[RFC] analyzer: Add exit, and _exit replacement, to sm-signal.

David Malcolm dmalcolm@redhat.com
Mon May 18 15:09:18 GMT 2020


On Mon, 2020-05-18 at 16:47 +0200, Mark Wielaard wrote:
> Hi David,
> 
> On Mon, May 18, 2020 at 08:45:36AM -0400, David Malcolm wrote:
> > Also, m_unsafe_fndecl is a field of signal_unsafe_call, so we can
> > delay
> > calling replacement_fn until inside signal_unsafe_call::emit, after
> > the
> > warning has been emitted.
> > 
> > It could even become a member function of signal_unsafe_call,
> > giving
> > something like this for signal_unsafe_call::emit:
> 
> Thanks for all the hints. I adopted all your suggestions and the
> warning plus note now looks like:
> 
> /opt/local/gcc/bin/gcc -g -O2 -fanalyzer -c bzip2.c
> bzip2.c: In function ‘mySIGSEGVorSIGBUScatcher’:
> bzip2.c:874:4: warning: call to ‘exit’ from within signal handler
> [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
>   874 |    exit(exitValue);
>       |    ^~~~~~~~~~~~~~~
>   ‘main’: events 1-2
>     |
>     | 1784 | IntNative main ( IntNative argc, Char *argv[] )
>     |      |           ^~~~
>     |      |           |
>     |      |           (1) entry to ‘main’
>     |......
>     | 1800 |    smallMode               = False;
>     |      |    ~~~~~~~~~
>     |      |    |
>     |      |    (2) registering ‘mySIGSEGVorSIGBUScatcher’ as signal
> handler
>     |
>   event 3
>     |
>     |cc1:
>     | (3): later on, when the signal is delivered to the process
>     |
>     +--> ‘mySIGSEGVorSIGBUScatcher’: events 4-5
>            |
>            |  816 | void mySIGSEGVorSIGBUScatcher ( IntNative n )
>            |      |      ^~~~~~~~~~~~~~~~~~~~~~~~
>            |      |      |
>            |      |      (4) entry to ‘mySIGSEGVorSIGBUScatcher’
>            |......
>            |  874 |    exit(exitValue);
>            |      |    ~~~~~~~~~~~~~~~
>            |      |    |
>            |      |    (5) call to ‘exit’ from within signal handler
>            |
> bzip2.c:874:4: note: ‘_exit’ is a possible signal-safe alternative
> for ‘exit’
>   874 |    exit(exitValue);
>       |    ^~~~~~~~~~~~~~~
>       |    _exit
> 
> I also added a testcase. How about the attached?

Thanks Mark.

Overall, I like it, but it looks like there's a problem with the
location of the fix-it hint: it looks like it might be replacing the
whole of the underlined section of the call, argument, parentheses and
all, with "_exit", rather than just the "exit" token.  I wonder if the
location of that token is still available in the middle-end by the time
the analyzer runs.

What does -fdiagnostics-generate-patch emit?


David



More information about the Gcc-patches mailing list