Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / f52f4f636f4fe572acde92d8a162a27f37367d05 / . / clang / lib / StaticAnalyzer / Checkers / NonnullGlobalConstantsChecker.cpp
blob: dd76fd2f1294ebed8b4eb13d286a8a7b9030bef4 [file] [log] [blame]
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]1//==- NonnullGlobalConstantsChecker.cpp ---------------------------*- C++ -*--//
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]2//
Chandler Carruth2946cd72019-01-19 08:50:56 +0000[diff] [blame]3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]6//
7//===----------------------------------------------------------------------===//
8//
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]9// This checker adds an assumption that constant globals of certain types* are
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]10// non-null, as otherwise they generally do not convey any useful information.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]11// The assumption is useful, as many framework use e. g. global const strings,
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]12// and the analyzer might not be able to infer the global value if the
13// definition is in a separate translation unit.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]14// The following types (and their typedef aliases) are considered to be
15// non-null:
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]16// - `char* const`
17// - `const CFStringRef` from CoreFoundation
18// - `NSString* const` from Foundation
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]19// - `CFBooleanRef` from Foundation
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]20//
21//===----------------------------------------------------------------------===//
22
Kristof Umann76a21502018-12-15 16:23:51 +0000[diff] [blame]23#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]24#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
25#include "clang/StaticAnalyzer/Core/Checker.h"
26#include "clang/StaticAnalyzer/Core/CheckerManager.h"
27#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
28#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
29
30using namespace clang;
31using namespace ento;
32
33namespace {
34
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]35class NonnullGlobalConstantsChecker : public Checker<check::Location> {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]36 mutable IdentifierInfo *NSStringII = nullptr;
37 mutable IdentifierInfo *CFStringRefII = nullptr;
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]38 mutable IdentifierInfo *CFBooleanRefII = nullptr;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]39
40public:
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]41 NonnullGlobalConstantsChecker() {}
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]42
43 void checkLocation(SVal l, bool isLoad, const Stmt *S,
44 CheckerContext &C) const;
45
46private:
47 void initIdentifierInfo(ASTContext &Ctx) const;
48
49 bool isGlobalConstString(SVal V) const;
50
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]51 bool isNonnullType(QualType Ty) const;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]52};
53
54} // namespace
55
Alexander Kornienko2a8c18d2018-04-06 15:14:32 +0000[diff] [blame]56/// Lazily initialize cache for required identifier information.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]57void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]58 if (NSStringII)
59 return;
60
61 NSStringII = &Ctx.Idents.get("NSString");
62 CFStringRefII = &Ctx.Idents.get("CFStringRef");
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]63 CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]64}
65
66/// Add an assumption that const string-like globals are non-null.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]67void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]68 const Stmt *S,
69 CheckerContext &C) const {
70 initIdentifierInfo(C.getASTContext());
71 if (!isLoad || !location.isValid())
72 return;
73
74 ProgramStateRef State = C.getState();
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]75
76 if (isGlobalConstString(location)) {
George Karpenkov53c1c102018-02-27 19:28:52 +0000[diff] [blame]77 SVal V = State->getSVal(location.castAs<Loc>());
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]78 Optional<DefinedOrUnknownSVal> Constr = V.getAs<DefinedOrUnknownSVal>();
79
80 if (Constr) {
81
82 // Assume that the variable is non-null.
83 ProgramStateRef OutputState = State->assume(*Constr, true);
84 C.addTransition(OutputState);
85 }
86 }
87}
88
89/// \param V loaded lvalue.
90/// \return whether {@code val} is a string-like const global.
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]91bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]92 Optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
93 if (!RegionVal)
94 return false;
95 auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
96 if (!Region)
97 return false;
98 const VarDecl *Decl = Region->getDecl();
99
100 if (!Decl->hasGlobalStorage())
101 return false;
102
103 QualType Ty = Decl->getType();
104 bool HasConst = Ty.isConstQualified();
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]105 if (isNonnullType(Ty) && HasConst)
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]106 return true;
107
108 // Look through the typedefs.
109 while (auto *T = dyn_cast<TypedefType>(Ty)) {
110 Ty = T->getDecl()->getUnderlyingType();
111
112 // It is sufficient for any intermediate typedef
113 // to be classified const.
114 HasConst = HasConst || Ty.isConstQualified();
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]115 if (isNonnullType(Ty) && HasConst)
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]116 return true;
117 }
118 return false;
119}
120
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]121/// \return whether {@code type} is extremely unlikely to be null
122bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]123
124 if (Ty->isPointerType() && Ty->getPointeeType()->isCharType())
125 return true;
126
127 if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
George Karpenkov734cad82017-10-11 19:13:15 +0000[diff] [blame]128 return T->getInterfaceDecl() &&
129 T->getInterfaceDecl()->getIdentifier() == NSStringII;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]130 } else if (auto *T = dyn_cast<TypedefType>(Ty)) {
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]131 IdentifierInfo* II = T->getDecl()->getIdentifier();
132 return II == CFStringRefII || II == CFBooleanRefII;
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]133 }
134 return false;
135}
136
George Karpenkov9a542f72017-10-13 00:51:41 +0000[diff] [blame]137void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
138 Mgr.registerChecker<NonnullGlobalConstantsChecker>();
George Karpenkovead01622017-10-11 18:39:40 +0000[diff] [blame]139}
Kristof Umann058a7a42019-01-26 14:23:08 +0000[diff] [blame]140
141bool ento::shouldRegisterNonnullGlobalConstantsChecker(const LangOptions &LO) {
142 return true;
143}