitry Andric static StreamState getEscaped(const Stmt *s) { 49*0b57cec5SDimitry Andric return StreamState(Escaped, s); 50*0b57cec5SDimitry Andric } 51*0b57cec5SDimitry Andric 52*0b57cec5SDimitry Andric void Profile(llvm::FoldingSetNodeID &ID) const { 53*0b57cec5SDimitry Andric ID.AddInteger(K); 54*0b57cec5SDimitry Andric ID.AddPointer(S); 55*0b57cec5SDimitry Andric } 56*0b57cec5SDimitry Andric }; 57*0b57cec5SDimitry Andric 58*0b57cec5SDimitry Andric class StreamChecker : public Checker<eval::Call, 59*0b57cec5SDimitry Andric check::DeadSymbols > { 60*0b57cec5SDimitry Andric mutable IdentifierInfo *II_fopen, *II_tmpfile, *II_fclose, *II_fread, 61*0b57cec5SDimitry Andric *II_fwrite, 62*0b57cec5SDimitry Andric *II_fseek, *II_ftell, *II_rewind, *II_fgetpos, *II_fsetpos, 63*0b57cec5SDimitry Andric *II_clearerr, *II_feof, *II_ferror, *II_fileno; 64*0b57cec5SDimitry Andric mutable std::unique_ptr<BuiltinBug> BT_nullfp, BT_illegalwhence, 65*0b57cec5SDimitry Andric BT_doubleclose, BT_ResourceLeak; 66*0b57cec5SDimitry Andric 67*0b57cec5SDimitry Andric public: 68*0b57cec5SDimitry Andric StreamChecker() 69*0b57cec5SDimitry Andric : II_fopen(nullptr), II_tmpfile(nullptr), II_fclose(nullptr), 70*0b57cec5SDimitry Andric II_fread(nullptr), II_fwrite(nullptr), II_fseek(nullptr), 71*0b57cec5SDimitry Andric II_ftell(nullptr), II_rewind(nullptr), II_fgetpos(nullptr), 72*0b57cec5SDimitry Andric II_fsetpos(nullptr), II_clearerr(nullptr), II_feof(nullptr), 73*0b57cec5SDimitry Andric II_ferror(nullptr), II_fileno(nullptr) {} 74*0b57cec5SDimitry Andric 75*0b57cec5SDimitry Andric bool evalCall(const CallEvent &Call, CheckerContext &C) const; 76*0b57cec5SDimitry Andric void checkDeadSymbols(SymbolReaper &SymReaper, CheckerContext &C) const; 77*0b57cec5SDimitry Andric 78*0b57cec5SDimitry Andric private: 79*0b57cec5SDimitry Andric void Fopen(CheckerContext &C, const CallExpr *CE) const; 80*0b57cec5SDimitry Andric void Tmpfile(CheckerContext &C, const CallExpr *CE) const; 81*0b57cec5SDimitry Andric void Fclose(CheckerContext &C, const CallExpr *CE) const; 82*0b57cec5SDimitry Andric void Fread(CheckerContext &C, const CallExpr *CE) const; 83*0b57cec5SDimitry Andric void Fwrite(CheckerContext &C, const CallExpr *CE) const; 84*0b57cec5SDimitry Andric void Fseek(CheckerContext &C, const CallExpr *CE) const; 85*0b57cec5SDimitry Andric void Ftell(CheckerContext &C, const CallExpr *CE) const; 86*0b57cec5SDimitry Andric void Rewind(CheckerContext &C, const CallExpr *CE) const; 87*0b57cec5SDimitry Andric void Fgetpos(CheckerContext &C, const CallExpr *CE) const; 88*0b57cec5SDimitry Andric void Fsetpos(CheckerContext &C, const CallExpr *CE) const; 89*0b57cec5SDimitry Andric void Clearerr(CheckerContext &C, const CallExpr *CE) const; 90*0b57cec5SDimitry Andric void Feof(CheckerContext &C, const CallExpr *CE) const; 91*0b57cec5SDimitry Andric void Ferror(CheckerContext &C, const CallExpr *CE) const; 92*0b57cec5SDimitry Andric void Fileno(CheckerContext &C, const CallExpr *CE) const; 93*0b57cec5SDimitry Andric 94*0b57cec5SDimitry Andric void OpenFileAux(CheckerContext &C, const CallExpr *CE) const; 95*0b57cec5SDimitry Andric 96*0b57cec5SDimitry Andric ProgramStateRef CheckNullStream(SVal SV, ProgramStateRef state, 97*0b57cec5SDimitry Andric CheckerContext &C) const; 98*0b57cec5SDimitry Andric ProgramStateRef CheckDoubleClose(const CallExpr *CE, ProgramStateRef state, 99*0b57cec5SDimitry Andric CheckerContext &C) const; 100*0b57cec5SDimitry Andric }; 101*0b57cec5SDimitry Andric 102*0b57cec5SDimitry Andric } // end anonymous namespace 103*0b57cec5SDimitry Andric 104*0b57cec5SDimitry Andric REGISTER_MAP_WITH_PROGRAMSTATE(StreamMap, SymbolRef, StreamState) 105*0b57cec5SDimitry Andric 106*0b57cec5SDimitry Andric 107*0b57cec5SDimitry Andric bool StreamChecker::evalCall(const CallEvent &Call, CheckerContext &C) const { 108*0b57cec5SDimitry Andric const auto *FD = dyn_cast_or_null<FunctionDecl>(Call.getDecl()); 109*0b57cec5SDimitry Andric if (!FD || FD->getKind() != Decl::Function) 110*0b57cec5SDimitry Andric return false; 111*0b57cec5SDimitry Andric 112*0b57cec5SDimitry Andric const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); 113*0b57cec5SDimitry Andric if (!CE) 114*0b57cec5SDimitry Andric return false; 115*0b57cec5SDimitry Andric 116*0b57cec5SDimitry Andric ASTContext &Ctx = C.getASTContext(); 117*0b57cec5SDimitry Andric if (!II_fopen) 118*0b57cec5SDimitry Andric II_fopen = &Ctx.Idents.get("fopen"); 119*0b57cec5SDimitry Andric if (!II_tmpfile) 120*0b57cec5SDimitry Andric II_tmpfile = &Ctx.Idents.get("tmpfile"); 121*0b57cec5SDimitry Andric if (!II_fclose) 122*0b57cec5SDimitry Andric II_fclose = &Ctx.Idents.get("fclose"); 123*0b57cec5SDimitry Andric if (!II_fread) 124*0b57cec5SDimitry Andric II_fread = &Ctx.Idents.get("fread"); 125*0b57cec5SDimitry Andric if (!II_fwrite) 126*0b57cec5SDimitry Andric II_fwrite = &Ctx.Idents.get("fwrite"); 127*0b57cec5SDimitry Andric if (!II_fseek) 128*0b57cec5SDimitry Andric II_fseek = &Ctx.Idents.get("fseek"); 129*0b57cec5SDimitry Andric if (!II_ftell) 130*0b57cec5SDimitry Andric II_ftell = &Ctx.Idents.get("ftell"); 131*0b57cec5SDimitry Andric if (!II_rewind) 132*0b57cec5SDimitry Andric II_rewind = &Ctx.Idents.get("rewind"); 133*0b57cec5SDimitry Andric if (!II_fgetpos) 134*0b57cec5SDimitry Andric II_fgetpos = &Ctx.Idents.get("fgetpos"); 135*0b57cec5SDimitry Andric if (!II_fsetpos) 136*0b57cec5SDimitry Andric II_fsetpos = &Ctx.Idents.get("fsetpos"); 137*0b57cec5SDimitry Andric if (!II_clearerr) 138*0b57cec5SDimitry Andric II_clearerr = &Ctx.Idents.get("clearerr"); 139*0b57cec5SDimitry Andric if (!II_feof) 140*0b57cec5SDimitry Andric II_feof = &Ctx.Idents.get("feof"); 141*0b57cec5SDimitry Andric if (!II_ferror) 142*0b57cec5SDimitry Andric II_ferror = &Ctx.Idents.get("ferror"); 143*0b57cec5SDimitry Andric if (!II_fileno) 144*0b57cec5SDimitry Andric II_fileno = &Ctx.Idents.get("fileno"); 145*0b57cec5SDimitry Andric 146*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fopen) { 147*0b57cec5SDimitry Andric Fopen(C, CE); 148*0b57cec5SDimitry Andric return true; 149*0b57cec5SDimitry Andric } 150*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_tmpfile) { 151*0b57cec5SDimitry Andric Tmpfile(C, CE); 152*0b57cec5SDimitry Andric return true; 153*0b57cec5SDimitry Andric } 154*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fclose) { 155*0b57cec5SDimitry Andric Fclose(C, CE); 156*0b57cec5SDimitry Andric return true; 157*0b57cec5SDimitry Andric } 158*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fread) { 159*0b57cec5SDimitry Andric Fread(C, CE); 160*0b57cec5SDimitry Andric return true; 161*0b57cec5SDimitry Andric } 162*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fwrite) { 163*0b57cec5SDimitry Andric Fwrite(C, CE); 164*0b57cec5SDimitry Andric return true; 165*0b57cec5SDimitry Andric } 166*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fseek) { 