Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / c1da441bb4df44c08a43591059bdfa1e5d044dc0 / . / lib / Analysis / BugReporter.cpp
blob: 141ee48aa0561a5ccef313fe9427ab35b5069085 [file] [log] [blame]
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]1// BugReporter.cpp - Generate PathDiagnostics for Bugs ------------*- C++ -*--//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// This file defines BugReporter, a utility class for generating
11// PathDiagnostics for analyses based on GRSimpleVals.
12//
13//===----------------------------------------------------------------------===//
14
15#include "clang/Analysis/PathSensitive/BugReporter.h"
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]16#include "clang/Analysis/PathSensitive/GRExprEngine.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]17#include "clang/Basic/SourceManager.h"
18#include "clang/Basic/SourceLocation.h"
19#include "clang/AST/ASTContext.h"
20#include "clang/AST/CFG.h"
21#include "clang/AST/Expr.h"
22#include "clang/Analysis/ProgramPoint.h"
23#include "clang/Analysis/PathDiagnostic.h"
Ted Kremenekc1da4412008-06-17 19:14:06 +0000[diff] [blame^]24#include "llvm/ADT/DenseSet.h"
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]25#include <sstream>
26
27using namespace clang;
28
29BugReporter::~BugReporter() {}
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]30BugType::~BugType() {}
31BugReport::~BugReport() {}
Ted Kremenek5e55cda2008-04-11 18:40:29 +0000[diff] [blame]32RangedBugReport::~RangedBugReport() {}
33
Ted Kremenek1aa44c72008-05-22 23:45:19 +0000[diff] [blame]34ExplodedGraph<ValueState>& BugReporter::getGraph() {
35 return Eng.getGraph();
36}
37
38ValueStateManager& BugReporter::getStateManager() {
39 return Eng.getStateManager();
40}
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]41
42static inline Stmt* GetStmt(const ProgramPoint& P) {
43 if (const PostStmt* PS = dyn_cast<PostStmt>(&P)) {
44 return PS->getStmt();
45 }
46 else if (const BlockEdge* BE = dyn_cast<BlockEdge>(&P)) {
47 return BE->getSrc()->getTerminator();
48 }
49 else if (const BlockEntrance* BE = dyn_cast<BlockEntrance>(&P)) {
50 return BE->getFirstStmt();
51 }
52
53 assert (false && "Unsupported ProgramPoint.");
54 return NULL;
55}
56
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]57static inline Stmt* GetStmt(const CFGBlock* B) {
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]58 if (B->empty())
Ted Kremenek2673c9f2008-04-25 19:01:27 +0000[diff] [blame]59 return const_cast<Stmt*>(B->getTerminator());
Ted Kremenek2673c9f2008-04-25 19:01:27 +0000[diff] [blame]60 else
61 return (*B)[0];
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]62}
63
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]64static inline ExplodedNode<ValueState>*
65GetNextNode(ExplodedNode<ValueState>* N) {
66 return N->pred_empty() ? NULL : *(N->pred_begin());
67}
Ted Kremenek2673c9f2008-04-25 19:01:27 +0000[diff] [blame]68
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]69static Stmt* GetLastStmt(ExplodedNode<ValueState>* N) {
70 assert (isa<BlockEntrance>(N->getLocation()));
71
72 for (N = GetNextNode(N); N; N = GetNextNode(N)) {
73
74 ProgramPoint P = N->getLocation();
75
76 if (PostStmt* PS = dyn_cast<PostStmt>(&P))
77 return PS->getStmt();
78 }
79
80 return NULL;
81}
82
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]83static void ExecutionContinues(std::ostringstream& os, SourceManager& SMgr,
84 Stmt* S) {
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]85
86 if (!S)
87 return;
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]88
89 // Slow, but probably doesn't matter.
