1480093f4SDimitry Andric //===-- DebugIteratorModeling.cpp ---------------------------------*- C++ -*--// 2480093f4SDimitry Andric // 3480093f4SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4480093f4SDimitry Andric // See https://llvm.org/LICENSE.txt for license information. 5480093f4SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6480093f4SDimitry Andric // 7480093f4SDimitry Andric //===----------------------------------------------------------------------===// 8480093f4SDimitry Andric // 9480093f4SDimitry Andric // Defines a checker for debugging iterator modeling. 10480093f4SDimitry Andric // 11480093f4SDimitry Andric //===----------------------------------------------------------------------===// 12480093f4SDimitry Andric 13480093f4SDimitry Andric #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 14480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 15480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/Checker.h" 16*349cc55cSDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h" 17480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 18480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 19480093f4SDimitry Andric 20480093f4SDimitry Andric #include "Iterator.h" 21480093f4SDimitry Andric 22480093f4SDimitry Andric using namespace clang; 23480093f4SDimitry Andric using namespace ento; 24480093f4SDimitry Andric using namespace iterator; 25480093f4SDimitry Andric 26480093f4SDimitry Andric namespace { 27480093f4SDimitry Andric 28480093f4SDimitry Andric class DebugIteratorModeling 29480093f4SDimitry Andric : public Checker<eval::Call> { 30480093f4SDimitry Andric 31480093f4SDimitry Andric std::unique_ptr<BugType> DebugMsgBugType; 32480093f4SDimitry Andric 33480093f4SDimitry Andric template <typename Getter> 34480093f4SDimitry Andric void analyzerIteratorDataField(const CallExpr *CE, CheckerContext &C, 35480093f4SDimitry Andric Getter get, SVal Default) const; 36480093f4SDimitry Andric void analyzerIteratorPosition(const CallExpr *CE, CheckerContext &C) const; 37480093f4SDimitry Andric void analyzerIteratorContainer(const CallExpr *CE, CheckerContext &C) const; 38480093f4SDimitry Andric void analyzerIteratorValidity(const CallExpr *CE, CheckerContext &C) const; 39480093f4SDimitry Andric ExplodedNode *reportDebugMsg(llvm::StringRef Msg, CheckerContext &C) const; 40480093f4SDimitry Andric 41480093f4SDimitry Andric typedef void (DebugIteratorModeling::*FnCheck)(const CallExpr *, 42480093f4SDimitry Andric CheckerContext &) const; 43480093f4SDimitry Andric 44480093f4SDimitry Andric CallDescriptionMap<FnCheck> Callbacks = { 45*349cc55cSDimitry Andric {{"clang_analyzer_iterator_position", 1}, 46480093f4SDimitry Andric &DebugIteratorModeling::analyzerIteratorPosition}, 47*349cc55cSDimitry Andric {{"clang_analyzer_iterator_container", 1}, 48480093f4SDimitry Andric &DebugIteratorModeling::analyzerIteratorContainer}, 49*349cc55cSDimitry Andric {{"clang_analyzer_iterator_validity", 1}, 50480093f4SDimitry Andric &DebugIteratorModeling::analyzerIteratorValidity}, 51480093f4SDimitry Andric }; 52480093f4SDimitry Andric 53480093f4SDimitry Andric public: 54480093f4SDimitry Andric DebugIteratorModeling(); 55480093f4SDimitry Andric 56480093f4SDimitry Andric bool evalCall(const CallEvent &Call, CheckerContext &C) const; 57480093f4SDimitry Andric }; 58480093f4SDimitry Andric 59480093f4SDimitry Andric } //namespace 60480093f4SDimitry Andric 61480093f4SDimitry Andric DebugIteratorModeling::DebugIteratorModeling() { 62480093f4SDimitry Andric DebugMsgBugType.reset( 63480093f4SDimitry Andric new BugType(this, "Checking analyzer assumptions", "debug", 64480093f4SDimitry Andric /*SuppressOnSink=*/true)); 65480093f4SDimitry Andric } 66480093f4SDimitry Andric 67480093f4SDimitry Andric bool DebugIteratorModeling::evalCall(const CallEvent &Call, 68480093f4SDimitry Andric CheckerContext &C) const { 69480093f4SDimitry Andric const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); 70480093f4SDimitry Andric if (!CE) 71480093f4SDimitry Andric return false; 72480093f4SDimitry Andric 