Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 1 | //== ObjCContainersASTChecker.cpp - CoreFoundation containers API *- C++ -*-==// |
| 2 | // |
| 3 | // The LLVM Compiler Infrastructure |
| 4 | // |
| 5 | // This file is distributed under the University of Illinois Open Source |
| 6 | // License. See LICENSE.TXT for details. |
| 7 | // |
| 8 | //===----------------------------------------------------------------------===// |
| 9 | // |
| 10 | // An AST checker that looks for common pitfalls when using 'CFArray', |
| 11 | // 'CFDictionary', 'CFSet' APIs. |
| 12 | // |
| 13 | //===----------------------------------------------------------------------===// |
| 14 | #include "ClangSACheckers.h" |
| 15 | #include "clang/Analysis/AnalysisContext.h" |
| 16 | #include "clang/AST/StmtVisitor.h" |
| 17 | #include "clang/Basic/TargetInfo.h" |
| 18 | #include "clang/StaticAnalyzer/Core/Checker.h" |
| 19 | #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" |
| 20 | #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" |
Benjamin Kramer | 8fe83e1 | 2012-02-04 13:45:25 +0000 | [diff] [blame] | 21 | #include "llvm/ADT/SmallString.h" |
Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 22 | #include "llvm/Support/raw_ostream.h" |
| 23 | |
| 24 | using namespace clang; |
| 25 | using namespace ento; |
| 26 | |
| 27 | namespace { |
| 28 | class WalkAST : public StmtVisitor<WalkAST> { |
| 29 | BugReporter &BR; |
| 30 | AnalysisDeclContext* AC; |
| 31 | ASTContext &ASTC; |
| 32 | uint64_t PtrWidth; |
| 33 | |
| 34 | static const unsigned InvalidArgIndex = UINT_MAX; |
| 35 | |
| 36 | /// Check if the type has pointer size (very conservative). |
| 37 | inline bool isPointerSize(const Type *T) { |
| 38 | if (!T) |
| 39 | return true; |
| 40 | if (T->isIncompleteType()) |
| 41 | return true; |
| 42 | return (ASTC.getTypeSize(T) == PtrWidth); |
| 43 | } |
| 44 | |
| 45 | /// Check if the type is a pointer/array to pointer sized values. |
| 46 | inline bool hasPointerToPointerSizedType(const Expr *E) { |
| 47 | QualType T = E->getType(); |
| 48 | |
| 49 | // The type could be either a pointer or array. |
| 50 | const Type *TP = T.getTypePtr(); |
| 51 | QualType PointeeT = TP->getPointeeType(); |
Anna Zaks | f196a90 | 2012-02-02 01:30:08 +0000 | [diff] [blame] | 52 | if (!PointeeT.isNull()) { |
| 53 | // If the type is a pointer to an array, check the size of the array |
| 54 | // elements. To avoid false positives coming from assumption that the |
| 55 | // values x and &x are equal when x is an array. |
| 56 | if (const Type *TElem = PointeeT->getArrayElementTypeNoTypeQual()) |
| 57 | if (isPointerSize(TElem)) |
| 58 | return true; |
| 59 | |
| 60 | // Else, check the pointee size. |
Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 61 | return isPointerSize(PointeeT.getTypePtr()); |
Anna Zaks | f196a90 | 2012-02-02 01:30:08 +0000 | [diff] [blame] | 62 | } |
Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 63 | |
| 64 | if (const Type *TElem = TP->getArrayElementTypeNoTypeQual()) |
| 65 | return isPointerSize(TElem); |
| 66 | |
| 67 | // The type must be an array/pointer type. |
| 68 | |
| 69 | // This could be a null constant, which is allowed. |
| 70 | if (E->isNullPointerConstant(ASTC, Expr::NPC_ValueDependentIsNull)) |
| 71 | return true; |
| 72 | return false; |
| 73 | } |
| 74 | |
| 75 | public: |
| 76 | WalkAST(BugReporter &br, AnalysisDeclContext* ac) |
| 77 | : BR(br), AC(ac), ASTC(AC->getASTContext()), |
| 78 | PtrWidth(ASTC.getTargetInfo().getPointerWidth(0)) {} |
| 79 | |
| 80 | // Statement visitor methods. |
| 81 | void VisitChildren(Stmt *S); |
| 82 | void VisitStmt(Stmt *S) { VisitChildren(S); } |