90 if (os.str().empty())
91 os << ' ';
92
93 os << "Execution continues on line "
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]94 << SMgr.getLogicalLineNumber(S->getLocStart()) << '.';
95}
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]96
97
98static inline void ExecutionContinues(std::ostringstream& os,
99 SourceManager& SMgr,
100 ExplodedNode<ValueState>* N) {
101
102 ExecutionContinues(os, SMgr, GetStmt(N->getLocation()));
103}
104
105static inline void ExecutionContinues(std::ostringstream& os,
106 SourceManager& SMgr,
107 const CFGBlock* B) {
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]108
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]109 ExecutionContinues(os, SMgr, GetStmt(B));
110}
111
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]112
113Stmt* BugReport::getStmt(BugReporter& BR) const {
114
Ted Kremenek200ed922008-05-02 23:21:21 +0000[diff] [blame]115 ProgramPoint ProgP = EndNode->getLocation();
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]116 Stmt *S = NULL;
117
118 if (BlockEntrance* BE = dyn_cast<BlockEntrance>(&ProgP))
119 if (BE->getBlock() == &BR.getCFG().getExit())
Ted Kremenek200ed922008-05-02 23:21:21 +0000[diff] [blame]120 S = GetLastStmt(EndNode);
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]121 if (!S)
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]122 S = GetStmt(ProgP);
123
124 return S;
125}
126
127PathDiagnosticPiece*
128BugReport::getEndPath(BugReporter& BR,
129 ExplodedNode<ValueState>* EndPathNode) {
130
131 Stmt* S = getStmt(BR);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]132
133 if (!S)
134 return NULL;
135
Ted Kremenekc9fa2f72008-05-01 23:13:35 +0000[diff] [blame]136 FullSourceLoc L(S->getLocStart(), BR.getContext().getSourceManager());
137 PathDiagnosticPiece* P = new PathDiagnosticPiece(L, getDescription());
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]138
Ted Kremenekde7161f2008-04-03 18:00:37 +0000[diff] [blame]139 const SourceRange *Beg, *End;
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]140 getRanges(BR, Beg, End);
141
142 for (; Beg != End; ++Beg)
143 P->addRange(*Beg);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]144
145 return P;
146}
147
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]148void BugReport::getRanges(BugReporter& BR, const SourceRange*& beg,
149 const SourceRange*& end) {
150
151 if (Expr* E = dyn_cast_or_null<Expr>(getStmt(BR))) {
152 R = E->getSourceRange();
153 beg = &R;
154 end = beg+1;
155 }
156 else
157 beg = end = 0;
Ted Kremenekf1ae7052008-04-03 17:57:38 +0000[diff] [blame]158}
159
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]160FullSourceLoc BugReport::getLocation(SourceManager& Mgr) {
161
Ted Kremenek200ed922008-05-02 23:21:21 +0000[diff] [blame]162 if (!EndNode)
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]163 return FullSourceLoc();
164
Ted Kremenek200ed922008-05-02 23:21:21 +0000[diff] [blame]165 Stmt* S = GetStmt(EndNode->getLocation());
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]166
167 if (!S)
168 return FullSourceLoc();
169
170 return FullSourceLoc(S->getLocStart(), Mgr);
171}
172
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]173PathDiagnosticPiece* BugReport::VisitNode(ExplodedNode<ValueState>* N,
174 ExplodedNode<ValueState>* PrevN,
175 ExplodedGraph<ValueState>& G,
Ted Kremenek8dd56462008-04-18 03:39:05 +0000[diff] [blame]176 BugReporter& BR) {
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]177 return NULL;
178}
179
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]180static std::pair<ExplodedGraph<ValueState>*, ExplodedNode<ValueState>*>
181MakeReportGraph(ExplodedGraph<ValueState>* G, ExplodedNode<ValueState>* N) {
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]182
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]183 llvm::OwningPtr<ExplodedGraph<ValueState> > GTrim(G->Trim(&N, &N+1));
184
Ted Kremenek910e9992008-04-25 01:25:15 +0000[diff] [blame]185 // Find the error node in the trimmed graph.
