• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
11 // checks for assigning undefined values.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "ClangSACheckers.h"
16 #include "clang/StaticAnalyzer/Core/Checker.h"
17 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
19 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
20 
21 using namespace clang;
22 using namespace ento;
23 
24 namespace {
25 class UndefinedAssignmentChecker
26   : public Checker<check::Bind> {
27   mutable llvm::OwningPtr<BugType> BT;
28 
29 public:
30   void checkBind(SVal location, SVal val, CheckerContext &C) const;
31 };
32 }
33 
checkBind(SVal location,SVal val,CheckerContext & C) const34 void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
35                                            CheckerContext &C) const {
36   if (!val.isUndef())
37     return;
38 
39   ExplodedNode *N = C.generateSink();
40 
41   if (!N)
42     return;
43 
44   const char *str = "Assigned value is garbage or undefined";
45 
46   if (!BT)
47     BT.reset(new BuiltinBug(str));
48 
49   // Generate a report for this bug.
50   const Expr *ex = 0;
51 
52   const Stmt *StoreE = C.getStmt();
53   while (StoreE) {
54     if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
55       if (B->isCompoundAssignmentOp()) {
56         const GRState *state = C.getState();
57         if (state->getSVal(B->getLHS()).isUndef()) {
58           str = "The left expression of the compound assignment is an "
59                 "uninitialized value. The computed value will also be garbage";
60           ex = B->getLHS();
61           break;
62         }
63       }
64 
65       ex = B->getRHS();
66       break;
67     }
68 
69     if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
70       const VarDecl* VD = dyn_cast<VarDecl>(DS->getSingleDecl());
71       ex = VD->getInit();
72     }
73 
74     break;
75   }
76 
77   EnhancedBugReport *R = new EnhancedBugReport(*BT, str, N);
78   if (ex) {
79     R->addRange(ex->getSourceRange());
80     R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, ex);
81   }
82   C.EmitReport(R);
83 }
84 
registerUndefinedAssignmentChecker(CheckerManager & mgr)85 void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
86   mgr.registerChecker<UndefinedAssignmentChecker>();
87 }
88