[clang] [clang][analyzer] Support `fflush` in the StreamChecker (PR #74296)

Alejandro Álvarez Ayllón via cfe-commits Thu, 07 Dec 2023 03:02:50 -0800

================
@@ -1191,6 +1199,84 @@ void StreamChecker::evalSetFeofFerror(const 
FnDescription *Desc,
   C.addTransition(State);
 }
 
+void StreamChecker::preFflush(const FnDescription *Desc, const CallEvent &Call,
+                              CheckerContext &C) const {
+  ProgramStateRef State = C.getState();
+  SVal StreamVal = getStreamArg(Desc, Call);
+  std::optional<DefinedSVal> Stream = StreamVal.getAs<DefinedSVal>();
+  SymbolRef StreamSym = StreamVal.getAsSymbol();
+  if (!Stream || !StreamSym)
+    return;
+
+  ProgramStateRef StateNotNull, StateNull;
+  std::tie(StateNotNull, StateNull) =
+      C.getConstraintManager().assumeDual(State, *Stream);
+  if (StateNotNull)
+    if (State = ensureStreamOpened(StreamVal, C, StateNotNull))
+      C.addTransition(State);
+  if (StateNull) {
----------------
alejandro-alvarez-sonarsource wrote:


Due to this transition, these two test cases will behave differently:

```cpp
void test_fflush_2(FILE *F1) {
  fflush(F1);
  // Due to fflush, the analyzer follows a path where F1 is NULL, and another 
where it isn't.
  // Raises a "Stream pointer might be NULL" on the next line
  if (fwrite("1", 1, 1, F1) == 0)
    return;
  fclose(F1);
}

void test_fflush_3(FILE *F1) {
  // no fflush, the warning does not raise
  if (fwrite("1", 1, 1, F1) == 0)
    return;
  fclose(F1);
}
```

I feel this could be noisy. What do you think about adding the StateNull 
transition if, and only if, FILE* can be `NULL`?

https://github.com/llvm/llvm-project/pull/74296
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Support `fflush` in the StreamChecker (PR #74296)

Reply via email to