• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //===--- UndefinedArraySubscriptChecker.h ----------------------*- C++ -*--===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This defines UndefinedArraySubscriptChecker, a builtin check in ExprEngine
11 // that performs checks for undefined array subscripts.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "ClangSACheckers.h"
16 #include "clang/StaticAnalyzer/Core/Checker.h"
17 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
19 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
20 
21 using namespace clang;
22 using namespace ento;
23 
24 namespace {
25 class UndefinedArraySubscriptChecker
26   : public Checker< check::PreStmt<ArraySubscriptExpr> > {
27   mutable llvm::OwningPtr<BugType> BT;
28 
29 public:
30   void checkPreStmt(const ArraySubscriptExpr *A, CheckerContext &C) const;
31 };
32 } // end anonymous namespace
33 
34 void
checkPreStmt(const ArraySubscriptExpr * A,CheckerContext & C) const35 UndefinedArraySubscriptChecker::checkPreStmt(const ArraySubscriptExpr *A,
36                                              CheckerContext &C) const {
37   if (C.getState()->getSVal(A->getIdx()).isUndef()) {
38     if (ExplodedNode *N = C.generateSink()) {
39       if (!BT)
40         BT.reset(new BuiltinBug("Array subscript is undefined"));
41 
42       // Generate a report for this bug.
43       EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName(), N);
44       R->addRange(A->getIdx()->getSourceRange());
45       R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
46                            A->getIdx());
47       C.EmitReport(R);
48     }
49   }
50 }
51 
registerUndefinedArraySubscriptChecker(CheckerManager & mgr)52 void ento::registerUndefinedArraySubscriptChecker(CheckerManager &mgr) {
53   mgr.registerChecker<UndefinedArraySubscriptChecker>();
54 }
55