10b57cec5SDimitry Andric //===-- DereferenceChecker.cpp - Null dereference checker -----------------===// 20b57cec5SDimitry Andric // 30b57cec5SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 40b57cec5SDimitry Andric // See https://llvm.org/LICENSE.txt for license information. 50b57cec5SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 60b57cec5SDimitry Andric // 70b57cec5SDimitry Andric //===----------------------------------------------------------------------===// 80b57cec5SDimitry Andric // 90b57cec5SDimitry Andric // This defines NullDerefChecker, a builtin check in ExprEngine that performs 100b57cec5SDimitry Andric // checks for null pointers at loads and stores. 110b57cec5SDimitry Andric // 120b57cec5SDimitry Andric //===----------------------------------------------------------------------===// 130b57cec5SDimitry Andric 140b57cec5SDimitry Andric #include "clang/AST/ExprObjC.h" 150b57cec5SDimitry Andric #include "clang/AST/ExprOpenMP.h" 1681ad6265SDimitry Andric #include "clang/Basic/TargetInfo.h" 1781ad6265SDimitry Andric #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 180b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 190b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/Checker.h" 200b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/CheckerManager.h" 210b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 220b57cec5SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerHelpers.h" 230b57cec5SDimitry Andric #include "llvm/ADT/SmallString.h" 240b57cec5SDimitry Andric #include "llvm/Support/raw_ostream.h" 250b57cec5SDimitry Andric 260b57cec5SDimitry Andric using namespace clang; 270b57cec5SDimitry Andric using namespace ento; 280b57cec5SDimitry Andric 290b57cec5SDimitry Andric namespace { 300b57cec5SDimitry Andric class DereferenceChecker 310b57cec5SDimitry Andric : public Checker< check::Location, 320b57cec5SDimitry Andric check::Bind, 330b57cec5SDimitry Andric EventDispatcher<ImplicitNullDerefEvent> > { 34*0fca6ea1SDimitry Andric enum DerefKind { NullPointer, UndefinedPointerValue, AddressOfLabel }; 350b57cec5SDimitry Andric 36e8d8bef9SDimitry Andric BugType BT_Null{this, "Dereference of null pointer", categories::LogicError}; 37e8d8bef9SDimitry Andric BugType BT_Undef{this, "Dereference of undefined pointer value", 38e8d8bef9SDimitry Andric categories::LogicError}; 39*0fca6ea1SDimitry Andric BugType BT_Label{this, "Dereference of the address of a label", 40*0fca6ea1SDimitry Andric categories::LogicError}; 41e8d8bef9SDimitry Andric 42e8d8bef9SDimitry Andric void reportBug(DerefKind K, ProgramStateRef State, const Stmt *S, 43e8d8bef9SDimitry Andric CheckerContext &C) const; 440b57cec5SDimitry Andric 4581ad6265SDimitry Andric bool suppressReport(CheckerContext &C, const Expr *E) const; 4681ad6265SDimitry Andric 470b57cec5SDimitry Andric public: 480b57cec5SDimitry Andric void checkLocation(SVal location, bool isLoad, const Stmt* S, 490b57cec5SDimitry Andric CheckerContext &C) const; 500b57cec5SDimitry Andric void checkBind(SVal L, SVal V, const Stmt *S, CheckerContext &C) const; 510b57cec5SDimitry Andric 520b57cec5SDimitry Andric static void AddDerefSource(raw_ostream &os, 530b57cec5SDimitry Andric SmallVectorImpl<SourceRange> &Ranges, 540b57cec5SDimitry Andric const Expr *Ex, const ProgramState *state, 550b57cec5SDimitry Andric const LocationContext *LCtx, 560b57cec5SDimitry Andric bool loadedFrom = false); 5781ad6265SDimitry Andric 5881ad6265SDimitry Andric bool SuppressAddressSpaces = false; 590b57cec5SDimitry Andric }; 600b57cec5SDimitry Andric } // end anonymous namespace 610b57cec5SDimitry Andric 620b57cec5SDimitry Andric void 630b57cec5SDimitry Andric DereferenceChecker::AddDerefSource(raw_ostream &os, 640b57cec5SDimitry Andric SmallVectorImpl<SourceRange> &Ranges, 650b57cec5SDimitry Andric const Expr *Ex, 660b57cec5SDimitry Andric const ProgramState *state, 670b57cec5SDimitry Andric const LocationContext *LCtx, 680b57cec5SDimitry Andric bool loadedFrom) { 690b57cec5SDimitry Andric Ex = Ex->IgnoreParenLValueCasts(); 700b57cec5SDimitry Andric switch (Ex->getStmtClass()) { 710b57cec5SDimitry Andric default: 720b57cec5SDimitry Andric break; 730b57cec5SDimitry Andric case Stmt::DeclRefExprClass: { 740b57cec5SDimitry Andric const DeclRefExpr *DR = cast<DeclRefExpr>(Ex); 750b57cec5SDimitry Andric if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) { 760b57cec5SDimitry Andric os << " (" << (loadedFrom ? "loaded from" : "from") 770b57cec5SDimitry Andric << " variable '" << VD->getName() << "')"; 780b57cec5SDimitry Andric Ranges.push_back(DR->getSourceRange()); 790b57cec5SDimitry Andric } 800b57cec5SDimitry Andric break; 810b57cec5SDimitry Andric } 820b57cec5SDimitry Andric case Stmt::MemberExprClass: { 830b57cec5SDimitry Andric const MemberExpr *ME = cast<MemberExpr>(Ex); 840b57cec5SDimitry Andric os << " (" << (loadedFrom ? "loaded from" : "via") 850b57cec5SDimitry Andric << " field '" << ME->getMemberNameInfo() << "')"; 860b57cec5SDimitry Andric SourceLocation L = ME->getMemberLoc(); 870b57cec5SDimitry Andric Ranges.push_back(SourceRange(L, L)); 880b57cec5SDimitry Andric break; 890b57cec5SDimitry Andric } 900b57cec5SDimitry Andric case Stmt::ObjCIvarRefExprClass: { 910b57cec5SDimitry Andric const ObjCIvarRefExpr *IV = cast<ObjCIvarRefExpr>(Ex); 920b57cec5SDimitry Andric os << " (" << (loadedFrom ? "loaded from" : "via") 930b57cec5SDimitry Andric << " ivar '" << IV->getDecl()->getName() << "')"; 940b57cec5SDimitry Andric SourceLocation L = IV->getLocation(); 950b57cec5SDimitry Andric Ranges.push_back(SourceRange(L, L)); 960b57cec5SDimitry Andric break; 970b57cec5SDimitry Andric } 980b57cec5SDimitry Andric } 990b57cec5SDimitry Andric } 1000b57cec5SDimitry Andric 1010b57cec5SDimitry Andric static const Expr *getDereferenceExpr(const Stmt *S, bool IsBind=false){ 1020b57cec5SDimitry Andric const Expr *E = nullptr; 1030b57cec5SDimitry Andric 1040b57cec5SDimitry Andric // Walk through lvalue casts to get the original expression 1050b57cec5SDimitry Andric // that syntactically caused the load. 1060b57cec5SDimitry Andric if (const Expr *expr = dyn_cast<Expr>(S)) 1070b57cec5SDimitry Andric E = expr->IgnoreParenLValueCasts(); 1080b57cec5SDimitry Andric 1090b57cec5SDimitry Andric if (IsBind) { 1100b57cec5SDimitry Andric const VarDecl *VD; 1110b57cec5SDimitry Andric const Expr *Init; 1120b57cec5SDimitry Andric std::tie(VD, Init) = parseAssignment(S); 1130b57cec5SDimitry Andric if (VD && Init) 1140b57cec5SDimitry Andric E = Init; 1150b57cec5SDimitry Andric } 1160b57cec5SDimitry Andric return E; 1170b57cec5SDimitry Andric } 1180b57cec5SDimitry Andric 11981ad6265SDimitry Andric bool DereferenceChecker::suppressReport(CheckerContext &C, 12081ad6265SDimitry Andric const Expr *E) const { 12181ad6265SDimitry Andric // Do not report dereferences on memory that use address space #256, #257, 12281ad6265SDimitry Andric // and #258. Those address spaces are used when dereferencing address spaces 12381ad6265SDimitry Andric // relative to the GS, FS, and SS segments on x86/x86-64 targets. 