forked from OSchip/llvm-project
[analyzer] Bifurcate on getenv() calls
The `getenv()` function might return `NULL` just like any other function. However, in case of `getenv()` a state-split seems justified since the programmer should expect the failure of this function. `secure_getenv(const char *name)` behaves the same way but is not handled right now. Note that `std::getenv()` is also not handled. Reviewed By: martong Differential Revision: https://reviews.llvm.org/D111245
This commit is contained in:
parent
fc2ba5e53d
commit
7fc150309d
clang
|
@ -1433,6 +1433,14 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
|
||||||
RetType{Ssize_tTy}),
|
RetType{Ssize_tTy}),
|
||||||
GetLineSummary);
|
GetLineSummary);
|
||||||
|
|
||||||
|
// char *getenv(const char *name);
|
||||||
|
addToFunctionSummaryMap(
|
||||||
|
"getenv", Signature(ArgTypes{ConstCharPtrTy}, RetType{CharPtrTy}),
|
||||||
|
Summary(NoEvalCall)
|
||||||
|
.Case({NotNull(Ret)})
|
||||||
|
.Case({NotNull(Ret)->negate()})
|
||||||
|
.ArgConstraint(NotNull(ArgNo(0))));
|
||||||
|
|
||||||
if (ModelPOSIX) {
|
if (ModelPOSIX) {
|
||||||
|
|
||||||
// long a64l(const char *str64);
|
// long a64l(const char *str64);
|
||||||
|
|
|
@ -254,3 +254,11 @@ void test_call_by_pointer() {
|
||||||
f = ispunct;
|
f = ispunct;
|
||||||
clang_analyzer_eval(f('A')); // expected-warning{{FALSE}}
|
clang_analyzer_eval(f('A')); // expected-warning{{FALSE}}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char *getenv(const char *name);
|
||||||
|
void test_getenv() {
|
||||||
|
// getenv() bifurcates here.
|
||||||
|
clang_analyzer_eval(getenv("FOO") == 0);
|
||||||
|
// expected-warning@-1 {{TRUE}}
|
||||||
|
// expected-warning@-2 {{FALSE}}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue