clang 22.0.0git
SmartPtrChecker.cpp
Go to the documentation of this file.
1// SmartPtrChecker.cpp - Check for smart pointer dereference - C++ --------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines a checker that check for null dereference of C++ smart
10// pointer.
11//
12//===----------------------------------------------------------------------===//
13#include "SmartPtr.h"
14
15#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
16#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
17#include "clang/StaticAnalyzer/Core/Checker.h"
18#include "clang/StaticAnalyzer/Core/CheckerManager.h"
19#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
20#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
21#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
22#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
23
24using namespace clang;
25using namespace ento;
26
27namespace {
28
29static const BugType *NullDereferenceBugTypePtr;
30
31class SmartPtrChecker : public Checker<check::PreCall> {
32public:
33 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
34 BugType NullDereferenceBugType{this, "Null SmartPtr dereference",
35 "C++ Smart Pointer"};
36
37private:
38 void reportBug(CheckerContext &C, const MemRegion *DerefRegion,
39 const CallEvent &Call) const;
40 void explainDereference(llvm::raw_ostream &OS, const MemRegion *DerefRegion,
41 const CallEvent &Call) const;
42};
43} // end of anonymous namespace
44
45// Define the inter-checker API.
46namespace clang {
47namespace ento {
48namespace smartptr {
49
50const BugType *getNullDereferenceBugType() { return NullDereferenceBugTypePtr; }
51
52} // namespace smartptr
53} // namespace ento
54} // namespace clang
55
56void SmartPtrChecker::checkPreCall(const CallEvent &Call,
57 CheckerContext &C) const {
58 if (!smartptr::isStdSmartPtrCall(Call))
59 return;
60 ProgramStateRef State = C.getState();
61 const auto *OC = dyn_cast<CXXMemberOperatorCall>(&Call);
62 if (!OC)
63 return;
64 const MemRegion *ThisRegion = OC->getCXXThisVal().getAsRegion();
65 if (!ThisRegion)
66 return;
67
68 OverloadedOperatorKind OOK = OC->getOverloadedOperator();
69 if (OOK == OO_Star || OOK == OO_Arrow) {
70 if (smartptr::isNullSmartPtr(State, ThisRegion))
71 reportBug(C, ThisRegion, Call);
72 }
73}
74
75void SmartPtrChecker::reportBug(CheckerContext &C, const MemRegion *DerefRegion,
76 const CallEvent &Call) const {
77 ExplodedNode *ErrNode = C.generateErrorNode();
78 if (!ErrNode)
79 return;
80 llvm::SmallString<128> Str;
81 llvm::raw_svector_ostream OS(Str);
82 explainDereference(OS, DerefRegion, Call);
83 auto R = std::make_unique<PathSensitiveBugReport>(NullDereferenceBugType,
84 OS.str(), ErrNode);
85 R->markInteresting(DerefRegion);
86 C.emitReport(std::move(R));
87}
88
89void SmartPtrChecker::explainDereference(llvm::raw_ostream &OS,
90 const MemRegion *DerefRegion,
91 const CallEvent &Call) const {
92 OS << "Dereference of null smart pointer ";
93 DerefRegion->printPretty(OS);
94}
95
96void ento::registerSmartPtrChecker(CheckerManager &Mgr) {
97 SmartPtrChecker *Checker = Mgr.registerChecker<SmartPtrChecker>();
98 NullDereferenceBugTypePtr = &Checker->NullDereferenceBugType;
99}
100
101bool ento::shouldRegisterSmartPtrChecker(const CheckerManager &mgr) {
102 const LangOptions &LO = mgr.getLangOpts();
103 return LO.CPlusPlus;
104}
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition CallEvent.h:153
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&...Args)
Register a single-part checker (derived from Checker): construct its singleton instance,...
Definition CheckerManager.h:218
clang::ento::CheckerManager::getLangOpts
const LangOptions & getLangOpts() const
Definition CheckerManager.h:167
clang::ento::Checker
Simple checker classes that implement one frontend (i.e.
Definition Checker.h:553
clang::ento::MemRegion::printPretty
virtual void printPretty(raw_ostream &os) const
Print the region for use in diagnostics.
Definition MemRegion.cpp:653
clang::ento::smartptr::getNullDereferenceBugType
const BugType * getNullDereferenceBugType()
Definition SmartPtrChecker.cpp:50
clang::ento::smartptr::isNullSmartPtr
bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion)
Returns whether the smart pointer is null or not.
Definition SmartPtrModeling.cpp:146
clang::ento::smartptr::isStdSmartPtrCall
bool isStdSmartPtrCall(const CallEvent &Call)
Returns true if the event call is on smart pointer.
Definition SmartPtrModeling.cpp:124
clang::ento::ProgramStateRef
IntrusiveRefCntPtr< const ProgramState > ProgramStateRef
Definition ProgramState_Fwd.h:37
clang::ento::ObjKind::OS
@ OS
Indicates that the tracking object is a descendant of a referenced-counted OSObject,...
Definition RetainSummaryManager.h:51
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition CalledOnceCheck.h:17
clang::OverloadedOperatorKind
OverloadedOperatorKind
Enumeration specifying the different kinds of C++ overloaded operators.
Definition OperatorKinds.h:21
Generated on for clang by doxygen 1.14.0