167*0b57cec5SDimitry Andric Fseek(C, CE); 168*0b57cec5SDimitry Andric return true; 169*0b57cec5SDimitry Andric } 170*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_ftell) { 171*0b57cec5SDimitry Andric Ftell(C, CE); 172*0b57cec5SDimitry Andric return true; 173*0b57cec5SDimitry Andric } 174*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_rewind) { 175*0b57cec5SDimitry Andric Rewind(C, CE); 176*0b57cec5SDimitry Andric return true; 177*0b57cec5SDimitry Andric } 178*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fgetpos) { 179*0b57cec5SDimitry Andric Fgetpos(C, CE); 180*0b57cec5SDimitry Andric return true; 181*0b57cec5SDimitry Andric } 182*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fsetpos) { 183*0b57cec5SDimitry Andric Fsetpos(C, CE); 184*0b57cec5SDimitry Andric return true; 185*0b57cec5SDimitry Andric } 186*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_clearerr) { 187*0b57cec5SDimitry Andric Clearerr(C, CE); 188*0b57cec5SDimitry Andric return true; 189*0b57cec5SDimitry Andric } 190*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_feof) { 191*0b57cec5SDimitry Andric Feof(C, CE); 192*0b57cec5SDimitry Andric return true; 193*0b57cec5SDimitry Andric } 194*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_ferror) { 195*0b57cec5SDimitry Andric Ferror(C, CE); 196*0b57cec5SDimitry Andric return true; 197*0b57cec5SDimitry Andric } 198*0b57cec5SDimitry Andric if (FD->getIdentifier() == II_fileno) { 199*0b57cec5SDimitry Andric Fileno(C, CE); 200*0b57cec5SDimitry Andric return true; 201*0b57cec5SDimitry Andric } 202*0b57cec5SDimitry Andric 203*0b57cec5SDimitry Andric return false; 204*0b57cec5SDimitry Andric } 205*0b57cec5SDimitry Andric 206*0b57cec5SDimitry Andric void StreamChecker::Fopen(CheckerContext &C, const CallExpr *CE) const { 207*0b57cec5SDimitry Andric OpenFileAux(C, CE); 208*0b57cec5SDimitry Andric } 209*0b57cec5SDimitry Andric 210*0b57cec5SDimitry Andric void StreamChecker::Tmpfile(CheckerContext &C, const CallExpr *CE) const { 211*0b57cec5SDimitry Andric OpenFileAux(C, CE); 212*0b57cec5SDimitry Andric } 213*0b57cec5SDimitry Andric 214*0b57cec5SDimitry Andric void StreamChecker::OpenFileAux(CheckerContext &C, const CallExpr *CE) const { 215*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 216*0b57cec5SDimitry Andric SValBuilder &svalBuilder = C.getSValBuilder(); 217*0b57cec5SDimitry Andric const LocationContext *LCtx = C.getPredecessor()->getLocationContext(); 218*0b57cec5SDimitry Andric DefinedSVal RetVal = svalBuilder.conjureSymbolVal(nullptr, CE, LCtx, 219*0b57cec5SDimitry Andric C.blockCount()) 220*0b57cec5SDimitry Andric .castAs<DefinedSVal>(); 221*0b57cec5SDimitry Andric state = state->BindExpr(CE, C.getLocationContext(), RetVal); 222*0b57cec5SDimitry Andric 223*0b57cec5SDimitry Andric ConstraintManager &CM = C.getConstraintManager(); 224*0b57cec5SDimitry Andric // Bifurcate the state into two: one with a valid FILE* pointer, the other 225*0b57cec5SDimitry Andric // with a NULL. 226*0b57cec5SDimitry Andric ProgramStateRef stateNotNull, stateNull; 227*0b57cec5SDimitry Andric std::tie(stateNotNull, stateNull) = CM.assumeDual(state, RetVal); 228*0b57cec5SDimitry Andric 229*0b57cec5SDimitry Andric if (SymbolRef Sym = RetVal.getAsSymbol()) { 230*0b57cec5SDimitry Andric // if RetVal is not NULL, set the symbol's state to Opened. 