1 //== TraversalChecker.cpp -------------------------------------- -*- C++ -*--=//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // These checkers print various aspects of the ExprEngine's traversal of the CFG
11 // as it builds the ExplodedGraph.
12 //
13 //===----------------------------------------------------------------------===//
14 #include "ClangSACheckers.h"
15 #include "clang/AST/ParentMap.h"
16 #include "clang/AST/StmtObjC.h"
17 #include "clang/StaticAnalyzer/Core/Checker.h"
18 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
21 #include "llvm/Support/raw_ostream.h"
22
23 using namespace clang;
24 using namespace ento;
25
26 namespace {
27 class TraversalDumper : public Checker< check::BranchCondition,
28 check::BeginFunction,
29 check::EndFunction > {
30 public:
31 void checkBranchCondition(const Stmt *Condition, CheckerContext &C) const;
32 void checkBeginFunction(CheckerContext &C) const;
33 void checkEndFunction(CheckerContext &C) const;
34 };
35 }
36
checkBranchCondition(const Stmt * Condition,CheckerContext & C) const37 void TraversalDumper::checkBranchCondition(const Stmt *Condition,
38 CheckerContext &C) const {
39 // Special-case Objective-C's for-in loop, which uses the entire loop as its
40 // condition. We just print the collection expression.
41 const Stmt *Parent = dyn_cast<ObjCForCollectionStmt>(Condition);
42 if (!Parent) {
43 const ParentMap &Parents = C.getLocationContext()->getParentMap();
44 Parent = Parents.getParent(Condition);
45 }
46
47 // It is mildly evil to print directly to llvm::outs() rather than emitting
48 // warnings, but this ensures things do not get filtered out by the rest of
49 // the static analyzer machinery.
50 SourceLocation Loc = Parent->getLocStart();
51 llvm::outs() << C.getSourceManager().getSpellingLineNumber(Loc) << " "
52 << Parent->getStmtClassName() << "\n";
53 }
54
checkBeginFunction(CheckerContext & C) const55 void TraversalDumper::checkBeginFunction(CheckerContext &C) const {
56 llvm::outs() << "--BEGIN FUNCTION--\n";
57 }
58
checkEndFunction(CheckerContext & C) const59 void TraversalDumper::checkEndFunction(CheckerContext &C) const {
60 llvm::outs() << "--END FUNCTION--\n";
61 }
62
registerTraversalDumper(CheckerManager & mgr)63 void ento::registerTraversalDumper(CheckerManager &mgr) {
64 mgr.registerChecker<TraversalDumper>();
65 }
66
67 //------------------------------------------------------------------------------
68
69 namespace {
70 class CallDumper : public Checker< check::PreCall,
71 check::PostCall > {
72 public:
73 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
74 void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
75 };
76 }
77
checkPreCall(const CallEvent & Call,CheckerContext & C) const78 void CallDumper::checkPreCall(const CallEvent &Call, CheckerContext &C) const {
79 unsigned Indentation = 0;
80 for (const LocationContext *LC = C.getLocationContext()->getParent();
81 LC != nullptr; LC = LC->getParent())
82 ++Indentation;
83
84 // It is mildly evil to print directly to llvm::outs() rather than emitting
85 // warnings, but this ensures things do not get filtered out by the rest of
86 // the static analyzer machinery.
87 llvm::outs().indent(Indentation);
88 Call.dump(llvm::outs());
89 }
90
checkPostCall(const CallEvent & Call,CheckerContext & C) const91 void CallDumper::checkPostCall(const CallEvent &Call, CheckerContext &C) const {
92 const Expr *CallE = Call.getOriginExpr();
93 if (!CallE)
94 return;
95
96 unsigned Indentation = 0;
97 for (const LocationContext *LC = C.getLocationContext()->getParent();
98 LC != nullptr; LC = LC->getParent())
99 ++Indentation;
100
101 // It is mildly evil to print directly to llvm::outs() rather than emitting
102 // warnings, but this ensures things do not get filtered out by the rest of
103 // the static analyzer machinery.
104 llvm::outs().indent(Indentation);
105 if (Call.getResultType()->isVoidType())
106 llvm::outs() << "Returning void\n";
107 else
108 llvm::outs() << "Returning " << C.getSVal(CallE) << "\n";
109 }
110
registerCallDumper(CheckerManager & mgr)111 void ento::registerCallDumper(CheckerManager &mgr) {
112 mgr.registerChecker<CallDumper>();
113 }
114