StaticAnalyzer/Checkers/PthreadLockChecker.cpp

//===--- PthreadLockChecker.h - Undefined arguments checker ----*- C++ -*--===//
//
//                     The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This defines PthreadLockChecker, a simple lock -> unlock checker.  Eventually
// this shouldn't be registered with ExprEngineInternalChecks.
//
//===----------------------------------------------------------------------===//

#include "ClangSACheckers.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerVisitor.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/GRStateTrait.h"
#include "llvm/ADT/ImmutableSet.h"

using namespace clang;
using namespace ento;

namespace {
class PthreadLockChecker
  : public CheckerVisitor<PthreadLockChecker> {
  BugType *BT;
public:
  PthreadLockChecker() : BT(0) {}
  static void *getTag() {
    static int x = 0;
    return &x;
  }
  void PostVisitCallExpr(CheckerContext &C, const CallExpr *CE);

  void AcquireLock(CheckerContext &C, const CallExpr *CE,
                   SVal lock, bool isTryLock);

  void ReleaseLock(CheckerContext &C, const CallExpr *CE,
                    SVal lock);

};
} // end anonymous namespace

// GDM Entry for tracking lock state.
namespace { class LockSet {}; }
namespace clang {
namespace ento {
template <> struct GRStateTrait<LockSet> :
  public GRStatePartialTrait<llvm::ImmutableSet<const MemRegion*> > {
    static void* GDMIndex() { return PthreadLockChecker::getTag(); }
};
} // end GR namespace
} // end clang namespace

static void RegisterPthreadLockChecker(ExprEngine &Eng) {
  Eng.registerCheck(new PthreadLockChecker());
}

void ento::registerPthreadLockChecker(CheckerManager &mgr) {
  mgr.addCheckerRegisterFunction(RegisterPthreadLockChecker);
}


void PthreadLockChecker::PostVisitCallExpr(CheckerContext &C,
                                           const CallExpr *CE) {
  const GRState *state = C.getState();
  const Expr *Callee = CE->getCallee();
  const FunctionTextRegion *R =
    dyn_cast_or_null<FunctionTextRegion>(state->getSVal(Callee).getAsRegion());

  if (!R)
    return;

  IdentifierInfo *II = R->getDecl()->getIdentifier();
  if (!II)   // if no identifier, not a simple C function
    return;
  llvm::StringRef FName = II->getName();

  if (FName == "pthread_mutex_lock") {
    if (CE->getNumArgs() != 1)
      return;
    AcquireLock(C, CE, state->getSVal(CE->getArg(0)), false);
  }
  else if (FName == "pthread_mutex_trylock") {
    if (CE->getNumArgs() != 1)
      return;
    AcquireLock(C, CE, state->getSVal(CE->getArg(0)), true);
  }
  else if (FName == "pthread_mutex_unlock") {
    if (CE->getNumArgs() != 1)
      return;
    ReleaseLock(C, CE, state->getSVal(CE->getArg(0)));
  }
}

void PthreadLockChecker::AcquireLock(CheckerContext &C, const CallExpr *CE,
                                     SVal lock, bool isTryLock) {

  const MemRegion *lockR = lock.getAsRegion();
  if (!lockR)
    return;

  const GRState *state = C.getState();

  SVal X = state->getSVal(CE);
  if (X.isUnknownOrUndef())
    return;

  DefinedSVal retVal = cast<DefinedSVal>(X);
  const GRState *lockSucc = state;

  if (isTryLock) {
      // Bifurcate the state, and allow a mode where the lock acquisition fails.
    const GRState *lockFail;
    llvm::tie(lockFail, lockSucc) = state->assume(retVal);
    assert(lockFail && lockSucc);
    C.addTransition(C.generateNode(CE, lockFail));
  }
  else {
      // Assume that the return value was 0.
    lockSucc = state->assume(retVal, false);
    assert(lockSucc);
  }

    // Record that the lock was acquired.
  lockSucc = lockSucc->add<LockSet>(lockR);

  C.addTransition(lockSucc != state ? C.generateNode(CE, lockSucc) :
                  C.getPredecessor());
}

void PthreadLockChecker::ReleaseLock(CheckerContext &C, const CallExpr *CE,
                                     SVal lock) {

  const MemRegion *lockR = lock.getAsRegion();
  if (!lockR)
    return;

  const GRState *state = C.getState();

  // Record that the lock was released.
  // FIXME: Handle unlocking locks that were never acquired.  This may
  // require IPA for wrappers.
  const GRState *unlockState = state->remove<LockSet>(lockR);

  if (state == unlockState)
    return;

  C.addTransition(C.generateNode(CE, unlockState));
}