From 134faae04259b0412a067c73069f61905fc451d7 Mon Sep 17 00:00:00 2001 From: Artem Dergachev Date: Tue, 10 Dec 2019 16:48:17 -0800 Subject: [PATCH] [analyzer] CStringChecker: Improve warning messages. Differential Revision: https://reviews.llvm.org/D71321 --- .../lib/StaticAnalyzer/Checkers/CStringChecker.cpp | 11 +++-- clang/test/Analysis/bsd-string.c | 4 +- clang/test/Analysis/bstring.c | 12 +++--- clang/test/Analysis/cstring-ranges.c | 4 +- clang/test/Analysis/null-deref-path-notes.c | 24 +++++------ clang/test/Analysis/null-deref-ps-region.c | 2 +- clang/test/Analysis/string.c | 48 +++++++++++----------- 7 files changed, 55 insertions(+), 50 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index f2c994b..c05a09d 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -290,9 +290,9 @@ ProgramStateRef CStringChecker::checkNonNull(CheckerContext &C, SmallString<80> buf; llvm::raw_svector_ostream OS(buf); assert(CurrentFunctionDescription); - OS << "Null pointer argument in call to " << CurrentFunctionDescription - << ' ' << IdxOfArg << llvm::getOrdinalSuffix(IdxOfArg) - << " parameter"; + OS << "Null pointer passed as " << IdxOfArg + << llvm::getOrdinalSuffix(IdxOfArg) << " argument to " + << CurrentFunctionDescription; emitNullArgBug(C, stateNull, S, OS.str()); } @@ -1536,7 +1536,10 @@ void CStringChecker::evalStrcpyCommon(CheckerContext &C, const CallExpr *CE, bool ReturnEnd, bool IsBounded, ConcatFnKind appendK, bool returnPtr) const { - CurrentFunctionDescription = "string copy function"; + if (appendK == ConcatFnKind::none) + CurrentFunctionDescription = "string copy function"; + else + CurrentFunctionDescription = "string concatenation function"; ProgramStateRef state = C.getState(); const LocationContext *LCtx = C.getLocationContext(); diff --git a/clang/test/Analysis/bsd-string.c b/clang/test/Analysis/bsd-string.c index d8a88836..3778664 100644 --- a/clang/test/Analysis/bsd-string.c +++ b/clang/test/Analysis/bsd-string.c @@ -33,11 +33,11 @@ void f3() { } void f4() { - strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}} + strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string copy function}} } void f5() { - strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}} + strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}} } void f6() { diff --git a/clang/test/Analysis/bstring.c b/clang/test/Analysis/bstring.c index beabb0f..8d8f64c 100644 --- a/clang/test/Analysis/bstring.c +++ b/clang/test/Analysis/bstring.c @@ -148,12 +148,12 @@ void memcpy9() { void memcpy10() { char a[4] = {0}; - memcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}} + memcpy(0, a, 4); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} } void memcpy11() { char a[4] = {0}; - memcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}} + memcpy(a, 0, 4); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}} } void memcpy12() { @@ -173,7 +173,7 @@ void memcpy_unknown_size (size_t n) { void memcpy_unknown_size_warn (size_t n) { char a[4]; - void *result = memcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} + void *result = memcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}} clang_analyzer_eval(result == a); // no-warning (above is fatal) } @@ -268,12 +268,12 @@ void mempcpy9() { void mempcpy10() { char a[4] = {0}; - mempcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}} + mempcpy(0, a, 4); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} } void mempcpy11() { char a[4] = {0}; - mempcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}} + mempcpy(a, 0, 4); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}} } void mempcpy12() { @@ -327,7 +327,7 @@ void mempcpy16() { void mempcpy_unknown_size_warn (size_t n) { char a[4]; - void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} + void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}} clang_analyzer_eval(result == a); // no-warning (above is fatal) } diff --git a/clang/test/Analysis/cstring-ranges.c b/clang/test/Analysis/cstring-ranges.c index 4fcd7ea..dc6bb67 100644 --- a/clang/test/Analysis/cstring-ranges.c +++ b/clang/test/Analysis/cstring-ranges.c @@ -2,6 +2,8 @@ // This test verifies argument source range highlighting. // Otherwise we've no idea which of the arguments is null. +// These days we actually also have it in the message, +// but the range is still great to have. char *strcpy(char *, const char *); @@ -10,6 +12,6 @@ void foo() { strcpy(a, b); } -// CHECK: warning: Null pointer argument in call to string copy function +// CHECK: warning: Null pointer passed as 1st argument to string copy function // CHECK-NEXT: strcpy(a, b); // CHECK-NEXT: ^ ~ diff --git a/clang/test/Analysis/null-deref-path-notes.c b/clang/test/Analysis/null-deref-path-notes.c index c73f640..b1bef63 100644 --- a/clang/test/Analysis/null-deref-path-notes.c +++ b/clang/test/Analysis/null-deref-path-notes.c @@ -13,40 +13,40 @@ void *memcpy(void *dest, const void *src, unsigned long count); void f1(char *source) { char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}} - memcpy(destination + 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} - // expected-note@-1{{Null pointer argument in call to memory copy function}} + memcpy(destination + 0, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} + // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}} } void f2(char *source) { char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}} - memcpy(destination - 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} - // expected-note@-1{{Null pointer argument in call to memory copy function}} + memcpy(destination - 0, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} + // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}} } void f3(char *source) { char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}} destination = destination + 0; // expected-note{{Null pointer value stored to 'destination'}} - memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} - // expected-note@-1{{Null pointer argument in call to memory copy function}} + memcpy(destination, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} + // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}} } void f4(char *source) { char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}} destination = destination - 0; // expected-note{{Null pointer value stored to 'destination'}} - memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} - // expected-note@-1{{Null pointer argument in call to memory copy function}} + memcpy(destination, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} + // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}} } void f5(char *source) { char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}} char *destination2 = destination1 + 0; // expected-note{{'destination2' initialized to a null pointer value}} - memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} - // expected-note@-1{{Null pointer argument in call to memory copy function}} + memcpy(destination2, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} + // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}} } void f6(char *source) { char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}} char *destination2 = destination1 - 0; // expected-note{{'destination2' initialized to a null pointer value}} - memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} - // expected-note@-1{{Null pointer argument in call to memory copy function}} + memcpy(destination2, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}} + // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}} } diff --git a/clang/test/Analysis/null-deref-ps-region.c b/clang/test/Analysis/null-deref-ps-region.c index 71b7a1d..58fcbb6 100644 --- a/clang/test/Analysis/null-deref-ps-region.c +++ b/clang/test/Analysis/null-deref-ps-region.c @@ -39,7 +39,7 @@ void bar() { void testConcreteNull() { int *x = 0; - memset(x, 0, 1); // expected-warning {{Null pointer argument in call to memory set function}} + memset(x, 0, 1); // expected-warning {{Null pointer passed as 1st argument to memory set function}} } void testStackArray() { diff --git a/clang/test/Analysis/string.c b/clang/test/Analysis/string.c index 841bc15..d21ec11 100644 --- a/clang/test/Analysis/string.c +++ b/clang/test/Analysis/string.c @@ -97,7 +97,7 @@ void strlen_constant2(char x) { } size_t strlen_null() { - return strlen(0); // expected-warning{{Null pointer argument in call to string length function}} + return strlen(0); // expected-warning{{Null pointer passed as 1st argument to string length function}} } size_t strlen_fn() { @@ -251,7 +251,7 @@ void strnlen_constant6(char x) { } size_t strnlen_null() { - return strnlen(0, 3); // expected-warning{{Null pointer argument in call to string length function}} + return strnlen(0, 3); // expected-warning{{Null pointer passed as 1st argument to string length function}} } size_t strnlen_fn() { @@ -322,11 +322,11 @@ char *strcpy(char *restrict s1, const char *restrict s2); void strcpy_null_dst(char *x) { - strcpy(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}} + strcpy(NULL, x); // expected-warning{{Null pointer passed as 1st argument to string copy function}} } void strcpy_null_src(char *x) { - strcpy(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}} + strcpy(x, NULL); // expected-warning{{Null pointer passed as 2nd argument to string copy function}} } void strcpy_fn(char *x) { @@ -424,15 +424,15 @@ char *strcat(char *restrict s1, const char *restrict s2); void strcat_null_dst(char *x) { - strcat(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}} + strcat(NULL, x); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}} } void strcat_null_src(char *x) { - strcat(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}} + strcat(x, NULL); // expected-warning{{Null pointer passed as 2nd argument to string concatenation function}} } void strcat_fn(char *x) { - strcat(x, (char*)&strcat_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcat_fn', which is not a null-terminated string}} + strcat(x, (char*)&strcat_fn); // expected-warning{{Argument