clang 18.0.0git
UndefinedArraySubscriptChecker.cpp
Go to the documentation of this file.
1//===--- UndefinedArraySubscriptChecker.h ----------------------*- C++ -*--===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This defines UndefinedArraySubscriptChecker, a builtin check in ExprEngine
10// that performs checks for undefined array subscripts.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15#include "clang/AST/DeclCXX.h"
16#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
17#include "clang/StaticAnalyzer/Core/Checker.h"
18#include "clang/StaticAnalyzer/Core/CheckerManager.h"
19#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
20
21using namespace clang;
22using namespace ento;
23
24namespace {
25class UndefinedArraySubscriptChecker
26 : public Checker< check::PreStmt<ArraySubscriptExpr> > {
27 mutable std::unique_ptr<BugType> BT;
28
29public:
30 void checkPreStmt(const ArraySubscriptExpr *A, CheckerContext &C) const;
31};
32} // end anonymous namespace
33
34void
35UndefinedArraySubscriptChecker::checkPreStmt(const ArraySubscriptExpr *A,
36 CheckerContext &C) const {
37 const Expr *Index = A->getIdx();
38 if (!C.getSVal(Index).isUndef())
39 return;
40
41 // Sema generates anonymous array variables for copying array struct fields.
42 // Don't warn if we're in an implicitly-generated constructor.
43 const Decl *D = C.getLocationContext()->getDecl();
44 if (const CXXConstructorDecl *Ctor = dyn_cast<CXXConstructorDecl>(D))
45 if (Ctor->isDefaulted())
46 return;
47
48 ExplodedNode *N = C.generateErrorNode();
49 if (!N)
50 return;
51 if (!BT)
52 BT.reset(new BugType(this, "Array subscript is undefined"));
53
54 // Generate a report for this bug.
55 auto R = std::make_unique<PathSensitiveBugReport>(*BT, BT->getDescription(), N);
56 R->addRange(A->getIdx()->getSourceRange());
57 bugreporter::trackExpressionValue(N, A->getIdx(), *R);
58 C.emitReport(std::move(R));
59}
60
61void ento::registerUndefinedArraySubscriptChecker(CheckerManager &mgr) {
62 mgr.registerChecker<UndefinedArraySubscriptChecker>();
63}
64
65bool ento::shouldRegisterUndefinedArraySubscriptChecker(const CheckerManager &mgr) {
66 return true;
67}
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....
clang::ArraySubscriptExpr
ArraySubscriptExpr - [C99 6.5.2.1] Array Subscripting.
Definition: Expr.h:2691
clang::CXXConstructorDecl
Represents a C++ constructor within a class.
Definition: DeclCXX.h:2528
clang::Decl
Decl - This represents one declaration (or definition), e.g.
Definition: DeclBase.h:85
clang::Expr
This represents one expression.
Definition: Expr.h:110
clang::Stmt::getSourceRange
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...
Definition: Stmt.cpp:325
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:204
clang::ento::bugreporter::trackExpressionValue
bool trackExpressionValue(const ExplodedNode *N, const Expr *E, PathSensitiveBugReport &R, TrackingOptions Opts={})
Attempts to add visitors to track expression value back to its point of origin.
Definition: BugReporterVisitors.cpp:2685
Generated on Wed Dec 6 2023 11:09:33 for clang by doxygen 1.9.6