clang 20.0.0git
UninitializedObjectChecker.cpp
Go to the documentation of this file.
1//===----- UninitializedObjectChecker.cpp ------------------------*- C++ -*-==//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines a checker that reports uninitialized fields in objects
10// created after a constructor call.
11//
12// To read about command line options and how the checker works, refer to the
13// top of the file and inline comments in UninitializedObject.h.
14//
15// Some of the logic is implemented in UninitializedPointee.cpp, to reduce the
16// complexity of this file.
17//
18//===----------------------------------------------------------------------===//
19
20#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
21#include "UninitializedObject.h"
22#include "clang/ASTMatchers/ASTMatchFinder.h"
23#include "clang/Driver/DriverDiagnostic.h"
24#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
25#include "clang/StaticAnalyzer/Core/Checker.h"
26#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
27#include "clang/StaticAnalyzer/Core/PathSensitive/DynamicType.h"
28
29using namespace clang;
30using namespace clang::ento;
31using namespace clang::ast_matchers;
32
33/// We'll mark fields (and pointee of fields) that are confirmed to be
34/// uninitialized as already analyzed.
35REGISTER_SET_WITH_PROGRAMSTATE(AnalyzedRegions, const MemRegion *)
36
37namespace {
38
39class UninitializedObjectChecker
40 : public Checker<check::EndFunction, check::DeadSymbols> {
41 const BugType BT_uninitField{this, "Uninitialized fields"};
42
43public:
44 // The fields of this struct will be initialized when registering the checker.
45 UninitObjCheckerOptions Opts;
46
47 void checkEndFunction(const ReturnStmt *RS, CheckerContext &C) const;
48 void checkDeadSymbols(SymbolReaper &SR, CheckerContext &C) const;
49};
50
51/// A basic field type, that is not a pointer or a reference, it's dynamic and
52/// static type is the same.
53class RegularField final : public FieldNode {
54public:
55 RegularField(const FieldRegion *FR) : FieldNode(FR) {}
56
57 void printNoteMsg(llvm::raw_ostream &Out) const override {
58 Out << "uninitialized field ";
59 }
60
61 void printPrefix(llvm::raw_ostream &Out) const override {}
62
63 void printNode(llvm::raw_ostream &Out) const override {
64 Out << getVariableName(getDecl());
65 }
66
67 void printSeparator(llvm::raw_ostream &Out) const override { Out << '.'; }
68};
69
70/// Represents that the FieldNode that comes after this is declared in a base
71/// of the previous FieldNode. As such, this descendant doesn't wrap a
72/// FieldRegion, and is purely a tool to describe a relation between two other
73/// FieldRegion wrapping descendants.
74class BaseClass final : public FieldNode {
75 const QualType BaseClassT;
76
77public:
78 BaseClass(const QualType &T) : FieldNode(nullptr), BaseClassT(T) {
79 assert(!T.isNull());
80 assert(T->getAsCXXRecordDecl());
81 }
82
83 void printNoteMsg(llvm::raw_ostream &Out) const override {
84 llvm_unreachable("This node can never be the final node in the "
85 "fieldchain!");
86 }
87
88 void printPrefix(llvm::raw_ostream &Out) const override {}
89
90 void printNode(llvm::raw_ostream &Out) const override {
91 Out << BaseClassT->getAsCXXRecordDecl()->getName() << "::";
92 }
93
94 void printSeparator(llvm::raw_ostream &Out) const override {}
95
96 bool isBase() const override { return true; }
97};
98
99} // end of anonymous namespace
100
101// Utility function declarations.
102
103/// Returns the region that was constructed by CtorDecl, or nullptr if that
104/// isn't possible.
105static const TypedValueRegion *
106getConstructedRegion(const CXXConstructorDecl *CtorDecl,
107 CheckerContext &Context);
108
109/// Checks whether the object constructed by \p Ctor will be analyzed later
110/// (e.g. if the object is a field of another object, in which case we'd check
111/// it multiple times).
112static bool willObjectBeAnalyzedLater(const CXXConstructorDecl *Ctor,
113 CheckerContext &Context);
114
115/// Checks whether RD contains a field with a name or type name that matches
116/// \p Pattern.
117static bool shouldIgnoreRecord(const RecordDecl *RD, StringRef Pattern);
118
119/// Checks _syntactically_ whether it is possible to access FD from the record
120/// that contains it without a preceding assert (even if that access happens
121/// inside a method). This is mainly used for records that act like unions, like
122/// having multiple bit fields, with only a fraction being properly initialized.
123/// If these fields are properly guarded with asserts, this method returns
124/// false.
125///
126/// Since this check is done syntactically, this method could be inaccurate.
127static bool hasUnguardedAccess(const FieldDecl *FD, ProgramStateRef State);
128
129//===----------------------------------------------------------------------===//
130// Methods for UninitializedObjectChecker.
