Blame - clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp - toolchain/llvm-project

2019-07-10 00:20:03 +0000

[diff] [blame]

1

//===- CastValueChecker - Model implementation of custom RTTIs --*- C++ -*-===//

2

//

3

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

4

// See https://llvm.org/LICENSE.txt for license information.

5

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

6

//

7

//===----------------------------------------------------------------------===//

8

//

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

9

// This defines CastValueChecker which models casts of custom RTTIs.

10

//

11

// TODO list:

12

// - It only allows one succesful cast between two types however in the wild

13

// the object could be casted to multiple types.

14

// - It needs to check the most likely type information from the dynamic type

15

// map to increase precision of dynamic casting.

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

16

//

17

//===----------------------------------------------------------------------===//

18

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

19

#include "clang/AST/DeclTemplate.h"

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

20

#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"

21

#include "clang/StaticAnalyzer/Core/Checker.h"

22

#include "clang/StaticAnalyzer/Core/CheckerManager.h"

23

#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"

24

#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

25

#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicType.h"

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

26

#include "llvm/ADT/Optional.h"

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

27

#include <utility>

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

28

29

using namespace clang;

30

using namespace ento;

31

32

namespace {

33

class CastValueChecker : public Checker<eval::Call> {

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

34

enum class CallKind { Function, Method, InstanceOf };

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

35

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

36

using CastCheck =

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

37

std::function<void(const CastValueChecker *, const CallEvent &Call,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

38

DefinedOrUnknownSVal, CheckerContext &)>;

39

40

public:

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

41

// We have five cases to evaluate a cast:

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

42

// 1) The parameter is non-null, the return value is non-null.

43

// 2) The parameter is non-null, the return value is null.

44

// 3) The parameter is null, the return value is null.

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

45

// cast: 1; dyn_cast: 1, 2; cast_or_null: 1, 3; dyn_cast_or_null: 1, 2, 3.

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

46

//

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

47

// 4) castAs: Has no parameter, the return value is non-null.

48

// 5) getAs: Has no parameter, the return value is null or non-null.

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

49

//

50

// We have two cases to check the parameter is an instance of the given type.

51

// 1) isa: The parameter is non-null, returns boolean.

52

// 2) isa_and_nonnull: The parameter is null or non-null, returns boolean.

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

53

bool evalCall(const CallEvent &Call, CheckerContext &C) const;

54

55

private:

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

56

// These are known in the LLVM project. The pairs are in the following form:

57

// {{{namespace, call}, argument-count}, {callback, kind}}

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

58

const CallDescriptionMap<std::pair<CastCheck, CallKind>> CDM = {

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

59

{{{"llvm", "cast"}, 1},

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

60

{&CastValueChecker::evalCast, CallKind::Function}},

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

61

{{{"llvm", "dyn_cast"}, 1},

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

62

{&CastValueChecker::evalDynCast, CallKind::Function}},

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

63

{{{"llvm", "cast_or_null"}, 1},

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

64

{&CastValueChecker::evalCastOrNull, CallKind::Function}},

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

65

{{{"llvm", "dyn_cast_or_null"}, 1},

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

66

{&CastValueChecker::evalDynCastOrNull, CallKind::Function}},

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

67

{{{"clang", "castAs"}, 0},

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

68

{&CastValueChecker::evalCastAs, CallKind::Method}},

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

69

{{{"clang", "getAs"}, 0},

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

70

{&CastValueChecker::evalGetAs, CallKind::Method}},

71

{{{"llvm", "isa"}, 1},

72

{&CastValueChecker::evalIsa, CallKind::InstanceOf}},

73

{{{"llvm", "isa_and_nonnull"}, 1},

74

{&CastValueChecker::evalIsaAndNonNull, CallKind::InstanceOf}}};

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

75

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

76

void evalCast(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

77

CheckerContext &C) const;

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

78

void evalDynCast(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

79

CheckerContext &C) const;

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

80

void evalCastOrNull(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

81

CheckerContext &C) const;

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

82

void evalDynCastOrNull(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

83

CheckerContext &C) const;

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

84

void evalCastAs(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

85

CheckerContext &C) const;

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

86

void evalGetAs(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

87

CheckerContext &C) const;

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

88

void evalIsa(const CallEvent &Call, DefinedOrUnknownSVal DV,

89

CheckerContext &C) const;

90

void evalIsaAndNonNull(const CallEvent &Call, DefinedOrUnknownSVal DV,

91

CheckerContext &C) const;

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

};

