doxygen/InvalidatedIteratorChecker_8cpp_source.html

//===-- InvalidatedIteratorChecker.cpp ----------------------------*- C++ -*--//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// Defines a checker for access of invalidated iterators.

//

//===----------------------------------------------------------------------===//


#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"

#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"

#include "clang/StaticAnalyzer/Core/Checker.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"


#include "Iterator.h"


using namespace clang;

using namespace ento;

using namespace iterator;


namespace {


class InvalidatedIteratorChecker

  : public Checker<check::PreCall, check::PreStmt<UnaryOperator>,

                   check::PreStmt<BinaryOperator>,

                   check::PreStmt<ArraySubscriptExpr>,

                   check::PreStmt<MemberExpr>> {


  const BugType InvalidatedBugType{this, "Iterator invalidated",

                                   "Misuse of STL APIs"};


  void verifyAccess(CheckerContext &C, SVal Val) const;

  void reportBug(StringRef Message, SVal Val, CheckerContext &C,

                 ExplodedNode *ErrNode) const;


public:

  void checkPreCall(const CallEvent &Call, CheckerContext &C) const;

  void checkPreStmt(const UnaryOperator *UO, CheckerContext &C) const;

  void checkPreStmt(const BinaryOperator *BO, CheckerContext &C) const;

  void checkPreStmt(const ArraySubscriptExpr *ASE, CheckerContext &C) const;

  void checkPreStmt(const MemberExpr *ME, CheckerContext &C) const;


};


} // namespace


void InvalidatedIteratorChecker::checkPreCall(const CallEvent &Call,

                                              CheckerContext &C) const {

  // Check for access of invalidated position

  const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl());

  if (!Func)

    return;


  if (Func->isOverloadedOperator() &&

      isAccessOperator(Func->getOverloadedOperator())) {

    // Check for any kind of access of invalidated iterator positions

    if (const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call)) {

      verifyAccess(C, InstCall->getCXXThisVal());

    } else {

      verifyAccess(C, Call.getArgSVal(0));

    }

  }

}


void InvalidatedIteratorChecker::checkPreStmt(const UnaryOperator *UO,

                                              CheckerContext &C) const {

  if (isa<CXXThisExpr>(UO->getSubExpr()))

    return;


  ProgramStateRef State = C.getState();

  UnaryOperatorKind OK = UO->getOpcode();

  SVal SubVal = State->getSVal(UO->getSubExpr(), C.getLocationContext());


  if (isAccessOperator(OK)) {

    verifyAccess(C, SubVal);

  }

}


void InvalidatedIteratorChecker::checkPreStmt(const BinaryOperator *BO,

                                              CheckerContext &C) const {

  ProgramStateRef State = C.getState();

  BinaryOperatorKind OK = BO->getOpcode();

  SVal LVal = State->getSVal(BO->getLHS(), C.getLocationContext());


  if (isAccessOperator(OK)) {

    verifyAccess(C, LVal);

  }

}


void InvalidatedIteratorChecker::checkPreStmt(const ArraySubscriptExpr *ASE,

                                              CheckerContext &C) const {

  ProgramStateRef State = C.getState();

  SVal LVal = State->getSVal(ASE->getLHS(), C.getLocationContext());

  verifyAccess(C, LVal);

}


void InvalidatedIteratorChecker::checkPreStmt(const MemberExpr *ME,

                                              CheckerContext &C) const {

  if (!ME->isArrow() || ME->isImplicitAccess())

    return;


  ProgramStateRef State = C.getState();

  SVal BaseVal = State->getSVal(ME->getBase(), C.getLocationContext());

  verifyAccess(C, BaseVal);

}


void InvalidatedIteratorChecker::verifyAccess(CheckerContext &C,

                                              SVal Val) const {

  auto State = C.getState();

  const auto *Pos = getIteratorPosition(State, Val);

  if (Pos && !Pos->isValid()) {

    auto *N = C.generateErrorNode(State);

    if (!N) {

      return;

    }

    reportBug("Invalidated iterator accessed.", Val, C, N);

  }

}


void InvalidatedIteratorChecker::reportBug(StringRef Message, SVal Val,

                                           CheckerContext &C,

                                           ExplodedNode *ErrNode) const {

  auto R = std::make_unique<PathSensitiveBugReport>(InvalidatedBugType, Message,

                                                    ErrNode);

  R->markInteresting(Val);

  C.emitReport(std::move(R));

}


void ento::registerInvalidatedIteratorChecker(CheckerManager &mgr) {

  mgr.registerChecker<InvalidatedIteratorChecker>();

}


bool ento::shouldRegisterInvalidatedIteratorChecker(const CheckerManager &mgr) {

  return true;

}

BugType.h

BuiltinCheckerRegistration.h

CallEvent.h

CheckerContext.h

Checker.h

Iterator.h

clang::ArraySubscriptExpr
ArraySubscriptExpr - [C99 6.5.2.1] Array Subscripting.
Definition: Expr.h:2664

clang::ArraySubscriptExpr::getLHS
Expr * getLHS()
An array access can be written A[4] or 4[A] (both are equivalent).
Definition: Expr.h:2693

clang::BinaryOperator
A builtin binary operation expression such as "x + y" or "x <= y".
Definition: Expr.h:3840

clang::BinaryOperator::getLHS
Expr * getLHS() const
Definition: Expr.h:3889

clang::BinaryOperator::getOpcode
Opcode getOpcode() const
Definition: Expr.h:3884

clang::MemberExpr
MemberExpr - [C99 6.5.2.3] Structure and Union Members.
Definition: Expr.h:3172

clang::MemberExpr::isImplicitAccess
bool isImplicitAccess() const
Determine whether the base of this explicit is implicit.
Definition: Expr.h:3370

clang::MemberExpr::getBase
Expr * getBase() const
Definition: Expr.h:3249

clang::MemberExpr::isArrow
bool isArrow() const
Definition: Expr.h:3356

clang::UnaryOperator
UnaryOperator - This represents the unary-expression's (except sizeof and alignof),...
Definition: Expr.h:2183

clang::UnaryOperator::getSubExpr
Expr * getSubExpr() const
Definition: Expr.h:2228

clang::UnaryOperator::getOpcode
Opcode getOpcode() const
Definition: Expr.h:2223

clang::ento::BugType
Definition: BugType.h:27

clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:153

clang::ento::CheckerContext
Definition: CheckerContext.h:24

clang::ento::CheckerManager
Definition: CheckerManager.h:126

clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:204

clang::ento::Checker
Definition: Checker.h:512

clang::ento::ExplodedNode
Definition: ExplodedGraph.h:66

clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:55

llvm::IntrusiveRefCntPtr< const ProgramState >

clang::ento::iterator::getIteratorPosition
const IteratorPosition * getIteratorPosition(ProgramStateRef State, SVal Val)
Definition: Iterator.cpp:184

clang::ento::iterator::isAccessOperator
bool isAccessOperator(OverloadedOperatorKind OK)
Definition: Iterator.cpp:126

clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition: CalledOnceCheck.h:17

clang::LinkageSpecLanguageIDs::C
@ C

clang::BinaryOperatorKind
BinaryOperatorKind
Definition: OperationKinds.h:25

clang::OMPDeclareReductionInitKind::Call
@ Call

clang::UnaryOperatorKind
UnaryOperatorKind
Definition: OperationKinds.h:30

clang::PredefinedIdentKind::Func
@ Func