From d694485f9d6e3ea7b458df8241dfffd38f62aca8 Mon Sep 17 00:00:00 2001
From: Zhongxing Xu <xuzhongxing@gmail.com>
Date: Wed, 11 Nov 2009 13:42:54 +0000
Subject: [PATCH] Add undefined array subscript checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86837 91177308-0d34-0410-b5e6-96231b3b80d8
---
.../Analysis/PathSensitive/CheckerVisitor.def | 1 +
lib/Analysis/CMakeLists.txt | 1 +
lib/Analysis/GRExprEngine.cpp | 5 +-
lib/Analysis/GRExprEngineInternalChecks.cpp | 1 +
lib/Analysis/GRExprEngineInternalChecks.h | 1 +
.../UndefinedArraySubscriptChecker.cpp | 57 +++++++++++++++++++
test/Analysis/misc-ps.m | 4 ++
7 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 lib/Analysis/UndefinedArraySubscriptChecker.cpp
diff --git a/include/clang/Analysis/PathSensitive/CheckerVisitor.def b/include/clang/Analysis/PathSensitive/CheckerVisitor.def
index e533d9e1e5b..44c6f18f0d7 100644
--- a/include/clang/Analysis/PathSensitive/CheckerVisitor.def
+++ b/include/clang/Analysis/PathSensitive/CheckerVisitor.def
@@ -11,6 +11,7 @@
//
//===---------------------------------------------------------------------===//
+PREVISIT(ArraySubscriptExpr)
PREVISIT(BinaryOperator)
PREVISIT(CallExpr)
PREVISIT(CastExpr)
diff --git a/lib/Analysis/CMakeLists.txt b/lib/Analysis/CMakeLists.txt
index 82ef9842be4..eb83ad56bf3 100644
--- a/lib/Analysis/CMakeLists.txt
+++ b/lib/Analysis/CMakeLists.txt
@@ -52,6 +52,7 @@ add_clang_library(clangAnalysis
Store.cpp
SymbolManager.cpp
UndefinedArgChecker.cpp
+ UndefinedArraySubscriptChecker.cpp
UndefinedAssignmentChecker.cpp
UninitializedValues.cpp
VLASizeChecker.cpp
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index 40283a1925e..7f1e4c06944 100644
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -1080,7 +1080,10 @@ void GRExprEngine::VisitArraySubscriptExpr(ArraySubscriptExpr* A,
ExplodedNodeSet Tmp2;
Visit(Idx, *I1, Tmp2); // Evaluate the index.
- for (ExplodedNodeSet::iterator I2=Tmp2.begin(),E2=Tmp2.end();I2!=E2; ++I2) {
+ ExplodedNodeSet Tmp3;
+ CheckerVisit(A, Tmp3, Tmp2, true);
+
+ for (ExplodedNodeSet::iterator I2=Tmp3.begin(),E2=Tmp3.end();I2!=E2; ++I2) {
const GRState* state = GetState(*I2);
SVal V = state->getLValue(A->getType(), state->getSVal(Idx),
state->getSVal(Base));
diff --git a/lib/Analysis/GRExprEngineInternalChecks.cpp b/lib/Analysis/GRExprEngineInternalChecks.cpp
index ea508a05f75..984526c908a 100644
--- a/lib/Analysis/GRExprEngineInternalChecks.cpp
+++ b/lib/Analysis/GRExprEngineInternalChecks.cpp
@@ -415,4 +415,5 @@ void GRExprEngine::RegisterInternalChecks() {
RegisterCastToStructChecker(*this);
RegisterArrayBoundChecker(*this);
+ RegisterUndefinedArraySubscriptChecker(*this);
}
diff --git a/lib/Analysis/GRExprEngineInternalChecks.h b/lib/Analysis/GRExprEngineInternalChecks.h
index a0687fd10bb..a9077bf7571 100644
--- a/lib/Analysis/GRExprEngineInternalChecks.h
+++ b/lib/Analysis/GRExprEngineInternalChecks.h
@@ -33,6 +33,7 @@ void RegisterFixedAddressChecker(GRExprEngine &Eng);
void RegisterCastToStructChecker(GRExprEngine &Eng);
void RegisterUndefinedArgChecker(GRExprEngine &Eng);
void RegisterArrayBoundChecker(GRExprEngine &Eng);
+void RegisterUndefinedArraySubscriptChecker(GRExprEngine &Eng);
} // end clang namespace
#endif
diff --git a/lib/Analysis/UndefinedArraySubscriptChecker.cpp b/lib/Analysis/UndefinedArraySubscriptChecker.cpp
new file mode 100644
index 00000000000..47d615dbbdf
--- /dev/null
+++ b/lib/Analysis/UndefinedArraySubscriptChecker.cpp
@@ -0,0 +1,57 @@
+//===--- UndefinedArraySubscriptChecker.h ----------------------*- C++ -*--===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This defines UndefinedArraySubscriptChecker, a builtin check in GRExprEngine
+// that performs checks for undefined array subscripts.
+//
+//===----------------------------------------------------------------------===//
+
+#include "clang/Analysis/PathSensitive/CheckerVisitor.h"
+#include "clang/Analysis/PathSensitive/BugReporter.h"
+#include "GRExprEngineInternalChecks.h"
+
+using namespace clang;
+
+namespace {
+class VISIBILITY_HIDDEN UndefinedArraySubscriptChecker
+ : public CheckerVisitor<UndefinedArraySubscriptChecker> {
+ BugType *BT;
+public:
+ UndefinedArraySubscriptChecker() : BT(0) {}
+ static void *getTag() {
+ static int x = 0;
+ return &x;
+ }
+ void PreVisitArraySubscriptExpr(CheckerContext &C,
+ const ArraySubscriptExpr *A);
+};
+} // end anonymous namespace
+
+void clang::RegisterUndefinedArraySubscriptChecker(GRExprEngine &Eng) {
+ Eng.registerCheck(new UndefinedArraySubscriptChecker());
+}
+
+void
+UndefinedArraySubscriptChecker::PreVisitArraySubscriptExpr(CheckerContext &C,
+ const ArraySubscriptExpr *A) {
+ if (C.getState()->getSVal(A->getIdx()).isUndef()) {
+ if (ExplodedNode *N = C.GenerateNode(A, true)) {
+ if (!BT)
+ BT = new BuiltinBug("Array subscript is undefined");
+
+ // Generate a report for this bug.
+ EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName().c_str(),
+ N);
+ R->addRange(A->getIdx()->getSourceRange());
+ R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
+ A->getIdx());
+ C.EmitReport(R);
+ }
+ }
+}
diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m
index b3b4e9ab7ab..de53d41e785 100644
--- a/test/Analysis/misc-ps.m
+++ b/test/Analysis/misc-ps.m
@@ -745,3 +745,7 @@ NSSwappedFloat test_cast_nonstruct_to_union(float x) {
return ((union bran *)&x)->sf; // no-warning
}
+void test_undefined_array_subscript() {
+ int i, a[10];
+ int *p = &a[i]; // expected-warning{{Array subscript is undefined}}
+}
--
GitLab