From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dmalcolm@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id 7E42F3858403
 for <gcc@gcc.gnu.org>; Wed, 26 Jan 2022 14:31:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7E42F3858403
Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com
 [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-456-4IhqxxPQMCyHtjqR0G5zEA-1; Wed, 26 Jan 2022 09:31:12 -0500
X-MC-Unique: 4IhqxxPQMCyHtjqR0G5zEA-1
Received: by mail-qt1-f198.google.com with SMTP id
 h5-20020ac87765000000b002cff8751c63so6097892qtu.3
 for <gcc@gcc.gnu.org>; Wed, 26 Jan 2022 06:31:12 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=+PAVDjvS3gkh7fNNzNyijlIXMytMrz7gFFK+XmqpRLY=;
 b=RbwgymojL26fA8ZM5hAw4g0utIKvOUCSCZypWUxm5nDtzVZtj2zk8Cv+MdvJRp6qYP
 NPaBe/GzOeItMhJIV3jP3nvyvQJE34ziIzQ06gPHvv3wdxy19vUZP88MBrwRR+EWvIdw
 uVzu+NLR2bn5H8qiE80U602IVB2Kn+3nIY/mnNm9KQKh7hMbEXSA0b3XS6MlyoVHPhJp
 y+59RrWmJY4C6zj0SMKmpgTODsEFcLscfuuvGz0MsNjtTe4/SnTXuXXGEuPYKBODOUU2
 tzR/i4Oogy+I4HzD9zyDPnyTyEm62l004oPR9iOc+uP/6EAa3AkqBYQJcqzIcC+lffxy
 ARKQ==
X-Gm-Message-State: AOAM532bTXcWsb9FhRA+4ow/UxL7DBxJgV+l2YOq+qZKTIfsRmsTCsOa
 edHnsm32KT3J08yUiMe+COQZkTzVQ0stBkttuEUwOU8nwEVXWKoxk4rWWsvlMfNjrXDndrqhSrI
 KKKy5rAw=
X-Received: by 2002:a05:620a:24d3:: with SMTP id
 m19mr722749qkn.596.1643207472135; 
 Wed, 26 Jan 2022 06:31:12 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzcd+DFeJmUBwYA1OOmu+ilepRT+88QZ1fawf3NyBckBGar0WwxrxbicrGWcEbEMZs74eS/4w==
X-Received: by 2002:a05:620a:24d3:: with SMTP id
 m19mr722727qkn.596.1643207471889; 
 Wed, 26 Jan 2022 06:31:11 -0800 (PST)
Received: from t14s.localdomain (c-73-69-212-193.hsd1.nh.comcast.net.
 [73.69.212.193])
 by smtp.gmail.com with ESMTPSA id k15sm11730153qko.82.2022.01.26.06.31.10
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 26 Jan 2022 06:31:11 -0800 (PST)
Message-ID: <a7dec2118d3e8d23f468ed6ce39c5069307626ce.camel@redhat.com>
Subject: Re: GSoC: Working on the static analyzer
From: David Malcolm <dmalcolm@redhat.com>
To: Ankur Saini <arsenic.secondary@gmail.com>, Mir Immad
 <mirimnan017@gmail.com>
Cc: gcc@gcc.gnu.org
Date: Wed, 26 Jan 2022 09:31:10 -0500
In-Reply-To: <D0E0CED7-5A8C-46AB-A84A-06BF19569C63@gmail.com>
References: <CAE1-7ozBZG=8Hv4gObP_ogk_SMPY7xqOAFFB_z4rsnGrynRFfA@mail.gmail.com>
 <4eec5fa69b9daedcec5361c2cc18df7f1ef397af.camel@redhat.com>
 <CAE1-7oxt_tHSnDsP6WXwADfK8GAA+4Yd0aXdL3tGrqxW_UO-uw@mail.gmail.com>
 <d20f107e34f74dc3ac9a448fd28ad30d944aa528.camel@redhat.com>
 <CAE1-7ozOGbp-sypHeWxJpoLWzNbqYtWrrsnhLK9RdhYrLe6z1w@mail.gmail.com>
 <CAE1-7oz+8mHfRhFkwsKO=y9_Z5AqYsFSKxG+1fJc6LyN4-cR5g@mail.gmail.com>
 <D0E0CED7-5A8C-46AB-A84A-06BF19569C63@gmail.com>
User-Agent: Evolution 3.38.4 (3.38.4-1.fc33)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-6.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc mailing list <gcc.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc/>
List-Post: <mailto:gcc@gcc.gnu.org>
List-Help: <mailto:gcc-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 14:31:24 -0000

On Mon, 2022-01-24 at 19:49 +0530, Ankur Saini wrote:
> The following can be a possible example of a case where the analyzer
> fails
> to understand POSIX file-descriptor API.
> 
> - - -
> #include <stdio.h>
> #include <fcntl.h>
> 
> void test()
> {
>     int fd;
>     fd = open("foo.txt", O_RDONLY | O_CREAT);
> }
> 
> void test_2()
> {
>     FILE *f;
>     f = fopen("demo.c", "r");
> }
> 
> godbolt link: https://godbolt.org/z/vbTq6fTnd
> - - -
> 
> You can see that unlike the "File *” pointer ( f ), analyzer is not
> tracking integer file descriptor ( fd ) which is also leaking at the
> end of
> function "test ()” and should ideally be reported with CWE-775
> ( https://cwe.mitre.org/data/definitions/775.html )
> 
> If you look at the exploded graph of the given program, the analyzer
> is not
> able to identify the call to `open ()` and treating it as a "call to
> unknown function”.

Thanks, that's a good explanation.

The analyzer could handle the "open" call by bifurcating the state into
"succeeded" and "failed" cases; see region_model::impl_call_strchr for
an example of this.  We don't yet have a way for the analyzer to know
about functions that set errno, but the "failed" case ought to do so.

Dave