Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / bd7efa8ca27ed9676acf00abf31d5e1cd54651cc / . / lib / Analysis / BugReporter.cpp
blob: d1689e2e51324be56423deb3f75362cb9aa5b33b [file] [log] [blame]
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]1// BugReporter.cpp - Generate PathDiagnostics for Bugs ------------*- C++ -*--//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file defines BugReporter, a utility class for generating
11// PathDiagnostics for analyses based on GRSimpleVals.
12//
13//===----------------------------------------------------------------------===//
14
15#include "clang/Analysis/PathSensitive/BugReporter.h"
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]16#include "clang/Analysis/PathSensitive/GRExprEngine.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]17#include "clang/Basic/SourceManager.h"
18#include "clang/Basic/SourceLocation.h"
19#include "clang/AST/ASTContext.h"
20#include "clang/AST/CFG.h"
21#include "clang/AST/Expr.h"
22#include "clang/Analysis/ProgramPoint.h"
23#include "clang/Analysis/PathDiagnostic.h"
24#include <sstream>
25
26using namespace clang;
27
28BugReporter::~BugReporter() {}
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]29BugType::~BugType() {}
30BugReport::~BugReport() {}
Ted Kremenek5e55cda2008-04-11 18:40:29 +0000[diff] [blame]31RangedBugReport::~RangedBugReport() {}
32
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]33ExplodedGraph<ValueState>& BugReporter::getGraph() { return Eng.getGraph(); }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]34
35static inline Stmt* GetStmt(const ProgramPoint& P) {
36 if (const PostStmt* PS = dyn_cast<PostStmt>(&P)) {
37 return PS->getStmt();
38 }
39 else if (const BlockEdge* BE = dyn_cast<BlockEdge>(&P)) {
40 return BE->getSrc()->getTerminator();
41 }
42 else if (const BlockEntrance* BE = dyn_cast<BlockEntrance>(&P)) {
43 return BE->getFirstStmt();
44 }
45
46 assert (false && "Unsupported ProgramPoint.");
47 return NULL;
48}
49
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]50static inline Stmt* GetStmt(const CFGBlock* B) {
51 assert (!B->empty());
52 return (*B)[0];
53}
54
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]55Stmt* BugReport::getStmt() const {
56 return N ? GetStmt(N->getLocation()) : NULL;
57}
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]58
59static inline ExplodedNode<ValueState>*
60GetNextNode(ExplodedNode<ValueState>* N) {
61 return N->pred_empty() ? NULL : *(N->pred_begin());
62}
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]63
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]64
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]65static Stmt* GetLastStmt(ExplodedNode<ValueState>* N) {
66 assert (isa<BlockEntrance>(N->getLocation()));
67
68 for (N = GetNextNode(N); N; N = GetNextNode(N)) {
69
70 ProgramPoint P = N->getLocation();
71
72 if (PostStmt* PS = dyn_cast<PostStmt>(&P))
73 return PS->getStmt();
74 }
75
76 return NULL;
77}
78
79PathDiagnosticPiece*
80BugReport::getEndPath(BugReporter& BR,
81 ExplodedNode<ValueState>* EndPathNode) const {
82
83 ProgramPoint ProgP = EndPathNode->getLocation();
84 Stmt *S = NULL;
85
86 if (BlockEntrance* BE = dyn_cast<BlockEntrance>(&ProgP))
87 if (BE->getBlock() == &BR.getCFG().getExit())
88 S = GetLastStmt(EndPathNode);
89 if (!S)
90 S = GetStmt(ProgP);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]91
92 if (!S)
93 return NULL;
94
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]95 FullSourceLoc L(S->getLocStart(), BR.getContext().getSourceManager());
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]96
97 PathDiagnosticPiece* P =
98 new PathDiagnosticPiece(L, getDescription());
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]99
Ted Kremenekde7161f2008-04-03 18:00:37 +0000[diff] [blame]100 const SourceRange *Beg, *End;
101 getRanges(Beg, End);
102
103 if (Beg == End) {
104 if (Expr* E = dyn_cast<Expr>(S))
105 P->addRange(E->getSourceRange());
106 }
107 else {
108 assert (Beg < End);
109 for (; Beg != End; ++Beg)
110 P->addRange(*Beg);
111 }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]112
113 return P;
114}
115
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]116void BugReport::getRanges(const SourceRange*& beg,
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]117 const SourceRange*& end) const {
Ted Kremenekf1ae7052008-04-03 17:57:38 +0000[diff] [blame]118 beg = NULL;
119 end = NULL;
120}
121
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]122FullSourceLoc BugReport::getLocation(SourceManager& Mgr) {
123
124 if (!N)
125 return FullSourceLoc();
126
127 Stmt* S = GetStmt(N->getLocation());
128
129 if (!S)
130 return FullSourceLoc();
131
132 return FullSourceLoc(S->getLocStart(), Mgr);
133}
134
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]135PathDiagnosticPiece* BugReport::VisitNode(ExplodedNode<ValueState>* N,
136 ExplodedNode<ValueState>* PrevN,
137 ExplodedGraph<ValueState>& G,
138 ASTContext& Ctx) {
139 return NULL;
140}
141
142void BugReporter::GeneratePathDiagnostic(PathDiagnostic& PD,
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]143 BugReport& R) {
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]144
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]145 ExplodedNode<ValueState>* N = R.getEndNode();
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]146 assert (N && "Path diagnostic requires a ExplodedNode.");
147
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]148 llvm::OwningPtr<ExplodedGraph<ValueState> > GTrim(getGraph().Trim(&N, &N+1));
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]149
Ted Kremenek94826a72008-04-03 04:59:14 +0000[diff] [blame]150 // Find the sink in the trimmed graph.