231*0b57cec5SDimitry Andric stateNotNull = 232*0b57cec5SDimitry Andric stateNotNull->set<StreamMap>(Sym,StreamState::getOpened(CE)); 233*0b57cec5SDimitry Andric stateNull = 234*0b57cec5SDimitry Andric stateNull->set<StreamMap>(Sym, StreamState::getOpenFailed(CE)); 235*0b57cec5SDimitry Andric 236*0b57cec5SDimitry Andric C.addTransition(stateNotNull); 237*0b57cec5SDimitry Andric C.addTransition(stateNull); 238*0b57cec5SDimitry Andric } 239*0b57cec5SDimitry Andric } 240*0b57cec5SDimitry Andric 241*0b57cec5SDimitry Andric void StreamChecker::Fclose(CheckerContext &C, const CallExpr *CE) const { 242*0b57cec5SDimitry Andric ProgramStateRef state = CheckDoubleClose(CE, C.getState(), C); 243*0b57cec5SDimitry Andric if (state) 244*0b57cec5SDimitry Andric C.addTransition(state); 245*0b57cec5SDimitry Andric } 246*0b57cec5SDimitry Andric 247*0b57cec5SDimitry Andric void StreamChecker::Fread(CheckerContext &C, const CallExpr *CE) const { 248*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 249*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(3)), state, C)) 250*0b57cec5SDimitry Andric return; 251*0b57cec5SDimitry Andric } 252*0b57cec5SDimitry Andric 253*0b57cec5SDimitry Andric void StreamChecker::Fwrite(CheckerContext &C, const CallExpr *CE) const { 254*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 255*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(3)), state, C)) 256*0b57cec5SDimitry Andric return; 257*0b57cec5SDimitry Andric } 258*0b57cec5SDimitry Andric 259*0b57cec5SDimitry Andric void StreamChecker::Fseek(CheckerContext &C, const CallExpr *CE) const { 260*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 261*0b57cec5SDimitry Andric if (!(state = CheckNullStream(C.getSVal(CE->getArg(0)), state, C))) 262*0b57cec5SDimitry Andric return; 263*0b57cec5SDimitry Andric // Check the legality of the 'whence' argument of 'fseek'. 264*0b57cec5SDimitry Andric SVal Whence = state->getSVal(CE->getArg(2), C.getLocationContext()); 265*0b57cec5SDimitry Andric Optional<nonloc::ConcreteInt> CI = Whence.getAs<nonloc::ConcreteInt>(); 266*0b57cec5SDimitry Andric 267*0b57cec5SDimitry Andric if (!CI) 268*0b57cec5SDimitry Andric return; 269*0b57cec5SDimitry Andric 270*0b57cec5SDimitry Andric int64_t x = CI->getValue().getSExtValue(); 271*0b57cec5SDimitry Andric if (x >= 0 && x <= 2) 272*0b57cec5SDimitry Andric return; 273*0b57cec5SDimitry Andric 274*0b57cec5SDimitry Andric if (ExplodedNode *N = C.generateNonFatalErrorNode(state)) { 275*0b57cec5SDimitry Andric if (!BT_illegalwhence) 276*0b57cec5SDimitry Andric BT_illegalwhence.reset( 277*0b57cec5SDimitry Andric new BuiltinBug(this, "Illegal whence argument", 278*0b57cec5SDimitry Andric "The whence argument to fseek() should be " 279*0b57cec5SDimitry Andric "SEEK_SET, SEEK_END, or SEEK_CUR.")); 280*0b57cec5SDimitry Andric C.emitReport(llvm::make_unique<BugReport>( 281*0b57cec5SDimitry Andric *BT_illegalwhence, BT_illegalwhence->getDescription(), N)); 282*0b57cec5SDimitry Andric } 283*0b57cec5SDimitry Andric } 284*0b57cec5SDimitry Andric 285*0b57cec5SDimitry Andric void StreamChecker::Ftell(CheckerContext &C, const CallExpr *CE) const { 286*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 287*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 288*0b57cec5SDimitry Andric return; 289*0b57cec5SDimitry Andric } 290*0b57cec5SDimitry Andric 291*0b57cec5SDimitry Andric void StreamChecker::Rewind(CheckerContext &C, const CallExpr *CE) const { 292*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 