Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 85f7294e5af0cb7ea8e2d0469b96d0369627c48c / . / clang / lib / StaticAnalyzer / Checkers / CastValueChecker.cpp
blob: cc1c9a66b90e26a00ccbdde6b10e5e20f7ba8e92 [file] [log] [blame]
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]1//===- CastValueChecker - Model implementation of custom RTTIs --*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]9// This defines CastValueChecker which models casts of custom RTTIs.
10//
11// TODO list:
12// - It only allows one succesful cast between two types however in the wild
13// the object could be casted to multiple types.
14// - It needs to check the most likely type information from the dynamic type
15// map to increase precision of dynamic casting.
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]16//
17//===----------------------------------------------------------------------===//
18
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]19#include "clang/AST/DeclTemplate.h"
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]20#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
21#include "clang/StaticAnalyzer/Core/Checker.h"
22#include "clang/StaticAnalyzer/Core/CheckerManager.h"
23#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
24#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]25#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicType.h"
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]26#include "llvm/ADT/Optional.h"
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]27#include <utility>
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]28
29using namespace clang;
30using namespace ento;
31
32namespace {
33class CastValueChecker : public Checker<eval::Call> {
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]34 enum class CallKind { Function, Method, InstanceOf };
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]35
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]36 using CastCheck =
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]37 std::function<void(const CastValueChecker *, const CallEvent &Call,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]38 DefinedOrUnknownSVal, CheckerContext &)>;
39
40public:
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]41 // We have five cases to evaluate a cast:
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]42 // 1) The parameter is non-null, the return value is non-null.
43 // 2) The parameter is non-null, the return value is null.
44 // 3) The parameter is null, the return value is null.
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]45 // cast: 1; dyn_cast: 1, 2; cast_or_null: 1, 3; dyn_cast_or_null: 1, 2, 3.
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]46 //
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]47 // 4) castAs: Has no parameter, the return value is non-null.
48 // 5) getAs: Has no parameter, the return value is null or non-null.
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]49 //
50 // We have two cases to check the parameter is an instance of the given type.
51 // 1) isa: The parameter is non-null, returns boolean.
52 // 2) isa_and_nonnull: The parameter is null or non-null, returns boolean.
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]53 bool evalCall(const CallEvent &Call, CheckerContext &C) const;
54
55private:
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]56 // These are known in the LLVM project. The pairs are in the following form:
57 // {{{namespace, call}, argument-count}, {callback, kind}}
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]58 const CallDescriptionMap<std::pair<CastCheck, CallKind>> CDM = {
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]59 {{{"llvm", "cast"}, 1},
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]60 {&CastValueChecker::evalCast, CallKind::Function}},
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]61 {{{"llvm", "dyn_cast"}, 1},
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]62 {&CastValueChecker::evalDynCast, CallKind::Function}},
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]63 {{{"llvm", "cast_or_null"}, 1},
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]64 {&CastValueChecker::evalCastOrNull, CallKind::Function}},
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]65 {{{"llvm", "dyn_cast_or_null"}, 1},
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]66 {&CastValueChecker::evalDynCastOrNull, CallKind::Function}},
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]67 {{{"clang", "castAs"}, 0},
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]68 {&CastValueChecker::evalCastAs, CallKind::Method}},
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]69 {{{"clang", "getAs"}, 0},
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]70 {&CastValueChecker::evalGetAs, CallKind::Method}},
71 {{{"llvm", "isa"}, 1},
72 {&CastValueChecker::evalIsa, CallKind::InstanceOf}},
73 {{{"llvm", "isa_and_nonnull"}, 1},
74 {&CastValueChecker::evalIsaAndNonNull, CallKind::InstanceOf}}};
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]75
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]76 void evalCast(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]77 CheckerContext &C) const;
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]78 void evalDynCast(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]79 CheckerContext &C) const;
