clang  6.0.0svn
Macros | Typedefs | Functions | Variables
BugReporter.cpp File Reference
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
#include "clang/AST/ASTContext.h"
#include "clang/AST/DeclObjC.h"
#include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"
#include "clang/AST/ParentMap.h"
#include "clang/AST/StmtCXX.h"
#include "clang/AST/StmtObjC.h"
#include "clang/Analysis/CFG.h"
#include "clang/Analysis/CFGStmtMap.h"
#include "clang/Analysis/ProgramPoint.h"
#include "clang/Basic/SourceManager.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/BugReporter/PathDiagnostic.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
#include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/IntrusiveRefCntPtr.h"
#include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/SmallString.h"
#include "llvm/ADT/Statistic.h"
#include "llvm/Support/raw_ostream.h"
#include <memory>
#include <queue>
Include dependency graph for BugReporter.cpp:

Go to the source code of this file.

Macros

#define DEBUG_TYPE   "BugReporter"
 

Typedefs

typedef llvm::DenseMap< const PathPieces *, const LocationContext * > LocationContextMap
 A map from PathDiagnosticPiece to the LocationContext of the inlined function call it represents. More...
 
typedef std::pair< PathDiagnosticCallPiece *, const ExplodedNode * > StackDiagPair
 
typedef SmallVector< StackDiagPair, 6 > StackDiagVector
 
typedef llvm::DenseSet< const Expr * > InterestingExprs
 
typedef llvm::DenseSet< const PathDiagnosticCallPiece * > OptimizedCallsSet
 

Functions

 STATISTIC (MaxBugClassSize, "The maximum number of bug reports in the same equivalence class")
 
 STATISTIC (MaxValidBugClassSize, "The maximum number of bug reports in the same equivalence class " "where at least one report is valid (not suppressed)")
 
static const StmtGetPreviousStmt (const ExplodedNode *N)
 
static const StmtGetCurrentOrPreviousStmt (const ExplodedNode *N)
 
static PathDiagnosticEventPieceeventsDescribeSameCondition (PathDiagnosticEventPiece *X, PathDiagnosticEventPiece *Y)
 
static void removeRedundantMsgs (PathPieces &path)
 An optimization pass over PathPieces that removes redundant diagnostics generated by both ConditionBRVisitor and TrackConstraintBRVisitor. More...
 
static bool removeUnneededCalls (PathPieces &pieces, BugReport *R, LocationContextMap &LCM)
 Recursively scan through a path and prune out calls and macros pieces that aren't needed. More...
 
static bool hasImplicitBody (const Decl *D)
 Returns true if the given decl has been implicitly given a body, either by the analyzer or by the compiler proper. More...
 
static void adjustCallLocations (PathPieces &Pieces, PathDiagnosticLocation *LastCallLocation=nullptr)
 Recursively scan through a path and make sure that all call pieces have valid locations. More...
 
static void removeEdgesToDefaultInitializers (PathPieces &Pieces)
 Remove edges in and out of C++ default initializer expressions. More...
 
static void removePiecesWithInvalidLocations (PathPieces &Pieces)
 Remove all pieces with invalid locations as these cannot be serialized. More...
 
static const StmtgetEnclosingParent (const Stmt *S, const ParentMap &PM)
 
static PathDiagnosticLocation getEnclosingStmtLocation (const Stmt *S, SourceManager &SMgr, const ParentMap &P, const LocationContext *LC, bool allowNestedContexts)
 
static bool GenerateVisitorsOnlyPathDiagnostic (PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N, ArrayRef< std::unique_ptr< BugReporterVisitor >> visitors)
 
static void updateStackPiecesWithMessage (PathDiagnosticPiece &P, StackDiagVector &CallStack)
 
static void CompactPathDiagnostic (PathPieces &path, const SourceManager &SM)
 CompactPathDiagnostic - This function postprocesses a PathDiagnostic object and collapses PathDiagosticPieces that are expanded by macros. More...
 