131//===----------------------------------------------------------------------===//
132
133void UninitializedObjectChecker::checkEndFunction(
134 const ReturnStmt *RS, CheckerContext &Context) const {
135
136 const auto *CtorDecl = dyn_cast_or_null<CXXConstructorDecl>(
137 Context.getLocationContext()->getDecl());
138 if (!CtorDecl)
139 return;
140
141 if (!CtorDecl->isUserProvided())
142 return;
143
144 if (CtorDecl->getParent()->isUnion())
145 return;
146
147 // This avoids essentially the same error being reported multiple times.
148 if (willObjectBeAnalyzedLater(CtorDecl, Context))
149 return;
150
151 const TypedValueRegion *R = getConstructedRegion(CtorDecl, Context);
152 if (!R)
153 return;
154
155 FindUninitializedFields F(Context.getState(), R, Opts);
156
157 std::pair<ProgramStateRef, const UninitFieldMap &> UninitInfo =
158 F.getResults();
159
160 ProgramStateRef UpdatedState = UninitInfo.first;
161 const UninitFieldMap &UninitFields = UninitInfo.second;
162
163 if (UninitFields.empty()) {
164 Context.addTransition(UpdatedState);
165 return;
166 }
167
168 // There are uninitialized fields in the record.
169
170 ExplodedNode *Node = Context.generateNonFatalErrorNode(UpdatedState);
171 if (!Node)
172 return;
173
174 PathDiagnosticLocation LocUsedForUniqueing;
175 const Stmt *CallSite = Context.getStackFrame()->getCallSite();
176 if (CallSite)
177 LocUsedForUniqueing = PathDiagnosticLocation::createBegin(
178 CallSite, Context.getSourceManager(), Node->getLocationContext());
179
180 // For Plist consumers that don't support notes just yet, we'll convert notes
181 // to warnings.
182 if (Opts.ShouldConvertNotesToWarnings) {
183 for (const auto &Pair : UninitFields) {
184
185 auto Report = std::make_unique<PathSensitiveBugReport>(
186 BT_uninitField, Pair.second, Node, LocUsedForUniqueing,
187 Node->getLocationContext()->getDecl());
188 Context.emitReport(std::move(Report));
189 }
190 return;
191 }
192
193 SmallString<100> WarningBuf;
194 llvm::raw_svector_ostream WarningOS(WarningBuf);
195 WarningOS << UninitFields.size() << " uninitialized field"
196 << (UninitFields.size() == 1 ? "" : "s")
197 << " at the end of the constructor call";
198
199 auto Report = std::make_unique<PathSensitiveBugReport>(
200 BT_uninitField, WarningOS.str(), Node, LocUsedForUniqueing,
201 Node->getLocationContext()->getDecl());
202
203 for (const auto &Pair : UninitFields) {
204 Report->addNote(Pair.second,
205 PathDiagnosticLocation::create(Pair.first->getDecl(),
206 Context.getSourceManager()));
207 }
208 Context.emitReport(std::move(Report));
209}
210
211void UninitializedObjectChecker::checkDeadSymbols(SymbolReaper &SR,
212 CheckerContext &C) const {
213 ProgramStateRef State = C.getState();
214 for (const MemRegion *R : State->get<AnalyzedRegions>()) {
215 if (!SR.isLiveRegion(R))
216 State = State->remove<AnalyzedRegions>(R);
217 }
218}
219
220//===----------------------------------------------------------------------===//
221// Methods for FindUninitializedFields.
222//===----------------------------------------------------------------------===//
223
224FindUninitializedFields::FindUninitializedFields(
225 ProgramStateRef State, const TypedValueRegion *const R,
226 const UninitObjCheckerOptions &Opts)
227 : State(State), ObjectR(R), Opts(Opts) {
228
229 isNonUnionUninit(ObjectR, FieldChainInfo(ChainFactory));
230
231 // In non-pedantic mode, if ObjectR doesn't contain a single initialized
232 // field, we'll assume that Object was intentionally left uninitialized.