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]80 void evalCastOrNull(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]81 CheckerContext &C) const;
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]82 void evalDynCastOrNull(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]83 CheckerContext &C) const;
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]84 void evalCastAs(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]85 CheckerContext &C) const;
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]86 void evalGetAs(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]87 CheckerContext &C) const;
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]88 void evalIsa(const CallEvent &Call, DefinedOrUnknownSVal DV,
89 CheckerContext &C) const;
90 void evalIsaAndNonNull(const CallEvent &Call, DefinedOrUnknownSVal DV,
91 CheckerContext &C) const;
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]92};
93} // namespace
94
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]95static bool isInfeasibleCast(const DynamicCastInfo *CastInfo,
96 bool CastSucceeds) {
97 if (!CastInfo)
98 return false;
99
100 return CastSucceeds ? CastInfo->fails() : CastInfo->succeeds();
101}
102
103static const NoteTag *getNoteTag(CheckerContext &C,
104 const DynamicCastInfo *CastInfo,
105 QualType CastToTy, const Expr *Object,
106 bool CastSucceeds, bool IsKnownCast) {
107 std::string CastToName =
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]108 CastInfo ? CastInfo->to()->getPointeeCXXRecordDecl()->getNameAsString()
109 : CastToTy->getPointeeCXXRecordDecl()->getNameAsString();
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]110 Object = Object->IgnoreParenImpCasts();
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]111
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]112 return C.getNoteTag(
Csaba Dabis22dc44f2019-08-22 01:41:06 +0000[diff] [blame]113 [=]() -> std::string {
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]114 SmallString<128> Msg;
115 llvm::raw_svector_ostream Out(Msg);
116
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]117 if (!IsKnownCast)
118 Out << "Assuming ";
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]119
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]120 if (const auto *DRE = dyn_cast<DeclRefExpr>(Object)) {
121 Out << '\'' << DRE->getDecl()->getNameAsString() << '\'';
122 } else if (const auto *ME = dyn_cast<MemberExpr>(Object)) {
123 Out << (IsKnownCast ? "Field '" : "field '")
124 << ME->getMemberDecl()->getNameAsString() << '\'';
125 } else {
126 Out << (IsKnownCast ? "The object" : "the object");
127 }
128
129 Out << ' ' << (CastSucceeds ? "is a" : "is not a") << " '" << CastToName
130 << '\'';
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]131
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]132 return Out.str();
133 },
134 /*IsPrunable=*/true);
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]135}
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]136
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]137//===----------------------------------------------------------------------===//
138// Main logic to evaluate a cast.
139//===----------------------------------------------------------------------===//
140
Artem Dergachev85f72942019-08-23 03:24:04 +0000[diff] [blame^]141static QualType alignReferenceTypes(QualType toAlign, QualType alignTowards,
142 ASTContext &ACtx) {
143 if (alignTowards->isLValueReferenceType() &&
144 alignTowards.isConstQualified()) {
145 toAlign.addConst();
146 return ACtx.getLValueReferenceType(toAlign);
147 } else if (alignTowards->isLValueReferenceType())
148 return ACtx.getLValueReferenceType(toAlign);
149 else if (alignTowards->isRValueReferenceType())
150 return ACtx.getRValueReferenceType(toAlign);
151
152 llvm_unreachable("Must align towards a reference type!");
153}
154
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]155static void addCastTransition(const CallEvent &Call, DefinedOrUnknownSVal DV,
156 CheckerContext &C, bool IsNonNullParam,
157 bool IsNonNullReturn,
158 bool IsCheckedCast = false) {
159 ProgramStateRef State = C.getState()->assume(DV, IsNonNullParam);
160 if (!State)
161 return;
162
163 const Expr *Object;
164 QualType CastFromTy;
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]165 QualType CastToTy = Call.getResultType();
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]166
167 if (Call.getNumArgs() > 0) {
168 Object = Call.getArgExpr(0);
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]169 CastFromTy = Call.parameters()[0]->getType();
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]170 } else {
171 Object = cast<CXXInstanceCall>(&Call)->getCXXThisExpr();
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]172 CastFromTy = Object->getType();
Artem Dergachev85f72942019-08-23 03:24:04 +0000[diff] [blame^]173 if (CastToTy->isPointerType()) {
174 if (!CastFromTy->isPointerType())
175 return;
176 } else {
177 if (!CastFromTy->isReferenceType())
178 return;
179
180 CastFromTy = alignReferenceTypes(CastFromTy, CastToTy, C.getASTContext());
181 }
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]182 }
183
184 const MemRegion *MR = DV.getAsRegion();
185 const DynamicCastInfo *CastInfo =
186 getDynamicCastInfo(State, MR, CastFromTy, CastToTy);
187
188 // We assume that every checked cast succeeds.
