dnrops
/
clang
mirror of https://github.com/microsoft/clang.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
74,180 Commits 3 Branches 0 Tags 180 MiB
Commit Graph

35 Commits

Author SHA1 Message Date
Artem Dergachev 768fb8ff51 [analyzer] Add security checks for bcmp(), bcopy(), bzero(). 
These functions are obsolete. The analyzer would advice to replace them with
memcmp(), memcpy() or memmove(), or memset().

Patch by Tom Rix!

Differential Revision: https://reviews.llvm.org/D41881


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@333326 91177308-0d34-0410-b5e6-96231b3b80d8
 2018-05-26 00:04:26 +00:00
Artem Dergachev bdecb5f0d4 [analyzer] Don't flag strcpy of string literals into sufficiently large buffers. 
In the security package, we have a simple syntactic check that warns about
strcpy() being insecure, due to potential buffer overflows.

Suppress that check's warning in the trivial situation when the source is an
immediate null-terminated string literal and the target is an immediate
sufficiently large buffer.

Patch by András Leitereg!

Differential Revision: https://reviews.llvm.org/D41384


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@322410 91177308-0d34-0410-b5e6-96231b3b80d8
 2018-01-12 22:12:11 +00:00
Dominic Chen 2cfd901321 Reland 4: [analyzer] NFC: Update test infrastructure to support multiple constraint managers 
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296895 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-03 18:02:02 +00:00
Dominic Chen 9e59e2cc4c Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers" 
This reverts commit ea36f1406e.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296841 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-02 23:30:53 +00:00
Dominic Chen ea36f1406e Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers 
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296837 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-02 23:05:45 +00:00
Dominic Chen 87c8f41334 Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers" 
This reverts commit f93343c099.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296836 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-02 22:58:06 +00:00
Dominic Chen f93343c099 Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers 
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296835 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-02 22:45:24 +00:00
Dominic Chen 55aef8b0cd Revert "Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers" 
This reverts commit 1b28d0b10e.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296422 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-28 01:50:23 +00:00
Dominic Chen 1b28d0b10e Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers 
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296414 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-28 00:02:36 +00:00
Dominic Chen eb259b6acb Revert "[analyzer] NFC: Update test infrastructure to support multiple constraint managers" 
This reverts commit 8e7780b9e5.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296317 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-27 03:29:25 +00:00
Dominic Chen 8e7780b9e5 [analyzer] NFC: Update test infrastructure to support multiple constraint managers 
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296312 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-27 02:36:15 +00:00
Ed Schouten 876eb4fda1 Enable security checks for arc4random() on CloudABI as well. 
CloudABI also supports the arc4random() function. We can enable compiler
warnings for rand(), random() and *rand48() on this system as well.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@231914 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-11 08:48:55 +00:00
Reid Kleckner dbcc7561f6 Check the canonical parameter type with getAs<>() in a static checker 
This will prevent breakage when I introduce the DecayedType sugar node.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184755 91177308-0d34-0410-b5e6-96231b3b80d8
 2013-06-24 16:56:16 +00:00
Ted Kremenek c4bac8e376 Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time. 
This fixes several issues:

- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.

- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer.  This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).

As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML.  This required some tests to be updated, but now
the tests have higher fidelity with what users will see.