12481ad6265SDimitry Andric // Dereferencing a null pointer in these address spaces is not defined 12581ad6265SDimitry Andric // as an error. All other null dereferences in other address spaces 12681ad6265SDimitry Andric // are defined as an error unless explicitly defined. 12781ad6265SDimitry Andric // See https://clang.llvm.org/docs/LanguageExtensions.html, the section 12881ad6265SDimitry Andric // "X86/X86-64 Language Extensions" 12981ad6265SDimitry Andric 13081ad6265SDimitry Andric QualType Ty = E->getType(); 13181ad6265SDimitry Andric if (!Ty.hasAddressSpace()) 13281ad6265SDimitry Andric return false; 13381ad6265SDimitry Andric if (SuppressAddressSpaces) 13481ad6265SDimitry Andric return true; 13581ad6265SDimitry Andric 13681ad6265SDimitry Andric const llvm::Triple::ArchType Arch = 13781ad6265SDimitry Andric C.getASTContext().getTargetInfo().getTriple().getArch(); 13881ad6265SDimitry Andric 13981ad6265SDimitry Andric if ((Arch == llvm::Triple::x86) || (Arch == llvm::Triple::x86_64)) { 14081ad6265SDimitry Andric switch (toTargetAddressSpace(E->getType().getAddressSpace())) { 14181ad6265SDimitry Andric case 256: 14281ad6265SDimitry Andric case 257: 14381ad6265SDimitry Andric case 258: 14481ad6265SDimitry Andric return true; 14581ad6265SDimitry Andric } 14681ad6265SDimitry Andric } 14781ad6265SDimitry Andric return false; 1480b57cec5SDimitry Andric } 1490b57cec5SDimitry Andric 1500b57cec5SDimitry Andric static bool isDeclRefExprToReference(const Expr *E) { 1510b57cec5SDimitry Andric if (const auto *DRE = dyn_cast<DeclRefExpr>(E)) 1520b57cec5SDimitry Andric return DRE->getDecl()->getType()->isReferenceType(); 1530b57cec5SDimitry Andric return false; 1540b57cec5SDimitry Andric } 1550b57cec5SDimitry Andric 156e8d8bef9SDimitry Andric void DereferenceChecker::reportBug(DerefKind K, ProgramStateRef State, 157e8d8bef9SDimitry Andric const Stmt *S, CheckerContext &C) const { 158e8d8bef9SDimitry Andric const BugType *BT = nullptr; 159e8d8bef9SDimitry Andric llvm::StringRef DerefStr1; 160e8d8bef9SDimitry Andric llvm::StringRef DerefStr2; 161e8d8bef9SDimitry Andric switch (K) { 162e8d8bef9SDimitry Andric case DerefKind::NullPointer: 163e8d8bef9SDimitry Andric BT = &BT_Null; 164e8d8bef9SDimitry Andric DerefStr1 = " results in a null pointer dereference"; 165e8d8bef9SDimitry Andric DerefStr2 = " results in a dereference of a null pointer"; 166e8d8bef9SDimitry Andric break; 167e8d8bef9SDimitry Andric case DerefKind::UndefinedPointerValue: 168e8d8bef9SDimitry Andric BT = &BT_Undef; 169e8d8bef9SDimitry Andric DerefStr1 = " results in an undefined pointer dereference"; 170e8d8bef9SDimitry Andric DerefStr2 = " results in a dereference of an undefined pointer value"; 171e8d8bef9SDimitry Andric break; 172*0fca6ea1SDimitry Andric case DerefKind::AddressOfLabel: 173*0fca6ea1SDimitry Andric BT = &BT_Label; 174*0fca6ea1SDimitry Andric DerefStr1 = " results in an undefined pointer dereference"; 175*0fca6ea1SDimitry Andric DerefStr2 = " results in a dereference of an address of a label"; 176*0fca6ea1SDimitry Andric break; 177e8d8bef9SDimitry Andric }; 178e8d8bef9SDimitry Andric 1790b57cec5SDimitry Andric // Generate an error node. 1800b57cec5SDimitry Andric ExplodedNode *N = C.generateErrorNode(State); 1810b57cec5SDimitry