static bool GenerateMinimalPathDiagnostic (PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N, LocationContextMap &LCM, ArrayRef< std::unique_ptr< BugReporterVisitor >> visitors)
 
static bool IsControlFlowExpr (const Stmt *S)
 
static void reversePropagateIntererstingSymbols (BugReport &R, InterestingExprs &IE, const ProgramState *State, const Expr *Ex, const LocationContext *LCtx)
 
static void reversePropagateInterestingSymbols (BugReport &R, InterestingExprs &IE, const ProgramState *State, const LocationContext *CalleeCtx, const LocationContext *CallerCtx)
 
static bool isLoop (const Stmt *Term)
 
static bool isJumpToFalseBranch (const BlockEdge *BE)
 
static bool isLoopJumpPastBody (const Stmt *Term, const BlockEdge *BE)
 Return true if the terminator is a loop and the destination is the false branch. More...
 
static bool isContainedByStmt (ParentMap &PM, const Stmt *S, const Stmt *SubS)
 
static const StmtgetStmtBeforeCond (ParentMap &PM, const Stmt *Term, const ExplodedNode *N)
 
static bool isInLoopBody (ParentMap &PM, const Stmt *S, const Stmt *Term)
 
static bool GenerateExtensivePathDiagnostic (PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N, LocationContextMap &LCM, ArrayRef< std::unique_ptr< BugReporterVisitor >> visitors)
 
static void addEdgeToPath (PathPieces &path, PathDiagnosticLocation &PrevLoc, PathDiagnosticLocation NewLoc, const LocationContext *LC)
 Adds a sanitized control-flow diagnostic edge to a path. More...
 
static const StmtgetTerminatorCondition (const CFGBlock *B)
 A customized wrapper for CFGBlock::getTerminatorCondition() which returns the element for ObjCForCollectionStmts. More...
 
static bool GenerateAlternateExtensivePathDiagnostic (PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N, LocationContextMap &LCM, ArrayRef< std::unique_ptr< BugReporterVisitor >> visitors)
 
static const StmtgetLocStmt (PathDiagnosticLocation L)
 
static const StmtgetStmtParent (const Stmt *S, const ParentMap &PM)
 
static bool isConditionForTerminator (const Stmt *S, const Stmt *Cond)
 
static bool isIncrementOrInitInForLoop (const Stmt *S, const Stmt *FL)
 
static void addContextEdges (PathPieces &pieces, SourceManager &SM, const ParentMap &PM, const LocationContext *LCtx)
 Adds synthetic edges from top-level statements to their subexpressions. More...
 
static void simplifySimpleBranches (PathPieces &pieces)
 Move edges from a branch condition to a branch target when the condition is simple. More...
 
static Optional< size_tgetLengthOnSingleLine (SourceManager &SM, SourceRange Range)
 Returns the number of bytes in the given (character-based) SourceRange. More...
 
static Optional< size_tgetLengthOnSingleLine (SourceManager &SM, const Stmt *S)
 
static void removeContextCycles (PathPieces &Path, SourceManager &SM, ParentMap &PM)
 Eliminate two-edge cycles created by addContextEdges(). More...
 
static bool lexicalContains (ParentMap &PM, const Stmt *X, const Stmt *Y)
 Return true if X is contained by Y. More...
 
static void removePunyEdges (PathPieces &path, SourceManager &SM, ParentMap &PM)
 
static void removeIdenticalEvents (PathPieces &path)
 
static bool optimizeEdges (PathPieces &path, SourceManager &SM, OptimizedCallsSet &OCS, LocationContextMap &LCM)
 
static void dropFunctionEntryEdge (PathPieces &Path, LocationContextMap &LCM, SourceManager &SM)
 Drop the very first edge in a path, which should be a function entry edge. More...
 
static const CFGBlockfindBlockForNode (const ExplodedNode *N)
 
static bool isImmediateSinkBlock (const CFGBlock *Blk)
 
static bool isInevitablySinking (const ExplodedNode *N)
 
static BugReportFindReportInEquivalenceClass (BugReportEquivClass &EQ, SmallVectorImpl< BugReport *> &bugReports)
 

Variables

static const char StrEnteringLoop [] = "Entering loop body"
 
static const char StrLoopBodyZero [] = "Loop body executed 0 times"
 
static const char StrLoopRangeEmpty []
 
static const char StrLoopCollectionEmpty []
 

Macro Definition Documentation

◆ DEBUG_TYPE

#define DEBUG_TYPE   "BugReporter"

Definition at line 42 of file BugReporter.cpp.