There are some inefficiencies in this patch.  We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack.  There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers.  This is necessary to produce the diagnostics that a particular
consumer expects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162028 91177308-0d34-0410-b5e6-96231b3b80d8
 2012-08-16 17:45:23 +00:00
Anna Zaks 393b9793da [analyzer] Change the warning to suggest 'strlcat/strlcpy' as 
replacements for 'starcat/strcpy' instead of 'strncat/strncpy'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149406 91177308-0d34-0410-b5e6-96231b3b80d8
 2012-01-31 19:33:31 +00:00
Ted Kremenek b63d8d8f7b Implement checker that looks for calls to mktemps and friends that have fewer than 6 Xs. Implements <rdar://problem/6336672>. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148531 91177308-0d34-0410-b5e6-96231b3b80d8
 2012-01-20 05:35:06 +00:00
Ted Kremenek 76a54246db Turn 'SecuritySyntaxChecker' into a "meta" security checker for insecure APIs. Now 
multiple checks are exposed as separate checkers, but CheckerManager only creates
one Checker object.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148525 91177308-0d34-0410-b5e6-96231b3b80d8
 2012-01-20 01:44:29 +00:00
Rafael Espindola 18c9bd3b47 Fix the signatures of vfork, __sigsetjmp and sigsetjmp. 
Patch by Dimitry Andric.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142531 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-10-19 14:50:34 +00:00
Rafael Espindola 6700415542 Add returns_twice to functions that are known to return twice. This implements 
the same behavior of gcc by keeping the attribute out of the function type.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141803 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-10-12 19:51:18 +00:00
Anna Zaks a7957ff18c [analyzer] Warn about the use of insecure, deprecated vfork() function PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053). 
A patch by Graham Lee!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141643 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-10-11 04:34:54 +00:00
Ted Kremenek 033a07e5fc [analyzer] rename all experimental checker packages to have 'experimental' be the common root package. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136835 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-08-03 23:14:55 +00:00
Lenny Maiorani 9cb677e3d8 Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119. 
Also, brings the security syntax checker more inline with coding standards.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128916 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-04-05 20:18:46 +00:00
Lenny Maiorani 5b67a82a26 Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128679 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-03-31 22:09:14 +00:00
Ted Kremenek 5188507b9a Rework checker "packages" and groups to be more hierarchical. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128187 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-03-24 00:28:47 +00:00
Argyrios Kyrtzidis 7dd445ec20 [analyzer] Use the new registration mechanism on the non-path-sensitive-checkers: 
DeadStoresChecker
  ObjCMethSigsChecker
  ObjCUnusedIvarsChecker
  SizeofPointerChecker
  ObjCDeallocChecker
  SecuritySyntaxChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125779 91177308-0d34-0410-b5e6-96231b3b80d8
 2011-02-17 21:39:33 +00:00
Ted Kremenek fb3f893bc5 Rename -cc1 option '-warn-security-syntactic' to '-analyzer-check-security-syntactic'. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95342 91177308-0d34-0410-b5e6-96231b3b80d8
 2010-02-05 01:50:36 +00:00
Eli Friedman 772494c3b8 Add abort() as a builtin. This has two effects: one, we warn for incorrect 
declarations of abort(), and two, we mark it noreturn.  Missing the latter
shows up in one of the "embarassing" tests (from the thread on llvmdev
"detailed comparison of generated code size for LLVM and other compilers").



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91515 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-12-16 06:28:21 +00:00
Daniel Dunbar a5728872c7 Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'. 
- This is designed to make it obvious that %clang_cc1 is a "test variable"
   which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
   can be useful to redefine what gets run as 'clang -cc1' (for example, to set
   a default target).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91446 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-12-15 20:14:24 +00:00
Zhongxing Xu ef74f4c6dc Replace clang-cc with clang -cc1. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91272 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-12-14 06:34:20 +00:00
Zhongxing Xu e605efddac Add test case for mktemp. Patch by Lei Zhang. 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90706 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-12-06 12:45:46 +00:00
Zhongxing Xu bd842e3f5b Add check for obsolete function call of getpw(). 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86537 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-11-09 12:19:26 +00:00
Ted Kremenek 2465047c6f Implement: <rdar://problem/6337100> CWE-338: Use of cryptographically weak prng 
Patch by Geoff Keating!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80752 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-09-02 02:47:41 +00:00
Ted Kremenek 65a81a92eb Implement: <rdar://problem/6337132> CWE-273: Failure to Check Whether Privileges 
Were Dropped Successfully

Patch by Geoff Keating!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80313 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-08-28 00:08:09 +00:00
Ted Kremenek efcbb15441 Implement: <rdar://problem/6335715> rule request: gets() buffer overflow 
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76905 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-07-23 22:29:41 +00:00
Ted Kremenek 8baf86d343 Refine checking and diagnostics for use of floating point variable as a counter. 
This implements <rdar://problem/6336718> and checks for CERT secure coding
advisory FLP30-C.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76900 91177308-0d34-0410-b5e6-96231b3b80d8
 2009-07-23 21:34:35 +00:00