233 if (!Opts.IsPedantic && !isAnyFieldInitialized())
234 UninitFields.clear();
235}
236
237bool FindUninitializedFields::addFieldToUninits(FieldChainInfo Chain,
238 const MemRegion *PointeeR) {
239 const FieldRegion *FR = Chain.getUninitRegion();
240
241 assert((PointeeR || !isDereferencableType(FR->getDecl()->getType())) &&
242 "One must also pass the pointee region as a parameter for "
243 "dereferenceable fields!");
244
245 if (State->getStateManager().getContext().getSourceManager().isInSystemHeader(
246 FR->getDecl()->getLocation()))
247 return false;
248
249 if (Opts.IgnoreGuardedFields && !hasUnguardedAccess(FR->getDecl(), State))
250 return false;
251
252 if (State->contains<AnalyzedRegions>(FR))
253 return false;
254
255 if (PointeeR) {
256 if (State->contains<AnalyzedRegions>(PointeeR)) {
257 return false;
258 }
259 State = State->add<AnalyzedRegions>(PointeeR);
260 }
261
262 State = State->add<AnalyzedRegions>(FR);
263
264 UninitFieldMap::mapped_type NoteMsgBuf;
265 llvm::raw_svector_ostream OS(NoteMsgBuf);
266 Chain.printNoteMsg(OS);
267
268 return UninitFields.insert({FR, std::move(NoteMsgBuf)}).second;
269}
270
271bool FindUninitializedFields::isNonUnionUninit(const TypedValueRegion *R,
272 FieldChainInfo LocalChain) {
273 assert(R->getValueType()->isRecordType() &&
274 !R->getValueType()->isUnionType() &&
275 "This method only checks non-union record objects!");
276
277 const RecordDecl *RD = R->getValueType()->getAsRecordDecl()->getDefinition();
278
279 if (!RD) {
280 IsAnyFieldInitialized = true;
281 return true;
282 }
283
284 if (!Opts.IgnoredRecordsWithFieldPattern.empty() &&
285 shouldIgnoreRecord(RD, Opts.IgnoredRecordsWithFieldPattern)) {
286 IsAnyFieldInitialized = true;
287 return false;
288 }
289
290 bool ContainsUninitField = false;
291
292 // Are all of this non-union's fields initialized?
293 for (const FieldDecl *I : RD->fields()) {
294
295 const auto FieldVal =
296 State->getLValue(I, loc::MemRegionVal(R)).castAs<loc::MemRegionVal>();
297 const auto *FR = FieldVal.getRegionAs<FieldRegion>();
298 QualType T = I->getType();
299
300 // If LocalChain already contains FR, then we encountered a cyclic
301 // reference. In this case, region FR is already under checking at an
302 // earlier node in the directed tree.
303 if (LocalChain.contains(FR))
304 return false;
305
306 if (T->isStructureOrClassType()) {
307 if (isNonUnionUninit(FR, LocalChain.add(RegularField(FR))))
308 ContainsUninitField = true;
309 continue;
310 }
311
312 if (T->isUnionType()) {
313 if (isUnionUninit(FR)) {
314 if (addFieldToUninits(LocalChain.add(RegularField(FR))))
315 ContainsUninitField = true;
316 } else
317 IsAnyFieldInitialized = true;
318 continue;
319 }
320
321 if (T->isArrayType()) {
322 IsAnyFieldInitialized = true;
323 continue;
324 }
325
326 SVal V = State->getSVal(FieldVal);
327
328 if (isDereferencableType(T) || isa<nonloc::LocAsInteger>(V)) {
329 if (isDereferencableUninit(FR, LocalChain))
330 ContainsUninitField = true;
331 continue;
332 }
333
334 if (isPrimitiveType(T)) {
335 if (isPrimitiveUninit(V)) {
336 if (addFieldToUninits(LocalChain.add(RegularField(FR))))
337 ContainsUninitField = true;
338 }
339 continue;
340 }
341
342 llvm_unreachable("All cases are handled!");
343 }
344
345 // Checking bases. The checker will regard inherited data members as direct
346 // fields.
347 const auto *CXXRD = dyn_cast<CXXRecordDecl>(RD);
348 if (!CXXRD)
349 return ContainsUninitField;
350
351 for (const CXXBaseSpecifier &BaseSpec : CXXRD->bases()) {
352 const auto *BaseRegion = State->getLValue(BaseSpec, R)
353 .castAs<loc::MemRegionVal>()
354 .getRegionAs<TypedValueRegion>();
355
356 // If the head of the list is also a BaseClass, we'll overwrite it to avoid
357 // note messages like 'this->A::B::x'.
358 if (!LocalChain.isEmpty() && LocalChain.getHead().isBase()) {
359 if (isNonUnionUninit(BaseRegion, LocalChain.replaceHead(
360 BaseClass(BaseSpec.getType()))))
361 ContainsUninitField = true;
362 } else {
363 if (isNonUnionUninit(BaseRegion,
364 LocalChain.add(BaseClass(BaseSpec.getType()))))
365 ContainsUninitField = true;
366 }
367 }
368
369 return ContainsUninitField;
370}
371
372bool FindUninitializedFields::isUnionUninit(const TypedValueRegion *R) {
373 assert(R->getValueType()->isUnionType() &&
374 "This method only checks union objects!");
375 // TODO: Implement support for union fields.
