Extend memset zeroing support bzero and friends (PR #696)

sim642 · sim642 · commit f8ad4ab3b562 · 2022-04-27T13:09:53.000+03:00
Should fix 01-cpa/24-library_functions on MacOS CI.
diff --git a/src/analyses/accessAnalysis.ml b/src/analyses/accessAnalysis.ml
@@ -182,6 +182,7 @@ struct
       let reach =
         match f.vname with
         | "memset" | "__builtin_memset" | "__builtin___memset_chk" -> false
+        | "bzero" | "__builtin_bzero" | "explicit_bzero" | "__explicit_bzero_chk" -> false
         | "__builtin_object_size" -> false
         | _ -> true
       in
diff --git a/src/analyses/base.ml b/src/analyses/base.ml
@@ -2134,6 +2134,20 @@ struct
           set ~ctx:(Some ctx) (Analyses.ask_of_ctx ctx) gs st dest_a dest_typ value
         | _, _ -> failwith "strange memset arguments"
       end
+    | `Unknown (("bzero" | "__builtin_bzero" | "explicit_bzero" | "__explicit_bzero_chk") as name) ->
+      (* TODO: share something with memset special case? *)
+      begin match name, args with
+        | "__explicit_bzero_chk", [dest; count; _ (* dest_size *)]
+        | ("bzero" | "__builtin_bzero" | "explicit_bzero"), [dest; count] ->
+          (* TODO: check count *)
+          let dest_lval = mkMem ~addr:(Cil.stripCasts dest) ~off:NoOffset in
+          let dest_a = eval_lv (Analyses.ask_of_ctx ctx) gs st dest_lval in
+          (* let dest_typ = Cilfacade.typeOfLval dest_lval in *)
+          let dest_typ = AD.get_type dest_a in (* TODO: what is the right way? *)
+          let value = VD.zero_init_value dest_typ in
+          set ~ctx:(Some ctx) (Analyses.ask_of_ctx ctx) gs st dest_a dest_typ value
+        | _, _ -> failwith "strange bzero arguments"
+      end
     | `Unknown "F59" (* strcpy *)
     | `Unknown "F60" (* strncpy *)
     | `Unknown "F63" (* memcpy *)
diff --git a/src/analyses/libraryFunctions.ml b/src/analyses/libraryFunctions.ml
@@ -185,6 +185,9 @@ let invalidate_actions = [
     "__builtin_ctzll", readsAll;
     "__builtin_clz", readsAll;
     "bzero", writes [1]; (*keep 1*)
+    "__builtin_bzero", writes [1]; (*keep [1]*)
+    "explicit_bzero", writes [1];
+    "__explicit_bzero_chk", writes [1];
     "connect", readsAll;          (*safe*)
     "fclose", readsAll;           (*safe*)
     "fflush", writesAll;          (*unsafe*)
@@ -398,7 +401,6 @@ let invalidate_actions = [
     "__maskrune", writesAll; (*unsafe*)
     "inet_addr", readsAll; (*safe*)
     "gethostbyname", readsAll; (*safe*)
-    "__builtin_bzero", writes [1]; (*keep [1]*)
     "setsockopt", readsAll; (*safe*)
     "listen", readsAll; (*safe*)
     "getsockname", writes [1;3]; (*keep [1;3]*)