Ted Kremenek94826a72008-04-03 04:59:14 +0000[diff] [blame]186
Ted Kremenek910e9992008-04-25 01:25:15 +0000[diff] [blame]187 ExplodedNode<ValueState>* NOld = N;
188 N = 0;
Ted Kremenek94826a72008-04-03 04:59:14 +0000[diff] [blame]189
Ted Kremenek50a6d0c2008-04-09 21:41:14 +0000[diff] [blame]190 for (ExplodedGraph<ValueState>::node_iterator
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]191 I = GTrim->nodes_begin(), E = GTrim->nodes_end(); I != E; ++I) {
Ted Kremenek94826a72008-04-03 04:59:14 +0000[diff] [blame]192
Ted Kremenek910e9992008-04-25 01:25:15 +0000[diff] [blame]193 if (I->getState() == NOld->getState() &&
194 I->getLocation() == NOld->getLocation()) {
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]195 N = &*I;
Ted Kremenek94826a72008-04-03 04:59:14 +0000[diff] [blame]196 break;
197 }
198 }
199
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]200 assert(N);
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]201
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]202 // Create a new graph with a single path.
203
204 G = new ExplodedGraph<ValueState>(GTrim->getCFG(), GTrim->getCodeDecl(),
205 GTrim->getContext());
206
207
Ted Kremenek6aaca9c2008-04-23 23:04:32 +0000[diff] [blame]208 ExplodedNode<ValueState> *Last = 0, *First = 0;
Ted Kremenekc1da4412008-06-17 19:14:06 +0000[diff] [blame^]209
210 // Sometimes TrimGraph can contain a cycle because there are multiple BFS
211 // paths with the same length. We mark the nodes we visit so that we
212 // don't get stuck in a cycle.
213 llvm::DenseSet<void*> Visited;
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]214
215 while (N) {
Ted Kremenekc1da4412008-06-17 19:14:06 +0000[diff] [blame^]216 Visited.insert(N);
217
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]218 ExplodedNode<ValueState>* NewN =
219 G->getNode(N->getLocation(), N->getState());
220
Ted Kremenek6aaca9c2008-04-23 23:04:32 +0000[diff] [blame]221 if (!First) First = NewN;
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]222 if (Last) Last->addPredecessor(NewN);
223
224 Last = NewN;
Ted Kremenekc1da4412008-06-17 19:14:06 +0000[diff] [blame^]225
226 if (N->pred_empty())
227 break;
228
229 ExplodedNode<ValueState>::pred_iterator PI = N->pred_begin();
230 ExplodedNode<ValueState>::pred_iterator PE = N->pred_end();
231 N = 0;
232
233 // Look for the first predecessor that we have not already visited.
234
235 for (; PI != PE; ++PI)
236 if (!Visited.count(*PI)) {
237 N = *PI;
238 break;
239 }
240
241 assert (N && "All predecessors involved in a cycle!");
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]242 }
243
Ted Kremenek6aaca9c2008-04-23 23:04:32 +0000[diff] [blame]244 return std::make_pair(G, First);
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]245}
246
Ted Kremenek1aa44c72008-05-22 23:45:19 +0000[diff] [blame]247static VarDecl* GetMostRecentVarDeclBinding(ExplodedNode<ValueState>* N,
248 ValueStateManager& VMgr,
249 RVal X) {
250
251 for ( ; N ; N = N->pred_empty() ? 0 : *N->pred_begin()) {
252
253 ProgramPoint P = N->getLocation();
254
255 if (!isa<PostStmt>(P))
256 continue;
257
258 DeclRefExpr* DR = dyn_cast<DeclRefExpr>(cast<PostStmt>(P).getStmt());
259
260 if (!DR)
261 continue;
262
263 RVal Y = VMgr.GetRVal(N->getState(), DR);
264
265 if (X != Y)
266 continue;
267
268 VarDecl* VD = dyn_cast<VarDecl>(DR->getDecl());
269
270 if (!VD)
271 continue;
272
273 return VD;
274 }
275
276 return 0;
277}
278
279
280static void HandleNotableSymbol(ExplodedNode<ValueState>* N, Stmt* S,
281 SymbolID Sym, BugReporter& BR,
282 PathDiagnostic& PD) {
283
284 ExplodedNode<ValueState>* Pred = N->pred_empty() ? 0 : *N->pred_begin();
285 ValueState* PrevSt = Pred ? Pred->getState() : 0;
286
287 if (!PrevSt)
288 return;
289
290 // Look at the variable bindings of the current state that map to the
291 // specified symbol. Are any of them not in the previous state.