376 return false;
377}
378
379bool FindUninitializedFields::isPrimitiveUninit(SVal V) {
380 if (V.isUndef())
381 return true;
382
383 IsAnyFieldInitialized = true;
384 return false;
385}
386
387//===----------------------------------------------------------------------===//
388// Methods for FieldChainInfo.
389//===----------------------------------------------------------------------===//
390
391bool FieldChainInfo::contains(const FieldRegion *FR) const {
392 for (const FieldNode &Node : Chain) {
393 if (Node.isSameRegion(FR))
394 return true;
395 }
396 return false;
397}
398
399/// Prints every element except the last to `Out`. Since ImmutableLists store
400/// elements in reverse order, and have no reverse iterators, we use a
401/// recursive function to print the fieldchain correctly. The last element in
402/// the chain is to be printed by `FieldChainInfo::print`.
403static void printTail(llvm::raw_ostream &Out,
404 const FieldChainInfo::FieldChain L);
405
406// FIXME: This function constructs an incorrect string in the following case:
407//
408// struct Base { int x; };
409// struct D1 : Base {}; struct D2 : Base {};
410//
411// struct MostDerived : D1, D2 {
412// MostDerived() {}
413// }
414//
415// A call to MostDerived::MostDerived() will cause two notes that say
416// "uninitialized field 'this->x'", but we can't refer to 'x' directly,
417// we need an explicit namespace resolution whether the uninit field was
418// 'D1::x' or 'D2::x'.
419void FieldChainInfo::printNoteMsg(llvm::raw_ostream &Out) const {
420 if (Chain.isEmpty())
421 return;
422
423 const FieldNode &LastField = getHead();
424
425 LastField.printNoteMsg(Out);
426 Out << '\'';
427
428 for (const FieldNode &Node : Chain)
429 Node.printPrefix(Out);
430
431 Out << "this->";
432 printTail(Out, Chain.getTail());
433 LastField.printNode(Out);
434 Out << '\'';
435}
436
437static void printTail(llvm::raw_ostream &Out,
438 const FieldChainInfo::FieldChain L) {
439 if (L.isEmpty())
440 return;
441
442 printTail(Out, L.getTail());
443
444 L.getHead().printNode(Out);
445 L.getHead().printSeparator(Out);
446}
447
448//===----------------------------------------------------------------------===//
449// Utility functions.
450//===----------------------------------------------------------------------===//
451
452static const TypedValueRegion *
453getConstructedRegion(const CXXConstructorDecl *CtorDecl,
454 CheckerContext &Context) {
455
456 Loc ThisLoc =
457 Context.getSValBuilder().getCXXThis(CtorDecl, Context.getStackFrame());
458
459 SVal ObjectV = Context.getState()->getSVal(ThisLoc);
460
461 auto *R = ObjectV.getAsRegion()->getAs<TypedValueRegion>();
462 if (R && !R->getValueType()->getAsCXXRecordDecl())
463 return nullptr;
464
465 return R;
466}
467
468static bool willObjectBeAnalyzedLater(const CXXConstructorDecl *Ctor,
469 CheckerContext &Context) {
470
471 const TypedValueRegion *CurrRegion = getConstructedRegion(Ctor, Context);
472 if (!CurrRegion)
473 return false;
474
475 const LocationContext *LC = Context.getLocationContext();
476 while ((LC = LC->getParent())) {
477
478 // If \p Ctor was called by another constructor.
479 const auto *OtherCtor = dyn_cast<CXXConstructorDecl>(LC->getDecl());
480 if (!OtherCtor)
481 continue;
482
483 const TypedValueRegion *OtherRegion =
484 getConstructedRegion(OtherCtor, Context);
485 if (!OtherRegion)
486 continue;
487
488 // If the CurrRegion is a subregion of OtherRegion, it will be analyzed
489 // during the analysis of OtherRegion.
