1 //===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
11 // checks for assigning undefined values.
12 //
13 //===----------------------------------------------------------------------===//
14
15 #include "ClangSACheckers.h"
16 #include "clang/StaticAnalyzer/Core/Checker.h"
17 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
19 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
20
21 using namespace clang;
22 using namespace ento;
23
24 namespace {
25 class UndefinedAssignmentChecker
26 : public Checker<check::Bind> {
27 mutable llvm::OwningPtr<BugType> BT;
28
29 public:
30 void checkBind(SVal location, SVal val, CheckerContext &C) const;
31 };
32 }
33
checkBind(SVal location,SVal val,CheckerContext & C) const34 void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
35 CheckerContext &C) const {
36 if (!val.isUndef())
37 return;
38
39 ExplodedNode *N = C.generateSink();
40
41 if (!N)
42 return;
43
44 const char *str = "Assigned value is garbage or undefined";
45
46 if (!BT)
47 BT.reset(new BuiltinBug(str));
48
49 // Generate a report for this bug.
50 const Expr *ex = 0;
51
52 const Stmt *StoreE = C.getStmt();
53 while (StoreE) {
54 if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
55 if (B->isCompoundAssignmentOp()) {
56 const GRState *state = C.getState();
57 if (state->getSVal(B->getLHS()).isUndef()) {
58 str = "The left expression of the compound assignment is an "
59 "uninitialized value. The computed value will also be garbage";
60 ex = B->getLHS();
61 break;
62 }
63 }
64
65 ex = B->getRHS();
66 break;
67 }
68
69 if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
70 const VarDecl* VD = dyn_cast<VarDecl>(DS->getSingleDecl());
71 ex = VD->getInit();
72 }
73
74 break;
75 }
76
77 EnhancedBugReport *R = new EnhancedBugReport(*BT, str, N);
78 if (ex) {
79 R->addRange(ex->getSourceRange());
80 R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, ex);
81 }
82 C.EmitReport(R);
83 }
84
registerUndefinedAssignmentChecker(CheckerManager & mgr)85 void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
86 mgr.registerChecker<UndefinedAssignmentChecker>();
87 }
88