Andric if (!N) 1820b57cec5SDimitry Andric return; 1830b57cec5SDimitry Andric 1840b57cec5SDimitry Andric SmallString<100> buf; 1850b57cec5SDimitry Andric llvm::raw_svector_ostream os(buf); 1860b57cec5SDimitry Andric 1870b57cec5SDimitry Andric SmallVector<SourceRange, 2> Ranges; 1880b57cec5SDimitry Andric 1890b57cec5SDimitry Andric switch (S->getStmtClass()) { 1900b57cec5SDimitry Andric case Stmt::ArraySubscriptExprClass: { 1910b57cec5SDimitry Andric os << "Array access"; 1920b57cec5SDimitry Andric const ArraySubscriptExpr *AE = cast<ArraySubscriptExpr>(S); 1930b57cec5SDimitry Andric AddDerefSource(os, Ranges, AE->getBase()->IgnoreParenCasts(), 1940b57cec5SDimitry Andric State.get(), N->getLocationContext()); 195e8d8bef9SDimitry Andric os << DerefStr1; 1960b57cec5SDimitry Andric break; 1970b57cec5SDimitry Andric } 198*0fca6ea1SDimitry Andric case Stmt::ArraySectionExprClass: { 1990b57cec5SDimitry Andric os << "Array access"; 200*0fca6ea1SDimitry Andric const ArraySectionExpr *AE = cast<ArraySectionExpr>(S); 2010b57cec5SDimitry Andric AddDerefSource(os, Ranges, AE->getBase()->IgnoreParenCasts(), 2020b57cec5SDimitry Andric State.get(), N->getLocationContext()); 203e8d8bef9SDimitry Andric os << DerefStr1; 2040b57cec5SDimitry Andric break; 2050b57cec5SDimitry Andric } 2060b57cec5SDimitry Andric case Stmt::UnaryOperatorClass: { 207e8d8bef9SDimitry Andric os << BT->getDescription(); 2080b57cec5SDimitry Andric const UnaryOperator *U = cast<UnaryOperator>(S); 2090b57cec5SDimitry Andric AddDerefSource(os, Ranges, U->getSubExpr()->IgnoreParens(), 2100b57cec5SDimitry Andric State.get(), N->getLocationContext(), true); 2110b57cec5SDimitry Andric break; 2120b57cec5SDimitry Andric } 2130b57cec5SDimitry Andric case Stmt::MemberExprClass: { 2140b57cec5SDimitry Andric const MemberExpr *M = cast<MemberExpr>(S); 2150b57cec5SDimitry Andric if (M->isArrow() || isDeclRefExprToReference(M->getBase())) { 216e8d8bef9SDimitry Andric os << "Access to field '" << M->getMemberNameInfo() << "'" << DerefStr2; 2170b57cec5SDimitry Andric AddDerefSource(os, Ranges, M->getBase()->IgnoreParenCasts(), 2180b57cec5SDimitry Andric State.get(), N->getLocationContext(), true); 2190b57cec5SDimitry Andric } 2200b57cec5SDimitry Andric break; 2210b57cec5SDimitry Andric } 2220b57cec5SDimitry Andric case Stmt::ObjCIvarRefExprClass: { 2230b57cec5SDimitry Andric const ObjCIvarRefExpr *IV = cast<ObjCIvarRefExpr>(S); 224e8d8bef9SDimitry Andric os << "Access to instance variable '" << *IV->getDecl() << "'" << DerefStr2; 2250b57cec5SDimitry Andric AddDerefSource(os, Ranges, IV->getBase()->IgnoreParenCasts(), 2260b57cec5SDimitry Andric State.get(), N->getLocationContext(), true); 2270b57cec5SDimitry Andric break; 2280b57cec5SDimitry Andric } 2290b57cec5SDimitry Andric default: 2300b57cec5SDimitry Andric break; 2310b57cec5SDimitry Andric } 2320b57cec5SDimitry Andric 233a7dea167SDimitry Andric auto report = std::make_unique<PathSensitiveBugReport>( 234fe6060f1SDimitry Andric *BT, buf.empty() ? BT->getDescription() : buf.str(), N); 2350b57cec5SDimitry Andric 2360b57cec5SDimitry Andric bugreporter::trackExpressionValue(N, bugreporter::getDerefExpr(S), *report); 2370b57cec5SDimitry Andric 2380b57cec5SDimitry Andric for (SmallVectorImpl<SourceRange>::iterator 2390b57cec5SDimitry Andric I = Ranges.begin(), E = Ranges.end(); I!