490 if (CurrRegion->isSubRegionOf(OtherRegion))
491 return true;
492 }
493
494 return false;
495}
496
497static bool shouldIgnoreRecord(const RecordDecl *RD, StringRef Pattern) {
498 llvm::Regex R(Pattern);
499
500 for (const FieldDecl *FD : RD->fields()) {
501 if (R.match(FD->getType().getAsString()))
502 return true;
503 if (R.match(FD->getName()))
504 return true;
505 }
506
507 return false;
508}
509
510static const Stmt *getMethodBody(const CXXMethodDecl *M) {
511 if (isa<CXXConstructorDecl>(M))
512 return nullptr;
513
514 if (!M->isDefined())
515 return nullptr;
516
517 return M->getDefinition()->getBody();
518}
519
520static bool hasUnguardedAccess(const FieldDecl *FD, ProgramStateRef State) {
521
522 if (FD->getAccess() == AccessSpecifier::AS_public)
523 return true;
524
525 const auto *Parent = dyn_cast<CXXRecordDecl>(FD->getParent());
526
527 if (!Parent)
528 return true;
529
530 Parent = Parent->getDefinition();
531 assert(Parent && "The record's definition must be avaible if an uninitialized"
532 " field of it was found!");
533
534 ASTContext &AC = State->getStateManager().getContext();
535
536 auto FieldAccessM = memberExpr(hasDeclaration(equalsNode(FD))).bind("access");
537
538 auto AssertLikeM = callExpr(callee(functionDecl(
539 hasAnyName("exit", "panic", "error", "Assert", "assert", "ziperr",
540 "assfail", "db_error", "__assert", "__assert2", "_wassert",
541 "__assert_rtn", "__assert_fail", "dtrace_assfail",
542 "yy_fatal_error", "_XCAssertionFailureHandler",
543 "_DTAssertionFailureHandler", "_TSAssertionFailureHandler"))));
544
545 auto NoReturnFuncM = callExpr(callee(functionDecl(isNoReturn())));
546
547 auto GuardM =
548 stmt(anyOf(ifStmt(), switchStmt(), conditionalOperator(), AssertLikeM,
549 NoReturnFuncM))
550 .bind("guard");
551
552 for (const CXXMethodDecl *M : Parent->methods()) {
553 const Stmt *MethodBody = getMethodBody(M);
554 if (!MethodBody)
555 continue;
556
557 auto Accesses = match(stmt(hasDescendant(FieldAccessM)), *MethodBody, AC);
558 if (Accesses.empty())
559 continue;
560 const auto *FirstAccess = Accesses[0].getNodeAs<MemberExpr>("access");
561 assert(FirstAccess);
562
563 auto Guards = match(stmt(hasDescendant(GuardM)), *MethodBody, AC);
564 if (Guards.empty())
565 return true;
566 const auto *FirstGuard = Guards[0].getNodeAs<Stmt>("guard");
567 assert(FirstGuard);
568
569 if (FirstAccess->getBeginLoc() < FirstGuard->getBeginLoc())
570 return true;
571 }
572
573 return false;
574}
575
576std::string clang::ento::getVariableName(const FieldDecl *Field) {
577 // If Field is a captured lambda variable, Field->getName() will return with
578 // an empty string. We can however acquire it's name from the lambda's
579 // captures.
580 const auto *CXXParent = dyn_cast<CXXRecordDecl>(Field->getParent());
581
582 if (CXXParent && CXXParent->isLambda()) {
583 assert(CXXParent->captures_begin());
584 auto It = CXXParent->captures_begin() + Field->getFieldIndex();
585
586 if (It->capturesVariable())
587 return llvm::Twine("/*captured variable*/" +
588 It->getCapturedVar()->getName())
589 .str();
590
591 if (It->capturesThis())
592 return "/*'this' capture*/";
593
594 llvm_unreachable("No other capture type is expected!");
595 }
596
597 return std::string(Field->getName());
598}
599
600void ento::registerUninitializedObjectChecker(CheckerManager &Mgr) {
601 auto Chk = Mgr.registerChecker<UninitializedObjectChecker>();
602
603 const AnalyzerOptions &AnOpts = Mgr.getAnalyzerOptions();
604 UninitObjCheckerOptions &ChOpts = Chk->Opts;
605
606 ChOpts.IsPedantic = AnOpts.getCheckerBooleanOption(Chk, "Pedantic");
607 ChOpts.ShouldConvertNotesToWarnings = AnOpts.getCheckerBooleanOption(
608 Chk, "NotesAsWarnings");
609 ChOpts.CheckPointeeInitialization = AnOpts.getCheckerBooleanOption(
610 Chk, "CheckPointeeInitialization");
611 ChOpts.IgnoredRecordsWithFieldPattern =
612 std::string(AnOpts.getCheckerStringOption(Chk, "IgnoreRecordsWithField"));
613 ChOpts.IgnoreGuardedFields =
614 AnOpts.getCheckerBooleanOption(Chk, "IgnoreGuardedFields");
615
616 std::string ErrorMsg;
617 if (!llvm::Regex(ChOpts.IgnoredRecordsWithFieldPattern).isValid(ErrorMsg))
618 Mgr.reportInvalidCheckerOptionValue(Chk, "IgnoreRecordsWithField",
619 "a valid regex, building failed with error message "
620 "\"" + ErrorMsg + "\"");
621}
622
623bool ento::shouldRegisterUninitializedObjectChecker(const CheckerManager &mgr) {
624 return true;
625}
V
#define V(N, I)
Definition: ASTContext.h:3460
Parent
NodeId Parent
Definition: ASTDiff.cpp:191
Node
DynTypedNode Node
Definition: ASTMatchFinder.cpp:70
REGISTER_SET_WITH_PROGRAMSTATE
#define REGISTER_SET_WITH_PROGRAMSTATE(Name, Elem)
Declares an immutable set of type NameTy, suitable for placement into the ProgramState.