151 // FIXME: Should we eventually have a sink iterator?
152
153 ExplodedNode<ValueState>* NewN = 0;
154
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]155 for (ExplodedGraph<ValueState>::node_iterator
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]156 I = GTrim->nodes_begin(), E = GTrim->nodes_end(); I != E; ++I) {
Ted Kremenek94826a72008-04-03 04:59:14 +0000[diff] [blame]157
158 if (I->isSink()) {
159 NewN = &*I;
160 break;
161 }
162 }
163
164 assert (NewN);
165 assert (NewN->getLocation() == N->getLocation());
166
167 N = NewN;
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]168
169 if (PathDiagnosticPiece* Piece = R.getEndPath(*this, N))
170 PD.push_back(Piece);
171 else
172 return;
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]173
174 ExplodedNode<ValueState>* NextNode = N->pred_empty()
175 ? NULL : *(N->pred_begin());
176
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]177 SourceManager& SMgr = Ctx.getSourceManager();
178
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]179 while (NextNode) {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]180
181 ExplodedNode<ValueState>* LastNode = N;
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]182 N = NextNode;
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame^]183 NextNode = GetNextNode(N);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]184
185 ProgramPoint P = N->getLocation();
186
187 if (const BlockEdge* BE = dyn_cast<BlockEdge>(&P)) {
188
189 CFGBlock* Src = BE->getSrc();
190 CFGBlock* Dst = BE->getDst();
191
192 Stmt* T = Src->getTerminator();
193
194 if (!T)
195 continue;
196
197 FullSourceLoc L(T->getLocStart(), SMgr);
198
199 switch (T->getStmtClass()) {
200 default:
201 break;
202
203 case Stmt::GotoStmtClass:
204 case Stmt::IndirectGotoStmtClass: {
205
206 Stmt* S = GetStmt(LastNode->getLocation());
207
208 if (!S)
209 continue;
210
211 std::ostringstream os;
212
213 os << "Control jumps to line "
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]214 << SMgr.getLogicalLineNumber(S->getLocStart()) << ".\n";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]215
216 PD.push_front(new PathDiagnosticPiece(L, os.str()));
217 break;
218 }
219
220 case Stmt::SwitchStmtClass: {
221
222 // Figure out what case arm we took.
223
224 Stmt* S = Dst->getLabel();
225
226 if (!S)
227 continue;
228
229 std::ostringstream os;
230
231 switch (S->getStmtClass()) {
232 default:
233 continue;
234
235 case Stmt::DefaultStmtClass: {
236
237 os << "Control jumps to the 'default' case at line "
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]238 << SMgr.getLogicalLineNumber(S->getLocStart()) << ".\n";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]239
240 break;
241 }
242
243 case Stmt::CaseStmtClass: {
244
245 os << "Control jumps to 'case ";
246
247 Expr* CondE = cast<SwitchStmt>(T)->getCond();
248 unsigned bits = Ctx.getTypeSize(CondE->getType());
249
250 llvm::APSInt V1(bits, false);
251
252 CaseStmt* Case = cast<CaseStmt>(S);
253
254 if (!Case->getLHS()->isIntegerConstantExpr(V1, Ctx, 0, true)) {
255 assert (false &&
256 "Case condition must evaluate to an integer constant.");
257 continue;
258 }
259
260 os << V1.toString();
261
262 // Get the RHS of the case, if it exists.
