Question about modeling of system api like getpwuid

[for-just-we]

I notice in svf-llvm/lib/extapi.c, the api like getpwuid return STATIC_OBJECT. However, the STATIC_OBJECT is defined as malloc(10), which causes many false positive bug report in real-world projects like nginx.

Would it make more sense to define it as alloca(10) or NULL, since alloca and NULL do not need to be freed. Which may not be reasonable but could reduce false reports of heap object. Or consider modeling it to point to a global object.

Here is an example:

#include <pwd.h>
#include <stdio.h>
#include <errno.h>

int main() {
    struct passwd *pw1 = getpwnam("root");
    struct passwd *pw2 = getpwnam("nobody"); // 会覆盖前一次调用的结果

    errno = 1;
    return 0;
}

The bug report is as follows, which seems to be false positives.

	 NeverFree : memory allocation at : ({ "ln": 9, "cl": 5, "fl": "test.c" })
	 NeverFree : memory allocation at : ({ "ln": 6, "cl": 26, "fl": "test.c" })
	 NeverFree : memory allocation at : ({ "ln": 7, "cl": 26, "fl": "test.c" })

[for-just-we]

Currently, I made a modification that makes STATIC_OBJECT aliased with a global object. I'm not sure whether this is a reasonable modification

char* globalData = "dummy global\n";
#define STATIC_OBJECT globalData

[shuangxiangkan]

We added a new "ALLOC_STACK_RET" annotation in extapi.c (#1616), which allows SVF to allocate a stack object for APIs like getpwuid() based on this annotation.

[yuleisui]

We added a new "ALLOC_STACK_RET" annotation in extapi.c (#1616), which allows SVF to allocate a stack object for APIs like getpwuid() based on this annotation.

@for-just-we could you try our patch and let us know if it works before we merge it to upstream?

[for-just-we]

We added a new "ALLOC_STACK_RET" annotation in extapi.c (#1616), which allows SVF to allocate a stack object for APIs like getpwuid() based on this annotation.

It seems worked, no false positive leak report for these API source points.

[yuleisui]

Thanks for reporting back.