head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.7 netbsd-11-0-RC3:1.1.1.7 netbsd-11-0-RC2:1.1.1.7 netbsd-11-0-RC1:1.1.1.7 perseant-exfatfs-base-20250801:1.1.1.7 netbsd-11:1.1.1.7.0.10 netbsd-11-base:1.1.1.7 netbsd-10-1-RELEASE:1.1.1.7 perseant-exfatfs-base-20240630:1.1.1.7 perseant-exfatfs:1.1.1.7.0.8 perseant-exfatfs-base:1.1.1.7 netbsd-8-3-RELEASE:1.1.1.4 netbsd-9-4-RELEASE:1.1.1.6 netbsd-10-0-RELEASE:1.1.1.7 netbsd-10-0-RC6:1.1.1.7 netbsd-10-0-RC5:1.1.1.7 netbsd-10-0-RC4:1.1.1.7 netbsd-10-0-RC3:1.1.1.7 netbsd-10-0-RC2:1.1.1.7 netbsd-10-0-RC1:1.1.1.7 netbsd-10:1.1.1.7.0.6 netbsd-10-base:1.1.1.7 netbsd-9-3-RELEASE:1.1.1.6 cjep_sun2x:1.1.1.7.0.4 cjep_sun2x-base:1.1.1.7 cjep_staticlib_x-base1:1.1.1.7 netbsd-9-2-RELEASE:1.1.1.6 cjep_staticlib_x:1.1.1.7.0.2 cjep_staticlib_x-base:1.1.1.7 netbsd-9-1-RELEASE:1.1.1.6 phil-wifi-20200421:1.1.1.7 phil-wifi-20200411:1.1.1.7 phil-wifi-20200406:1.1.1.7 netbsd-8-2-RELEASE:1.1.1.4 netbsd-9-0-RELEASE:1.1.1.6 netbsd-9-0-RC2:1.1.1.6 netbsd-9-0-RC1:1.1.1.6 netbsd-9:1.1.1.6.0.2 netbsd-9-base:1.1.1.6 phil-wifi-20190609:1.1.1.6 netbsd-8-1-RELEASE:1.1.1.4 netbsd-8-1-RC1:1.1.1.4 pgoyette-compat-merge-20190127:1.1.1.5.2.1 pgoyette-compat-20190127:1.1.1.6 pgoyette-compat-20190118:1.1.1.6 pgoyette-compat-1226:1.1.1.6 pgoyette-compat-1126:1.1.1.6 pgoyette-compat-1020:1.1.1.6 pgoyette-compat-0930:1.1.1.6 pgoyette-compat-0906:1.1.1.6 netbsd-7-2-RELEASE:1.1.1.3 pgoyette-compat-0728:1.1.1.6 clang-337282:1.1.1.6 netbsd-8-0-RELEASE:1.1.1.4 phil-wifi:1.1.1.5.0.4 phil-wifi-base:1.1.1.5 pgoyette-compat-0625:1.1.1.5 netbsd-8-0-RC2:1.1.1.4 pgoyette-compat-0521:1.1.1.5 pgoyette-compat-0502:1.1.1.5 pgoyette-compat-0422:1.1.1.5 netbsd-8-0-RC1:1.1.1.4 pgoyette-compat-0415:1.1.1.5 pgoyette-compat-0407:1.1.1.5 pgoyette-compat-0330:1.1.1.5 pgoyette-compat-0322:1.1.1.5 pgoyette-compat-0315:1.1.1.5 netbsd-7-1-2-RELEASE:1.1.1.3 pgoyette-compat:1.1.1.5.0.2 pgoyette-compat-base:1.1.1.5 netbsd-7-1-1-RELEASE:1.1.1.3 clang-319952:1.1.1.5 matt-nb8-mediatek:1.1.1.4.0.12 matt-nb8-mediatek-base:1.1.1.4 clang-309604:1.1.1.5 perseant-stdc-iso10646:1.1.1.4.0.10 perseant-stdc-iso10646-base:1.1.1.4 netbsd-8:1.1.1.4.0.8 netbsd-8-base:1.1.1.4 prg-localcount2-base3:1.1.1.4 prg-localcount2-base2:1.1.1.4 prg-localcount2-base1:1.1.1.4 prg-localcount2:1.1.1.4.0.6 prg-localcount2-base:1.1.1.4 pgoyette-localcount-20170426:1.1.1.4 bouyer-socketcan-base1:1.1.1.4 pgoyette-localcount-20170320:1.1.1.4 netbsd-7-1:1.1.1.3.0.10 netbsd-7-1-RELEASE:1.1.1.3 netbsd-7-1-RC2:1.1.1.3 clang-294123:1.1.1.4 netbsd-7-nhusb-base-20170116:1.1.1.3 bouyer-socketcan:1.1.1.4.0.4 bouyer-socketcan-base:1.1.1.4 clang-291444:1.1.1.4 pgoyette-localcount-20170107:1.1.1.4 netbsd-7-1-RC1:1.1.1.3 pgoyette-localcount-20161104:1.1.1.4 netbsd-7-0-2-RELEASE:1.1.1.3 localcount-20160914:1.1.1.4 netbsd-7-nhusb:1.1.1.3.0.8 netbsd-7-nhusb-base:1.1.1.3 clang-280599:1.1.1.4 pgoyette-localcount-20160806:1.1.1.4 pgoyette-localcount-20160726:1.1.1.4 pgoyette-localcount:1.1.1.4.0.2 pgoyette-localcount-base:1.1.1.4 netbsd-7-0-1-RELEASE:1.1.1.3 clang-261930:1.1.1.4 netbsd-7-0:1.1.1.3.0.6 netbsd-7-0-RELEASE:1.1.1.3 netbsd-7-0-RC3:1.1.1.3 netbsd-7-0-RC2:1.1.1.3 netbsd-7-0-RC1:1.1.1.3 clang-237755:1.1.1.3 clang-232565:1.1.1.3 clang-227398:1.1.1.3 tls-maxphys-base:1.1.1.3 tls-maxphys:1.1.1.3.0.4 netbsd-7:1.1.1.3.0.2 netbsd-7-base:1.1.1.3 