to string concatenation function is the address of the function 'strcat_fn', which is not a null-terminated string}} } void strcat_effects(char *y) { @@ -523,11 +523,11 @@ char *strncpy(char *restrict s1, const char *restrict s2, size_t n); void strncpy_null_dst(char *x) { - strncpy(NULL, x, 5); // expected-warning{{Null pointer argument in call to string copy function}} + strncpy(NULL, x, 5); // expected-warning{{Null pointer passed as 1st argument to string copy function}} } void strncpy_null_src(char *x) { - strncpy(x, NULL, 5); // expected-warning{{Null pointer argument in call to string copy function}} + strncpy(x, NULL, 5); // expected-warning{{Null pointer passed as 2nd argument to string copy function}} } void strncpy_fn(char *x) { @@ -631,15 +631,15 @@ char *strncat(char *restrict s1, const char *restrict s2, size_t n); void strncat_null_dst(char *x) { - strncat(NULL, x, 4); // expected-warning{{Null pointer argument in call to string copy function}} + strncat(NULL, x, 4); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}} } void strncat_null_src(char *x) { - strncat(x, NULL, 4); // expected-warning{{Null pointer argument in call to string copy function}} + strncat(x, NULL, 4); // expected-warning{{Null pointer passed as 2nd argument to string concatenation function}} } void strncat_fn(char *x) { - strncat(x, (char*)&strncat_fn, 4); // expected-warning{{Argument to string copy function is the address of the function 'strncat_fn', which is not a null-terminated string}} + strncat(x, (char*)&strncat_fn, 4); // expected-warning{{Argument to string concatenation function is the address of the function 'strncat_fn', which is not a null-terminated string}} } void strncat_effects(char *y) { @@ -812,13 +812,13 @@ void strcmp_2() { void strcmp_null_0() { char *x = NULL; char *y = "123"; - strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} + strcmp(x, y); // expected-warning{{Null pointer passed as 1st argument to string comparison function}} } void strcmp_null_1() { char *x = "123"; char *y = NULL; - strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} + strcmp(x, y); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}} } void strcmp_diff_length_0() { @@ -921,13 +921,13 @@ void strncmp_2() { void strncmp_null_0() { char *x = NULL; char *y = "123"; - strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} + strncmp(x, y, 3); // expected-warning{{Null pointer passed as 1st argument to string comparison function}} } void strncmp_null_1() { char *x = "123"; char *y = NULL; - strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} + strncmp(x, y, 3); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}} } void strncmp_diff_length_0() { @@ -1030,13 +1030,13 @@ void strcasecmp_2() { void strcasecmp_null_0() { char *x = NULL; char *y = "123"; - strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} + strcasecmp(x, y); // expected-warning{{Null pointer passed as 1st argument to string comparison function}} } void strcasecmp_null_1() { char *x = "123"; char *y = NULL; - strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} + strcasecmp(x, y); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}} } void strcasecmp_diff_length_0() { @@ -1121,13 +1121,13 @@ void strncasecmp_2() { void strncasecmp_null_0() { char *x = NULL; char *y = "123"; - strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} + strncasecmp(x, y, 3); // expected-warning{{Null pointer passed as 1st argument to string comparison function}} } void strncasecmp_null_1() { char *x = "123"; char *y = NULL; - strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} + strncasecmp(x, y, 3); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}} } void strncasecmp_diff_length_0() { @@ -1183,11 +1183,11 @@ void strncasecmp_embedded_null () { char *strsep(char **stringp, const char *delim); void strsep_null_delim(char *s) { - strsep(&s, NULL); // expected-warning{{Null pointer argument in call to strsep()}} + strsep(&s, NULL); // expected-warning{{Null pointer passed as 2nd argument to strsep()}} } void strsep_null_search() { - strsep(NULL, ""); // expected-warning{{Null pointer argument in call to strsep()}} + strsep(NULL, ""); // expected-warning{{Null pointer passed as 1st argument to strsep()}} } void strsep_return_original_pointer(char *s) { @@ -1433,7 +1433,7 @@ void memset26_upper_UCHAR_MAX() { void bzero1_null() { char *a = NULL; - bzero(a, 10); // expected-warning{{Null pointer argument in call to memory clearance function}} + bzero(a, 10); // expected-warning{{Null pointer passed as 1st argument to memory clearance function}} } void bzero2_char_array_null() { @@ -1453,7 +1453,7 @@ void bzero3_char_ptr_null() { void explicit_bzero1_null() { char *a = NULL; - explicit_bzero(a, 10); // expected-warning{{Null pointer argument in call to memory clearance function}} + explicit_bzero(a, 10); // expected-warning{{Null pointer passed as 1st argument to memory clearance function}} } void explicit_bzero2_clear_mypassword() { -- 2.7.4