NSErrorChecker.cpp revision 21142581d55918beed544a757e4af3bb865b1812
1//=- NSErrorCheckerer.cpp - Coding conventions for uses of NSError -*- C++ -*-==// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file defines a CheckNSError, a flow-insenstive check 11// that determines if an Objective-C class interface correctly returns 12// a non-void return type. 13// 14// File under feature request PR 2600. 15// 16//===----------------------------------------------------------------------===// 17 18#include "clang/StaticAnalyzer/Checkers/LocalCheckers.h" 19#include "clang/StaticAnalyzer/BugReporter/BugType.h" 20#include "clang/StaticAnalyzer/PathSensitive/ExprEngine.h" 21#include "clang/StaticAnalyzer/Checkers/DereferenceChecker.h" 22#include "BasicObjCFoundationChecks.h" 23#include "clang/AST/DeclObjC.h" 24#include "clang/AST/Decl.h" 25#include "llvm/ADT/SmallVector.h" 26 27using namespace clang; 28using namespace ento; 29 30namespace { 31class NSErrorChecker : public BugType { 32 const Decl &CodeDecl; 33 const bool isNSErrorWarning; 34 IdentifierInfo * const II; 35 ExprEngine &Eng; 36 37 void CheckSignature(const ObjCMethodDecl& MD, QualType& ResultTy, 38 llvm::SmallVectorImpl<VarDecl*>& ErrorParams); 39 40 void CheckSignature(const FunctionDecl& MD, QualType& ResultTy, 41 llvm::SmallVectorImpl<VarDecl*>& ErrorParams); 42 43 bool CheckNSErrorArgument(QualType ArgTy); 44 bool CheckCFErrorArgument(QualType ArgTy); 45 46 void CheckParamDeref(const VarDecl *V, const LocationContext *LC, 47 const GRState *state, BugReporter& BR); 48 49 void EmitRetTyWarning(BugReporter& BR, const Decl& CodeDecl); 50 51public: 52 NSErrorChecker(const Decl &D, bool isNSError, ExprEngine& eng) 53 : BugType(isNSError ? "NSError** null dereference" 54 : "CFErrorRef* null dereference", 55 "Coding conventions (Apple)"), 56 CodeDecl(D), 57 isNSErrorWarning(isNSError), 58 II(&eng.getContext().Idents.get(isNSErrorWarning ? "NSError":"CFErrorRef")), 59 Eng(eng) {} 60 61 void FlushReports(BugReporter& BR); 62}; 63 64} // end anonymous namespace 65 66void ento::RegisterNSErrorChecks(BugReporter& BR, ExprEngine &Eng, 67 const Decl &D) { 68 BR.Register(new NSErrorChecker(D, true, Eng)); 69 BR.Register(new NSErrorChecker(D, false, Eng)); 70} 71 72void NSErrorChecker::FlushReports(BugReporter& BR) { 73 // Get the analysis engine and the exploded analysis graph. 74 ExplodedGraph& G = Eng.getGraph(); 75 76 // Get the ASTContext, which is useful for querying type information. 77 ASTContext &Ctx = BR.getContext(); 78 79 QualType ResultTy; 80 llvm::SmallVector<VarDecl*, 5> ErrorParams; 81 82 if (const ObjCMethodDecl* MD = dyn_cast<ObjCMethodDecl>(&CodeDecl)) 83 CheckSignature(*MD, ResultTy, ErrorParams); 84 else if (const FunctionDecl* FD = dyn_cast<FunctionDecl>(&CodeDecl)) 85 CheckSignature(*FD, ResultTy, ErrorParams); 86 else 87 return; 88 89 if (ErrorParams.empty()) 90 return; 91 92 if (ResultTy == Ctx.VoidTy) EmitRetTyWarning(BR, CodeDecl); 93 94 for (ExplodedGraph::roots_iterator RI=G.roots_begin(), RE=G.roots_end(); 95 RI!=RE; ++RI) { 96 // Scan the parameters for an implicit null dereference. 97 for (llvm::SmallVectorImpl<VarDecl*>::iterator I=ErrorParams.begin(), 98 E=ErrorParams.end(); I!