Definition: ProgramStateTrait.h:112
getMethodBody
static const Stmt * getMethodBody(const CXXMethodDecl *M)
Definition: UninitializedObjectChecker.cpp:510
getConstructedRegion
static const TypedValueRegion * getConstructedRegion(const CXXConstructorDecl *CtorDecl, CheckerContext &Context)
Returns the region that was constructed by CtorDecl, or nullptr if that isn't possible.
Definition: UninitializedObjectChecker.cpp:453
hasUnguardedAccess
static bool hasUnguardedAccess(const FieldDecl *FD, ProgramStateRef State)
Checks syntactically whether it is possible to access FD from the record that contains it without a p...
Definition: UninitializedObjectChecker.cpp:520
willObjectBeAnalyzedLater
static bool willObjectBeAnalyzedLater(const CXXConstructorDecl *Ctor, CheckerContext &Context)
Checks whether the object constructed by Ctor will be analyzed later (e.g.
Definition: UninitializedObjectChecker.cpp:468
shouldIgnoreRecord
static bool shouldIgnoreRecord(const RecordDecl *RD, StringRef Pattern)
Checks whether RD contains a field with a name or type name that matches Pattern.
Definition: UninitializedObjectChecker.cpp:497
printTail
static void printTail(llvm::raw_ostream &Out, const FieldChainInfo::FieldChain L)
Prints every element except the last to Out.
Definition: UninitializedObjectChecker.cpp:437
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:188
clang::ASTContext::getSourceManager
SourceManager & getSourceManager()
Definition: ASTContext.h:741
clang::AnalyzerOptions
Stores options for the analyzer from the command line.
Definition: AnalyzerOptions.h:179
clang::CXXBaseSpecifier
Represents a base class of a C++ class.
Definition: DeclCXX.h:146
clang::CXXConstructorDecl
Represents a C++ constructor within a class.
Definition: DeclCXX.h:2553
clang::CXXMethodDecl
Represents a static or instance method of a struct/union/class.
Definition: DeclCXX.h:2078
clang::Decl::getLocation
SourceLocation getLocation() const
Definition: DeclBase.h:442
clang::Decl::getAccess
AccessSpecifier getAccess() const
Definition: DeclBase.h:510
clang::FieldDecl
Represents a member of a struct/union/class.
Definition: Decl.h:3033
clang::FieldDecl::getParent
const RecordDecl * getParent() const
Returns the parent of this field declaration, which is the struct in which this field is defined.
Definition: Decl.h:3264
clang::FunctionDecl::getBody
Stmt * getBody(const FunctionDecl *&Definition) const
Retrieve the body (definition) of the function.
Definition: Decl.cpp:3243
clang::FunctionDecl::getDefinition
FunctionDecl * getDefinition()
Get the definition for this declaration.
Definition: Decl.h:2217
clang::FunctionDecl::isDefined
bool isDefined(const FunctionDecl *&Definition, bool CheckForPendingFriendDefinition=false) const
Returns true if the function has a definition that does not need to be instantiated.
Definition: Decl.cpp:3210
clang::LocationContext
It wraps the AnalysisDeclContext to represent both the call stack with the help of StackFrameContext ...
Definition: AnalysisDeclContext.h:215
clang::LocationContext::getDecl
const Decl * getDecl() const
Definition: AnalysisDeclContext.h:251
clang::LocationContext::getParent
const LocationContext * getParent() const
It might return null.
Definition: AnalysisDeclContext.h:247
clang::MemberExpr
MemberExpr - [C99 6.5.2.3] Structure and Union Members.
Definition: Expr.h:3236
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:929
clang::RecordDecl
Represents a struct/union/class.
Definition: Decl.h:4162
clang::RecordDecl::fields
field_range fields() const
Definition: Decl.h:4376
clang::RecordDecl::getDefinition
RecordDecl * getDefinition() const
Returns the RecordDecl that actually defines this struct/union/class.
Definition: Decl.h:4361
clang::ReturnStmt
ReturnStmt - This represents a return, optionally of an expression: return; return 4;.
Definition: Stmt.h:3046
clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:84
clang::Type::getAsCXXRecordDecl
CXXRecordDecl * getAsCXXRecordDecl() const
Retrieves the CXXRecordDecl that this type refers to, either because the type is a RecordType or beca...
Definition: Type.cpp:1916
clang::Type::isArrayType
bool isArrayType() const
Definition: Type.h:8263
clang::Type::isStructureOrClassType
bool isStructureOrClassType() const
Definition: Type.cpp:690
clang::Type::isRecordType
bool isRecordType() const
Definition: Type.h:8291
clang::Type::isUnionType
bool isUnionType() const
Definition: Type.cpp:704
clang::Type::getAsRecordDecl
RecordDecl * getAsRecordDecl() const
Retrieves the RecordDecl this type refers to.
