clang 20.0.0git
SmartPtrChecker.cpp
Go to the documentation of this file.
1// SmartPtrChecker.cpp - Check for smart pointer dereference - C++ --------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines a checker that check for null dereference of C++ smart
10// pointer.
11//
12//===----------------------------------------------------------------------===//
13#include "SmartPtr.h"
14
15#include "clang/AST/DeclCXX.h"
16#include "clang/AST/ExprCXX.h"
17#include "clang/AST/Type.h"
18#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
19#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
20#include "clang/StaticAnalyzer/Core/Checker.h"
21#include "clang/StaticAnalyzer/Core/CheckerManager.h"
22#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
23#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
24#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
25#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
26#include "llvm/ADT/StringRef.h"
27
28using namespace clang;
29using namespace ento;
30
31namespace {
32
33static const BugType *NullDereferenceBugTypePtr;
34
35class SmartPtrChecker : public Checker<check::PreCall> {
36public:
37 void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
38 BugType NullDereferenceBugType{this, "Null SmartPtr dereference",
39 "C++ Smart Pointer"};
40
41private:
42 void reportBug(CheckerContext &C, const MemRegion *DerefRegion,
43 const CallEvent &Call) const;
44 void explainDereference(llvm::raw_ostream &OS, const MemRegion *DerefRegion,
45 const CallEvent &Call) const;
46};
47} // end of anonymous namespace
48
49// Define the inter-checker API.
50namespace clang {
51namespace ento {
52namespace smartptr {
53
54const BugType *getNullDereferenceBugType() { return NullDereferenceBugTypePtr; }
55
56} // namespace smartptr
57} // namespace ento
58} // namespace clang
59
60void SmartPtrChecker::checkPreCall(const CallEvent &Call,
61 CheckerContext &C) const {
62 if (!smartptr::isStdSmartPtrCall(Call))
63 return;
64 ProgramStateRef State = C.getState();
65 const auto *OC = dyn_cast<CXXMemberOperatorCall>(&Call);
66 if (!OC)
67 return;
68 const MemRegion *ThisRegion = OC->getCXXThisVal().getAsRegion();
69 if (!ThisRegion)
70 return;
71
72 OverloadedOperatorKind OOK = OC->getOverloadedOperator();
73 if (OOK == OO_Star || OOK == OO_Arrow) {
74 if (smartptr::isNullSmartPtr(State, ThisRegion))
75 reportBug(C, ThisRegion, Call);
76 }
77}
78
79void SmartPtrChecker::reportBug(CheckerContext &C, const MemRegion *DerefRegion,
80 const CallEvent &Call) const {
81 ExplodedNode *ErrNode = C.generateErrorNode();
82 if (!ErrNode)
83 return;
84 llvm::SmallString<128> Str;
85 llvm::raw_svector_ostream OS(Str);
86 explainDereference(OS, DerefRegion, Call);
87 auto R = std::make_unique<PathSensitiveBugReport>(NullDereferenceBugType,
88 OS.str(), ErrNode);
89 R->markInteresting(DerefRegion);
90 C.emitReport(std::move(R));
91}
92
93void SmartPtrChecker::explainDereference(llvm::raw_ostream &OS,
94 const MemRegion *DerefRegion,
95 const CallEvent &Call) const {
96 OS << "Dereference of null smart pointer ";
97 DerefRegion->printPretty(OS);
98}
99
100void ento::registerSmartPtrChecker(CheckerManager &Mgr) {
101 SmartPtrChecker *Checker = Mgr.registerChecker<SmartPtrChecker>();
102 NullDereferenceBugTypePtr = &Checker->NullDereferenceBugType;
103}
104
105bool ento::shouldRegisterSmartPtrChecker(const CheckerManager &mgr) {
106 const LangOptions &LO = mgr.getLangOpts();
107 return LO.CPlusPlus;
108}
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....
ExprCXX.h
Defines the clang::Expr interface and subclasses for C++ expressions.
Type.h
C Language Family Type Representation.
clang::LangOptions
Keeps track of the various options that can be enabled, which controls the dialect of C or C++ that i...
Definition: LangOptions.h:476
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition: CallEvent.h:153
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:204
clang::ento::CheckerManager::getLangOpts
const LangOptions & getLangOpts() const
Definition: CheckerManager.h:169
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:97
clang::ento::MemRegion::printPretty
virtual void printPretty(raw_ostream &os) const
Print the region for use in diagnostics.
Definition: MemRegion.cpp:644
clang::ento::smartptr::getNullDereferenceBugType
const BugType * getNullDereferenceBugType()
Definition: SmartPtrChecker.cpp:54
clang::ento::smartptr::isNullSmartPtr
bool isNullSmartPtr(const ProgramStateRef State, const MemRegion *ThisRegion)
Returns whether the smart pointer is null or not.
Definition: SmartPtrModeling.cpp:149
clang::ento::smartptr::isStdSmartPtrCall
bool isStdSmartPtrCall(const CallEvent &Call)
Returns true if the event call is on smart pointer.
Definition: SmartPtrModeling.cpp:127
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition: CalledOnceCheck.h:17
clang::OverloadedOperatorKind
OverloadedOperatorKind
Enumeration specifying the different kinds of C++ overloaded operators.
Definition: OperatorKinds.h:21
Generated on Fri Nov 15 2024 16:44:44 for clang by doxygen 1.9.6