292
293 ValueState* St = N->getState();
294 ValueStateManager& VMgr = BR.getStateManager();
295
296 // FIXME: Later generalize for a broader memory model.
297
298 // FIXME: This is quadratic, since its nested in another loop. Probably
299 // doesn't matter, but keep an eye out for performance issues. It's
300 // also a bunch of copy-paste. Bad. Cleanup later.
301
302 for (ValueState::vb_iterator I=St->vb_begin(), E=St->vb_end(); I!=E; ++I){
303
304 RVal V = I.getData();
305 SymbolID ScanSym;
306
307 if (lval::SymbolVal* SV = dyn_cast<lval::SymbolVal>(&V))
308 ScanSym = SV->getSymbol();
309 else if (nonlval::SymbolVal* SV = dyn_cast<nonlval::SymbolVal>(&V))
310 ScanSym = SV->getSymbol();
311 else
312 continue;
313
314 if (ScanSym != Sym)
315 continue;
316
317 // Check if the previous state has this binding.
318
319 RVal X = VMgr.GetRVal(PrevSt, lval::DeclVal(I.getKey()));
320
321 if (X == V) // Same binding?
322 continue;
323
324 // Different binding. Only handle assignments for now. We don't pull
325 // this check out of the loop because we will eventually handle other
326 // cases.
327
328 VarDecl *VD = 0;
329
330 if (BinaryOperator* B = dyn_cast<BinaryOperator>(S)) {
331 if (!B->isAssignmentOp())
332 continue;
333
334 // What variable did we assign to?
335 DeclRefExpr* DR = dyn_cast<DeclRefExpr>(B->getLHS()->IgnoreParenCasts());
336
337 if (!DR)
338 continue;
339
340 VD = dyn_cast<VarDecl>(DR->getDecl());
341 }
342 else if (DeclStmt* DS = dyn_cast<DeclStmt>(S))
343 VD = dyn_cast<VarDecl>(DS->getDecl());
344
345 if (!VD)
346 continue;
347
348 // What is the most recently referenced variable with this binding?
349 VarDecl* MostRecent = GetMostRecentVarDeclBinding(Pred, VMgr, V);
350
351 if (!MostRecent)
352 continue;
353
354 // Create the diagnostic.
355
356 FullSourceLoc L(S->getLocStart(), BR.getSourceManager());
357
358 if (VD->getType()->isPointerLikeType()) {
359 std::string msg = "'" + std::string(VD->getName()) +
360 "' now aliases '" + MostRecent->getName() + "'";
361
362 PD.push_front(new PathDiagnosticPiece(L, msg));
363 }
364 }
365}
366
Ted Kremeneka43a1eb2008-04-23 23:02:12 +0000[diff] [blame]367void BugReporter::GeneratePathDiagnostic(PathDiagnostic& PD,
368 BugReport& R) {
369
370 ExplodedNode<ValueState>* N = R.getEndNode();
371
372 if (!N) return;
373
374 // Construct a new graph that contains only a single path from the error
375 // node to a root.
376
377 const std::pair<ExplodedGraph<ValueState>*,ExplodedNode<ValueState>*>
378 GPair = MakeReportGraph(&getGraph(), N);
379
380 llvm::OwningPtr<ExplodedGraph<ValueState> > ReportGraph(GPair.first);
381 assert(GPair.second->getLocation() == N->getLocation());
382 N = GPair.second;
383
384 // Start building the path diagnostic...