clang-215315:1.1.1.3 clang-209886:1.1.1.3 yamt-pagecache:1.1.1.2.0.4 yamt-pagecache-base9:1.1.1.2 tls-earlyentropy:1.1.1.2.0.2 tls-earlyentropy-base:1.1.1.3 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.2 riastradh-drm2-base3:1.1.1.2 clang-202566:1.1.1.2 clang-201163:1.1.1.1 clang-199312:1.1.1.1 clang-198450:1.1.1.1 clang-196603:1.1.1.1 clang-195771:1.1.1.1 LLVM:1.1.1; locks; strict; comment @// @; 1.1 date 2013.11.28.14.14.52; author joerg; state Exp; branches 1.1.1.1; next ; commitid ow8OybrawrB1f3fx; 1.1.1.1 date 2013.11.28.14.14.52; author joerg; state Exp; branches; next 1.1.1.2; commitid ow8OybrawrB1f3fx; 1.1.1.2 date 2014.03.04.19.55.00; author joerg; state Exp; branches 1.1.1.2.2.1 1.1.1.2.4.1; next 1.1.1.3; commitid 29z1hJonZISIXprx; 1.1.1.3 date 2014.05.30.18.14.44; author joerg; state Exp; branches 1.1.1.3.4.1; next 1.1.1.4; commitid 8q0kdlBlCn09GACx; 1.1.1.4 date 2016.02.27.22.12.06; author joerg; state Exp; branches; next 1.1.1.5; commitid tIimz3oDlh1NpBWy; 1.1.1.5 date 2017.08.01.19.35.16; author joerg; state Exp; branches 1.1.1.5.2.1 1.1.1.5.4.1; next 1.1.1.6; commitid pMuDy65V0VicSx1A; 1.1.1.6 date 2018.07.17.18.31.08; author joerg; state Exp; branches; next 1.1.1.7; commitid wDzL46ALjrCZgwKA; 1.1.1.7 date 2019.11.13.22.19.28; author joerg; state dead; branches; next ; commitid QD8YATxuNG34YJKB; 1.1.1.2.2.1 date 2014.08.10.07.08.10; author tls; state Exp; branches; next ; commitid t01A1TLTYxkpGMLx; 1.1.1.2.4.1 date 2014.03.04.19.55.00; author yamt; state dead; branches; next 1.1.1.2.4.2; commitid WSrDtL5nYAUyiyBx; 1.1.1.2.4.2 date 2014.05.22.16.18.31; author yamt; state Exp; branches; next ; commitid WSrDtL5nYAUyiyBx; 1.1.1.3.4.1 date 2014.05.30.18.14.44; author tls; state dead; branches; next 1.1.1.3.4.2; commitid jTnpym9Qu0o4R1Nx; 1.1.1.3.4.2 date 2014.08.19.23.47.31; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.1.1.5.2.1 date 2018.07.28.04.33.24; author pgoyette; state Exp; branches; next ; commitid 1UP1xAIUxv1ZgRLA; 1.1.1.5.4.1 date 2019.06.10.21.45.28; author christos; state Exp; branches; next 1.1.1.5.4.2; commitid jtc8rnCzWiEEHGqB; 1.1.1.5.4.2 date 2020.04.13.07.46.39; author martin; state dead; branches; next ; commitid X01YhRUPVUDaec4C; desc @@ 1.1 log @Initial revision @ text @//=== UndefResultChecker.cpp ------------------------------------*- C++ -*-===// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// // // This defines UndefResultChecker, a builtin check in ExprEngine that // performs checks for undefined results of non-assignment binary operators. // //===----------------------------------------------------------------------===// #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" #include "llvm/ADT/SmallString.h" #include "llvm/Support/raw_ostream.h" using namespace clang; using namespace ento; namespace { class UndefResultChecker : public Checker< check::PostStmt > { mutable OwningPtr BT; public: void checkPostStmt(const BinaryOperator *B, CheckerContext &C) const; }; } // end anonymous namespace void UndefResultChecker::checkPostStmt(const BinaryOperator *B, CheckerContext &C) const { ProgramStateRef state = C.getState(); const LocationContext *LCtx = C.getLocationContext(); if (state->getSVal(B, LCtx).isUndef()) { // Do not report assignments of uninitialized values inside swap functions. // This should allow