Home | History | Annotate | Download | only in Checkers 
      1 //===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==//
      2 //
      3 //                     The LLVM Compiler Infrastructure
      4 //
      5 // This file is distributed under the University of Illinois Open Source
      6 // License. See LICENSE.TXT for details.
      7 //
      8 //===----------------------------------------------------------------------===//
      9 //
     10 // This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
     11 // checks for assigning undefined values.
     12 //
     13 //===----------------------------------------------------------------------===//
     14 
     15 #include "ClangSACheckers.h"
     16 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
     17 #include "clang/StaticAnalyzer/Core/Checker.h"
     18 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
     19 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
     20 
     21 using namespace clang;
     22 using namespace ento;
     23 
     24 namespace {
     25 class UndefinedAssignmentChecker
     26   : public Checker<check::Bind> {
     27   mutable std::unique_ptr<BugType> BT;
     28 
     29 public:
     30   void checkBind(SVal location, SVal val, const Stmt *S,
     31                  CheckerContext &C) const;
     32 };
     33 }
     34 
     35 void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
     36                                            const Stmt *StoreE,
     37                                            CheckerContext &C) const {
     38   if (!val.isUndef())
     39     return;
     40 
     41   // Do not report assignments of uninitialized values inside swap functions.
     42   // This should allow to swap partially uninitialized structs
     43   // (radar://14129997)
     44   if (const FunctionDecl *EnclosingFunctionDecl =
     45       dyn_cast<FunctionDecl>(C.getStackFrame()->getDecl()))
     46     if (C.getCalleeName(EnclosingFunctionDecl) == "swap")
     47       return;
     48 
     49   ExplodedNode *N = C.generateErrorNode();
     50 
     51   if (!N)
     52     return;
     53 
     54   const char *str = "Assigned value is garbage or undefined";
     55 
     56   if (!BT)
     57     BT.reset(new BuiltinBug(this, str));
     58 
     59   // Generate a report for this bug.
     60   const Expr *ex = nullptr;
     61 
     62   while (StoreE) {
     63     if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
     64       if (B->isCompoundAssignmentOp()) {
     65         ProgramStateRef state = C.getState();
     66         if (state->getSVal(B->getLHS(), C.getLocationContext()).isUndef()) {
     67           str = "The left expression of the compound assignment is an "
     68                 "uninitialized value. The computed value will also be garbage";
     69           ex = B->getLHS();
     70           break;
     71         }
     72       }
     73 
     74       ex = B->getRHS();
     75       break;
     76     }
     77 
     78     if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
     79       const VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl());
     80       ex = VD->getInit();
     81     }
     82 
     83     break;
     84   }
     85 
     86   auto R = llvm::make_unique<BugReport>(*BT, str, N);
     87   if (ex) {
     88     R->addRange(ex->getSourceRange());
     89     bugreporter::trackNullOrUndefValue(N, ex, *R);
     90   }
     91   C.emitReport(std::move(R));
     92 }
     93 
     94 void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
     95   mgr.registerChecker<UndefinedAssignmentChecker>();
     96 }
     97