385
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]386 if (PathDiagnosticPiece* Piece = R.getEndPath(*this, N))
387 PD.push_back(Piece);
388 else
389 return;
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]390
391 ExplodedNode<ValueState>* NextNode = N->pred_empty()
392 ? NULL : *(N->pred_begin());
393
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]394 SourceManager& SMgr = Ctx.getSourceManager();
395
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]396 while (NextNode) {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]397
398 ExplodedNode<ValueState>* LastNode = N;
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]399 N = NextNode;
Ted Kremenekbd7efa82008-04-17 23:44:37 +0000[diff] [blame]400 NextNode = GetNextNode(N);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]401
402 ProgramPoint P = N->getLocation();
403
404 if (const BlockEdge* BE = dyn_cast<BlockEdge>(&P)) {
405
406 CFGBlock* Src = BE->getSrc();
407 CFGBlock* Dst = BE->getDst();
408
409 Stmt* T = Src->getTerminator();
410
411 if (!T)
412 continue;
413
414 FullSourceLoc L(T->getLocStart(), SMgr);
415
416 switch (T->getStmtClass()) {
417 default:
418 break;
419
420 case Stmt::GotoStmtClass:
421 case Stmt::IndirectGotoStmtClass: {
422
423 Stmt* S = GetStmt(LastNode->getLocation());
424
425 if (!S)
426 continue;
427
428 std::ostringstream os;
429
430 os << "Control jumps to line "
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]431 << SMgr.getLogicalLineNumber(S->getLocStart()) << ".\n";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]432
433 PD.push_front(new PathDiagnosticPiece(L, os.str()));
434 break;
435 }
436
437 case Stmt::SwitchStmtClass: {
438
439 // Figure out what case arm we took.
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]440
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]441 std::ostringstream os;
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]442
443 if (Stmt* S = Dst->getLabel())
444 switch (S->getStmtClass()) {
445
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]446 default:
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]447 assert(false && "Not a valid switch label.");
448 continue;
449
Ted Kremenek8b904552008-04-22 22:29:46 +0000[diff] [blame]450 case Stmt::DefaultStmtClass: {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]451
452 os << "Control jumps to the 'default' case at line "
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]453 << SMgr.getLogicalLineNumber(S->getLocStart()) << ".\n";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]454
455 break;
456 }
457
458 case Stmt::CaseStmtClass: {
459
460 os << "Control jumps to 'case ";
461
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]462 CaseStmt* Case = cast<CaseStmt>(S);
463 Expr* LHS = Case->getLHS()->IgnoreParenCasts();
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]464
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]465 // Determine if it is an enum.
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]466
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]467 bool GetRawInt = true;
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]468
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]469 if (DeclRefExpr* DR = dyn_cast<DeclRefExpr>(LHS)) {
470
471 // FIXME: Maybe this should be an assertion. Are there cases
472 // were it is not an EnumConstantDecl?
473
474 EnumConstantDecl* D = dyn_cast<EnumConstantDecl>(DR->getDecl());
475
476 if (D) {
477 GetRawInt = false;
478 os << D->getName();
479 }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]480 }
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]481
482 if (GetRawInt) {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]483
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]484 // Not an enum.
485 Expr* CondE = cast<SwitchStmt>(T)->getCond();
486 unsigned bits = Ctx.getTypeSize(CondE->getType());
487 llvm::APSInt V(bits, false);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]488
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]489 if (!LHS->isIntegerConstantExpr(V, Ctx, 0, true)) {
490 assert (false && "Case condition must be constant.");
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]491 continue;
492 }
493
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]494 os << V.toString();
Ted Kremenek2673c9f2008-04-25 19:01:27 +0000[diff] [blame]495 }
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]496
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]497 os << ":' at line "
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]498 << SMgr.getLogicalLineNumber(S->getLocStart()) << ".\n";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]499
500 break;
501
502 }