=E; ++I) 2400b57cec5SDimitry Andric report->addRange(*I); 2410b57cec5SDimitry Andric 2420b57cec5SDimitry Andric C.emitReport(std::move(report)); 2430b57cec5SDimitry Andric } 2440b57cec5SDimitry Andric 2450b57cec5SDimitry Andric void DereferenceChecker::checkLocation(SVal l, bool isLoad, const Stmt* S, 2460b57cec5SDimitry Andric CheckerContext &C) const { 2470b57cec5SDimitry Andric // Check for dereference of an undefined value. 2480b57cec5SDimitry Andric if (l.isUndef()) { 249e8d8bef9SDimitry Andric const Expr *DerefExpr = getDereferenceExpr(S); 25081ad6265SDimitry Andric if (!suppressReport(C, DerefExpr)) 251e8d8bef9SDimitry Andric reportBug(DerefKind::UndefinedPointerValue, C.getState(), DerefExpr, C); 2520b57cec5SDimitry Andric return; 2530b57cec5SDimitry Andric } 2540b57cec5SDimitry Andric 2550b57cec5SDimitry Andric DefinedOrUnknownSVal location = l.castAs<DefinedOrUnknownSVal>(); 2560b57cec5SDimitry Andric 2570b57cec5SDimitry Andric // Check for null dereferences. 25881ad6265SDimitry Andric if (!isa<Loc>(location)) 2590b57cec5SDimitry Andric return; 2600b57cec5SDimitry Andric 2610b57cec5SDimitry Andric ProgramStateRef state = C.getState(); 2620b57cec5SDimitry Andric 2630b57cec5SDimitry Andric ProgramStateRef notNullState, nullState; 2640b57cec5SDimitry Andric std::tie(notNullState, nullState) = state->assume(location); 2650b57cec5SDimitry Andric 2660b57cec5SDimitry Andric if (nullState) { 2670b57cec5SDimitry Andric if (!notNullState) { 268e8d8bef9SDimitry Andric // We know that 'location' can only be null. This is what 269e8d8bef9SDimitry Andric // we call an "explicit" null dereference. 2700b57cec5SDimitry Andric const Expr *expr = getDereferenceExpr(S); 27181ad6265SDimitry Andric if (!suppressReport(C, expr)) { 272e8d8bef9SDimitry Andric reportBug(DerefKind::NullPointer, nullState, expr, C); 2730b57cec5SDimitry Andric return; 2740b57cec5SDimitry Andric } 2750b57cec5SDimitry Andric } 2760b57cec5SDimitry Andric 2770b57cec5SDimitry Andric // Otherwise, we have the case where the location could either be 2780b57cec5SDimitry Andric // null or not-null. Record the error node as an "implicit" null 2790b57cec5SDimitry Andric // dereference. 2800b57cec5SDimitry Andric if (ExplodedNode *N = C.generateSink(nullState, C.getPredecessor())) { 2810b57cec5SDimitry Andric ImplicitNullDerefEvent event = {l, isLoad, N, &C.getBugReporter(), 2820b57cec5SDimitry Andric /*IsDirectDereference=*/true}; 2830b57cec5SDimitry Andric dispatchEvent(event); 2840b57cec5SDimitry Andric } 2850b57cec5SDimitry Andric } 2860b57cec5SDimitry Andric 2870b57cec5SDimitry Andric // From this point forward, we know that the location is not null. 2880b57cec5SDimitry Andric C.addTransition(notNullState); 2890b57cec5SDimitry Andric } 2900b57cec5SDimitry Andric 2910b57cec5SDimitry Andric void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S, 2920b57cec5SDimitry Andric CheckerContext &C) const { 2930b57cec5SDimitry Andric // If we're binding to a reference, check if the value is known to be null. 2940b57cec5SDimitry Andric if (V.isUndef()) 2950b57cec5SDimitry Andric return; 2960b57cec5SDimitry Andric 297*0fca6ea1SDimitry Andric // One should never write to label addresses. 