} // namespace

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

95

static QualType getRecordType(QualType Ty) {

96

Ty = Ty.getCanonicalType();

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

97

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

98

if (Ty->isPointerType())

99

Ty = Ty->getPointeeType();

100

101

if (Ty->isReferenceType())

102

Ty = Ty.getNonReferenceType();

103

104

return Ty.getUnqualifiedType();

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

105

}

106

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

107

static bool isInfeasibleCast(const DynamicCastInfo *CastInfo,

bool CastSucceeds) {

if (!CastInfo)

return false;

return CastSucceeds ? CastInfo->fails() : CastInfo->succeeds();

113

}

114

115

static const NoteTag *getNoteTag(CheckerContext &C,

116

const DynamicCastInfo *CastInfo,

117

QualType CastToTy, const Expr *Object,

118

bool CastSucceeds, bool IsKnownCast) {

119

std::string CastToName =

120

CastInfo ? CastInfo->to()->getAsCXXRecordDecl()->getNameAsString()

121

: CastToTy->getAsCXXRecordDecl()->getNameAsString();

122

Object = Object->IgnoreParenImpCasts();

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

123

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

124

return C.getNoteTag(

Csaba Dabis

22dc44f

2019-08-22 01:41:06 +0000

[diff] [blame]

125

[=]() -> std::string {

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

126

SmallString<128> Msg;

127

llvm::raw_svector_ostream Out(Msg);

128

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

129

if (!IsKnownCast)

130

Out << "Assuming ";

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

131

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

132

if (const auto *DRE = dyn_cast<DeclRefExpr>(Object)) {

133

Out << '\'' << DRE->getDecl()->getNameAsString() << '\'';

134

} else if (const auto *ME = dyn_cast<MemberExpr>(Object)) {

135

Out << (IsKnownCast ? "Field '" : "field '")

136

<< ME->getMemberDecl()->getNameAsString() << '\'';

137

} else {

138

Out << (IsKnownCast ? "The object" : "the object");

139

}

140

141

Out << ' ' << (CastSucceeds ? "is a" : "is not a") << " '" << CastToName

142

<< '\'';

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

143

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

144

return Out.str();

145

},

146

/*IsPrunable=*/true);

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

147

}

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

148

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

149

//===----------------------------------------------------------------------===//

150

// Main logic to evaluate a cast.

151

//===----------------------------------------------------------------------===//

152

153

static void addCastTransition(const CallEvent &Call, DefinedOrUnknownSVal DV,

154

CheckerContext &C, bool IsNonNullParam,

155

bool IsNonNullReturn,

156

bool IsCheckedCast = false) {

157

ProgramStateRef State = C.getState()->assume(DV, IsNonNullParam);

if (!State)

return;

const Expr *Object;

QualType CastFromTy;

QualType CastToTy = getRecordType(Call.getResultType());

164

165

if (Call.getNumArgs() > 0) {

166

Object = Call.getArgExpr(0);

167

CastFromTy = getRecordType(Call.parameters()[0]->getType());

168

} else {

169

Object = cast<CXXInstanceCall>(&Call)->getCXXThisExpr();

170

CastFromTy = getRecordType(Object->getType());

171

}

172

173

const MemRegion *MR = DV.getAsRegion();

174

const DynamicCastInfo *CastInfo =

175

getDynamicCastInfo(State, MR, CastFromTy, CastToTy);

176

177

// We assume that every checked cast succeeds.

178

bool CastSucceeds = IsCheckedCast || CastFromTy == CastToTy;

179

if (!CastSucceeds) {

180

if (CastInfo)

181

CastSucceeds = IsNonNullReturn && CastInfo->succeeds();

182

else

183

CastSucceeds = IsNonNullReturn;

184

}

185

186

// Check for infeasible casts.

187

if (isInfeasibleCast(CastInfo, CastSucceeds)) {

188

C.generateSink(State, C.getPredecessor());

return;

}

// Store the type and the cast information.