189 bool CastSucceeds = IsCheckedCast || CastFromTy == CastToTy;
190 if (!CastSucceeds) {
191 if (CastInfo)
192 CastSucceeds = IsNonNullReturn && CastInfo->succeeds();
193 else
194 CastSucceeds = IsNonNullReturn;
195 }
196
197 // Check for infeasible casts.
198 if (isInfeasibleCast(CastInfo, CastSucceeds)) {
199 C.generateSink(State, C.getPredecessor());
200 return;
201 }
202
203 // Store the type and the cast information.
204 bool IsKnownCast = CastInfo || IsCheckedCast || CastFromTy == CastToTy;
205 if (!IsKnownCast || IsCheckedCast)
206 State = setDynamicTypeAndCastInfo(State, MR, CastFromTy, CastToTy,
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]207 CastSucceeds);
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]208
Artem Dergachev85f72942019-08-23 03:24:04 +0000[diff] [blame^]209 SVal V = CastSucceeds ? C.getSValBuilder().evalCast(DV, CastToTy, CastFromTy)
210 : C.getSValBuilder().makeNull();
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]211 C.addTransition(
212 State->BindExpr(Call.getOriginExpr(), C.getLocationContext(), V, false),
213 getNoteTag(C, CastInfo, CastToTy, Object, CastSucceeds, IsKnownCast));
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]214}
215
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]216static void addInstanceOfTransition(const CallEvent &Call,
217 DefinedOrUnknownSVal DV,
218 ProgramStateRef State, CheckerContext &C,
219 bool IsInstanceOf) {
220 const FunctionDecl *FD = Call.getDecl()->getAsFunction();
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]221 QualType CastFromTy = Call.parameters()[0]->getType();
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]222 QualType CastToTy = FD->getTemplateSpecializationArgs()->get(0).getAsType();
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]223 if (CastFromTy->isPointerType())
224 CastToTy = C.getASTContext().getPointerType(CastToTy);
Artem Dergachev85f72942019-08-23 03:24:04 +0000[diff] [blame^]225 else if (CastFromTy->isReferenceType())
226 CastToTy = alignReferenceTypes(CastToTy, CastFromTy, C.getASTContext());
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]227 else
228 return;
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]229
230 const MemRegion *MR = DV.getAsRegion();
231 const DynamicCastInfo *CastInfo =
232 getDynamicCastInfo(State, MR, CastFromTy, CastToTy);
233
234 bool CastSucceeds;
235 if (CastInfo)
236 CastSucceeds = IsInstanceOf && CastInfo->succeeds();
237 else
238 CastSucceeds = IsInstanceOf || CastFromTy == CastToTy;
239
240 if (isInfeasibleCast(CastInfo, CastSucceeds)) {
241 C.generateSink(State, C.getPredecessor());
242 return;
243 }
244
245 // Store the type and the cast information.
