#include "clang/AST/CharUnits.h"
#include "clang/AST/ParentMapContext.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Checkers/Taint.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/APSIntType.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicExtent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
#include "llvm/ADT/APSInt.h"
#include "llvm/Support/FormatVariadic.h"
#include "llvm/Support/raw_ostream.h"
#include <optional>

Functions
static std::optional< std::pair< const SubRegion *, NonLoc > >	computeOffset (ProgramStateRef State, SValBuilder &SVB, SVal Location)
	For a given Location that can be represented as a symbolic expression Arr[Idx] (or perhaps Arr[Idx1][Idx2] etc.), return the parent memory block Arr and the distance of Location from the beginning of Arr (expressed in a NonLoc that specifies the number of CharUnits).
static std::pair< NonLoc, nonloc::ConcreteInt >	getSimplifiedOffsets (NonLoc offset, nonloc::ConcreteInt extent, SValBuilder &svalBuilder)
static bool	isNegative (SValBuilder &SVB, ProgramStateRef State, NonLoc Value)
static bool	isUnsigned (SValBuilder &SVB, NonLoc Value)
static std::pair< ProgramStateRef, ProgramStateRef >	compareValueToThreshold (ProgramStateRef State, NonLoc Value, NonLoc Threshold, SValBuilder &SVB, bool CheckEquality=false)
static std::string	getRegionName (const MemSpaceRegion Space, const SubRegion Region)
static std::optional< int64_t >	getConcreteValue (NonLoc SV)
static std::optional< int64_t >	getConcreteValue (std::optional< NonLoc > SV)
static bool	tryDividePair (std::optional< int64_t > &Val1, std::optional< int64_t > &Val2, int64_t Divisor)
	Try to divide Val1 and Val2 (in place) by Divisor and return true if it can be performed (Divisor is nonzero and there is no remainder).
static Messages	getNonTaintMsgs (const ASTContext &ACtx, const MemSpaceRegion Space, const SubRegion Region, NonLoc Offset, std::optional< NonLoc > Extent, SVal Location, BadOffsetKind Problem)
static Messages	getTaintMsgs (const MemSpaceRegion Space, const SubRegion Region, const char *OffsetName, bool AlsoMentionUnderflow)

Function Documentation

◆ compareValueToThreshold()

std::pair< ProgramStateRef, ProgramStateRef > compareValueToThreshold	(	ProgramStateRef	State,
		NonLoc	Value,
		NonLoc	Threshold,
		SValBuilder &	SVB,
		bool	CheckEquality = false )

static

Definition at line 320 of file ArrayBoundChecker.cpp.

References clang::ento::SValBuilder::evalBinOpNN(), clang::ento::SVal::getAs(), clang::ento::SValBuilder::getConditionType(), getSimplifiedOffsets(), isNegative(), and isUnsigned().

◆ computeOffset()

std::optional< std::pair< const SubRegion *, NonLoc > > computeOffset	(	ProgramStateRef	State,
		SValBuilder &	SVB,
		SVal	Location )

static

For a given Location that can be represented as a symbolic expression Arr[Idx] (or perhaps Arr[Idx1][Idx2] etc.), return the parent memory block Arr and the distance of Location from the beginning of Arr (expressed in a NonLoc that specifies the number of CharUnits).

Returns nullopt when these cannot be determined.

Definition at line 201 of file ArrayBoundChecker.cpp.

References clang::ento::SValBuilder::evalBinOpNN(), clang::ento::SValBuilder::getArrayIndexType(), clang::ento::MemRegion::getAs(), clang::ento::SVal::getAs(), clang::ento::SValBuilder::getContext(), clang::ento::ElementRegion::getElementType(), clang::ento::ElementRegion::getIndex(), clang::CharUnits::getQuantity(), clang::ento::SubRegion::getSuperRegion(), clang::ASTContext::getTypeSizeInChars(), clang::Type::isIncompleteType(), clang::ento::SValBuilder::makeArrayIndex(), clang::ento::SValBuilder::makeZeroArrayIndex(), and clang::T.

◆ getConcreteValue() [1/2]

std::optional< int64_t > getConcreteValue ( NonLoc SV )

static

Definition at line 394 of file ArrayBoundChecker.cpp.

References clang::ento::SVal::getAs().

