UndefinedArraySubscriptChecker.cpp revision 6f42b62b6194f53bcbc349f5d17388e1936535d7
1//===--- UndefinedArraySubscriptChecker.h ----------------------*- C++ -*--===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This defines UndefinedArraySubscriptChecker, a builtin check in ExprEngine 11// that performs checks for undefined array subscripts. 12// 13//===----------------------------------------------------------------------===// 14 15#include "ClangSACheckers.h" 16#include "clang/StaticAnalyzer/Core/Checker.h" 17#include "clang/StaticAnalyzer/Core/CheckerManager.h" 18#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 19#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 20 21using namespace clang; 22using namespace ento; 23 24namespace { 25class UndefinedArraySubscriptChecker 26 : public Checker< check::PreStmt<ArraySubscriptExpr> > { 27 mutable OwningPtr<BugType> BT; 28 29public: 30 void checkPreStmt(const ArraySubscriptExpr *A, CheckerContext &C) const; 31}; 32} // end anonymous namespace 33 34void 35UndefinedArraySubscriptChecker::checkPreStmt(const ArraySubscriptExpr *A, 36 CheckerContext &C) const { 37 if (C.getState()->getSVal(A->getIdx(), C.getLocationContext()).isUndef()) { 38 if (ExplodedNode *N = C.generateSink()) { 39 if (!BT) 40 BT.reset(new BuiltinBug("Array subscript is undefined")); 41 42 // Generate a report for this bug. 43 BugReport *R = new BugReport(*BT, BT->getName(), N); 44 R->addRange(A->getIdx()->getSourceRange()); 45 R->addVisitor(bugreporter::getTrackNullOrUndefValueVisitor(N, 46 A->getIdx())); 47 C.EmitReport(R); 48 } 49 } 50} 51 52void ento::registerUndefinedArraySubscriptChecker(CheckerManager &mgr) { 53 mgr.registerChecker<UndefinedArraySubscriptChecker>(); 54} 55