246 bool IsKnownCast = CastInfo || CastFromTy == CastToTy;
247 if (!IsKnownCast)
248 State = setDynamicTypeAndCastInfo(State, MR, CastFromTy, CastToTy,
Artem Dergachev62a76d02019-08-23 03:24:01 +0000[diff] [blame]249 IsInstanceOf);
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]250
251 C.addTransition(
252 State->BindExpr(Call.getOriginExpr(), C.getLocationContext(),
253 C.getSValBuilder().makeTruthVal(CastSucceeds)),
254 getNoteTag(C, CastInfo, CastToTy, Call.getArgExpr(0), CastSucceeds,
255 IsKnownCast));
256}
257
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]258//===----------------------------------------------------------------------===//
259// Evaluating cast, dyn_cast, cast_or_null, dyn_cast_or_null.
260//===----------------------------------------------------------------------===//
261
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]262static void evalNonNullParamNonNullReturn(const CallEvent &Call,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]263 DefinedOrUnknownSVal DV,
264 CheckerContext &C,
265 bool IsCheckedCast = false) {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]266 addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,
267 /*IsNonNullReturn=*/true, IsCheckedCast);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]268}
269
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]270static void evalNonNullParamNullReturn(const CallEvent &Call,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]271 DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]272 CheckerContext &C) {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]273 addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,
274 /*IsNonNullReturn=*/false);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]275}
276
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]277static void evalNullParamNullReturn(const CallEvent &Call,
278 DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]279 CheckerContext &C) {
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]280 if (ProgramStateRef State = C.getState()->assume(DV, false))
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]281 C.addTransition(State->BindExpr(Call.getOriginExpr(),
282 C.getLocationContext(),
283 C.getSValBuilder().makeNull(), false),
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]284 C.getNoteTag("Assuming null pointer is passed into cast",
285 /*IsPrunable=*/true));
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]286}
287
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]288void CastValueChecker::evalCast(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]289 CheckerContext &C) const {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]290 evalNonNullParamNonNullReturn(Call, DV, C, /*IsCheckedCast=*/true);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]291}
292
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]293void CastValueChecker::evalDynCast(const CallEvent &Call,
294 DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]295 CheckerContext &C) const {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]296 evalNonNullParamNonNullReturn(Call, DV, C);
297 evalNonNullParamNullReturn(Call, DV, C);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]298}
299
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]300void CastValueChecker::evalCastOrNull(const CallEvent &Call,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]301 DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]302 CheckerContext &C) const {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]303 evalNonNullParamNonNullReturn(Call, DV, C);
304 evalNullParamNullReturn(Call, DV, C);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]305}
306
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]307void CastValueChecker::evalDynCastOrNull(const CallEvent &Call,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]308 DefinedOrUnknownSVal DV,
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]309 CheckerContext &C) const {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]310 evalNonNullParamNonNullReturn(Call, DV, C);
311 evalNonNullParamNullReturn(Call, DV, C);
312 evalNullParamNullReturn(Call, DV, C);
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]313}
314
315//===----------------------------------------------------------------------===//
316// Evaluating castAs, getAs.
317//===----------------------------------------------------------------------===//
318
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]319static void evalZeroParamNonNullReturn(const CallEvent &Call,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]320 DefinedOrUnknownSVal DV,
321 CheckerContext &C,
322 bool IsCheckedCast = false) {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]323 addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,
324 /*IsNonNullReturn=*/true, IsCheckedCast);
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]325}
326
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]327static void evalZeroParamNullReturn(const CallEvent &Call,
328 DefinedOrUnknownSVal DV,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]329 CheckerContext &C) {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]330 addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,
331 /*IsNonNullReturn=*/false);
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]332}
333
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]334void CastValueChecker::evalCastAs(const CallEvent &Call,
335 DefinedOrUnknownSVal DV,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]336 CheckerContext &C) const {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]337 evalZeroParamNonNullReturn(Call, DV, C, /*IsCheckedCast=*/true);
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]338}
339
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]340void CastValueChecker::evalGetAs(const CallEvent &Call, DefinedOrUnknownSVal DV,
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]341 CheckerContext &C) const {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]342 evalZeroParamNonNullReturn(Call, DV, C);
343 evalZeroParamNullReturn(Call, DV, C);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]344}
345
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]346//===----------------------------------------------------------------------===//
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]347// Evaluating isa, isa_and_nonnull.