Definition: Type.cpp:1920
clang::ValueDecl::getType
QualType getType() const
Definition: Decl.h:682
clang::ento::CheckerManager::getAnalyzerOptions
const AnalyzerOptions & getAnalyzerOptions() const
Definition: CheckerManager.h:168
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&... Args)
Used to register checkers.
Definition: CheckerManager.h:202
clang::ento::CheckerManager::reportInvalidCheckerOptionValue
void reportInvalidCheckerOptionValue(const CheckerBase *C, StringRef OptionName, StringRef ExpectedValueDesc) const
Emits an error through a DiagnosticsEngine about an invalid user supplied checker option value.
Definition: CheckerManager.cpp:51
clang::ento::FieldChainInfo
Represents a field chain.
Definition: UninitializedObject.h:160
clang::ento::FieldChainInfo::contains
bool contains(const FieldRegion *FR) const
Definition: UninitializedObjectChecker.cpp:391
clang::ento::FieldChainInfo::FieldChain
llvm::ImmutableList< const FieldNode & > FieldChain
Definition: UninitializedObject.h:162
clang::ento::FieldChainInfo::getHead
const FieldNode & getHead() const
Definition: UninitializedObject.h:188
clang::ento::FieldChainInfo::getUninitRegion
const FieldRegion * getUninitRegion() const
Definition: UninitializedObject.h:189
clang::ento::FieldChainInfo::replaceHead
FieldChainInfo replaceHead(const FieldNodeT &FN)
Constructs a new FieldChainInfo object with FN as the new head of the list.
Definition: UninitializedObject.h:348
clang::ento::FieldChainInfo::add
FieldChainInfo add(const FieldNodeT &FN)
Constructs a new FieldChainInfo object with FN appended.
Definition: UninitializedObject.h:337
clang::ento::FieldChainInfo::printNoteMsg
void printNoteMsg(llvm::raw_ostream &Out) const
Definition: UninitializedObjectChecker.cpp:419
clang::ento::FieldNode
A lightweight polymorphic wrapper around FieldRegion *.
Definition: UninitializedObject.h:85
clang::ento::FieldNode::isBase
virtual bool isBase() const
Definition: UninitializedObject.h:145
clang::ento::FieldNode::printSeparator
virtual void printSeparator(llvm::raw_ostream &Out) const =0
Print the separator.
clang::ento::FieldNode::printPrefix
virtual void printPrefix(llvm::raw_ostream &Out) const =0
Print any prefixes before the fieldchain. Could contain casts, etc.
clang::ento::FieldNode::printNoteMsg
virtual void printNoteMsg(llvm::raw_ostream &Out) const =0
If this is the last element of the fieldchain, this method will print the note message associated wit...
clang::ento::FieldNode::getDecl
const FieldDecl * getDecl() const
Definition: UninitializedObject.h:118
clang::ento::FieldNode::printNode
virtual void printNode(llvm::raw_ostream &Out) const =0
Print the node. Should contain the name of the field stored in FR.
clang::ento::FieldRegion::getDecl
LLVM_ATTRIBUTE_RETURNS_NONNULL const FieldDecl * getDecl() const override
Definition: MemRegion.h:1125
clang::ento::FindUninitializedFields
Searches for and stores uninitialized fields in a non-union object.
Definition: UninitializedObject.h:197
clang::ento::FindUninitializedFields::FindUninitializedFields
FindUninitializedFields(ProgramStateRef State, const TypedValueRegion *const R, const UninitObjCheckerOptions &Opts)
Constructs the FindUninitializedField object, searches for and stores uninitialized fields in R.
Definition: UninitializedObjectChecker.cpp:224
clang::ento::FindUninitializedFields::isAnyFieldInitialized
bool isAnyFieldInitialized()
Returns whether the analyzed region contains at least one initialized field.
Definition: UninitializedObject.h:235
clang::ento::MemRegion
MemRegion - The root abstract class for all memory regions.
Definition: MemRegion.h:97
clang::ento::MemRegion::getAs
const RegionTy * getAs() const
Definition: MemRegion.h:1388
clang::ento::PathDiagnosticLocation::createBegin
static PathDiagnosticLocation createBegin(const Decl *D, const SourceManager &SM)
Create a location for the beginning of the declaration.
Definition: PathDiagnostic.cpp:579
clang::ento::PathDiagnosticLocation::create
static PathDiagnosticLocation create(const Decl *D, const SourceManager &SM)
Create a location corresponding to the given declaration.
Definition: PathDiagnostic.h:248
clang::ento::SVal
SVal - This represents a symbolic expression, which can be either an L-value or an R-value.
