How to write checkers for searching specific system calls?

Question

I'm still new and learning the way to write checkers for static clang analyzer. I need to do the checker on Linux based, and I've read a lot of materials from blogs and websites, but almost all of them are based on Xcode, and none of them are telling me how to search a specific system call.

I'm trying to write a checker on Linux which can tell users that the system call they are using is dangerous, and showing the reason why it may be leak.

Could anyone tell me if it is possible to do this kind of checker? And if it could be made, how should I do or where can I find these materials to do it?

Answer 1

This guide, How to write a Checker in 24 hours is pretty informative and includes an example of identifying calls to fopen around the 34th slide. I highly recommend looking at it yourself but I'll try and summarize the most relevant parts to get you started.

Each checker registers callback functions that are called to check certain properties. In your case your checker will make use of a call event function:

void checkPostCall(const CallEvent &Call, CheckerContext &C) const;

This member function on your checker will get called every time the static analyzer engine comes across a call event. You simply need to define your function to check if the call event is to the system call your are checking for. In the linked example they are looking for calls to fopen and so the beginning of their checkPostCall function looks something like this:

if(Call.isGlobalCFunction("fopen"))
    //do stuff

Hopefully that's enough to help get your started!