xref: /freebsd/contrib/llvm-project/clang/lib/StaticAnalyzer/Checkers/NonnullGlobalConstantsChecker.cpp (revision 63f537551380d2dab29fa402ad1269feae17e594)
1 //==- NonnullGlobalConstantsChecker.cpp ---------------------------*- C++ -*--//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 //  This checker adds an assumption that constant globals of certain types* are
10 //  non-null, as otherwise they generally do not convey any useful information.
11 //  The assumption is useful, as many framework use e. g. global const strings,
12 //  and the analyzer might not be able to infer the global value if the
13 //  definition is in a separate translation unit.
14 //  The following types (and their typedef aliases) are considered to be
15 //  non-null:
16 //   - `char* const`
17 //   - `const CFStringRef` from CoreFoundation
18 //   - `NSString* const` from Foundation
19 //   - `CFBooleanRef` from Foundation
20 //
21 //===----------------------------------------------------------------------===//
22 
23 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
24 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
25 #include "clang/StaticAnalyzer/Core/Checker.h"
26 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
27 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
28 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
29 #include <optional>
30 
31 using namespace clang;
32 using namespace ento;
33 
34 namespace {
35 
36 class NonnullGlobalConstantsChecker : public Checker<check::Location> {
37   mutable IdentifierInfo *NSStringII = nullptr;
38   mutable IdentifierInfo *CFStringRefII = nullptr;
39   mutable IdentifierInfo *CFBooleanRefII = nullptr;
40   mutable IdentifierInfo *CFNullRefII = nullptr;
41 
42 public:
43   NonnullGlobalConstantsChecker() {}
44 
45   void checkLocation(SVal l, bool isLoad, const Stmt *S,
46                      CheckerContext &C) const;
47 
48 private:
49   void initIdentifierInfo(ASTContext &Ctx) const;
50 
51   bool isGlobalConstString(SVal V) const;
52 
53   bool isNonnullType(QualType Ty) const;
54 };
55 
56 } // namespace
57 
58 /// Lazily initialize cache for required identifier information.
59 void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
60   if (NSStringII)
61     return;
62 
63   NSStringII = &Ctx.Idents.get("NSString");
64   CFStringRefII = &Ctx.Idents.get("CFStringRef");
65   CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
66   CFNullRefII = &Ctx.Idents.get("CFNullRef");
67 }
68 
69 /// Add an assumption that const string-like globals are non-null.
70 void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
71                                                  const Stmt *S,
72                                                  CheckerContext &C) const {
73   initIdentifierInfo(C.getASTContext());
74   if (!isLoad || !location.isValid())
75     return;
76 
77   ProgramStateRef State = C.getState();
78 
79   if (isGlobalConstString(location)) {
80     SVal V = State->getSVal(location.castAs<Loc>());
81     std::optional<DefinedOrUnknownSVal> Constr =
82         V.getAs<DefinedOrUnknownSVal>();
83 
84     if (Constr) {
85 
86       // Assume that the variable is non-null.
87       ProgramStateRef OutputState = State->assume(*Constr, true);
88       C.addTransition(OutputState);
89     }
90   }
91 }
92 
93 /// \param V loaded lvalue.
94 /// \return whether @c val is a string-like const global.
95 bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
96   std::optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
97   if (!RegionVal)
98     return false;
99   auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
100   if (!Region)
101     return false;
102   const VarDecl *Decl = Region->getDecl();
103 
104   if (!Decl->hasGlobalStorage())
105     return false;
106 
107   QualType Ty = Decl->getType();
108   bool HasConst = Ty.isConstQualified();
109   if (isNonnullType(Ty) && HasConst)
110     return true;
111 
112   // Look through the typedefs.
113   while (const Type *T = Ty.getTypePtr()) {
114     if (const auto *AT = dyn_cast<AttributedType>(T)) {
115       if (AT->getAttrKind() == attr::TypeNonNull)
116         return true;
117       Ty = AT->getModifiedType();
118     } else if (const auto *ET = dyn_cast<ElaboratedType>(T)) {
119       const auto *TT = dyn_cast<TypedefType>(ET->getNamedType());
120       if (!TT)
121         return false;
122       Ty = TT->getDecl()->getUnderlyingType();
123       // It is sufficient for any intermediate typedef
124       // to be classified const.
125       HasConst = HasConst || Ty.isConstQualified();
126       if (isNonnullType(Ty) && HasConst)
127         return true;
128     } else {
129       return false;
130     }
131   }
132   return false;
133 }
134 
135 /// \return whether @c type is extremely unlikely to be null
136 bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {
137 
138   if (Ty->isPointerType() && Ty->getPointeeType()->isCharType())
139     return true;
140 
141   if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
142     return T->getInterfaceDecl() &&
143       T->getInterfaceDecl()->getIdentifier() == NSStringII;
144   } else if (auto *T = Ty->getAs<TypedefType>()) {
145     IdentifierInfo* II = T->getDecl()->getIdentifier();
146     return II == CFStringRefII || II == CFBooleanRefII || II == CFNullRefII;
147   }
148   return false;
149 }
150 
151 void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
152   Mgr.registerChecker<NonnullGlobalConstantsChecker>();
153 }
154 
155 bool ento::shouldRegisterNonnullGlobalConstantsChecker(const CheckerManager &mgr) {
156   return true;
157 }
158