UndefinedAssignmentChecker.cpp revision 685379965c1b105ce89cf4f6c60810932b7f4d0d
1//===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that 11// checks for assigning undefined values. 12// 13//===----------------------------------------------------------------------===// 14 15#include "ClangSACheckers.h" 16#include "clang/StaticAnalyzer/Core/Checker.h" 17#include "clang/StaticAnalyzer/Core/CheckerManager.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 19#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 20 21using namespace clang; 22using namespace ento; 23 24namespace { 25class UndefinedAssignmentChecker 26 : public Checker<check::Bind> { 27 mutable OwningPtr<BugType> BT; 28 29public: 30 void checkBind(SVal location, SVal val, const Stmt *S, 31 CheckerContext &C) const; 32}; 33} 34 35void UndefinedAssignmentChecker::checkBind(SVal location, SVal val, 36 const Stmt *StoreE, 37 CheckerContext &C) const { 38 if (!val.isUndef()) 39 return; 40 41 ExplodedNode *N = C.generateSink(); 42 43 if (!N) 44 return; 45 46 const char *str = "Assigned value is garbage or undefined"; 47 48 if (!BT) 49 BT.reset(new BuiltinBug(str)); 50 51 // Generate a report for this bug. 52 const Expr *ex = 0; 53 54 while (StoreE) { 55 if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) { 56 if (B->isCompoundAssignmentOp()) { 57 ProgramStateRef state = C.getState(); 58 if (state->getSVal(B->getLHS(), C.getLocationContext()).isUndef()) { 59 str = "The left expression of the compound assignment is an " 60 "uninitialized value. The computed value will also be garbage"; 61 ex = B->getLHS(); 62 break; 63 } 64 } 65 66 ex = B->getRHS(); 67 break; 68 } 69 70 if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) { 71 const VarDecl *VD = dyn_cast<VarDecl>(DS->getSingleDecl()); 72 ex = VD->getInit(); 73 } 74 75 break; 76 } 77 78 BugReport *R = new BugReport(*BT, str, N); 79 if (ex) { 80 R->addRange(ex->getSourceRange()); 81 bugreporter::addTrackNullOrUndefValueVisitor(N, ex, R); 82 } 83 R->disablePathPruning(); 84 C.EmitReport(R); 85} 86 87void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) { 88 mgr.registerChecker<UndefinedAssignmentChecker>(); 89} 90