1480093f4SDimitry Andric //===-- DebugIteratorModeling.cpp ---------------------------------*- C++ -*--// 2480093f4SDimitry Andric // 3480093f4SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4480093f4SDimitry Andric // See https://llvm.org/LICENSE.txt for license information. 5480093f4SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6480093f4SDimitry Andric // 7480093f4SDimitry Andric //===----------------------------------------------------------------------===// 8480093f4SDimitry Andric // 9480093f4SDimitry Andric // Defines a checker for debugging iterator modeling. 10480093f4SDimitry Andric // 11480093f4SDimitry Andric //===----------------------------------------------------------------------===// 12480093f4SDimitry Andric 13480093f4SDimitry Andric #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 14480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 15480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/Checker.h" 16480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 17480093f4SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 18480093f4SDimitry Andric 19480093f4SDimitry Andric #include "Iterator.h" 20480093f4SDimitry Andric 21480093f4SDimitry Andric using namespace clang; 22480093f4SDimitry Andric using namespace ento; 23480093f4SDimitry Andric using namespace iterator; 24480093f4SDimitry Andric 25480093f4SDimitry Andric namespace { 26480093f4SDimitry Andric 27480093f4SDimitry Andric class DebugIteratorModeling 28480093f4SDimitry Andric : public Checker<eval::Call> { 29480093f4SDimitry Andric 30480093f4SDimitry Andric std::unique_ptr<BugType> DebugMsgBugType; 31480093f4SDimitry Andric 32480093f4SDimitry Andric template <typename Getter> 33480093f4SDimitry Andric void analyzerIteratorDataField(const CallExpr *CE, CheckerContext &C, 34480093f4SDimitry Andric Getter get, SVal Default) const; 35480093f4SDimitry Andric void analyzerIteratorPosition(const CallExpr *CE, CheckerContext &C) const; 36480093f4SDimitry Andric void analyzerIteratorContainer(const CallExpr *CE, CheckerContext &C) const; 37480093f4SDimitry Andric void analyzerIteratorValidity(const CallExpr *CE, CheckerContext &C) const; 38480093f4SDimitry Andric ExplodedNode *reportDebugMsg(llvm::StringRef Msg, CheckerContext &C) const; 39480093f4SDimitry Andric 40480093f4SDimitry Andric typedef void (DebugIteratorModeling::*FnCheck)(const CallExpr *, 41480093f4SDimitry Andric CheckerContext &) const; 42480093f4SDimitry Andric 43480093f4SDimitry Andric CallDescriptionMap<FnCheck> Callbacks = { 44480093f4SDimitry Andric {{0, "clang_analyzer_iterator_position", 1}, 45480093f4SDimitry Andric &DebugIteratorModeling::analyzerIteratorPosition}, 46480093f4SDimitry Andric {{0, "clang_analyzer_iterator_container", 1}, 47480093f4SDimitry Andric &DebugIteratorModeling::analyzerIteratorContainer}, 48480093f4SDimitry Andric {{0, "clang_analyzer_iterator_validity", 1}, 49480093f4SDimitry Andric &DebugIteratorModeling::analyzerIteratorValidity}, 50480093f4SDimitry Andric }; 51480093f4SDimitry Andric 52480093f4SDimitry Andric public: 53480093f4SDimitry Andric DebugIteratorModeling(); 54480093f4SDimitry Andric 55480093f4SDimitry Andric bool evalCall(const CallEvent &Call, CheckerContext &C) const; 56480093f4SDimitry Andric }; 57480093f4SDimitry Andric 58480093f4SDimitry Andric } //namespace 59480093f4SDimitry Andric 60480093f4SDimitry Andric DebugIteratorModeling::DebugIteratorModeling() { 61480093f4SDimitry Andric DebugMsgBugType.reset( 62480093f4SDimitry Andric new BugType(this, "Checking analyzer assumptions", "debug", 63480093f4SDimitry Andric /*SuppressOnSink=*/true)); 64480093f4SDimitry Andric } 65480093f4SDimitry Andric 66480093f4SDimitry Andric bool DebugIteratorModeling::evalCall(const CallEvent &Call, 67480093f4SDimitry Andric CheckerContext &C) const { 68480093f4SDimitry Andric const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr()); 69480093f4SDimitry Andric if (!CE) 70480093f4SDimitry Andric return false; 71480093f4SDimitry Andric 72480093f4SDimitry Andric const FnCheck *Handler = Callbacks.lookup(Call); 73480093f4SDimitry Andric if (!Handler) 74480093f4SDimitry Andric return false; 75480093f4SDimitry Andric 76480093f4SDimitry Andric (this->**Handler)(CE, C); 77480093f4SDimitry Andric return true; 78480093f4SDimitry Andric } 79480093f4SDimitry Andric 80480093f4SDimitry Andric template <typename Getter> 81480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorDataField(const CallExpr *CE, 82480093f4SDimitry Andric CheckerContext &C, 83480093f4SDimitry Andric Getter get, 84480093f4SDimitry Andric SVal Default) const { 85480093f4SDimitry Andric if (CE->getNumArgs() == 0) { 86480093f4SDimitry Andric reportDebugMsg("Missing iterator argument", C); 87480093f4SDimitry Andric return; 88480093f4SDimitry Andric } 89480093f4SDimitry Andric 90480093f4SDimitry Andric auto State = C.getState(); 91480093f4SDimitry Andric SVal V = C.getSVal(CE->getArg(0)); 92480093f4SDimitry Andric const auto *Pos = getIteratorPosition(State, V); 93480093f4SDimitry Andric if (Pos) { 94480093f4SDimitry Andric State = State->BindExpr(CE, C.getLocationContext(), get(Pos)); 95480093f4SDimitry Andric } else { 96480093f4SDimitry Andric State = State->BindExpr(CE, C.getLocationContext(), Default); 97480093f4SDimitry Andric } 98480093f4SDimitry Andric C.addTransition(State); 99480093f4SDimitry Andric } 100480093f4SDimitry Andric 101480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorPosition(const CallExpr *CE, 102480093f4SDimitry Andric CheckerContext &C) const { 103480093f4SDimitry Andric auto &BVF = C.getSValBuilder().getBasicValueFactory(); 104480093f4SDimitry Andric analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) { 105480093f4SDimitry Andric return nonloc::SymbolVal(P->getOffset()); 106480093f4SDimitry Andric }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 107480093f4SDimitry Andric } 108480093f4SDimitry Andric 109480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorContainer(const CallExpr *CE, 110480093f4SDimitry Andric CheckerContext &C) const { 111480093f4SDimitry Andric auto &BVF = C.getSValBuilder().getBasicValueFactory(); 112480093f4SDimitry Andric analyzerIteratorDataField(CE, C, [](const IteratorPosition *P) { 113480093f4SDimitry Andric return loc::MemRegionVal(P->getContainer()); 114480093f4SDimitry Andric }, loc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 115480093f4SDimitry Andric } 116480093f4SDimitry Andric 117480093f4SDimitry Andric void DebugIteratorModeling::analyzerIteratorValidity(const CallExpr *CE, 118480093f4SDimitry Andric CheckerContext &C) const { 119480093f4SDimitry Andric auto &BVF = C.getSValBuilder().getBasicValueFactory(); 120480093f4SDimitry Andric analyzerIteratorDataField(CE, C, [&BVF](const IteratorPosition *P) { 121480093f4SDimitry Andric return 122480093f4SDimitry Andric nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get((P->isValid())))); 123480093f4SDimitry Andric }, nonloc::ConcreteInt(BVF.getValue(llvm::APSInt::get(0)))); 124480093f4SDimitry Andric } 125480093f4SDimitry Andric 126480093f4SDimitry Andric ExplodedNode *DebugIteratorModeling::reportDebugMsg(llvm::StringRef Msg, 127480093f4SDimitry Andric CheckerContext &C) const { 128480093f4SDimitry Andric ExplodedNode *N = C.generateNonFatalErrorNode(); 129480093f4SDimitry Andric if (!N) 130480093f4SDimitry Andric return nullptr; 131480093f4SDimitry Andric 132480093f4SDimitry Andric auto &BR = C.getBugReporter(); 133480093f4SDimitry Andric BR.emitReport(std::make_unique<PathSensitiveBugReport>(*DebugMsgBugType, 134480093f4SDimitry Andric Msg, N)); 135480093f4SDimitry Andric return N; 136480093f4SDimitry Andric } 137480093f4SDimitry Andric 138480093f4SDimitry Andric void ento::registerDebugIteratorModeling(CheckerManager &mgr) { 139480093f4SDimitry Andric mgr.registerChecker<DebugIteratorModeling>(); 140480093f4SDimitry Andric } 141480093f4SDimitry Andric 142*5ffd83dbSDimitry Andric bool ento::shouldRegisterDebugIteratorModeling(const CheckerManager &mgr) { 143480093f4SDimitry Andric return true; 144480093f4SDimitry Andric } 145