503 }
Ted Kremenek56783922008-04-25 01:29:56 +0000[diff] [blame]504 else {
Ted Kremenek2673c9f2008-04-25 19:01:27 +0000[diff] [blame]505 os << "'Default' branch taken.";
506 ExecutionContinues(os, SMgr, LastNode);
Ted Kremenek56783922008-04-25 01:29:56 +0000[diff] [blame]507 }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]508
509 PD.push_front(new PathDiagnosticPiece(L, os.str()));
510 break;
511 }
Ted Kremenek2673c9f2008-04-25 19:01:27 +0000[diff] [blame]512
513 case Stmt::BreakStmtClass:
514 case Stmt::ContinueStmtClass: {
515 std::ostringstream os;
516 ExecutionContinues(os, SMgr, LastNode);
517 PD.push_front(new PathDiagnosticPiece(L, os.str()));
518 break;
519 }
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]520
521 case Stmt::ConditionalOperatorClass: {
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]522
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]523 std::ostringstream os;
524 os << "'?' condition evaluates to ";
525
526 if (*(Src->succ_begin()+1) == Dst)
527 os << "false.";
528 else
529 os << "true.";
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]530
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]531 PD.push_front(new PathDiagnosticPiece(L, os.str()));
532
533 break;
534 }
535
536 case Stmt::DoStmtClass: {
537
538 if (*(Src->succ_begin()) == Dst) {
539
540 std::ostringstream os;
541
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]542 os << "Loop condition is true.";
543 ExecutionContinues(os, SMgr, Dst);
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]544
545 PD.push_front(new PathDiagnosticPiece(L, os.str()));
546 }
547 else
548 PD.push_front(new PathDiagnosticPiece(L,
549 "Loop condition is false. Exiting loop."));
550
551 break;
552 }
553
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]554 case Stmt::WhileStmtClass:
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]555 case Stmt::ForStmtClass: {
556
557 if (*(Src->succ_begin()+1) == Dst) {
558
559 std::ostringstream os;
560
Ted Kremenek143ca222008-05-06 18:11:09 +0000[diff] [blame]561 os << "Loop condition is false.";
562 ExecutionContinues(os, SMgr, Dst);
Ted Kremenek706e3cf2008-04-07 23:35:17 +0000[diff] [blame]563
564 PD.push_front(new PathDiagnosticPiece(L, os.str()));
565 }
566 else
567 PD.push_front(new PathDiagnosticPiece(L,
568 "Loop condition is true. Entering loop body."));
569
570 break;
571 }
572
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]573 case Stmt::IfStmtClass: {
574
575 if (*(Src->succ_begin()+1) == Dst)
576 PD.push_front(new PathDiagnosticPiece(L, "Taking false branch."));
577 else
578 PD.push_front(new PathDiagnosticPiece(L, "Taking true branch."));
579
580 break;
581 }
582 }
Ted Kremenek6837faa2008-04-09 00:20:43 +0000[diff] [blame]583 }
Ted Kremenek5a429952008-04-23 23:35:07 +0000[diff] [blame]584
585 if (PathDiagnosticPiece* p = R.VisitNode(N, NextNode, *ReportGraph, *this))
Ted Kremenek1aa44c72008-05-22 23:45:19 +0000[diff] [blame]586 PD.push_front(p);
587
588 if (const PostStmt* PS = dyn_cast<PostStmt>(&P)) {
589
590 ValueState* St = N->getState();
591
592 // Scan the lval bindings, and see if a "notable" symbol has a new
593 // lval binding.
594
595 // FIXME: In the future, when we generalize the memory model, we'll
596 // need a way to iterate over binded locations.
597
598 llvm::SmallSet<SymbolID, 10> AlreadyProcessed;
599
600 for (ValueState::vb_iterator I=St->vb_begin(), E=St->vb_end(); I!=E; ++I){
601
602 RVal V = I.getData();
603 SymbolID ScanSym;
604
605 if (lval::SymbolVal* SV = dyn_cast<lval::SymbolVal>(&V))
606 ScanSym = SV->getSymbol();
607 else if (nonlval::SymbolVal* SV = dyn_cast<nonlval::SymbolVal>(&V))
608 ScanSym = SV->getSymbol();
609 else
610 continue;
611
612 assert (ScanSym.isInitialized());
613
614 if (!isNotable(ScanSym))
615 continue;
616
617 if (AlreadyProcessed.count(ScanSym))
618 continue;
619
620 AlreadyProcessed.insert(ScanSym);
621
622 HandleNotableSymbol(N, PS->getStmt(), ScanSym, *this, PD);
623 }
624 }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]625 }
626}
627
Ted Kremenek1aa44c72008-05-22 23:45:19 +0000[diff] [blame]628
Ted Kremenek95cc1ba2008-04-18 20:54:29 +0000[diff] [blame]629bool BugTypeCacheLocation::isCached(BugReport& R) {
630
631 ExplodedNode<ValueState>* N = R.getEndNode();
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]632
Ted Kremenek329d2cc2008-04-18 02:24:50 +0000[diff] [blame]633 if (!N)
634 return false;
Ted Kremenek95cc1ba2008-04-18 20:54:29 +0000[diff] [blame]635
636 // Cache the location of the error. Don't emit the same
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]637 // warning for the same error type that occurs at the same program
638 // location but along a different path.
