Home | History | Annotate | Download | only in Checkers 
      1 //===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==//
      2 //
      3 //                     The LLVM Compiler Infrastructure
      4 //
      5 // This file is distributed under the University of Illinois Open Source
      6 // License. See LICENSE.TXT for details.
      7 //
      8 //===----------------------------------------------------------------------===//
      9 //
     10 // This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
     11 // checks for assigning undefined values.
     12 //
     13 //===----------------------------------------------------------------------===//
     14 
     15 #include "ClangSACheckers.h"
     16 #include "clang/StaticAnalyzer/Core/Checker.h"
     17 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
     18 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
     19 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
     20 
     21 using namespace clang;
     22 using namespace ento;
     23 
     24 namespace {
     25 class UndefinedAssignmentChecker
     26   : public Checker<check::Bind> {
     27   mutable llvm::OwningPtr<BugType> BT;
     28 
     29 public:
     30   void checkBind(SVal location, SVal val, const Stmt *S,
     31                  CheckerContext &C) const;
     32 };
     33 }
     34 
     35 void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
     36                                            const Stmt *StoreE,
     37                                            CheckerContext &C) const {
     38   if (!val.isUndef())
     39     return;
     40 
     41   ExplodedNode *N = C.generateSink();
     42 
     43   if (!N)
     44     return;
     45 
     46   const char *str = "Assigned value is garbage or undefined";
     47 
     48   if (!BT)
     49     BT.reset(new BuiltinBug(str));
     50 
     51   // Generate a report for this bug.
     52   const Expr *ex = 0;
     53 
     54   while (StoreE) {
     55     if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
     56       if (B->isCompoundAssignmentOp()) {
     57         const ProgramState *state = C.getState();
     58         if (state->getSVal(B->getLHS()).isUndef()) {
     59           str = "The left expression of the compound assignment is an "
     60                 "uninitialized value. The computed value will also be garbage";
     61           ex = B->getLHS();
     62           break;
     63         }
     64       }
     65 
     66       ex = B->getRHS();
     67       break;
     68     }
     69 
     70     if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
     71       const VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl());
     72       ex = VD->getInit();
     73     }
     74 
     75     break;
     76   }
     77 
     78   BugReport *R = new BugReport(*BT, str, N);
     79   if (ex) {
     80     R->addRange(ex->getSourceRange());
     81     R->addVisitor(bugreporter::getTrackNullOrUndefValueVisitor(N, ex));
     82   }
     83   C.EmitReport(R);
     84 }
     85 
     86 void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
     87   mgr.registerChecker<UndefinedAssignmentChecker>();
     88 }
     89