293*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 294*0b57cec5SDimitry Andric return; 295*0b57cec5SDimitry Andric } 296*0b57cec5SDimitry Andric 297*0b57cec5SDimitry Andric void StreamChecker::Fgetpos(CheckerContext &C, const CallExpr *CE) const { 298*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 299*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 300*0b57cec5SDimitry Andric return; 301*0b57cec5SDimitry Andric } 302*0b57cec5SDimitry Andric 303*0b57cec5SDimitry Andric void StreamChecker::Fsetpos(CheckerContext &C, const CallExpr *CE) const { 304*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 305*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 306*0b57cec5SDimitry Andric return; 307*0b57cec5SDimitry Andric } 308*0b57cec5SDimitry Andric 309*0b57cec5SDimitry Andric void StreamChecker::Clearerr(CheckerContext &C, const CallExpr *CE) const { 310*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 311*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 312*0b57cec5SDimitry Andric return; 313*0b57cec5SDimitry Andric } 314*0b57cec5SDimitry Andric 315*0b57cec5SDimitry Andric void StreamChecker::Feof(CheckerContext &C, const CallExpr *CE) const { 316*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 317*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 318*0b57cec5SDimitry Andric return; 319*0b57cec5SDimitry Andric } 320*0b57cec5SDimitry Andric 321*0b57cec5SDimitry Andric void StreamChecker::Ferror(CheckerContext &C, const CallExpr *CE) const { 322*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 323*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 324*0b57cec5SDimitry Andric return; 325*0b57cec5SDimitry Andric } 326*0b57cec5SDimitry Andric 327*0b57cec5SDimitry Andric void StreamChecker::Fileno(CheckerContext &C, const CallExpr *CE) const { 328*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 329*0b57cec5SDimitry Andric if (!CheckNullStream(C.getSVal(CE->getArg(0)), state, C)) 330*0b57cec5SDimitry Andric return; 331*0b57cec5SDimitry Andric } 332*0b57cec5SDimitry Andric 333*0b57cec5SDimitry Andric ProgramStateRef StreamChecker::CheckNullStream(SVal SV, ProgramStateRef state, 334*0b57cec5SDimitry Andric CheckerContext &C) const { 335*0b57cec5SDimitry Andric Optional<DefinedSVal> DV = SV.getAs<DefinedSVal>(); 336*0b57cec5SDimitry Andric if (!DV) 337*0b57cec5SDimitry Andric return nullptr; 338*0b57cec5SDimitry Andric 339*0b57cec5SDimitry Andric ConstraintManager &CM = C.getConstraintManager(); 340*0b57cec5SDimitry Andric ProgramStateRef stateNotNull, stateNull; 341*0b57cec5SDimitry Andric std::tie(stateNotNull, stateNull) = CM.assumeDual(state, *DV); 342*0b57cec5SDimitry Andric 343*0b57cec5SDimitry Andric if (!stateNotNull && stateNull) { 344*0b57cec5SDimitry Andric if (ExplodedNode *N = C.generateErrorNode(stateNull)) { 345*0b57cec5SDimitry Andric if (!BT_nullfp) 346*0b57cec5SDimitry Andric BT_nullfp.reset(new BuiltinBug(this, "NULL stream pointer", 347*0b57cec5SDimitry Andric "Stream pointer might be NULL.")); 348*0b57cec5SDimitry Andric C.emitReport(llvm::make_unique<BugReport>( 349*0b57cec5SDimitry Andric *BT_nullfp, BT_nullfp->getDescription(), N)); 350*0b57cec5SDimitry Andric } 351*0b57cec5SDimitry Andric return nullptr; 352*0b57cec5SDimitry Andric } 353*0b57cec5SDimitry Andric return stateNotNull; 354*0b57cec5SDimitry Andric } 355*0b57cec5SDimitry Andric 356*0b57cec5SDimitry Andric ProgramStateRef