348//===----------------------------------------------------------------------===//
349
350void CastValueChecker::evalIsa(const CallEvent &Call, DefinedOrUnknownSVal DV,
351 CheckerContext &C) const {
352 ProgramStateRef NonNullState, NullState;
353 std::tie(NonNullState, NullState) = C.getState()->assume(DV);
354
355 if (NonNullState) {
356 addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/true);
357 addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/false);
358 }
359
360 if (NullState) {
361 C.generateSink(NullState, C.getPredecessor());
362 }
363}
364
365void CastValueChecker::evalIsaAndNonNull(const CallEvent &Call,
366 DefinedOrUnknownSVal DV,
367 CheckerContext &C) const {
368 ProgramStateRef NonNullState, NullState;
369 std::tie(NonNullState, NullState) = C.getState()->assume(DV);
370
371 if (NonNullState) {
372 addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/true);
373 addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/false);
374 }
375
376 if (NullState) {
377 addInstanceOfTransition(Call, DV, NullState, C, /*IsInstanceOf=*/false);
378 }
379}
380
381//===----------------------------------------------------------------------===//
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]382// Main logic to evaluate a call.
383//===----------------------------------------------------------------------===//
384
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]385bool CastValueChecker::evalCall(const CallEvent &Call,
386 CheckerContext &C) const {
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]387 const auto *Lookup = CDM.lookup(Call);
388 if (!Lookup)
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]389 return false;
390
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]391 const CastCheck &Check = Lookup->first;
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]392 CallKind Kind = Lookup->second;
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]393
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]394 Optional<DefinedOrUnknownSVal> DV;
395
396 switch (Kind) {
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]397 case CallKind::Function: {
Artem Dergachevaf992e62019-08-23 03:23:58 +0000[diff] [blame]398 // We only model casts from pointers to pointers or from references
399 // to references. Other casts are most likely specialized and we
400 // cannot model them.
401 QualType ParamT = Call.parameters()[0]->getType();
402 QualType ResultT = Call.getResultType();
403 if (!(ParamT->isPointerType() && ResultT->isPointerType()) &&
404 !(ParamT->isReferenceType() && ResultT->isReferenceType()))
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]405 return false;
406
407 DV = Call.getArgSVal(0).getAs<DefinedOrUnknownSVal>();
408 break;
409 }
Csaba Dabis4d716002019-08-22 02:57:59 +0000[diff] [blame]410 case CallKind::InstanceOf: {
411 // We need to obtain the only template argument to determinte the type.
412 const FunctionDecl *FD = Call.getDecl()->getAsFunction();
413 if (!FD || !FD->getTemplateSpecializationArgs())
414 return false;
415
416 DV = Call.getArgSVal(0).getAs<DefinedOrUnknownSVal>();
417 break;
418 }
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]419 case CallKind::Method:
Csaba Dabiscf229d52019-08-09 02:24:42 +0000[diff] [blame]420 const auto *InstanceCall = dyn_cast<CXXInstanceCall>(&Call);
421 if (!InstanceCall)
422 return false;
423
424 DV = InstanceCall->getCXXThisVal().getAs<DefinedOrUnknownSVal>();
425 break;
426 }
427
428 if (!DV)
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]429 return false;
430
Csaba Dabis0202c352019-08-22 00:20:36 +0000[diff] [blame]431 Check(this, Call, *DV, C);
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]432 return true;
433}
434
Csaba Dabis693936a2019-07-10 00:20:03 +0000[diff] [blame]435void ento::registerCastValueChecker(CheckerManager &Mgr) {
436 Mgr.registerChecker<CastValueChecker>();
437}
438
439bool ento::shouldRegisterCastValueChecker(const LangOptions &LO) {
440 return true;
441}