=E; ++I) 99 CheckParamDeref(*I, (*RI)->getLocationContext(), (*RI)->getState(), BR); 100 } 101} 102 103void NSErrorChecker::EmitRetTyWarning(BugReporter& BR, const Decl& CodeDecl) { 104 std::string sbuf; 105 llvm::raw_string_ostream os(sbuf); 106 107 if (isa<ObjCMethodDecl>(CodeDecl)) 108 os << "Method"; 109 else 110 os << "Function"; 111 112 os << " accepting "; 113 os << (isNSErrorWarning ? "NSError**" : "CFErrorRef*"); 114 os << " should have a non-void return value to indicate whether or not an " 115 "error occurred"; 116 117 BR.EmitBasicReport(isNSErrorWarning 118 ? "Bad return type when passing NSError**" 119 : "Bad return type when passing CFError*", 120 getCategory(), os.str(), 121 CodeDecl.getLocation()); 122} 123 124void 125NSErrorChecker::CheckSignature(const ObjCMethodDecl& M, QualType& ResultTy, 126 llvm::SmallVectorImpl<VarDecl*>& ErrorParams) { 127 128 ResultTy = M.getResultType(); 129 130 for (ObjCMethodDecl::param_iterator I=M.param_begin(), 131 E=M.param_end(); I!=E; ++I) { 132 133 QualType T = (*I)->getType(); 134 135 if (isNSErrorWarning) { 136 if (CheckNSErrorArgument(T)) ErrorParams.push_back(*I); 137 } 138 else if (CheckCFErrorArgument(T)) 139 ErrorParams.push_back(*I); 140 } 141} 142 143void 144NSErrorChecker::CheckSignature(const FunctionDecl& F, QualType& ResultTy, 145 llvm::SmallVectorImpl<VarDecl*>& ErrorParams) { 146 147 ResultTy = F.getResultType(); 148 149 for (FunctionDecl::param_const_iterator I = F.param_begin(), 150 E = F.param_end(); I != E; ++I) { 151 152 QualType T = (*I)->getType(); 153 154 if (isNSErrorWarning) { 155 if (CheckNSErrorArgument(T)) ErrorParams.push_back(*I); 156 } 157 else if (CheckCFErrorArgument(T)) 158 ErrorParams.push_back(*I); 159 } 160} 161 162 163bool NSErrorChecker::CheckNSErrorArgument(QualType ArgTy) { 164 165 const PointerType* PPT = ArgTy->getAs<PointerType>(); 166 if (!PPT) 167 return false; 168 169 const ObjCObjectPointerType* PT = 170 PPT->getPointeeType()->getAs<ObjCObjectPointerType>(); 171 172 if (!PT) 173 return false; 174 175 const ObjCInterfaceDecl *ID = PT->getInterfaceDecl(); 176 177 // FIXME: Can ID ever be NULL? 178 if (ID) 179 return II == ID->getIdentifier(); 180 181 return false; 182} 183 184bool NSErrorChecker::CheckCFErrorArgument(QualType ArgTy) { 185 186 const PointerType* PPT = ArgTy->getAs<PointerType>(); 187 if (!PPT) return false; 188 189 const TypedefType* TT = PPT->getPointeeType()->getAs<TypedefType>(); 190 if (!TT) return false; 191 192 return TT->getDecl()->getIdentifier() == II; 193} 194 195void NSErrorChecker::CheckParamDeref(const VarDecl *Param, 196 const LocationContext *LC, 197 const GRState *rootState, 198 BugReporter& BR) { 199 200 SVal ParamL = rootState->getLValue(Param, LC); 201 const MemRegion* ParamR = cast<loc::MemRegionVal>(ParamL).getRegionAs<VarRegion>(); 202 assert (ParamR && "Parameters always have VarRegions."); 203 SVal ParamSVal = rootState->getSVal(ParamR); 204 205 // FIXME: For now assume that ParamSVal is symbolic. We need to generalize 206 // this later. 207 SymbolRef ParamSym = ParamSVal.getAsLocSymbol(); 208 if (!ParamSym) 209 return; 210 211 // Iterate over the implicit-null dereferences. 212 ExplodedNode *const* I, *const* E; 213 llvm::tie(I, E) = GetImplicitNullDereferences(Eng); 214 for ( ; I != E; ++I) { 215 const GRState *state = (*I)->getState(); 216 SVal location = state->getSVal((*I)->getLocationAs<StmtPoint>()->getStmt()); 217 if (location.getAsSymbol() != ParamSym) 218 continue; 219 220 // Emit an error. 221 std::string sbuf; 222 llvm::raw_string_ostream os(sbuf); 223 os << "Potential null dereference. According to coding standards "; 224 225 if (isNSErrorWarning) 226 os << "in 'Creating and Returning NSError Objects' the parameter '"; 227 else 228 os << "documented in CoreFoundation/CFError.h the parameter '"; 229 230 os << Param << "' may be null."; 231 232 BugReport *report = new BugReport(*this, os.str(), *I); 233 // FIXME: Notable symbols are now part of the report. We should 234 // add support for notable symbols in BugReport. 235 // BR.addNotableSymbol(SV->getSymbol()); 236 BR.EmitReport(report); 237 } 238} 239