109 lines
3.7 KiB
C++
109 lines
3.7 KiB
C++
// SmartPtrChecker.cpp - Check for smart pointer dereference - C++ --------===//
|
|
//
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
//
|
|
// This file defines a checker that check for null dereference of C++ smart
|
|
// pointer.
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
#include "SmartPtr.h"
|
|
|
|
#include "clang/AST/DeclCXX.h"
|
|
#include "clang/AST/ExprCXX.h"
|
|
#include "clang/AST/Type.h"
|
|
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
|
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
|
|
#include "clang/StaticAnalyzer/Core/Checker.h"
|
|
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h"
|
|
#include "llvm/ADT/StringRef.h"
|
|
|
|
using namespace clang;
|
|
using namespace ento;
|
|
|
|
namespace {
|
|
|
|
static const BugType *NullDereferenceBugTypePtr;
|
|
|
|
class SmartPtrChecker : public Checker<check::PreCall> {
|
|
public:
|
|
void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
|
|
BugType NullDereferenceBugType{this, "Null SmartPtr dereference",
|
|
"C++ Smart Pointer"};
|
|
|
|
private:
|
|
void reportBug(CheckerContext &C, const MemRegion *DerefRegion,
|
|
const CallEvent &Call) const;
|
|
void explainDereference(llvm::raw_ostream &OS, const MemRegion *DerefRegion,
|
|
const CallEvent &Call) const;
|
|
};
|
|
} // end of anonymous namespace
|
|
|
|
// Define the inter-checker API.
|
|
namespace clang {
|
|
namespace ento {
|
|
namespace smartptr {
|
|
|
|
const BugType *getNullDereferenceBugType() { return NullDereferenceBugTypePtr; }
|
|
|
|
} // namespace smartptr
|
|
} // namespace ento
|
|
} // namespace clang
|
|
|
|
void SmartPtrChecker::checkPreCall(const CallEvent &Call,
|
|
CheckerContext &C) const {
|
|
if (!smartptr::isStdSmartPtrCall(Call))
|
|
return;
|
|
ProgramStateRef State = C.getState();
|
|
const auto *OC = dyn_cast<CXXMemberOperatorCall>(&Call);
|
|
if (!OC)
|
|
return;
|
|
const MemRegion *ThisRegion = OC->getCXXThisVal().getAsRegion();
|
|
if (!ThisRegion)
|
|
return;
|
|
|
|
OverloadedOperatorKind OOK = OC->getOverloadedOperator();
|
|
if (OOK == OO_Star || OOK == OO_Arrow) {
|
|
if (smartptr::isNullSmartPtr(State, ThisRegion))
|
|
reportBug(C, ThisRegion, Call);
|
|
}
|
|
}
|
|
|
|
void SmartPtrChecker::reportBug(CheckerContext &C, const MemRegion *DerefRegion,
|
|
const CallEvent &Call) const {
|
|
ExplodedNode *ErrNode = C.generateErrorNode();
|
|
if (!ErrNode)
|
|
return;
|
|
llvm::SmallString<128> Str;
|
|
llvm::raw_svector_ostream OS(Str);
|
|
explainDereference(OS, DerefRegion, Call);
|
|
auto R = std::make_unique<PathSensitiveBugReport>(NullDereferenceBugType,
|
|
OS.str(), ErrNode);
|
|
R->markInteresting(DerefRegion);
|
|
C.emitReport(std::move(R));
|
|
}
|
|
|
|
void SmartPtrChecker::explainDereference(llvm::raw_ostream &OS,
|
|
const MemRegion *DerefRegion,
|
|
const CallEvent &Call) const {
|
|
OS << "Dereference of null smart pointer ";
|
|
DerefRegion->printPretty(OS);
|
|
}
|
|
|
|
void ento::registerSmartPtrChecker(CheckerManager &Mgr) {
|
|
SmartPtrChecker *Checker = Mgr.registerChecker<SmartPtrChecker>();
|
|
NullDereferenceBugTypePtr = &Checker->NullDereferenceBugType;
|
|
}
|
|
|
|
bool ento::shouldRegisterSmartPtrChecker(const CheckerManager &mgr) {
|
|
const LangOptions &LO = mgr.getLangOpts();
|
|
return LO.CPlusPlus;
|
|
}
|