| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 1 | //== DivZeroChecker.cpp - Division by zero checker --------------*- C++ -*--==// |
| 2 | // |
| 3 | // The LLVM Compiler Infrastructure |
| 4 | // |
| 5 | // This file is distributed under the University of Illinois Open Source |
| 6 | // License. See LICENSE.TXT for details. |
| 7 | // |
| 8 | //===----------------------------------------------------------------------===// |
| 9 | // |
| Argyrios Kyrtzidis | d2592a3 | 2010-12-22 18:53:44 +0000 | [diff] [blame^] | 10 | // This defines DivZeroChecker, a builtin check in ExprEngine that performs |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 11 | // checks for division by zeros. |
| 12 | // |
| 13 | //===----------------------------------------------------------------------===// |
| 14 | |
| Argyrios Kyrtzidis | d2592a3 | 2010-12-22 18:53:44 +0000 | [diff] [blame^] | 15 | #include "ExprEngineInternalChecks.h" |
| Argyrios Kyrtzidis | 98cabba | 2010-12-22 18:51:49 +0000 | [diff] [blame] | 16 | #include "clang/GR/BugReporter/BugType.h" |
| 17 | #include "clang/GR/PathSensitive/CheckerVisitor.h" |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 18 | |
| 19 | using namespace clang; |
| Argyrios Kyrtzidis | 5a4f98f | 2010-12-22 18:53:20 +0000 | [diff] [blame] | 20 | using namespace GR; |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 21 | |
| Ted Kremenek | 36df58a | 2009-11-06 20:47:51 +0000 | [diff] [blame] | 22 | namespace { |
| Kovarththanan Rajaratnam | ba5fb5a | 2009-11-28 06:07:30 +0000 | [diff] [blame] | 23 | class DivZeroChecker : public CheckerVisitor<DivZeroChecker> { |
| Ted Kremenek | 36df58a | 2009-11-06 20:47:51 +0000 | [diff] [blame] | 24 | BuiltinBug *BT; |
| 25 | public: |
| 26 | DivZeroChecker() : BT(0) {} |
| 27 | static void *getTag(); |
| 28 | void PreVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B); |
| 29 | }; |
| 30 | } // end anonymous namespace |
| 31 | |
| Argyrios Kyrtzidis | d2592a3 | 2010-12-22 18:53:44 +0000 | [diff] [blame^] | 32 | void GR::RegisterDivZeroChecker(ExprEngine &Eng) { |
| Ted Kremenek | 36df58a | 2009-11-06 20:47:51 +0000 | [diff] [blame] | 33 | Eng.registerCheck(new DivZeroChecker()); |
| 34 | } |
| 35 | |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 36 | void *DivZeroChecker::getTag() { |
| 37 | static int x; |
| 38 | return &x; |
| 39 | } |
| 40 | |
| 41 | void DivZeroChecker::PreVisitBinaryOperator(CheckerContext &C, |
| 42 | const BinaryOperator *B) { |
| 43 | BinaryOperator::Opcode Op = B->getOpcode(); |
| John McCall | 2de56d1 | 2010-08-25 11:45:40 +0000 | [diff] [blame] | 44 | if (Op != BO_Div && |
| 45 | Op != BO_Rem && |
| 46 | Op != BO_DivAssign && |
| 47 | Op != BO_RemAssign) |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 48 | return; |
| 49 | |
| 50 | if (!B->getRHS()->getType()->isIntegerType() || |
| 51 | !B->getRHS()->getType()->isScalarType()) |
| 52 | return; |
| 53 | |
| Ted Kremenek | 1397663 | 2010-02-08 16:18:51 +0000 | [diff] [blame] | 54 | SVal Denom = C.getState()->getSVal(B->getRHS()); |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 55 | const DefinedSVal *DV = dyn_cast<DefinedSVal>(&Denom); |
| 56 | |
| 57 | // Divide-by-undefined handled in the generic checking for uses of |
| 58 | // undefined values. |
| 59 | if (!DV) |
| 60 | return; |
| 61 | |
| 62 | // Check for divide by zero. |
| 63 | ConstraintManager &CM = C.getConstraintManager(); |
| 64 | const GRState *stateNotZero, *stateZero; |
| Ted Kremenek | 28f47b9 | 2010-12-01 22:16:56 +0000 | [diff] [blame] | 65 | llvm::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DV); |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 66 | |
| 67 | if (stateZero && !stateNotZero) { |
| Ted Kremenek | d048c6e | 2010-12-20 21:19:09 +0000 | [diff] [blame] | 68 | if (ExplodedNode *N = C.generateSink(stateZero)) { |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 69 | if (!BT) |
| Ted Kremenek | 2c791bd | 2009-11-06 00:44:32 +0000 | [diff] [blame] | 70 | BT = new BuiltinBug("Division by zero"); |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 71 | |
| 72 | EnhancedBugReport *R = |
| Benjamin Kramer | d02e232 | 2009-11-14 12:08:24 +0000 | [diff] [blame] | 73 | new EnhancedBugReport(*BT, BT->getDescription(), N); |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 74 | |
| 75 | R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, |
| 76 | bugreporter::GetDenomExpr(N)); |
| 77 | |
| 78 | C.EmitReport(R); |
| 79 | } |
| 80 | return; |
| 81 | } |
| 82 | |
| 83 | // If we get here, then the denom should not be zero. We abandon the implicit |
| 84 | // zero denom case for now. |
| Ted Kremenek | 19d67b5 | 2009-11-23 22:22:01 +0000 | [diff] [blame] | 85 | C.addTransition(stateNotZero); |
| Zhongxing Xu | 9e56d23 | 2009-10-31 10:02:37 +0000 | [diff] [blame] | 86 | } |