1 //===-- DebugIteratorModeling.cpp ---------------------------------*- C++ -*--// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Defines a checker for debugging iterator modeling. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 14 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 15 #include "clang/StaticAnalyzer/Core/Checker.h" 16 #include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h" 17 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 18 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 19 20 #include "Iterator.h" 21 22 using namespace clang; 23 using namespace ento; 24 using namespace iterator; 25 26 namespace { 27 28 class DebugIteratorModeling 29 : public Checker<eval::Call> { 30 31 std::unique_ptr<BugType> DebugMsgBugType; 32 33 template <typename Getter> 34 void analyzerIteratorDataField(const CallExpr *CE, CheckerContext &C, 35 Getter get, SVal Default) const; 36 void analyzerIteratorPosition(const CallExpr *CE, CheckerContext &C) const; 37 void analyzerIteratorContainer(const CallExpr *CE, CheckerContext &C) const; 38 void analyzerIteratorValidity(const CallExpr *CE, CheckerContext &C) const; 39 ExplodedNode *reportDebugMsg(llvm::StringRef Msg, CheckerContext &C) const; 40 41 typedef void (DebugIteratorModeling::*FnCheck)(const CallExpr *, 42 CheckerContext &) const; 43 44 CallDescriptionMap<FnCheck> Callbacks = { 45 {{"clang_analyzer_iterator_position", 1}, 46 &DebugIteratorModeling::analyzerIteratorPosition}, 47 {{"clang_analyzer_iterator_container", 1}, 48 &DebugIteratorModeling::analyzerIteratorContainer}, 49 {{"clang_analyzer_iterator_validity", 1}, 50 &DebugIteratorModeling::analyzerIteratorValidity}, 51 }; 52 53 public: 54 DebugIteratorModeling(); 55 56 bool evalCall(const CallEvent &Call, CheckerContext &C) const; 57 }; 58 59 } //namespace 60 61 DebugIteratorModeling::DebugIteratorModeling() { 62 DebugMsgBugType.reset( 63 new BugType(this, "Checking analyzer assumptions", "debug", 64 /*SuppressOnSink=*/true)); 65 } 66 67 bool DebugIteratorModeling::evalCall(const CallEvent &Call, 68 CheckerContext &C) const { 69 const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); 70 if (!CE) 71 return false; 72 73 const FnCheck *Handler = Callbacks.lookup(Call); 74 if (!Handler) 75 return false; 76 77 (this->**Handler)(CE, C); 78 return true; 79 } 80 81 template <typename Getter> 82 void DebugIteratorModeling::analyzerIteratorDataField(const CallExpr *CE, 83 CheckerContext &C, 84 Getter get, 85 SVal Default) const { 86 if (CE->getNumArgs() == 0) { 87 reportDebugMsg("Missing iterator argument", C); 88 return; 89 } 90 91 auto State = C.getState(); 92 SVal V = C.getSVal(CE->getArg(0)); 93 const auto *Pos = getIteratorPosition(State, V); 94 if (Pos) { 95 State = State->BindExpr(CE, C.getLocationContext(), get(Pos)); 96 } else { 97 State = State->BindExpr(CE, C.getLocationContext(), Default); 98 } 99 C.addTransition(State); 100 } 101 102 void DebugIteratorModeling::analyzerIteratorPosition(const CallExpr *CE, 103 CheckerContext &C) const { 104 auto &BVF = C.getSValBuilder().getBasicValueFactory(); 105 analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) { 106 return nonloc::SymbolVal(P->getOffset()); 107 }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 108 } 109 110 void DebugIteratorModeling::analyzerIteratorContainer(const CallExpr *CE, 111 CheckerContext &C) const { 112 auto &BVF = C.getSValBuilder().getBasicValueFactory(); 113 analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) { 114 return loc::MemRegionVal(P->getContainer()); 115 }, loc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 116 } 117 118 void DebugIteratorModeling::analyzerIteratorValidity(const CallExpr *CE, 119 CheckerContext &C) const { 120 auto &BVF = C.getSValBuilder().getBasicValueFactory(); 121 analyzerIteratorDataField(CE, C, [&BVF](const IteratorPosition *P) { 122 return 123 nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get((P->isValid())))); 124 }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 125 } 126 127 ExplodedNode *DebugIteratorModeling::reportDebugMsg(llvm::StringRef Msg, 128 CheckerContext &C) const { 129 ExplodedNode *N = C.generateNonFatalErrorNode(); 130 if (!N) 131 return nullptr; 132 133 auto &BR = C.getBugReporter(); 134 BR.emitReport(std::make_unique<PathSensitiveBugReport>(*DebugMsgBugType, 135 Msg, N)); 136 return N; 137 } 138 139 void ento::registerDebugIteratorModeling(CheckerManager &mgr) { 140 mgr.registerChecker<DebugIteratorModeling>(); 141 } 142 143 bool ento::shouldRegisterDebugIteratorModeling(const CheckerManager &mgr) { 144 return true; 145 } 146