73480093f4SDimitry Andric const FnCheck *Handler = Callbacks.lookup(Call); 74480093f4SDimitry Andric if (!Handler) 75480093f4SDimitry Andric return false; 76480093f4SDimitry Andric 77480093f4SDimitry Andric (this->**Handler)(CE, C); 78480093f4SDimitry Andric return true; 79480093f4SDimitry Andric } 80480093f4SDimitry Andric 81480093f4SDimitry Andric template <typename Getter> 82480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorDataField(const CallExpr *CE, 83480093f4SDimitry Andric CheckerContext &C, 84480093f4SDimitry Andric Getter get, 85480093f4SDimitry Andric SVal Default) const { 86480093f4SDimitry Andric if (CE->getNumArgs() == 0) { 87480093f4SDimitry Andric reportDebugMsg("Missing iterator argument", C); 88480093f4SDimitry Andric return; 89480093f4SDimitry Andric } 90480093f4SDimitry Andric 91480093f4SDimitry Andric auto State = C.getState(); 92480093f4SDimitry Andric SVal V = C.getSVal(CE->getArg(0)); 93480093f4SDimitry Andric const auto *Pos = getIteratorPosition(State, V); 94480093f4SDimitry Andric if (Pos) { 95480093f4SDimitry Andric State = State->BindExpr(CE, C.getLocationContext(), get(Pos)); 96480093f4SDimitry Andric } else { 97480093f4SDimitry Andric State = State->BindExpr(CE, C.getLocationContext(), Default); 98480093f4SDimitry Andric } 99480093f4SDimitry Andric C.addTransition(State); 100480093f4SDimitry Andric } 101480093f4SDimitry Andric 102480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorPosition(const CallExpr *CE, 103480093f4SDimitry Andric CheckerContext &C) const { 104480093f4SDimitry Andric auto &BVF = C.getSValBuilder().getBasicValueFactory(); 105480093f4SDimitry Andric analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) { 106480093f4SDimitry Andric return nonloc::SymbolVal(P->getOffset()); 107480093f4SDimitry Andric }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 108480093f4SDimitry Andric } 109480093f4SDimitry Andric 110480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorContainer(const CallExpr *CE, 111480093f4SDimitry Andric CheckerContext &C) const { 112480093f4SDimitry Andric auto &BVF = C.getSValBuilder().getBasicValueFactory(); 113480093f4SDimitry Andric analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) { 114480093f4SDimitry Andric return loc::MemRegionVal(P->getContainer()); 115480093f4SDimitry Andric }, loc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 116480093f4SDimitry Andric } 117480093f4SDimitry Andric 118480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorValidity(const CallExpr *CE, 119480093f4SDimitry Andric CheckerContext &C) const { 120480093f4SDimitry Andric auto &BVF = C.getSValBuilder().getBasicValueFactory(); 121480093f4SDimitry Andric analyzerIteratorDataField(CE, C, [&BVF](const IteratorPosition *P) { 122480093f4SDimitry Andric return 123480093f4SDimitry Andric nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get((P->isValid())))); 124480093f4SDimitry Andric }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 125480093f4SDimitry Andric } 126480093f4SDimitry Andric 127480093f4SDimitry Andric ExplodedNode *DebugIteratorModeling::reportDebugMsg(llvm::StringRef Msg, 128480093f4SDimitry Andric CheckerContext &C) const { 129480093f4SDimitry Andric ExplodedNode *N = C.generateNonFatalErrorNode(); 130480093f4SDimitry Andric if (!N) 131480093f4SDimitry Andric return nullptr; 132480093f4SDimitry Andric 133480093f4SDimitry Andric auto &BR = C.getBugReporter(); 134480093f4SDimitry Andric BR.emitReport(std::make_unique<PathSensitiveBugReport>(*DebugMsgBugType, 135480093f4SDimitry Andric Msg, N)); 136480093f4SDimitry Andric return N; 137480093f4SDimitry Andric } 138480093f4SDimitry Andric 139480093f4SDimitry Andric void ento::registerDebugIteratorModeling(CheckerManager &mgr) { 140480093f4SDimitry Andric mgr.registerChecker<DebugIteratorModeling>(); 141480093f4SDimitry Andric } 142480093f4SDimitry Andric 1435ffd83dbSDimitry Andric bool ento::shouldRegisterDebugIteratorModeling(const CheckerManager &mgr) { 144480093f4SDimitry Andric return true; 145480093f4SDimitry Andric } 146