to swap partially uninitialized structs // (radar://14129997) if (const FunctionDecl *EnclosingFunctionDecl = dyn_cast(C.getStackFrame()->getDecl())) if (C.getCalleeName(EnclosingFunctionDecl) == "swap") return; // Generate an error node. ExplodedNode *N = C.generateSink(); if (!N) return; if (!BT) BT.reset(new BuiltinBug("Result of operation is garbage or undefined")); SmallString<256> sbuf; llvm::raw_svector_ostream OS(sbuf); const Expr *Ex = NULL; bool isLeft = true; if (state->getSVal(B->getLHS(), LCtx).isUndef()) { Ex = B->getLHS()->IgnoreParenCasts(); isLeft = true; } else if (state->getSVal(B->getRHS(), LCtx).isUndef()) { Ex = B->getRHS()->IgnoreParenCasts(); isLeft = false; } if (Ex) { OS << "The " << (isLeft ? "left" : "right") << " operand of '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' is a garbage value"; } else { // Neither operand was undefined, but the result is undefined. OS << "The result of the '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' expression is undefined"; } BugReport *report = new BugReport(*BT, OS.str(), N); if (Ex) { report->addRange(Ex->getSourceRange()); bugreporter::trackNullOrUndefValue(N, Ex, *report); } else bugreporter::trackNullOrUndefValue(N, B, *report); C.emitReport(report); } } void ento::registerUndefResultChecker(CheckerManager &mgr) { mgr.registerChecker(); } @ 1.1.1.1 log @Import Clang 3.4rc1 r195771. @ text @@ 1.1.1.2 log @Import Clang 3.5svn r202566. @ text @d58 1 a58 2 BT.reset( new BuiltinBug(this, "Result of operation is garbage or undefined")); @ 1.1.1.2.2.1 log @Rebase. @ text @d31 2 a32 2 mutable std::unique_ptr BT; d63 1 a63 1 const Expr *Ex = nullptr; @ 1.1.1.3 log @Import Clang 3.5svn r209886. @ text @d31 2 a32 2 mutable std::unique_ptr BT; d63 1 a63 1 const Expr *Ex = nullptr; @ 1.1.1.4 log @Import Clang 3.8.0rc3 r261930. @ text @d10 1 a10 1 // This defines UndefResultChecker, a builtin check in ExprEngine that d28 1 a28 1 class UndefResultChecker d53 1 a53 1 ExplodedNode *N = C.generateErrorNode(); d56 1 a56 1 d65 1 a65 1 d74 1 a74 1 d80 1 a80 1 } d87 1 a87 1 auto report = llvm::make_unique(*BT, OS.str(), N); d94 2 a95 2 C.emitReport(std::move(report)); @ 1.1.1.5 log @Import clang r309604 from branches/release_50 @ text @a37 24 static bool isArrayIndexOutOfBounds(CheckerContext &C, const Expr *Ex) { ProgramStateRef state = C.getState(); const LocationContext *LCtx = C.getLocationContext(); if (!isa(Ex)) return false; SVal Loc = state->getSVal(Ex, LCtx); if (!Loc.isValid()) return false; const MemRegion *MR = Loc.castAs().getRegion(); const ElementRegion *ER = dyn_cast(MR); if (!ER) return false; DefinedOrUnknownSVal Idx = ER->getIndex().castAs(); DefinedOrUnknownSVal NumElements = C.getStoreManager().getSizeInElements( state, ER->getSuperRegion(), ER->getValueType()); ProgramStateRef StInBound = state->assumeInBound(Idx, NumElements, true); ProgramStateRef StOutBound = state->assumeInBound(Idx, NumElements, false); return StOutBound && !StInBound; } a79 2 if (isArrayIndexOutOfBounds(C, Ex)) OS << " due to array index out of bounds"; @ 1.1.1.5.4.1 log @Sync with HEAD @ text @d40 1 d45 1 a45 1 SVal Loc = C.getSVal(Ex); a61 14 static bool isShiftOverflow(const BinaryOperator *B, CheckerContext &C) { return C.isGreaterOrEqual( B->getRHS(), C.getASTContext().getIntWidth(B->getLHS()->getType())); } static