doxygen/DebugIteratorModeling_8cpp_source.html

//===-- DebugIteratorModeling.cpp ---------------------------------*- C++ -*--//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// Defines a checker for debugging iterator modeling.

//

//===----------------------------------------------------------------------===//


#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"

#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"

#include "clang/StaticAnalyzer/Core/Checker.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"


#include "Iterator.h"


using namespace clang;

using namespace ento;

using namespace iterator;


namespace {


class DebugIteratorModeling

  : public Checker<eval::Call> {


  std::unique_ptr<BugType> DebugMsgBugType;


  template <typename Getter>

  void analyzerIteratorDataField(const CallExpr *CE, CheckerContext &C,

                                 Getter get, SVal Default) const;

  void analyzerIteratorPosition(const CallExpr *CE, CheckerContext &C) const;

  void analyzerIteratorContainer(const CallExpr *CE, CheckerContext &C) const;

  void analyzerIteratorValidity(const CallExpr *CE, CheckerContext &C) const;

  ExplodedNode *reportDebugMsg(llvm::StringRef Msg, CheckerContext &C) const;


  typedef void (DebugIteratorModeling::*FnCheck)(const CallExpr *,

                                                 CheckerContext &) const;


  CallDescriptionMap<FnCheck> Callbacks = {

      {{{"clang_analyzer_iterator_position"}, 1},

       &DebugIteratorModeling::analyzerIteratorPosition},

      {{{"clang_analyzer_iterator_container"}, 1},

       &DebugIteratorModeling::analyzerIteratorContainer},

      {{{"clang_analyzer_iterator_validity"}, 1},

       &DebugIteratorModeling::analyzerIteratorValidity},

  };


public:

  DebugIteratorModeling();


  bool evalCall(const CallEvent &Call, CheckerContext &C) const;

};


} //namespace


DebugIteratorModeling::DebugIteratorModeling() {

  DebugMsgBugType.reset(

      new BugType(this, "Checking analyzer assumptions", "debug",

                  /*SuppressOnSink=*/true));

}


bool DebugIteratorModeling::evalCall(const CallEvent &Call,

                                     CheckerContext &C) const {

  const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());

  if (!CE)

    return false;


  const FnCheck *Handler = Callbacks.lookup(Call);

  if (!Handler)

    return false;


  (this->**Handler)(CE, C);

  return true;

}


template <typename Getter>

void DebugIteratorModeling::analyzerIteratorDataField(const CallExpr *CE,

                                                      CheckerContext &C,

                                                      Getter get,

                                                      SVal Default) const {

  if (CE->getNumArgs() == 0) {

    reportDebugMsg("Missing iterator argument", C);

    return;

  }


  auto State = C.getState();

  SVal V = C.getSVal(CE->getArg(0));

  const auto *Pos = getIteratorPosition(State, V);

  if (Pos) {

    State = State->BindExpr(CE, C.getLocationContext(), get(Pos));

  } else {

    State = State->BindExpr(CE, C.getLocationContext(), Default);

  }

  C.addTransition(State);

}


void DebugIteratorModeling::analyzerIteratorPosition(const CallExpr *CE,

                                                     CheckerContext &C) const {

  auto &BVF = C.getSValBuilder().getBasicValueFactory();

  analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) {

      return nonloc::SymbolVal(P->getOffset());

    }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0))));

}


void DebugIteratorModeling::analyzerIteratorContainer(const CallExpr *CE,

                                                      CheckerContext &C) const {

  auto &BVF = C.getSValBuilder().getBasicValueFactory();

  analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) {

      return loc::MemRegionVal(P->getContainer());

    }, loc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0))));

}


void DebugIteratorModeling::analyzerIteratorValidity(const CallExpr *CE,

                                                     CheckerContext &C) const {

  auto &BVF = C.getSValBuilder().getBasicValueFactory();

  analyzerIteratorDataField(CE, C, [&BVF](const IteratorPosition *P) {

      return

        nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get((P->isValid()))));

    }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0))));

}


ExplodedNode *DebugIteratorModeling::reportDebugMsg(llvm::StringRef Msg,

                                                    CheckerContext &C) const {

  ExplodedNode *N = C.generateNonFatalErrorNode();

  if (!N)

    return nullptr;


  auto &BR = C.getBugReporter();

  BR.emitReport(std::make_unique<PathSensitiveBugReport>(*DebugMsgBugType,

                                                         Msg, N));

  return N;

}


void ento::registerDebugIteratorModeling(CheckerManager &mgr) {

  mgr.registerChecker<DebugIteratorModeling>();

}


bool ento::shouldRegisterDebugIteratorModeling(const CheckerManager &mgr) {

  return true;

}

V
#define V(N, I)
Definition: ASTContext.h:3241

P
StringRef P
Definition: ASTMatchersInternal.cpp:564

BugType.h

BuiltinCheckerRegistration.h

CallDescription.h

CallEvent.h

CheckerContext.h

Checker.h

Iterator.h

clang::CallExpr
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2847

clang::CallExpr::getArg
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Definition: Expr.h:3038

clang::CallExpr::getNumArgs
unsigned getNumArgs() const
getNumArgs - Return the number of actual arguments to this call.
Definition: Expr.h:3025

clang::ento::BugType
Definition: BugType.h:27

clang::ento::CallDescriptionMap
An immutable map from CallDescriptions to arbitrary data.
Definition: CallDescription.h:164

clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:152

clang::ento::CheckerContext
Definition: CheckerContext.h:24

clang::ento::CheckerManager
Definition: CheckerManager.h:126

clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:204

clang::ento::Checker
Definition: Checker.h:516

clang::ento::ExplodedNode
Definition: ExplodedGraph.h:66

clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:55

clang::ento::loc::ConcreteInt
Definition: SVals.h:471

clang::ento::loc::MemRegionVal
Definition: SVals.h:441

clang::ento::nonloc::ConcreteInt
Value representing integer constant.
Definition: SVals.h:305

clang::ento::nonloc::SymbolVal
Represents symbolic expression that isn't a location.
Definition: SVals.h:284

clang::ento::iterator::getIteratorPosition
const IteratorPosition * getIteratorPosition(ProgramStateRef State, const SVal &Val)
Definition: Iterator.cpp:184

clang
Definition: CalledOnceCheck.h:17

clang::StructuralEquivalenceKind::Default
@ Default

clang::LinkageSpecLanguageIDs::C
@ C

clang::OMPDeclareReductionInitKind::Call
@ Call

clang::ento::iterator::IteratorPosition
Definition: Iterator.h:26