StreamChecker::CheckDoubleClose(const CallExpr *CE, 357*0b57cec5SDimitry Andric ProgramStateRef state, 358*0b57cec5SDimitry Andric CheckerContext &C) const { 359*0b57cec5SDimitry Andric SymbolRef Sym = C.getSVal(CE->getArg(0)).getAsSymbol(); 360*0b57cec5SDimitry Andric if (!Sym) 361*0b57cec5SDimitry Andric return state; 362*0b57cec5SDimitry Andric 363*0b57cec5SDimitry Andric const StreamState *SS = state->get<StreamMap>(Sym); 364*0b57cec5SDimitry Andric 365*0b57cec5SDimitry Andric // If the file stream is not tracked, return. 366*0b57cec5SDimitry Andric if (!SS) 367*0b57cec5SDimitry Andric return state; 368*0b57cec5SDimitry Andric 369*0b57cec5SDimitry Andric // Check: Double close a File Descriptor could cause undefined behaviour. 370*0b57cec5SDimitry Andric // Conforming to man-pages 371*0b57cec5SDimitry Andric if (SS->isClosed()) { 372*0b57cec5SDimitry Andric ExplodedNode *N = C.generateErrorNode(); 373*0b57cec5SDimitry Andric if (N) { 374*0b57cec5SDimitry Andric if (!BT_doubleclose) 375*0b57cec5SDimitry Andric BT_doubleclose.reset(new BuiltinBug( 376*0b57cec5SDimitry Andric this, "Double fclose", "Try to close a file Descriptor already" 377*0b57cec5SDimitry Andric " closed. Cause undefined behaviour.")); 378*0b57cec5SDimitry Andric C.emitReport(llvm::make_unique<BugReport>( 379*0b57cec5SDimitry Andric *BT_doubleclose, BT_doubleclose->getDescription(), N)); 380*0b57cec5SDimitry Andric } 381*0b57cec5SDimitry Andric return nullptr; 382*0b57cec5SDimitry Andric } 383*0b57cec5SDimitry Andric 384*0b57cec5SDimitry Andric // Close the File Descriptor. 385*0b57cec5SDimitry Andric return state->set<StreamMap>(Sym, StreamState::getClosed(CE)); 386*0b57cec5SDimitry Andric } 387*0b57cec5SDimitry Andric 388*0b57cec5SDimitry Andric void StreamChecker::checkDeadSymbols(SymbolReaper &SymReaper, 389*0b57cec5SDimitry Andric CheckerContext &C) const { 390*0b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 391*0b57cec5SDimitry Andric 392*0b57cec5SDimitry Andric // TODO: Clean up the state. 393*0b57cec5SDimitry Andric const StreamMapTy &Map = state->get<StreamMap>(); 394*0b57cec5SDimitry Andric for (const auto &I: Map) { 395*0b57cec5SDimitry Andric SymbolRef Sym = I.first; 396*0b57cec5SDimitry Andric const StreamState &SS = I.second; 397*0b57cec5SDimitry Andric if (!SymReaper.isDead(Sym) || !SS.isOpened()) 398*0b57cec5SDimitry Andric continue; 399*0b57cec5SDimitry Andric 400*0b57cec5SDimitry Andric ExplodedNode *N = C.generateErrorNode(); 401*0b57cec5SDimitry Andric if (!N) 402*0b57cec5SDimitry Andric return; 403*0b57cec5SDimitry Andric 404*0b57cec5SDimitry Andric if (!BT_ResourceLeak) 405*0b57cec5SDimitry Andric BT_ResourceLeak.reset( 406*0b57cec5SDimitry Andric new BuiltinBug(this, "Resource Leak", 407*0b57cec5SDimitry Andric "Opened File never closed. Potential Resource leak.")); 408*0b57cec5SDimitry Andric C.emitReport(llvm::make_unique<BugReport>( 409*0b57cec5SDimitry Andric *BT_ResourceLeak, BT_ResourceLeak->getDescription(), N)); 410*0b57cec5SDimitry Andric } 411*0b57cec5SDimitry Andric } 412*0b57cec5SDimitry Andric 413*0b57cec5SDimitry Andric void ento::registerStreamChecker(CheckerManager &mgr) { 414*0b57cec5SDimitry Andric mgr.registerChecker<StreamChecker>(); 415*0b57cec5SDimitry Andric } 416*0b57cec5SDimitry Andric 417*0b57cec5SDimitry Andric bool ento::shouldRegisterStreamChecker(const LangOptions &LO) { 418*0b57cec5SDimitry Andric return true; 419*0b57cec5SDimitry Andric } 420