639
Ted Kremenek76d90c82008-05-16 18:33:14 +0000[diff] [blame]640 return isCached(N->getLocation());
641}
642
643bool BugTypeCacheLocation::isCached(ProgramPoint P) {
644
645 void* p = P.getRawData();
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]646
647 if (CachedErrors.count(p))
648 return true;
649
Ted Kremenek95cc1ba2008-04-18 20:54:29 +0000[diff] [blame]650 CachedErrors.insert(p);
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]651 return false;
652}
653
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]654void BugReporter::EmitWarning(BugReport& R) {
655
Ted Kremenek95cc1ba2008-04-18 20:54:29 +0000[diff] [blame]656 if (R.getBugType().isCached(R))
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]657 return;
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]658
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]659 llvm::OwningPtr<PathDiagnostic> D(new PathDiagnostic(R.getName()));
660 GeneratePathDiagnostic(*D.get(), R);
Ted Kremenek072192b2008-04-30 23:47:44 +0000[diff] [blame]661
662 // Get the meta data.
663
664 std::pair<const char**, const char**> Meta = R.getExtraDescriptiveText();
665
666 for (const char** s = Meta.first; s != Meta.second; ++s)
667 D->addMeta(*s);
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]668
669 // Emit a full diagnostic for the path if we have a PathDiagnosticClient.
Ted Kremenek70d17222008-04-03 07:33:55 +0000[diff] [blame]670
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]671 if (PD && !D->empty()) {
672 PD->HandlePathDiagnostic(D.take());
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]673 return;
674 }
Ted Kremenekd2f642b2008-04-14 17:39:48 +0000[diff] [blame]675
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]676 // We don't have a PathDiagnosticClient, but we can still emit a single
677 // line diagnostic. Determine the location.
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]678
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]679 FullSourceLoc L = D->empty() ? R.getLocation(Ctx.getSourceManager())
680 : D->back()->getLocation();
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]681
682
683 // Determine the range.
Ted Kremenek5fcca682008-04-14 18:06:42 +0000[diff] [blame]684
Ted Kremenek4bb6ac22008-04-10 16:12:38 +0000[diff] [blame]685 const SourceRange *Beg, *End;
Ted Kremenek5fcca682008-04-14 18:06:42 +0000[diff] [blame]686
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]687 if (!D->empty()) {
688 Beg = D->back()->ranges_begin();
689 End = D->back()->ranges_end();
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]690 }
691 else
Ted Kremenekbb77e9b2008-05-01 22:50:36 +0000[diff] [blame]692 R.getRanges(*this, Beg, End);
Ted Kremenek75840e12008-04-18 01:56:37 +0000[diff] [blame]693
Ted Kremenek2f0e89e2008-04-18 22:56:53 +0000[diff] [blame]694 if (PD) {
Ted Kremenek2f0e89e2008-04-18 22:56:53 +0000[diff] [blame]695 PathDiagnosticPiece* piece = new PathDiagnosticPiece(L, R.getDescription());
696
697 for ( ; Beg != End; ++Beg)
698 piece->addRange(*Beg);
699
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]700 D->push_back(piece);
701 PD->HandlePathDiagnostic(D.take());
Ted Kremenek2f0e89e2008-04-18 22:56:53 +0000[diff] [blame]702 }
703 else {
704 std::ostringstream os;
705 os << "[CHECKER] ";
706
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]707 if (D->empty())
Ted Kremenek2f0e89e2008-04-18 22:56:53 +0000[diff] [blame]708 os << R.getDescription();
709 else
Ted Kremenek55851142008-04-22 16:15:03 +0000[diff] [blame]710 os << D->back()->getString();
Ted Kremenek2f0e89e2008-04-18 22:56:53 +0000[diff] [blame]711
712
713 unsigned ErrorDiag = Diag.getCustomDiagID(Diagnostic::Warning,
714 os.str().c_str());
715
716 Diag.Report(L, ErrorDiag, NULL, 0, Beg, End - Beg);
717 }
Ted Kremenek61f3e052008-04-03 04:42:52 +0000[diff] [blame]718}