bool isLeftShiftResultUnrepresentable(const BinaryOperator *B, CheckerContext &C) { SValBuilder &SB = C.getSValBuilder(); ProgramStateRef State = C.getState(); const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS())); const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS())); return (unsigned)RHS->getZExtValue() > LHS->countLeadingZeros(); } d64 3 a66 1 if (C.getSVal(B).isUndef()) { d90 1 a90 1 if (C.getSVal(B->getLHS()).isUndef()) { d94 1 a94 1 else if (C.getSVal(B->getRHS()).isUndef()) { d100 2 a101 1 OS << "The " << (isLeft ? "left" : "right") << " operand of '" d106 2 a107 1 } else { d109 3 a111 50 if ((B->getOpcode() == BinaryOperatorKind::BO_Shl || B->getOpcode() == BinaryOperatorKind::BO_Shr) && C.isNegative(B->getRHS())) { OS << "The result of the " << ((B->getOpcode() == BinaryOperatorKind::BO_Shl) ? "left" : "right") << " shift is undefined because the right operand is negative"; } else if ((B->getOpcode() == BinaryOperatorKind::BO_Shl || B->getOpcode() == BinaryOperatorKind::BO_Shr) && isShiftOverflow(B, C)) { OS << "The result of the " << ((B->getOpcode() == BinaryOperatorKind::BO_Shl) ? "left" : "right") << " shift is undefined due to shifting by "; SValBuilder &SB = C.getSValBuilder(); const llvm::APSInt *I = SB.getKnownValue(C.getState(), C.getSVal(B->getRHS())); if (!I) OS << "a value that is"; else if (I->isUnsigned()) OS << '\'' << I->getZExtValue() << "\', which is"; else OS << '\'' << I->getSExtValue() << "\', which is"; OS << " greater or equal to the width of type '" << B->getLHS()->getType().getAsString() << "'."; } else if (B->getOpcode() == BinaryOperatorKind::BO_Shl && C.isNegative(B->getLHS())) { OS << "The result of the left shift is undefined because the left " "operand is negative"; } else if (B->getOpcode() == BinaryOperatorKind::BO_Shl && isLeftShiftResultUnrepresentable(B, C)) { ProgramStateRef State = C.getState(); SValBuilder &SB = C.getSValBuilder(); const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS())); const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS())); OS << "The result of the left shift is undefined due to shifting \'" << LHS->getSExtValue() << "\' by \'" << RHS->getZExtValue() << "\', which is unrepresentable in the unsigned version of " << "the return type \'" << B->getLHS()->getType().getAsString() << "\'"; } else { OS << "The result of the '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' expression is undefined"; } @ 1.1.1.5.4.2 log @Mostly merge changes from HEAD upto 20200411 @ text @@ 1.1.1.5.2.1 log @Sync with HEAD @ text @d40 1 d45 1 a45 1 SVal Loc = C.getSVal(Ex); a61 14 static bool isShiftOverflow(const BinaryOperator *B, CheckerContext &C) { return C.isGreaterOrEqual( B->getRHS(), C.getASTContext().getIntWidth(B->getLHS()->getType())); } static bool isLeftShiftResultUnrepresentable(const BinaryOperator *B, CheckerContext &C) { SValBuilder &SB = C.getSValBuilder(); ProgramStateRef State = C.getState(); const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS())); const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS())); return (unsigned)RHS->getZExtValue() > LHS->countLeadingZeros(); } d64 3 a66 1 if (C.getSVal(B).isUndef()) { d90 1 a90 1 if (C.getSVal(B->getLHS()).isUndef()) { d94 1 a94 1 else if (C.getSVal(B->getRHS()).isUndef()) { d100 2 a101 1 OS << "The " << (isLeft ? "left" : "right") << " operand of '" d106 2 a107 1 } else { d109 3 a111 50 if ((B->getOpcode() == BinaryOperatorKind::BO_Shl || B->getOpcode() == BinaryOperatorKind::BO_Shr) && C.isNegative(B->getRHS())) { OS << "The result of the " << ((B->getOpcode() == BinaryOperatorKind::BO_Shl) ? "left" : "right") << " shift is undefined because the right operand is negative"; } else if ((B->getOpcode() == BinaryOperatorKind::BO_Shl || B->getOpcode() == BinaryOperatorKind::BO_Shr) && isShiftOverflow(B, C)) { OS << "The result of the " << ((B->getOpcode() == BinaryOperatorKind::BO_Shl) ? "left" : "right") << " shift is undefined due to shifting by "; SValBuilder &SB = C.getSValBuilder(); const llvm::APSInt *I = SB.getKnownValue(C.getState(), C.getSVal(B->getRHS())); if (!I) OS << "a value that is"; else if (I->isUnsigned()) OS << '\'' << I->getZExtValue() << "\', which is"; else OS << '\'' << I->getSExtValue() << "\', which is"; OS << " greater or equal to the width of type '" << B->getLHS()->getType().getAsString() << "'."; } else if (B->getOpcode() == BinaryOperatorKind::BO_Shl && C.isNegative(B->getLHS())) { OS << "The result of the left shift is undefined because the left " "operand is negative"; } else if (B->getOpcode() == BinaryOperatorKind::BO_Shl && isLeftShiftResultUnrepresentable(B, C)) { ProgramStateRef State = C.getState(); SValBuilder &SB = C.getSValBuilder(); const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS())); const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS())); OS << "The result of the left shift is undefined due to shifting \'" << LHS->getSExtValue() << "\' by \'" << RHS->getZExtValue() << "\', which is unrepresentable in the unsigned version of " << "the return type \'" << B->getLHS()->getType().getAsString() << "\'"; } else { OS << "The result of the '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' expression is undefined"; } @ 1.1.1.6 log @Import clang r337282 from trunk @ text @d40 1 d45 1 a45 1 SVal Loc = C.getSVal(Ex); a61 14 static bool isShiftOverflow(const BinaryOperator *B, CheckerContext &C) { return C.isGreaterOrEqual( B->getRHS(), C.getASTContext().getIntWidth(B->getLHS()->getType())); } static bool isLeftShiftResultUnrepresentable(const BinaryOperator *B, CheckerContext &C) { SValBuilder &SB = C.getSValBuilder(); ProgramStateRef State = C.getState(); const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS())); const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS())); return (unsigned)RHS->getZExtValue() > LHS->countLeadingZeros(); } d64 3 a66 1 if (C.getSVal(B).isUndef()) { d90 1 a90 1 if (C.getSVal(B->getLHS()).isUndef()) { d94 1 a94 1 else if (C.getSVal(B->getRHS()).isUndef()) { d100 2 a101 1 OS << "The " << (isLeft ? "left" : "right") << " operand of '" d106 2 a107 1 } else { d109 3 a111 50 if ((B->getOpcode() == BinaryOperatorKind::BO_Shl || B->getOpcode() == BinaryOperatorKind::BO_Shr) && C.isNegative(B->getRHS())) { OS << "The result of the " << ((B->getOpcode() == BinaryOperatorKind::BO_Shl) ? "left" : "right") << " shift is undefined because the right operand is negative"; } else if ((B->getOpcode() == BinaryOperatorKind::BO_Shl || B->getOpcode() == BinaryOperatorKind::BO_Shr) && isShiftOverflow(B, C)) { OS << "The result of the " << ((B->getOpcode() == BinaryOperatorKind::BO_Shl) ? "left" : "right") << " shift