Typedef Documentation

◆ InterestingExprs

Definition at line 1256 of file BugReporter.cpp.

◆ LocationContextMap

typedef llvm::DenseMap<const PathPieces *, const LocationContext *> LocationContextMap

A map from PathDiagnosticPiece to the LocationContext of the inlined function call it represents.

Definition at line 156 of file BugReporter.cpp.

◆ OptimizedCallsSet

Definition at line 1980 of file BugReporter.cpp.

◆ StackDiagPair

typedef std::pair<PathDiagnosticCallPiece*, const ExplodedNode*> StackDiagPair

Definition at line 533 of file BugReporter.cpp.

◆ StackDiagVector

Definition at line 534 of file BugReporter.cpp.

Function Documentation

◆ addContextEdges()

static void addContextEdges ( PathPieces pieces,
SourceManager SM,
const ParentMap PM,
const LocationContext LCtx 
)
static

Adds synthetic edges from top-level statements to their subexpressions.

This avoids a "swoosh" effect, where an edge from a top-level statement A points to a sub-expression B.1 that's not at the start of B. In these cases, we'd like to see an edge from A to B, then another one from B to B.1.

Definition at line 1987 of file BugReporter.cpp.

◆ addEdgeToPath()

static void addEdgeToPath ( PathPieces path,
PathDiagnosticLocation PrevLoc,
PathDiagnosticLocation  NewLoc,
const LocationContext LC 
)
static

◆ adjustCallLocations()

static void adjustCallLocations ( PathPieces Pieces,
PathDiagnosticLocation LastCallLocation = nullptr 
)
static

Recursively scan through a path and make sure that all call pieces have valid locations.

Definition at line 226 of file BugReporter.cpp.

◆ CompactPathDiagnostic()

static void CompactPathDiagnostic ( PathPieces path,
const SourceManager SM 
)
static

CompactPathDiagnostic - This function postprocesses a PathDiagnostic object and collapses PathDiagosticPieces that are expanded by macros.

Definition at line 2981 of file BugReporter.cpp.

◆ dropFunctionEntryEdge()

static void dropFunctionEntryEdge ( PathPieces Path,
LocationContextMap LCM,
SourceManager SM 
)
static

Drop the very first edge in a path, which should be a function entry edge.

If the first edge is not a function entry edge (say, because the first statement had an invalid source location), this function does nothing.

Definition at line 2523 of file BugReporter.cpp.

References clang::ento::PathDiagnosticLocation::createBegin().

◆ eventsDescribeSameCondition()

static PathDiagnosticEventPiece* eventsDescribeSameCondition ( PathDiagnosticEventPiece X,
PathDiagnosticEventPiece Y 
)
static

◆ findBlockForNode()

static const CFGBlock* findBlockForNode ( const ExplodedNode N)
static

◆ FindReportInEquivalenceClass()

static BugReport* FindReportInEquivalenceClass ( BugReportEquivClass EQ,
SmallVectorImpl< BugReport *> &  bugReports 
)
static

Definition at line 3386 of file BugReporter.cpp.

◆ GenerateAlternateExtensivePathDiagnostic()

static bool GenerateAlternateExtensivePathDiagnostic ( PathDiagnostic PD,
PathDiagnosticBuilder &  PDB,
const ExplodedNode N,
LocationContextMap LCM,
ArrayRef< std::unique_ptr< BugReporterVisitor >>  visitors 
)
static

◆ GenerateExtensivePathDiagnostic()

static bool GenerateExtensivePathDiagnostic ( PathDiagnostic PD,
PathDiagnosticBuilder &  PDB,
const ExplodedNode N,
LocationContextMap LCM,
ArrayRef< std::unique_ptr< BugReporterVisitor >>  visitors 
)
static

