Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114600 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 99799 invoked from network); 25 May 2021 19:59:01 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 25 May 2021 19:59:01 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 4F5AB1804E3 for ; Tue, 25 May 2021 13:10:22 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from supercat.cmpct.info (supercat.cmpct.info [71.19.146.230]) by php-smtp4.php.net (Postfix) with ESMTP for ; Tue, 25 May 2021 13:10:21 -0700 (PDT) Received: from smtpclient.apple (fctnnbsc38w-142-167-240-56.dhcp-dynamic.fibreop.nb.bellaliant.net [142.167.240.56]) by supercat.cmpct.info (Postfix) with ESMTPSA id 200BC3FDB5 for ; Tue, 25 May 2021 20:10:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpct.info; s=default; t=1621973418; bh=RqPWAtYGbPyFeapq1yAY/csPaFB5E3SyLAMD+Yfve2g=; h=From:Subject:Date:References:To:In-Reply-To; b=lp3Lzsvc41JwMt+CR9OXv/qqidOqce5olYh3mLgcJjQJxieHKTCoAbcZoK+jhcbdy ipr5tWJPKUR3cDaPfzMrHmkY5GazCTB0nL7FD0XJpJR7qsIIBiWcQvjiYTq09tfHNf p+iqfXT+qgalh3ZFbjmTzlaPFZDLI/g0kb63MuE0= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\)) Date: Tue, 25 May 2021 17:10:16 -0300 References: <194DA850-19F7-41C4-97CF-944F13B57AFD@cmpct.info> To: internals@lists.php.net In-Reply-To: <194DA850-19F7-41C4-97CF-944F13B57AFD@cmpct.info> Message-ID: <7AD8D5D3-C70E-40C3-B55E-A4C9E4ECDA44@cmpct.info> X-Mailer: Apple Mail (2.3654.80.0.2.43) Subject: Re: [PHP-DEV] Using clang-analyzer with PHP: experiences? From: calvin@cmpct.info (Calvin Buckley) I did some additional research and seemed to have decent luck with = slamming a construct like this after the includes: #define emalloc malloc #define erealloc realloc #define ecalloc calloc #define estrdup strdup #define estrndup strndup #define efree free One could wrap it around `__clang_analyzer__` or such. Unfortunately, = this is kinda ugly; it emits compiler warnings, but I suspect this = probably belongs in PHP itself or perhaps in some kind of clang-analyzer = addon that handles the e* allocation functions as well as things like = mismatching them. > On May 21, 2021, at 4:01 PM, Calvin Buckley wrote: >=20 > Hi internals@, >=20 > I maintain an extension and I suspect there are some issues in the = code. As such, I=E2=80=99ve been trying various tools to try to make it = easier to catch the issues. (For the curious: I=E2=80=99ve tried *San, = which I feel doesn=E2=80=99t work very well unless you /totally control/ = the entire stack, which I didn=E2=80=99t have the luxury of. I also = tried Valgrind, but I need ro revisit this to deal with possible false = positives in the library.) This time, I decided to try static analysis = through LLVM. >=20 > Luckily, clang-analyzer is pretty simple. Just prepending = =E2=80=9Cscan-build=E2=80=9D to my make invocation. Easy, right? = Unfortunately, I noticed that due to an inconsistency in the codebase (a = use of realloc instead of erealloc), that it doesn=E2=80=99t seem to = account for i.e emalloc vs. malloc. Possible leaks =E2=80=9Cwent away=E2=80= =9D from the output when I converted them to the PHP memory management = functions. >=20 > Has anyone ever used clang-analyzer with PHP before? I noticed there = was some tooling for a previous PHP transition [1], but I don=E2=80=99t = know if anyone=E2=80=99s tackled the low-hanging fruit of memory = functions. I suppose I could just redefine emalloc and friends, but I = feel that would probably be inaccurate with things like zend_string. >=20 > Regards, > Calvin >=20 > [1]: https://github.com/johannes/clang-php-checker > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php >=20