[clang][analyzer] Improve documentation of StreamChecker (NFC). #83858
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llvmbot
added
clang
|
@llvm/pr-subscribers-clang @llvm/pr-subscribers-clang-static-analyzer-1 Author: Balázs Kéri (balazske) ChangesFull diff: https://github.com/llvm/llvm-project/pull/83858.diff 1 Files Affected:
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index fe211514914272..aa79792c64dc54 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -3020,44 +3020,82 @@ Check for misuses of stream APIs. Check for misuses of stream APIs: ``fopen, fcl
alpha.unix.Stream (C)
"""""""""""""""""""""
-Check stream handling functions: ``fopen, tmpfile, fclose, fread, fwrite, fseek, ftell, rewind, fgetpos,``
-``fsetpos, clearerr, feof, ferror, fileno``.
+Check C stream handling functions:
+``fopen, fdopen, freopen, tmpfile, fclose, fread, fwrite, fgetc, fgets, fputc, fputs, fprintf, fscanf, ungetc, getdelim, getline, fseek, fseeko, ftell, ftello, fflush, rewind, fgetpos, fsetpos, clearerr, feof, ferror, fileno``.
+
+The checker maintains information about the C stream objects (``FILE *``) and
+can detect error conditions related to use of streams. The following conditions
+are detected:
+
+* The ``FILE *`` pointer passed to the function is NULL. (At ``fflush``
+ NULL is allowed.)
+* Use of stream after close.
+* Opened stream is not closed.
+* Read from a stream after end-of-file. (This is not a fatal error but reported
+ by the checker. Stream remains in EOF state and the read operation fails.)
+* Use of stream when the file position is indeterminate after a previous failed
+ operation. Some functions are allowed in this state.
+* Invalid 3rd ("``whence``") argument to ``fseek``.
+
+The checker is not capable of maintaining a relation between integer file
+descriptors and ``FILE *`` pointers. Operations on standard streams like
+``stdin`` are not treated specially and are therefore often not recognized
+(because these streams are usually not opened explicitly by the program, and
+are global variables).
.. code-block:: c
- void test() {
+ void test1() {
FILE *p = fopen("foo", "r");
} // warn: opened file is never closed
- void test() {
+ void test2() {
FILE *p = fopen("foo", "r");
fseek(p, 1, SEEK_SET); // warn: stream pointer might be NULL
fclose(p);
}
- void test() {
+ void test3() {
FILE *p = fopen("foo", "r");
+ if (p) {
+ fseek(p, 1, 3); // warn: third arg should be SEEK_SET, SEEK_END, or SEEK_CUR
+ fclose(p);
+ }
+ }
- if (p)
- fseek(p, 1, 3);
- // warn: third arg should be SEEK_SET, SEEK_END, or SEEK_CUR
+ void test4() {
+ FILE *p = fopen("foo", "r");
+ if (!p)
+ return;
fclose(p);
+ fclose(p); // warn: stream already closed
}
- void test() {
+ void test5() {
FILE *p = fopen("foo", "r");
+ if (!p)
+ return;
+
+ fgetc(p);
+ if (!ferror(p))
+ fgetc(p); // warn: possible read after end-of-file
+
fclose(p);
- fclose(p); // warn: already closed
}
- void test() {
- FILE *p = tmpfile();
- ftell(p); // warn: stream pointer might be NULL
+ void test6() {
+ FILE *p = fopen("foo", "r");
+ if (!p)
+ return;
+
+ fgetc(p);
+ if (!feof(p))
+ fgetc(p); // warn: file position may be indeterminate after I/O error
+
fclose(p);
}
-
.. _alpha-unix-cstring-BufferOverlap:
alpha.unix.cstring.BufferOverlap (C)
|
NagyDonat
approved these changes
Mar 4, 2024
clang/docs/analyzer/checkers.rst
Outdated
| operation. Some functions are allowed in this state. | ||
| * Invalid 3rd ("``whence``") argument to ``fseek``. | ||
|
|
||
| The checker is not capable of maintaining a relation between integer file |
There was a problem hiding this comment.
Suggested change
| The checker is not capable of maintaining a relation between integer file | |
| The checker does not track the correspondence between integer file |
and re-apply line wrapping to the paragraph (if needed)
benshi001
approved these changes
Mar 5, 2024
|
|
||
| * The ``FILE *`` pointer passed to the function is NULL. (At ``fflush`` | ||
| NULL is allowed.) | ||
| * Use of stream after close. |
There was a problem hiding this comment.
This is not meant to be a function name, just "close of a stream" (I do not know why it is displayed in blue color).
| ``fopen, fdopen, freopen, tmpfile, fclose, fread, fwrite, fgetc, fgets, fputc, fputs, fprintf, fscanf, ungetc, getdelim, getline, fseek, fseeko, ftell, ftello, fflush, rewind, fgetpos, fsetpos, clearerr, feof, ferror, fileno``. | ||
|
|
||
| The checker maintains information about the C stream objects (``FILE *``) and | ||
| can detect error conditions related to use of streams. The following conditions |
There was a problem hiding this comment.
... related to use of these streams.
English is not my first language, maybe my suggestion is not good.
There was a problem hiding this comment.
I do not know but "can detect error conditions related to use of streams" is good in itself so I would leave it.
clang/docs/analyzer/checkers.rst
Outdated
| can detect error conditions related to use of streams. The following conditions | ||
| are detected: | ||
|
|
||
| * The ``FILE *`` pointer passed to the function is NULL. (At ``fflush`` |
There was a problem hiding this comment.
The FILE * pointer passed to a function is NULL. (except ''fflush'' which allows that)
clang/docs/analyzer/checkers.rst
Outdated
| * Read from a stream after end-of-file. (This is not a fatal error but reported | ||
| by the checker. Stream remains in EOF state and the read operation fails.) | ||
| * Use of stream when the file position is indeterminate after a previous failed | ||
| operation. Some functions are allowed in this state. |
There was a problem hiding this comment.
Some functions (such as ...) are allowed in this state.
steakhal
reviewed
Mar 5, 2024
| * Use of stream after close. | ||
| * Opened stream is not closed. | ||
| * Read from a stream after end-of-file. (This is not a fatal error but reported | ||
| by the checker. Stream remains in EOF state and the read operation fails.) |
There was a problem hiding this comment.
I can see NULL and EOF (maybe others) spelled in the docs without double backticks.
Do you think we should escape those to have verbatim code highlighting?
There was a problem hiding this comment.
I have the feeling that these words (NULL, EOF) are relatively commonly used (NULL is an abbrevation for null pointer, EOF = end-of-file). Probably NULL can be better as keyword (code format), but by EOF I did not mean the numeric constant, just "end of file".
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.