is undefined due to shifting by "; SValBuilder &SB = C.getSValBuilder(); const llvm::APSInt *I = SB.getKnownValue(C.getState(), C.getSVal(B->getRHS())); if (!I) OS << "a value that is"; else if (I->isUnsigned()) OS << '\'' << I->getZExtValue() << "\', which is"; else OS << '\'' << I->getSExtValue() << "\', which is"; OS << " greater or equal to the width of type '" << B->getLHS()->getType().getAsString() << "'."; } else if (B->getOpcode() == BinaryOperatorKind::BO_Shl && C.isNegative(B->getLHS())) { OS << "The result of the left shift is undefined because the left " "operand is negative"; } else if (B->getOpcode() == BinaryOperatorKind::BO_Shl && isLeftShiftResultUnrepresentable(B, C)) { ProgramStateRef State = C.getState(); SValBuilder &SB = C.getSValBuilder(); const llvm::APSInt *LHS = SB.getKnownValue(State, C.getSVal(B->getLHS())); const llvm::APSInt *RHS = SB.getKnownValue(State, C.getSVal(B->getRHS())); OS << "The result of the left shift is undefined due to shifting \'" << LHS->getSExtValue() << "\' by \'" << RHS->getZExtValue() << "\', which is unrepresentable in the unsigned version of " << "the return type \'" << B->getLHS()->getType().getAsString() << "\'"; } else { OS << "The result of the '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' expression is undefined"; } @ 1.1.1.7 log @Mark old LLVM instance as dead. @ text @@ 1.1.1.3.4.1 log @file UndefResultChecker.cpp was added on branch tls-maxphys on 2014-08-19 23:47:31 +0000 @ text @d1 101 @ 1.1.1.3.4.2 log @Rebase to HEAD as of a few days ago. @ text @a0 101 //=== UndefResultChecker.cpp ------------------------------------*- C++ -*-===// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// // // This defines UndefResultChecker, a builtin check in ExprEngine that // performs checks for undefined results of non-assignment binary operators. // //===----------------------------------------------------------------------===// #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" #include "llvm/ADT/SmallString.h" #include "llvm/Support/raw_ostream.h" using namespace clang; using namespace ento; namespace { class UndefResultChecker : public Checker< check::PostStmt > { mutable std::unique_ptr BT; public: void checkPostStmt(const BinaryOperator *B, CheckerContext &C) const; }; } // end anonymous namespace void UndefResultChecker::checkPostStmt(const BinaryOperator *B, CheckerContext &C) const { ProgramStateRef state = C.getState(); const LocationContext *LCtx = C.getLocationContext(); if (state->getSVal(B, LCtx).isUndef()) { // Do not report assignments of uninitialized values inside swap functions. // This should allow to swap partially uninitialized structs // (radar://14129997) if (const FunctionDecl *EnclosingFunctionDecl = dyn_cast(C.getStackFrame()->getDecl())) if (C.getCalleeName(EnclosingFunctionDecl) == "swap") return; // Generate an error node. ExplodedNode *N = C.generateSink(); if (!N) return; if (!BT) BT.reset( new BuiltinBug(this, "Result of operation is garbage or undefined")); SmallString<256> sbuf; llvm::raw_svector_ostream OS(sbuf); const Expr *Ex = nullptr; bool isLeft = true; if (state->getSVal(B->getLHS(), LCtx).isUndef()) { Ex = B->getLHS()->IgnoreParenCasts(); isLeft = true; } else if (state->getSVal(B->getRHS(), LCtx).isUndef()) { Ex = B->getRHS()->IgnoreParenCasts(); isLeft = false; } if (Ex) { OS << "The " << (isLeft ? "left" : "right") << " operand of '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' is a garbage value"; } else { // Neither operand was undefined, but the result is undefined. OS << "The result of the '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' expression is undefined"; } BugReport *report = new BugReport(*BT, OS.str(), N); if (Ex) { report->addRange(Ex->getSourceRange()); bugreporter::trackNullOrUndefValue(N, Ex, *report); } else bugreporter::trackNullOrUndefValue(N, B, *report); C.emitReport(report); } } void ento::registerUndefResultChecker(CheckerManager &mgr) { mgr.registerChecker(); } @ 1.1.1.2.4.1 log @file UndefResultChecker.cpp was added on branch yamt-pagecache on 2014-05-22 16:18:31 +0000 @ text @d1 101 @ 1.1.1.2.4.2 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @a0 101 //=== UndefResultChecker.cpp ------------------------------------*- C++ -*-===// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// // // This defines UndefResultChecker, a builtin check in ExprEngine that // performs checks for undefined results of non-assignment binary operators. // //===----------------------------------------------------------------------===// #include "ClangSACheckers.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" #include "llvm/ADT/SmallString.h" #include "llvm/Support/raw_ostream.h" using namespace clang; using namespace ento; namespace { class UndefResultChecker : public Checker< check::PostStmt > { mutable OwningPtr BT; public: void checkPostStmt(const BinaryOperator *B, CheckerContext &C) const; }; } // end anonymous namespace void UndefResultChecker::checkPostStmt(const BinaryOperator *B, CheckerContext &C) const { ProgramStateRef state = C.getState(); const LocationContext *LCtx = C.getLocationContext(); if (state->getSVal(B, LCtx).isUndef()) { // Do not report assignments of uninitialized values inside swap functions. // This should allow to swap partially uninitialized structs // (radar://14129997) if (const FunctionDecl *EnclosingFunctionDecl = dyn_cast(C.getStackFrame()->getDecl())) if (C.getCalleeName(EnclosingFunctionDecl) == "swap") return; // Generate an error node. ExplodedNode *N = C.generateSink(); if (!N) return; if (!BT) BT.reset( new BuiltinBug(this, "Result of operation is garbage or undefined")); SmallString<256> sbuf; llvm::raw_svector_ostream OS(sbuf); const Expr *Ex = NULL; bool isLeft = true; if (state->getSVal(B->getLHS(), LCtx).isUndef()) { Ex = B->getLHS()->IgnoreParenCasts(); isLeft = true; } else if (state->getSVal(B->getRHS(), LCtx).isUndef()) { Ex = B->getRHS()->IgnoreParenCasts(); isLeft = false; } if (Ex) { OS << "The " << (isLeft ? "left" : "right") << " operand of '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' is a garbage value"; } else { // Neither operand was undefined, but the result is undefined. OS << "The result of the '" << BinaryOperator::getOpcodeStr(B->getOpcode()) << "' expression is undefined"; } BugReport *report = new BugReport(*BT, OS.str(), N); if (Ex) { report->addRange(Ex->getSourceRange()); bugreporter::trackNullOrUndefValue(N, Ex, *report); } else bugreporter::trackNullOrUndefValue(N, B, *report); C.emitReport(report); } } void ento::registerUndefResultChecker(CheckerManager &mgr) { mgr.registerChecker(); } @