193

bool IsKnownCast = CastInfo || IsCheckedCast || CastFromTy == CastToTy;

194

if (!IsKnownCast || IsCheckedCast)

195

State = setDynamicTypeAndCastInfo(State, MR, CastFromTy, CastToTy,

196

Call.getResultType(), CastSucceeds);

197

198

SVal V = CastSucceeds ? DV : C.getSValBuilder().makeNull();

199

C.addTransition(

200

State->BindExpr(Call.getOriginExpr(), C.getLocationContext(), V, false),

201

getNoteTag(C, CastInfo, CastToTy, Object, CastSucceeds, IsKnownCast));

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

202

}

203

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

204

static void addInstanceOfTransition(const CallEvent &Call,

205

DefinedOrUnknownSVal DV,

206

ProgramStateRef State, CheckerContext &C,

207

bool IsInstanceOf) {

208

const FunctionDecl *FD = Call.getDecl()->getAsFunction();

209

QualType CastToTy = FD->getTemplateSpecializationArgs()->get(0).getAsType();

210

QualType CastFromTy = getRecordType(Call.parameters()[0]->getType());

211

212

const MemRegion *MR = DV.getAsRegion();

213

const DynamicCastInfo *CastInfo =

214

getDynamicCastInfo(State, MR, CastFromTy, CastToTy);

bool CastSucceeds;

if (CastInfo)

CastSucceeds = IsInstanceOf && CastInfo->succeeds();

219

else

220

CastSucceeds = IsInstanceOf || CastFromTy == CastToTy;

221

222

if (isInfeasibleCast(CastInfo, CastSucceeds)) {

223

C.generateSink(State, C.getPredecessor());

return;

}

// Store the type and the cast information.

228

bool IsKnownCast = CastInfo || CastFromTy == CastToTy;

229

if (!IsKnownCast)

230

State = setDynamicTypeAndCastInfo(State, MR, CastFromTy, CastToTy,

231

Call.getResultType(), IsInstanceOf);

232

233

C.addTransition(

234

State->BindExpr(Call.getOriginExpr(), C.getLocationContext(),

235

C.getSValBuilder().makeTruthVal(CastSucceeds)),

236

getNoteTag(C, CastInfo, CastToTy, Call.getArgExpr(0), CastSucceeds,

IsKnownCast));

}

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

240

//===----------------------------------------------------------------------===//

241

// Evaluating cast, dyn_cast, cast_or_null, dyn_cast_or_null.

242

//===----------------------------------------------------------------------===//

243

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

244

static void evalNonNullParamNonNullReturn(const CallEvent &Call,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

245

DefinedOrUnknownSVal DV,

246

CheckerContext &C,

247

bool IsCheckedCast = false) {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

248

addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,

249

/*IsNonNullReturn=*/true, IsCheckedCast);

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

250

}

251

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

252

static void evalNonNullParamNullReturn(const CallEvent &Call,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

253

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

254

CheckerContext &C) {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

255

addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,

256

/*IsNonNullReturn=*/false);

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

257

}

258

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

259

static void evalNullParamNullReturn(const CallEvent &Call,

260

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

261

CheckerContext &C) {

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

262

if (ProgramStateRef State = C.getState()->assume(DV, false))

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

263

C.addTransition(State->BindExpr(Call.getOriginExpr(),

264

C.getLocationContext(),

265

C.getSValBuilder().makeNull(), false),

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

266

C.getNoteTag("Assuming null pointer is passed into cast",

267

/*IsPrunable=*/true));

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

268

}

269

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

270

void CastValueChecker::evalCast(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

271

CheckerContext &C) const {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

272

evalNonNullParamNonNullReturn(Call, DV, C, /*IsCheckedCast=*/true);

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

273

}

274

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

275

void CastValueChecker::evalDynCast(const CallEvent &Call,

276

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

277

CheckerContext &C) const {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

278

evalNonNullParamNonNullReturn(Call, DV, C);

279

evalNonNullParamNullReturn(Call, DV, C);

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

280

}

281

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

282

void CastValueChecker::evalCastOrNull(const CallEvent &Call,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

283

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

284

CheckerContext &C) const {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

285

evalNonNullParamNonNullReturn(Call, DV, C);

286

evalNullParamNullReturn(Call, DV, C);

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

287

}

288

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

289

void CastValueChecker::evalDynCastOrNull(const CallEvent &Call,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

290

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

291

CheckerContext &C) const {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

292

evalNonNullParamNonNullReturn(Call, DV, C);

293

evalNonNullParamNullReturn(Call, DV, C);

294

evalNullParamNullReturn(Call, DV, C);

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

295

}

296

297

//===----------------------------------------------------------------------===//

298

// Evaluating castAs, getAs.