◆ GenerateMinimalPathDiagnostic()

static bool GenerateMinimalPathDiagnostic ( PathDiagnostic PD,
PathDiagnosticBuilder &  PDB,
const ExplodedNode N,
LocationContextMap LCM,
ArrayRef< std::unique_ptr< BugReporterVisitor >>  visitors 
)
static

◆ GenerateVisitorsOnlyPathDiagnostic()

static bool GenerateVisitorsOnlyPathDiagnostic ( PathDiagnostic PD,
PathDiagnosticBuilder &  PDB,
const ExplodedNode N,
ArrayRef< std::unique_ptr< BugReporterVisitor >>  visitors 
)
static

◆ GetCurrentOrPreviousStmt()

static const Stmt* GetCurrentOrPreviousStmt ( const ExplodedNode N)
inlinestatic

Definition at line 67 of file BugReporter.cpp.

Referenced by clang::ento::BugReport::Profile().

◆ getEnclosingParent()

static const Stmt* getEnclosingParent ( const Stmt S,
const ParentMap PM 
)
static

Definition at line 410 of file BugReporter.cpp.

◆ getEnclosingStmtLocation()

static PathDiagnosticLocation getEnclosingStmtLocation ( const Stmt S,
SourceManager SMgr,
const ParentMap P,
const LocationContext LC,
bool  allowNestedContexts 
)
static

Definition at line 433 of file BugReporter.cpp.

◆ getLengthOnSingleLine() [1/2]

static Optional<size_t> getLengthOnSingleLine ( SourceManager SM,
SourceRange  Range 
)
static

Returns the number of bytes in the given (character-based) SourceRange.

If the locations in the range are not on the same line, returns None.

Note that this does not do a precise user-visible character or column count.

Definition at line 2140 of file BugReporter.cpp.

References clang::SourceRange::getBegin(), clang::SourceRange::getEnd(), clang::SourceManager::getExpansionLoc(), clang::SourceManager::getExpansionRange(), and clang::SourceManager::getFileID().

Referenced by getLengthOnSingleLine().

◆ getLengthOnSingleLine() [2/2]

static Optional<size_t> getLengthOnSingleLine ( SourceManager SM,
const Stmt S 
)
static
See also
getLengthOnSingleLine(SourceManager, SourceRange)

Definition at line 2170 of file BugReporter.cpp.

References getLengthOnSingleLine(), and clang::Stmt::getSourceRange().

◆ getLocStmt()

static const Stmt* getLocStmt ( PathDiagnosticLocation  L)
static

◆ GetPreviousStmt()

static const Stmt* GetPreviousStmt ( const ExplodedNode N)
static

◆ getStmtBeforeCond()

static const Stmt* getStmtBeforeCond ( ParentMap PM,
const Stmt Term,
const ExplodedNode N 
)
static

◆ getStmtParent()

static const Stmt* getStmtParent ( const Stmt S,
const ParentMap PM 
)
static

Definition at line 1908 of file BugReporter.cpp.

References clang::ParentMap::getParentIgnoreParens().

◆ getTerminatorCondition()

static const Stmt* getTerminatorCondition ( const CFGBlock B)
static

A customized wrapper for CFGBlock::getTerminatorCondition() which returns the element for ObjCForCollectionStmts.

Definition at line 1632 of file BugReporter.cpp.

References clang::CFGBlock::getTerminatorCondition().

Referenced by GenerateAlternateExtensivePathDiagnostic(), clang::CFGBlock::getTerminator(), and clang::CFGBlock::getTerminatorCondition().

◆ hasImplicitBody()

static bool hasImplicitBody ( const Decl D)
static

Returns true if the given decl has been implicitly given a body, either by the analyzer or by the compiler proper.

Definition at line 218 of file BugReporter.cpp.

References clang::Decl::hasBody(), and clang::Decl::isImplicit().

◆ isConditionForTerminator()

static bool isConditionForTerminator ( const Stmt S,
const Stmt Cond 
)
static

Definition at line 1929 of file BugReporter.cpp.