263
264 if (Expr* E = Case->getRHS()) {
265
266 llvm::APSInt V2(bits, false);
267
268 if (!E->isIntegerConstantExpr(V2, Ctx, 0, true)) {
269 assert (false &&
270 "Case condition (RHS) must evaluate to an integer constant.");
271 continue;
272 }
273
274 os << " .. " << V2.toString();
275 }
276
277 os << ":' at line "
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]278 << SMgr.getLogicalLineNumber(S->getLocStart()) << ".\n";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]279
280 break;
281
282 }
283 }
284
285 PD.push_front(new PathDiagnosticPiece(L, os.str()));
286 break;
287 }
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]288
289 case Stmt::ConditionalOperatorClass: {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]290
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]291 std::ostringstream os;
292 os << "'?' condition evaluates to ";
293
294 if (*(Src->succ_begin()+1) == Dst)
295 os << "false.";
296 else
297 os << "true.";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]298
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]299 PD.push_front(new PathDiagnosticPiece(L, os.str()));
300
301 break;
302 }
303
304 case Stmt::DoStmtClass: {
305
306 if (*(Src->succ_begin()) == Dst) {
307
308 std::ostringstream os;
309
310 os << "Loop condition is true. Execution continues on line "
311 << SMgr.getLogicalLineNumber(GetStmt(Dst)->getLocStart()) << '.';
312
313 PD.push_front(new PathDiagnosticPiece(L, os.str()));
314 }
315 else
316 PD.push_front(new PathDiagnosticPiece(L,
317 "Loop condition is false. Exiting loop."));
318
319 break;
320 }
321
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]322 case Stmt::WhileStmtClass:
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]323 case Stmt::ForStmtClass: {
324
325 if (*(Src->succ_begin()+1) == Dst) {
326
327 std::ostringstream os;
328
329 os << "Loop condition is false. Execution continues on line "
330 << SMgr.getLogicalLineNumber(GetStmt(Dst)->getLocStart()) << '.';
331
332 PD.push_front(new PathDiagnosticPiece(L, os.str()));
333 }
334 else
335 PD.push_front(new PathDiagnosticPiece(L,
336 "Loop condition is true. Entering loop body."));
337
338 break;
339 }
340
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]341 case Stmt::IfStmtClass: {
342
343 if (*(Src->succ_begin()+1) == Dst)
344 PD.push_front(new PathDiagnosticPiece(L, "Taking false branch."));
345 else
346 PD.push_front(new PathDiagnosticPiece(L, "Taking true branch."));
347
348 break;
349 }
350 }
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]351 }
352 else
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]353 if (PathDiagnosticPiece* piece = R.VisitNode(N, NextNode, *GTrim, Ctx))
354 PD.push_front(piece);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]355 }
356}
357
358bool BugReporter::IsCached(ExplodedNode<ValueState>* N) {
359
360 // HACK: Cache the location of the error. Don't emit the same
361 // warning for the same error type that occurs at the same program
362 // location but along a different path.
363
364 void* p = N->getLocation().getRawData();
365
366 if (CachedErrors.count(p))
367 return true;
368
369 CachedErrors.insert(p);
370
371 return false;
372}
373
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]374void BugReporter::EmitPathWarning(BugReport& R) {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]375
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]376 ExplodedNode<ValueState>* N = R.getEndNode();
377
378 if (!PD || !N) {
379 EmitWarning(R);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]380 return;
381 }
382
383 if (IsCached(N))
384 return;
385
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]386 PathDiagnostic D(R.getName());
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]387 GeneratePathDiagnostic(D, R);
Ted Kremenek70d17222008-04-03 07:33:55 +0000[diff] [blame]388
389 if (!D.empty())
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]390 PD->HandlePathDiagnostic(D);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]391}
392
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]393void BugReporter::EmitWarning(BugReport& R) {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]394
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]395 ExplodedNode<ValueState>* N = R.getEndNode();
396
397 if (N && IsCached(N))
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]398 return;
399
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]400 FullSourceLoc L = R.getLocation(Ctx.getSourceManager());
Ted Kremenek5fcca682008-04-14 18:06:42 +0000[diff] [blame]401
Ted Kremenek4bb6ac22008-04-10 16:12:38 +0000[diff] [blame]402 const SourceRange *Beg, *End;
403 R.getRanges(Beg, End);
Ted Kremenek5fcca682008-04-14 18:06:42 +0000[diff] [blame]404
405 if (!PD) {
406
407 std::ostringstream os;
408 os << "[CHECKER] " << R.getDescription();
409
410 unsigned ErrorDiag = Diag.getCustomDiagID(Diagnostic::Warning,
411 os.str().c_str());
412
413 Diag.Report(L, ErrorDiag, NULL, 0, Beg, End - Beg);
414 }
415 else {
416 PathDiagnostic D(R.getName());
417 PathDiagnosticPiece* piece = new PathDiagnosticPiece(L, R.getDescription());
418
419 for ( ; Beg != End; ++Beg)
420 piece->addRange(*Beg);
421
422 D.push_back(piece);
423 PD->HandlePathDiagnostic(D);
424 }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]425}