299

//===----------------------------------------------------------------------===//

300

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

301

static void evalZeroParamNonNullReturn(const CallEvent &Call,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

302

DefinedOrUnknownSVal DV,

303

CheckerContext &C,

304

bool IsCheckedCast = false) {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

305

addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,

306

/*IsNonNullReturn=*/true, IsCheckedCast);

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

307

}

308

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

309

static void evalZeroParamNullReturn(const CallEvent &Call,

310

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

311

CheckerContext &C) {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

312

addCastTransition(Call, DV, C, /*IsNonNullParam=*/true,

313

/*IsNonNullReturn=*/false);

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

314

}

315

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

316

void CastValueChecker::evalCastAs(const CallEvent &Call,

317

DefinedOrUnknownSVal DV,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

318

CheckerContext &C) const {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

319

evalZeroParamNonNullReturn(Call, DV, C, /*IsCheckedCast=*/true);

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

320

}

321

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

322

void CastValueChecker::evalGetAs(const CallEvent &Call, DefinedOrUnknownSVal DV,

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

323

CheckerContext &C) const {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

324

evalZeroParamNonNullReturn(Call, DV, C);

325

evalZeroParamNullReturn(Call, DV, C);

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

326

}

327

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

328

//===----------------------------------------------------------------------===//

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

329

// Evaluating isa, isa_and_nonnull.

330

//===----------------------------------------------------------------------===//

331

332

void CastValueChecker::evalIsa(const CallEvent &Call, DefinedOrUnknownSVal DV,

333

CheckerContext &C) const {

334

ProgramStateRef NonNullState, NullState;

335

std::tie(NonNullState, NullState) = C.getState()->assume(DV);

336

337

if (NonNullState) {

338

addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/true);

339

addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/false);

}

if (NullState) {

C.generateSink(NullState, C.getPredecessor());

}

}

void CastValueChecker::evalIsaAndNonNull(const CallEvent &Call,

348

DefinedOrUnknownSVal DV,

349

CheckerContext &C) const {

350

ProgramStateRef NonNullState, NullState;

351

std::tie(NonNullState, NullState) = C.getState()->assume(DV);

352

353

if (NonNullState) {

354

addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/true);

355

addInstanceOfTransition(Call, DV, NonNullState, C, /*IsInstanceOf=*/false);

}

if (NullState) {

addInstanceOfTransition(Call, DV, NullState, C, /*IsInstanceOf=*/false);

}

}

//===----------------------------------------------------------------------===//

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

364

// Main logic to evaluate a call.

365

//===----------------------------------------------------------------------===//

366

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

367

bool CastValueChecker::evalCall(const CallEvent &Call,

368

CheckerContext &C) const {

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

369

const auto *Lookup = CDM.lookup(Call);

370

if (!Lookup)

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

371

return false;

372

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

373

const CastCheck &Check = Lookup->first;

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

374

CallKind Kind = Lookup->second;

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

375

376

// We need to obtain the record type of the call's result to model it.

377

if (Kind != CallKind::InstanceOf &&

378

!getRecordType(Call.getResultType())->isRecordType())

379

return false;

380

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

381

Optional<DefinedOrUnknownSVal> DV;

382

383

switch (Kind) {

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

384

case CallKind::Function: {

Artem Dergachev

af992e6

2019-08-23 03:23:58 +0000

[diff] [blame^]

385

// We only model casts from pointers to pointers or from references

386

// to references. Other casts are most likely specialized and we

387

// cannot model them.

388

QualType ParamT = Call.parameters()[0]->getType();

389

QualType ResultT = Call.getResultType();

390

if (!(ParamT->isPointerType() && ResultT->isPointerType()) &&

391

!(ParamT->isReferenceType() && ResultT->isReferenceType()))

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

392

return false;

393

394

DV = Call.getArgSVal(0).getAs<DefinedOrUnknownSVal>();

395

break;

396

}

Csaba Dabis

2019-08-22 02:57:59 +0000

[diff] [blame]

397

case CallKind::InstanceOf: {

398

// We need to obtain the only template argument to determinte the type.

399

const FunctionDecl *FD = Call.getDecl()->getAsFunction();

400

if (!FD || !FD->getTemplateSpecializationArgs())

401

return false;

402

403

DV = Call.getArgSVal(0).getAs<DefinedOrUnknownSVal>();

404

break;

405

}

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

406

case CallKind::Method:

Csaba Dabis

2019-08-09 02:24:42 +0000

[diff] [blame]

407

const auto *InstanceCall = dyn_cast<CXXInstanceCall>(&Call);

if (!InstanceCall)

return false;

DV = InstanceCall->getCXXThisVal().getAs<DefinedOrUnknownSVal>();

break;

}

if (!DV)

Csaba Dabis

2019-07-10 00:20:03 +0000

[diff] [blame]

416

return false;

417

Csaba Dabis

2019-08-22 00:20:36 +0000

[diff] [blame]

418

Check(this, Call, *DV, C);

Csaba Dabis