Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / ec8605f1d7ec846dbf51047bfd5c56d32d1ff91c / . / lib / StaticAnalyzer / Checkers / UndefinedAssignmentChecker.cpp
blob: 28806e3db917f65e833892be24b330fb6aa3097d [file] [log] [blame]
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]1//===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]10// This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]11// checks for assigning undefined values.
12//
13//===----------------------------------------------------------------------===//
14
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]15#include "ClangSACheckers.h"
Argyrios Kyrtzidisec8605f2011-03-01 01:16:21 +0000[diff] [blame^]16#include "clang/StaticAnalyzer/Core/Checker.h"
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]17#include "clang/StaticAnalyzer/Core/CheckerManager.h"
18#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
Ted Kremenek9b663712011-02-10 01:03:03 +0000[diff] [blame]19#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]20
21using namespace clang;
Ted Kremenek9ef65372010-12-23 07:20:52 +0000[diff] [blame]22using namespace ento;
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]23
Zhongxing Xuc3372e02009-11-22 12:29:52 +0000[diff] [blame]24namespace {
Kovarththanan Rajaratnamba5fb5a2009-11-28 06:07:30 +0000[diff] [blame]25class UndefinedAssignmentChecker
Argyrios Kyrtzidisec8605f2011-03-01 01:16:21 +0000[diff] [blame^]26 : public Checker<check::Bind> {
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]27 mutable llvm::OwningPtr<BugType> BT;
28
Zhongxing Xuc3372e02009-11-22 12:29:52 +0000[diff] [blame]29public:
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]30 void checkBind(SVal location, SVal val, CheckerContext &C) const;
Zhongxing Xuc3372e02009-11-22 12:29:52 +0000[diff] [blame]31};
32}
33
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]34void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
35 CheckerContext &C) const {
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]36 if (!val.isUndef())
37 return;
38
Ted Kremenekd048c6e2010-12-20 21:19:09 +0000[diff] [blame]39 ExplodedNode *N = C.generateSink();
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]40
41 if (!N)
42 return;
43
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]44 const char *str = "Assigned value is garbage or undefined";
45
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]46 if (!BT)
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]47 BT.reset(new BuiltinBug(str));
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]48
49 // Generate a report for this bug.
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]50 const Expr *ex = 0;
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]51
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]52 const Stmt *StoreE = C.getStmt();
Ted Kremenek79d73042010-09-02 00:56:20 +0000[diff] [blame]53 while (StoreE) {
54 if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]55 if (B->isCompoundAssignmentOp()) {
56 const GRState *state = C.getState();
57 if (state->getSVal(B->getLHS()).isUndef()) {
58 str = "The left expression of the compound assignment is an "
59 "uninitialized value. The computed value will also be garbage";
60 ex = B->getLHS();
61 break;
62 }
63 }
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]64
Ted Kremenek50ecd152009-11-05 00:42:23 +0000[diff] [blame]65 ex = B->getRHS();
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]66 break;
67 }
68
Ted Kremenek79d73042010-09-02 00:56:20 +0000[diff] [blame]69 if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
Ted Kremenek50ecd152009-11-05 00:42:23 +0000[diff] [blame]70 const VarDecl* VD = dyn_cast<VarDecl>(DS->getSingleDecl());
71 ex = VD->getInit();
72 }
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]73
74 break;
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]75 }
76
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]77 EnhancedBugReport *R = new EnhancedBugReport(*BT, str, N);
78 if (ex) {
79 R->addRange(ex->getSourceRange());
80 R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, ex);
81 }
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]82 C.EmitReport(R);
Ted Kremenek12182a02010-03-22 22:16:26 +0000[diff] [blame]83}
Ted Kremenekb107c4b2009-11-04 04:24:16 +0000[diff] [blame]84
Argyrios Kyrtzidis267aa5c2011-02-28 01:27:37 +0000[diff] [blame]85void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
86 mgr.registerChecker<UndefinedAssignmentChecker>();
87}