298*0fca6ea1SDimitry Andric if (auto Label = L.getAs<loc::GotoLabel>()) { 299*0fca6ea1SDimitry Andric reportBug(DerefKind::AddressOfLabel, C.getState(), S, C); 300*0fca6ea1SDimitry Andric return; 301*0fca6ea1SDimitry Andric } 302*0fca6ea1SDimitry Andric 3030b57cec5SDimitry Andric const MemRegion *MR = L.getAsRegion(); 3040b57cec5SDimitry Andric const TypedValueRegion *TVR = dyn_cast_or_null<TypedValueRegion>(MR); 3050b57cec5SDimitry Andric if (!TVR) 3060b57cec5SDimitry Andric return; 3070b57cec5SDimitry Andric 3080b57cec5SDimitry Andric if (!TVR->getValueType()->isReferenceType()) 3090b57cec5SDimitry Andric return; 3100b57cec5SDimitry Andric 3110b57cec5SDimitry Andric ProgramStateRef State = C.getState(); 3120b57cec5SDimitry Andric 3130b57cec5SDimitry Andric ProgramStateRef StNonNull, StNull; 3140b57cec5SDimitry Andric std::tie(StNonNull, StNull) = State->assume(V.castAs<DefinedOrUnknownSVal>()); 3150b57cec5SDimitry Andric 3160b57cec5SDimitry Andric if (StNull) { 3170b57cec5SDimitry Andric if (!StNonNull) { 3180b57cec5SDimitry Andric const Expr *expr = getDereferenceExpr(S, /*IsBind=*/true); 31981ad6265SDimitry Andric if (!suppressReport(C, expr)) { 320e8d8bef9SDimitry Andric reportBug(DerefKind::NullPointer, StNull, expr, C); 3210b57cec5SDimitry Andric return; 3220b57cec5SDimitry Andric } 3230b57cec5SDimitry Andric } 3240b57cec5SDimitry Andric 3250b57cec5SDimitry Andric // At this point the value could be either null or non-null. 3260b57cec5SDimitry Andric // Record this as an "implicit" null dereference. 3270b57cec5SDimitry Andric if (ExplodedNode *N = C.generateSink(StNull, C.getPredecessor())) { 3280b57cec5SDimitry Andric ImplicitNullDerefEvent event = {V, /*isLoad=*/true, N, 3290b57cec5SDimitry Andric &C.getBugReporter(), 3300b57cec5SDimitry Andric /*IsDirectDereference=*/true}; 3310b57cec5SDimitry Andric dispatchEvent(event); 3320b57cec5SDimitry Andric } 3330b57cec5SDimitry Andric } 3340b57cec5SDimitry Andric 3350b57cec5SDimitry Andric // Unlike a regular null dereference, initializing a reference with a 3360b57cec5SDimitry Andric // dereferenced null pointer does not actually cause a runtime exception in 3370b57cec5SDimitry Andric // Clang's implementation of references. 3380b57cec5SDimitry Andric // 3390b57cec5SDimitry Andric // int &r = *p; // safe?? 3400b57cec5SDimitry Andric // if (p != NULL) return; // uh-oh 3410b57cec5SDimitry Andric // r = 5; // trap here 3420b57cec5SDimitry Andric // 3430b57cec5SDimitry Andric // The standard says this is invalid as soon as we try to create a "null 3440b57cec5SDimitry Andric // reference" (there is no such thing), but turning this into an assumption 3450b57cec5SDimitry Andric // that 'p' is never null will not match our actual runtime behavior. 3460b57cec5SDimitry Andric // So we do not record this assumption, allowing us to warn on the last line 3470b57cec5SDimitry Andric // of this example. 3480b57cec5SDimitry Andric // 3490b57cec5SDimitry Andric // We do need to add a transition because we may have generated a sink for 3500b57cec5SDimitry Andric // the "implicit" null dereference. 3510b57cec5SDimitry Andric C.addTransition(State, this); 3520b57cec5SDimitry Andric } 3530b57cec5SDimitry Andric 3540b57cec5SDimitry Andric void ento::registerDereferenceChecker(CheckerManager &mgr) { 35581ad6265SDimitry Andric auto *Chk = mgr.registerChecker<DereferenceChecker>(); 35681ad6265SDimitry Andric Chk->SuppressAddressSpaces = mgr.getAnalyzerOptions().getCheckerBooleanOption( 35781ad6265SDimitry Andric mgr.getCurrentCheckerName(), "SuppressAddressSpaces"); 3580b57cec5SDimitry Andric } 3590b57cec5SDimitry Andric 3605ffd83dbSDimitry Andric bool ento::shouldRegisterDereferenceChecker(const CheckerManager &mgr) { 3610b57cec5SDimitry Andric return true; 3620b57cec5SDimitry Andric } 363