Definition: SVals.h:56
clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition: SVals.cpp:120
clang::ento::SubRegion::isSubRegionOf
bool isSubRegionOf(const MemRegion *R) const override
Check if the region is a subregion of the given region.
Definition: MemRegion.cpp:140
clang::ento::SymbolReaper
A class responsible for cleaning up unused symbols.
Definition: SymbolManager.h:566
clang::ento::SymbolReaper::isLiveRegion
bool isLiveRegion(const MemRegion *region)
Definition: SymbolManager.cpp:266
clang::ento::TypedValueRegion
TypedValueRegion - An abstract class representing regions having a typed value.
Definition: MemRegion.h:535
clang::ento::TypedValueRegion::getValueType
virtual QualType getValueType() const =0
clang::ast_matchers
Definition: ASTMatchers.h:100
clang::ast_matchers::hasDescendant
const internal::ArgumentAdaptingMatcherFunc< internal::HasDescendantMatcher > hasDescendant
Matches AST nodes that have descendant AST nodes that match the provided matcher.
Definition: ASTMatchersInternal.cpp:1052
clang::ast_matchers::callExpr
const internal::VariadicDynCastAllOfMatcher< Stmt, CallExpr > callExpr
Matches call expressions.
Definition: ASTMatchersInternal.cpp:847
clang::ast_matchers::match
SmallVector< BoundNodes, 1 > match(MatcherT Matcher, const NodeT &Node, ASTContext &Context)
Returns the results of matching Matcher on Node.
Definition: ASTMatchFinder.h:313
clang::ast_matchers::hasAnyName
const internal::VariadicFunction< internal::Matcher< NamedDecl >, StringRef, internal::hasAnyNameFunc > hasAnyName
Matches NamedDecl nodes that have any of the specified names.
Definition: ASTMatchersInternal.cpp:1039
clang::ast_matchers::functionDecl
const internal::VariadicDynCastAllOfMatcher< Decl, FunctionDecl > functionDecl
Matches function declarations.
Definition: ASTMatchersInternal.cpp:836
clang::ast_matchers::switchStmt
const internal::VariadicDynCastAllOfMatcher< Stmt, SwitchStmt > switchStmt
Matches switch statements.
Definition: ASTMatchersInternal.cpp:944
clang::ast_matchers::memberExpr
const internal::VariadicDynCastAllOfMatcher< Stmt, MemberExpr > memberExpr
Matches member expressions.
Definition: ASTMatchersInternal.cpp:842
clang::ast_matchers::hasDeclaration
internal::PolymorphicMatcher< internal::HasDeclarationMatcher, void(internal::HasDeclarationSupportedTypes), internal::Matcher< Decl > > hasDeclaration(const internal::Matcher< Decl > &InnerMatcher)
Matches a node if the declaration associated with that node matches the given matcher.
Definition: ASTMatchers.h:3696
clang::ast_matchers::stmt
const internal::VariadicAllOfMatcher< Stmt > stmt
Matches statements.
Definition: ASTMatchersInternal.cpp:840
clang::ast_matchers::conditionalOperator
const internal::VariadicDynCastAllOfMatcher< Stmt, ConditionalOperator > conditionalOperator
Matches conditional operator expressions.
Definition: ASTMatchersInternal.cpp:996
clang::ast_matchers::anyOf
const internal::VariadicOperatorMatcherFunc< 2, std::numeric_limits< unsigned >::max()> anyOf
Matches if any of the given matchers matches.
Definition: ASTMatchersInternal.cpp:1031
clang::ast_matchers::ifStmt
const internal::VariadicDynCastAllOfMatcher< Stmt, IfStmt > ifStmt
Matches if statements.
Definition: ASTMatchersInternal.cpp:931
clang::ento::getVariableName
std::string getVariableName(const FieldDecl *Field)
Returns with Field's name.
Definition: UninitializedObjectChecker.cpp:576
clang::ento::isPrimitiveType
bool isPrimitiveType(const QualType &T)
Returns true if T is a primitive type.
Definition: UninitializedObject.h:324
clang::ento::ObjKind::OS
@ OS
Indicates that the tracking object is a descendant of a referenced-counted OSObject,...
clang::ento::isDereferencableType
bool isDereferencableType(const QualType &T)
Definition: UninitializedObject.h:330
clang::ento::UninitFieldMap
std::map< const FieldRegion *, llvm::SmallString< 50 > > UninitFieldMap
Definition: UninitializedObject.h:194
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition: CalledOnceCheck.h:17
clang::T
const FunctionProtoType * T
Definition: RecursiveASTVisitor.h:1364
clang::AS_public
@ AS_public
Definition: Specifiers.h:124
Generated on Sat May 10 2025 09:26:28 for clang by doxygen 1.9.6