I’m interested in trying out clang based code analysis. I saw the following slides:
http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf
So thought I’d try using tools/clang/lib/StaticAnalyzer/Checkers/SimpleStreamChecker.cpp as a base for a similar check using our products’ internal file API.
In the sample, there’s the following code to get the close parameter:
void SimpleStreamChecker::checkPreCall
…
// Get the symbolic value corresponding to the file handle.
SymbolRef FileDesc = Call.getArgSVal(0).getAsSymbol();
I’ll want to do the same thing, with a small difference. My close API looks like:
struct my_filehandle { int fh ; … } ;
int myclose( my_filehandle & fh )
so once I get the close parameter symbol, I have the task of looking up the actual file descriptor.
I’m guessing that I have to:
- check it for -1 instead of NULL (hardcoding the assumption for now that I’m only running this checking on Unix)
I’ve changed:
ConditionTruthVal OpenFailed = CMgr.isNull(State, Sym);
to call isNegative(), which I think will do the trick, provided I first:
-
find the symbol that the myclose() parameter is a reference to.
-
look up the my_filehandle::fh value out of that symbol.
-
put that ::fh symbol in the checker stream instead of the FILE*.
Anybody willing to give any tips on how to do 2-3 above.