Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / fc0d02cbbfaaa91bf09666bffb2c2f64342bdd07 / . / clang / lib / StaticAnalyzer / Checkers / NonnullGlobalConstantsChecker.cpp
blob: 0b4ecb41d20f3816e0051a08e2713da7360d9aa0 [file] [log] [blame]
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]1//==- NonnullGlobalConstantsChecker.cpp ---------------------------*- C++ -*--//
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]10// This checker adds an assumption that constant globals of certain types* are
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]11// non-null, as otherwise they generally do not convey any useful information.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]12// The assumption is useful, as many framework use e. g. global const strings,
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]13// and the analyzer might not be able to infer the global value if the
14// definition is in a separate translation unit.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]15// The following types (and their typedef aliases) are considered to be
16// non-null:
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]17// - `char* const`
18// - `const CFStringRef` from CoreFoundation
19// - `NSString* const` from Foundation
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]20// - `CFBooleanRef` from Foundation
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]21//
22//===----------------------------------------------------------------------===//
23
24#include "ClangSACheckers.h"
25#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
26#include "clang/StaticAnalyzer/Core/Checker.h"
27#include "clang/StaticAnalyzer/Core/CheckerManager.h"
28#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
29#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
30
31using namespace clang;
32using namespace ento;
33
34namespace {
35
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]36class NonnullGlobalConstantsChecker : public Checker<check::Location> {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]37 mutable IdentifierInfo *NSStringII = nullptr;
38 mutable IdentifierInfo *CFStringRefII = nullptr;
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]39 mutable IdentifierInfo *CFBooleanRefII = nullptr;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]40
41public:
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]42 NonnullGlobalConstantsChecker() {}
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]43
44 void checkLocation(SVal l, bool isLoad, const Stmt *S,
45 CheckerContext &C) const;
46
47private:
48 void initIdentifierInfo(ASTContext &Ctx) const;
49
50 bool isGlobalConstString(SVal V) const;
51
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]52 bool isNonnullType(QualType Ty) const;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]53};
54
55} // namespace
56
57/// Lazily initialize cache for required identifier informations.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]58void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]59 if (NSStringII)
60 return;
61
62 NSStringII = &Ctx.Idents.get("NSString");
63 CFStringRefII = &Ctx.Idents.get("CFStringRef");
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]64 CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]65}
66
67/// Add an assumption that const string-like globals are non-null.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]68void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]69 const Stmt *S,
70 CheckerContext &C) const {
71 initIdentifierInfo(C.getASTContext());
72 if (!isLoad || !location.isValid())
73 return;
74
75 ProgramStateRef State = C.getState();
76 SVal V = State->getSVal(location.castAs<Loc>());
77
78 if (isGlobalConstString(location)) {
79 Optional<DefinedOrUnknownSVal> Constr = V.getAs<DefinedOrUnknownSVal>();
80
81 if (Constr) {
82
83 // Assume that the variable is non-null.
84 ProgramStateRef OutputState = State->assume(*Constr, true);
85 C.addTransition(OutputState);
86 }
87 }
88}
89
90/// \param V loaded lvalue.
91/// \return whether {@code val} is a string-like const global.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]92bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]93 Optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
94 if (!RegionVal)
95 return false;
96 auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
97 if (!Region)
98 return false;
99 const VarDecl *Decl = Region->getDecl();
100
101 if (!Decl->hasGlobalStorage())
102 return false;
103
104 QualType Ty = Decl->getType();
105 bool HasConst = Ty.isConstQualified();
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]106 if (isNonnullType(Ty) && HasConst)
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]107 return true;
108
109 // Look through the typedefs.
110 while (auto *T = dyn_cast<TypedefType>(Ty)) {
111 Ty = T->getDecl()->getUnderlyingType();
112
113 // It is sufficient for any intermediate typedef
114 // to be classified const.
115 HasConst = HasConst || Ty.isConstQualified();
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]116 if (isNonnullType(Ty) && HasConst)
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]117 return true;
118 }
119 return false;
120}
121
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]122/// \return whether {@code type} is extremely unlikely to be null
123bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]124
125 if (Ty->isPointerType() && Ty->getPointeeType()->isCharType())
126 return true;
127
128 if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
George Karpenkov734cad82017-10-11 19:13:15 +0000[diff] [blame]129 return T->getInterfaceDecl() &&
130 T->getInterfaceDecl()->getIdentifier() == NSStringII;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]131 } else if (auto *T = dyn_cast<TypedefType>(Ty)) {
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]132 IdentifierInfo* II = T->getDecl()->getIdentifier();
133 return II == CFStringRefII || II == CFBooleanRefII;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]134 }
135 return false;
136}
137
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]138void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
139 Mgr.registerChecker<NonnullGlobalConstantsChecker>();
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]140}