| 83 | void VisitCallExpr(CallExpr *CE); |
| 84 | }; |
| 85 | } // end anonymous namespace |
| 86 | |
| 87 | static StringRef getCalleeName(CallExpr *CE) { |
| 88 | const FunctionDecl *FD = CE->getDirectCallee(); |
| 89 | if (!FD) |
| 90 | return StringRef(); |
| 91 | |
| 92 | IdentifierInfo *II = FD->getIdentifier(); |
| 93 | if (!II) // if no identifier, not a simple C function |
| 94 | return StringRef(); |
| 95 | |
| 96 | return II->getName(); |
| 97 | } |
| 98 | |
| 99 | void WalkAST::VisitCallExpr(CallExpr *CE) { |
| 100 | StringRef Name = getCalleeName(CE); |
| 101 | if (Name.empty()) |
| 102 | return; |
| 103 | |
| 104 | const Expr *Arg = 0; |
| 105 | unsigned ArgNum = InvalidArgIndex; |
| 106 | |
| 107 | if (Name.equals("CFArrayCreate") || Name.equals("CFSetCreate")) { |
| 108 | ArgNum = 1; |
| 109 | Arg = CE->getArg(ArgNum)->IgnoreParenCasts(); |
| 110 | if (hasPointerToPointerSizedType(Arg)) |
| 111 | return; |
| 112 | } |
| 113 | |
| 114 | if (Arg == 0 && Name.equals("CFDictionaryCreate")) { |
| 115 | // Check first argument. |
| 116 | ArgNum = 1; |
| 117 | Arg = CE->getArg(ArgNum)->IgnoreParenCasts(); |
| 118 | if (hasPointerToPointerSizedType(Arg)) { |
| 119 | // Check second argument. |
| 120 | ArgNum = 2; |
| 121 | Arg = CE->getArg(ArgNum)->IgnoreParenCasts(); |
| 122 | if (hasPointerToPointerSizedType(Arg)) |
| 123 | // Both are good, return. |
| 124 | return; |
| 125 | } |
| 126 | } |
| 127 | |
| 128 | if (ArgNum != InvalidArgIndex) { |
| 129 | assert(ArgNum == 1 || ArgNum == 2); |
| 130 | |
Dylan Noblesmith | f7ccbad | 2012-02-05 02:13:05 +0000 | [diff] [blame] | 131 | SmallString<256> BufName; |
Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 132 | llvm::raw_svector_ostream OsName(BufName); |
| 133 | assert(ArgNum == 1 || ArgNum == 2); |
| 134 | OsName << " Invalid use of '" << Name << "'" ; |
| 135 | |
Dylan Noblesmith | f7ccbad | 2012-02-05 02:13:05 +0000 | [diff] [blame] | 136 | SmallString<256> Buf; |
Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 137 | llvm::raw_svector_ostream Os(Buf); |
| 138 | Os << " The "<< ((ArgNum == 1) ? "first" : "second") << " argument to '" |
| 139 | << Name << "' must be a C array of pointer-sized values, not '" |
| 140 | << Arg->getType().getAsString() << "'"; |
| 141 | |
| 142 | SourceRange R = Arg->getSourceRange(); |
| 143 | PathDiagnosticLocation CELoc = |
| 144 | PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC); |
Ted Kremenek | 0718952 | 2012-04-04 18:11:35 +0000 | [diff] [blame] | 145 | BR.EmitBasicReport(AC->getDecl(), |
Ted Kremenek | 6fd4505 | 2012-04-05 20:43:28 +0000 | [diff] [blame] | 146 | OsName.str(), categories::CoreFoundationObjectiveC, |
Anna Zaks | cbd2733 | 2012-01-26 01:05:43 +0000 | [diff] [blame] | 147 | Os.str(), CELoc, &R, 1); |
| 148 | } |
| 149 | |
| 150 | // Recurse and check children. |
| 151 | VisitChildren(CE); |
| 152 | } |
| 153 | |
| 154 | void WalkAST::VisitChildren(Stmt *S) { |
| 155 | for (Stmt::child_iterator I = S->child_begin(), E = S->child_end(); I!=E; ++I) |
| 156 | if (Stmt *child = *I) |
| 157 | Visit(child); |
| 158 | } |
| 159 | |
| 160 | namespace { |
| 161 | class ObjCContainersASTChecker : public Checker<check::ASTCodeBody> { |
| 162 | public: |
| 163 | |
| 164 | void checkASTCodeBody(const Decl *D, AnalysisManager& Mgr, |
| 165 | BugReporter &BR) const { |
| 166 | WalkAST walker(BR, Mgr.getAnalysisDeclContext(D)); |
| 167 | walker.Visit(D->getBody()); |
| 168 | } |
| 169 | }; |
| 170 | } |
| 171 | |
| 172 | void ento::registerObjCContainersASTChecker(CheckerManager &mgr) { |
| 173 | mgr.registerChecker<ObjCContainersASTChecker>(); |
| 174 | } |