References clang::Stmt::getStmtClass().

◆ isContainedByStmt()

static bool isContainedByStmt ( ParentMap PM,
const Stmt S,
const Stmt SubS 
)
static

Definition at line 1348 of file BugReporter.cpp.

References clang::ParentMap::getParent().

Referenced by getStmtBeforeCond(), and isInLoopBody().

◆ IsControlFlowExpr()

static bool IsControlFlowExpr ( const Stmt S)
static

Definition at line 910 of file BugReporter.cpp.

Referenced by GenerateExtensivePathDiagnostic().

◆ isImmediateSinkBlock()

static bool isImmediateSinkBlock ( const CFGBlock Blk)
static

◆ isIncrementOrInitInForLoop()

static bool isIncrementOrInitInForLoop ( const Stmt S,
const Stmt FL 
)
static

Definition at line 1970 of file BugReporter.cpp.

◆ isInevitablySinking()

static bool isInevitablySinking ( const ExplodedNode N)
static

◆ isInLoopBody()

static bool isInLoopBody ( ParentMap PM,
const Stmt S,
const Stmt Term 
)
static

◆ isJumpToFalseBranch()

static bool isJumpToFalseBranch ( const BlockEdge BE)
static

◆ isLoop()

static bool isLoop ( const Stmt Term)
static

◆ isLoopJumpPastBody()

static bool isLoopJumpPastBody ( const Stmt Term,
const BlockEdge BE 
)
static

Return true if the terminator is a loop and the destination is the false branch.

Definition at line 1340 of file BugReporter.cpp.

References isJumpToFalseBranch(), and isLoop().

Referenced by GenerateExtensivePathDiagnostic().

◆ lexicalContains()

static bool lexicalContains ( ParentMap PM,
const Stmt X,
const Stmt Y 
)
static

Return true if X is contained by Y.

Definition at line 2248 of file BugReporter.cpp.

References clang::ParentMap::getParent().

◆ optimizeEdges()

static bool optimizeEdges ( PathPieces path,
SourceManager SM,
OptimizedCallsSet OCS,
LocationContextMap LCM 
)
static

Definition at line 2339 of file BugReporter.cpp.

References clang::LocationContext::getParentMap().

◆ removeContextCycles()

static void removeContextCycles ( PathPieces Path,
SourceManager SM,
ParentMap PM 
)
static

Eliminate two-edge cycles created by addContextEdges().

Once all the context edges are in place, there are plenty of cases where there's a single edge from a top-level statement to a subexpression, followed by a single path note, and then a reverse edge to get back out to the top level. If the statement is simple enough, the subexpression edges just add noise and make it harder to understand what's going on.

This function only removes edges in pairs, because removing only one edge might leave other edges dangling.

This will not remove edges in more complicated situations:

  • if there is more than one "hop" leading to or from a subexpression.
  • if there is an inlined call between the edges instead of a single event.
  • if the whole statement is large enough that having subexpression arrows might be helpful.

Definition at line 2191 of file BugReporter.cpp.

◆ removeEdgesToDefaultInitializers()

static void removeEdgesToDefaultInitializers ( PathPieces Pieces)
static

Remove edges in and out of C++ default initializer expressions.

These are for fields that have in-class initializers, as opposed to being initialized explicitly in a constructor or braced list.

Definition at line 261 of file BugReporter.cpp.

◆ removeIdenticalEvents()

static void removeIdenticalEvents ( PathPieces path)
static

Definition at line 2316 of file BugReporter.cpp.

◆ removePiecesWithInvalidLocations()

static void removePiecesWithInvalidLocations ( PathPieces Pieces)
static

Remove all pieces with invalid locations as these cannot be serialized.

We might have pieces with invalid locations as a result of inlining Body Farm generated functions.

Definition at line 295 of file BugReporter.cpp.

◆ removePunyEdges()

static void removePunyEdges ( PathPieces path,
SourceManager SM,
ParentMap PM 
)
static

Definition at line 2260 of file BugReporter.cpp.