Referenced by getConcreteValue(), and getNonTaintMsgs().

◆ getConcreteValue() [2/2]

std::optional< int64_t > getConcreteValue ( std::optional< NonLoc > SV )

static

Definition at line 401 of file ArrayBoundChecker.cpp.

References getConcreteValue().

◆ getNonTaintMsgs()

Messages getNonTaintMsgs	(	const ASTContext &	ACtx,
		const MemSpaceRegion *	Space,
		const SubRegion *	Region,
		NonLoc	Offset,
		std::optional< NonLoc >	Extent,
		SVal	Location,
		BadOffsetKind	Problem )

static

Definition at line 424 of file ArrayBoundChecker.cpp.

References clang::QualType::getAsString(), getConcreteValue(), clang::CharUnits::getQuantity(), getRegionName(), clang::ASTContext::getTypeSizeInChars(), and tryDividePair().

◆ getRegionName()

std::string getRegionName	(	const MemSpaceRegion *	Space,
		const SubRegion *	Region )

static

Definition at line 369 of file ArrayBoundChecker.cpp.

References clang::ento::MemRegion::getAs(), clang::ento::MemRegion::getDescriptiveName(), and clang::isa().

Referenced by getNonTaintMsgs(), and getTaintMsgs().

◆ getSimplifiedOffsets()

std::pair< NonLoc, nonloc::ConcreteInt > getSimplifiedOffsets	(	NonLoc	offset,
		nonloc::ConcreteInt	extent,
		SValBuilder &	svalBuilder )

static

Definition at line 272 of file ArrayBoundChecker.cpp.

References clang::ento::APSIntType::convert(), clang::ento::SVal::getAs(), getSimplifiedOffsets(), clang::ento::nonloc::ConcreteInt::getValue(), and clang::ento::SValBuilder::makeIntVal().

Referenced by compareValueToThreshold(), and getSimplifiedOffsets().

◆ getTaintMsgs()

Messages getTaintMsgs	(	const MemSpaceRegion *	Space,
		const SubRegion *	Region,
		const char *	OffsetName,
		bool	AlsoMentionUnderflow )

static

Definition at line 481 of file ArrayBoundChecker.cpp.

References getRegionName().

◆ isNegative()

bool isNegative	(	SValBuilder &	SVB,
		ProgramStateRef	State,
		NonLoc	Value )

static

Definition at line 302 of file ArrayBoundChecker.cpp.

References clang::ento::SValBuilder::getMaxValue().

Referenced by compareValueToThreshold().

◆ isUnsigned()

bool isUnsigned	(	SValBuilder &	SVB,
		NonLoc	Value )

static

Definition at line 307 of file ArrayBoundChecker.cpp.

References clang::ento::SValBuilder::getContext(), clang::Value::getType(), and clang::T.

Referenced by CheckC23ConstexprInitStringLiteral(), compareValueToThreshold(), clang::ento::BasicValueFactory::getIntValue(), cir::direct::getLLVMIntCast(), clang::ento::BasicValueFactory::getValue(), clang::DependentBitIntType::isSigned(), clang::ento::SValBuilder::makeIntVal(), clang::ento::SValBuilder::makeIntVal(), clang::ASTContext::mergeTypes(), clang::BitIntType::Profile(), clang::DependentBitIntType::Profile(), and clang::serialization::DataStreamBasicReader< Impl >::readAPSInt().

◆ tryDividePair()

bool tryDividePair	(	std::optional< int64_t > &	Val1,
		std::optional< int64_t > &	Val2,
		int64_t	Divisor )

static

Try to divide Val1 and Val2 (in place) by Divisor and return true if it can be performed (Divisor is nonzero and there is no remainder).

The values Val1 and Val2 may be nullopt and in that case the corresponding division is considered to be successful.

Definition at line 409 of file ArrayBoundChecker.cpp.

Referenced by getNonTaintMsgs().

Functions

Function Documentation

◆ compareValueToThreshold()

◆ computeOffset()

◆ getConcreteValue() [1/2]

◆ getConcreteValue() [2/2]

◆ getNonTaintMsgs()

◆ getRegionName()

◆ getSimplifiedOffsets()

◆ getTaintMsgs()

◆ isNegative()

◆ isUnsigned()

◆ tryDividePair()