◆ removeRedundantMsgs()

static void removeRedundantMsgs ( PathPieces path)
static

An optimization pass over PathPieces that removes redundant diagnostics generated by both ConditionBRVisitor and TrackConstraintBRVisitor.

Both BugReporterVisitors use different methods to generate diagnostics, with one capable of emitting diagnostics in some cases but not in others. This can lead to redundant diagnostic pieces at the same point in a path.

Definition at line 105 of file BugReporter.cpp.

References clang::ento::PathDiagnosticPiece::Call, clang::ento::PathDiagnosticPiece::ControlFlow, clang::ento::PathDiagnosticPiece::Event, eventsDescribeSameCondition(), clang::ento::PathDiagnosticPiece::Macro, and clang::ento::PathDiagnosticPiece::Note.

◆ removeUnneededCalls()

static bool removeUnneededCalls ( PathPieces pieces,
BugReport R,
LocationContextMap LCM 
)
static

Recursively scan through a path and prune out calls and macros pieces that aren't needed.

Return true if afterwards the path contains "interesting stuff" which means it shouldn't be pruned from the parent path.

Definition at line 161 of file BugReporter.cpp.

References clang::ento::PathDiagnosticPiece::Call, clang::ento::PathDiagnosticPiece::ControlFlow, clang::ento::PathDiagnosticPiece::Event, clang::ento::BugReport::isInteresting(), clang::ento::PathDiagnosticPiece::Macro, and clang::ento::PathDiagnosticPiece::Note.

◆ reversePropagateIntererstingSymbols()

static void reversePropagateIntererstingSymbols ( BugReport R,
InterestingExprs IE,
const ProgramState State,
const Expr Ex,
const LocationContext LCtx 
)
static

◆ reversePropagateInterestingSymbols()

static void reversePropagateInterestingSymbols ( BugReport R,
InterestingExprs IE,
const ProgramState State,
const LocationContext CalleeCtx,
const LocationContext CallerCtx 
)
static

◆ simplifySimpleBranches()

static void simplifySimpleBranches ( PathPieces pieces)
static

Move edges from a branch condition to a branch target when the condition is simple.

This restructures some of the work of addContextEdges. That function creates edges this may destroy, but they work together to create a more aesthetically set of edges around branches. After the call to addContextEdges, we may have (1) an edge to the branch, (2) an edge from the branch to the branch condition, and (3) an edge from the branch condition to the branch target. We keep (1), but may wish to remove (2) and move the source of (3) to the branch if the branch condition is simple.

Definition at line 2069 of file BugReporter.cpp.

◆ STATISTIC() [1/2]

STATISTIC ( MaxBugClassSize  ,
"The maximum number of bug reports in the same equivalence class"   
)

◆ STATISTIC() [2/2]

STATISTIC ( MaxValidBugClassSize  ,
"The maximum number of bug reports in the same equivalence class " "where at least one report is valid (not suppressed)"   
)

◆ updateStackPiecesWithMessage()

static void updateStackPiecesWithMessage ( PathDiagnosticPiece P,
StackDiagVector CallStack 
)
static

Variable Documentation

◆ StrEnteringLoop

const char StrEnteringLoop[] = "Entering loop body"
static

Definition at line 1640 of file BugReporter.cpp.

Referenced by GenerateAlternateExtensivePathDiagnostic().

◆ StrLoopBodyZero

const char StrLoopBodyZero[] = "Loop body executed 0 times"
static

Definition at line 1641 of file BugReporter.cpp.

Referenced by GenerateAlternateExtensivePathDiagnostic().

◆ StrLoopCollectionEmpty

const char StrLoopCollectionEmpty[]
static
Initial value:
=
"Loop body skipped when collection is empty"

Definition at line 1644 of file BugReporter.cpp.

Referenced by GenerateAlternateExtensivePathDiagnostic().

◆ StrLoopRangeEmpty

const char StrLoopRangeEmpty[]
static
Initial value:
=
"Loop body skipped when range is empty"

Definition at line 1642 of file BugReporter.cpp.

Referenced by GenerateAlternateExtensivePathDiagnostic().