1 //===--- CloneChecker.cpp - Clone detection checker -------------*- C++ -*-===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 /// 10 /// \file 11 /// CloneChecker is a checker that reports clones in the current translation 12 /// unit. 13 /// 14 //===----------------------------------------------------------------------===// 15 16 #include "ClangSACheckers.h" 17 #include "clang/Analysis/CloneDetection.h" 18 #include "clang/Basic/Diagnostic.h" 19 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 20 #include "clang/StaticAnalyzer/Core/Checker.h" 21 #include "clang/StaticAnalyzer/Core/CheckerManager.h" 22 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 23 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 24 25 using namespace clang; 26 using namespace ento; 27 28 namespace { 29 class CloneChecker 30 : public Checker<check::ASTCodeBody, check::EndOfTranslationUnit> { 31 mutable CloneDetector Detector; 32 mutable std::unique_ptr<BugType> BT_Exact, BT_Suspicious; 33 34 public: 35 void checkASTCodeBody(const Decl *D, AnalysisManager &Mgr, 36 BugReporter &BR) const; 37 38 void checkEndOfTranslationUnit(const TranslationUnitDecl *TU, 39 AnalysisManager &Mgr, BugReporter &BR) const; 40 41 /// Reports all clones to the user. 42 void reportClones(BugReporter &BR, AnalysisManager &Mgr, 43 std::vector<CloneDetector::CloneGroup> &CloneGroups) const; 44 45 /// Reports only suspicious clones to the user along with informaton 46 /// that explain why they are suspicious. 47 void reportSuspiciousClones( 48 BugReporter &BR, AnalysisManager &Mgr, 49 std::vector<CloneDetector::CloneGroup> &CloneGroups) const; 50 }; 51 } // end anonymous namespace 52 53 void CloneChecker::checkASTCodeBody(const Decl *D, AnalysisManager &Mgr, 54 BugReporter &BR) const { 55 // Every statement that should be included in the search for clones needs to 56 // be passed to the CloneDetector. 57 Detector.analyzeCodeBody(D); 58 } 59 60 void CloneChecker::checkEndOfTranslationUnit(const TranslationUnitDecl *TU, 61 AnalysisManager &Mgr, 62 BugReporter &BR) const { 63 // At this point, every statement in the translation unit has been analyzed by 64 // the CloneDetector. The only thing left to do is to report the found clones. 65 66 int MinComplexity = Mgr.getAnalyzerOptions().getOptionAsInteger( 67 "MinimumCloneComplexity", 10, this); 68 assert(MinComplexity >= 0); 69 70 bool ReportSuspiciousClones = Mgr.getAnalyzerOptions().getBooleanOption( 71 "ReportSuspiciousClones", true, this); 72 73 bool ReportNormalClones = Mgr.getAnalyzerOptions().getBooleanOption( 74 "ReportNormalClones", true, this); 75 76 // Let the CloneDetector create a list of clones from all the analyzed 77 // statements. We don't filter for matching variable patterns at this point 78 // because reportSuspiciousClones() wants to search them for errors. 79 std::vector<CloneDetector::CloneGroup> AllCloneGroups; 80 81 Detector.findClones(AllCloneGroups, RecursiveCloneTypeIIConstraint(), 82 MinComplexityConstraint(MinComplexity), 83 MinGroupSizeConstraint(2), OnlyLargestCloneConstraint()); 84 85 if (ReportSuspiciousClones) 86 reportSuspiciousClones(BR, Mgr, AllCloneGroups); 87 88 // We are done for this translation unit unless we also need to report normal 89 // clones. 90 if (!ReportNormalClones) 91 return; 92 93 // Now that the suspicious clone detector has checked for pattern errors, 94 // we also filter all clones who don't have matching patterns 95 CloneDetector::constrainClones(AllCloneGroups, 96 MatchingVariablePatternConstraint(), 97 MinGroupSizeConstraint(2)); 98 99 reportClones(BR, Mgr, AllCloneGroups); 100 } 101 102 static PathDiagnosticLocation makeLocation(const StmtSequence &S, 103 AnalysisManager &Mgr) { 104 ASTContext &ACtx = Mgr.getASTContext(); 105 return PathDiagnosticLocation::createBegin( 106 S.front(), ACtx.getSourceManager(), 107 Mgr.getAnalysisDeclContext(ACtx.getTranslationUnitDecl())); 108 } 109 110 void CloneChecker::reportClones( 111 BugReporter &BR, AnalysisManager &Mgr, 112 std::vector<CloneDetector::CloneGroup> &CloneGroups) const { 113 114 if (!BT_Exact) 115 BT_Exact.reset(new BugType(this, "Exact code clone", "Code clone")); 116 117 for (const CloneDetector::CloneGroup &Group : CloneGroups) { 118 // We group the clones by printing the first as a warning and all others 119 // as a note. 120 auto R = llvm::make_unique<BugReport>(*BT_Exact, "Duplicate code detected", 121 makeLocation(Group.front(), Mgr)); 122 R->addRange(Group.front().getSourceRange()); 123 124 for (unsigned i = 1; i < Group.size(); ++i) 125 R->addNote("Similar code here", makeLocation(Group[i], Mgr), 126 Group[i].getSourceRange()); 127 BR.emitReport(std::move(R)); 128 } 129 } 130 131 void CloneChecker::reportSuspiciousClones( 132 BugReporter &BR, AnalysisManager &Mgr, 133 std::vector<CloneDetector::CloneGroup> &CloneGroups) const { 134 std::vector<VariablePattern::SuspiciousClonePair> Pairs; 135 136 for (const CloneDetector::CloneGroup &Group : CloneGroups) { 137 for (unsigned i = 0; i < Group.size(); ++i) { 138 VariablePattern PatternA(Group[i]); 139 140 for (unsigned j = i + 1; j < Group.size(); ++j) { 141 VariablePattern PatternB(Group[j]); 142 143 VariablePattern::SuspiciousClonePair ClonePair; 144 // For now, we only report clones which break the variable pattern just 145 // once because multiple differences in a pattern are an indicator that 146 // those differences are maybe intended (e.g. because it's actually a 147 // different algorithm). 148 // FIXME: In very big clones even multiple variables can be unintended, 149 // so replacing this number with a percentage could better handle such 150 // cases. On the other hand it could increase the false-positive rate 151 // for all clones if the percentage is too high. 152 if (PatternA.countPatternDifferences(PatternB, &ClonePair) == 1) { 153 Pairs.push_back(ClonePair); 154 break; 155 } 156 } 157 } 158 } 159 160 if (!BT_Suspicious) 161 BT_Suspicious.reset( 162 new BugType(this, "Suspicious code clone", "Code clone")); 163 164 ASTContext &ACtx = BR.getContext(); 165 SourceManager &SM = ACtx.getSourceManager(); 166 AnalysisDeclContext *ADC = 167 Mgr.getAnalysisDeclContext(ACtx.getTranslationUnitDecl()); 168 169 for (VariablePattern::SuspiciousClonePair &Pair : Pairs) { 170 // FIXME: We are ignoring the suggestions currently, because they are 171 // only 50% accurate (even if the second suggestion is unavailable), 172 // which may confuse the user. 173 // Think how to perform more accurate suggestions? 174 175 auto R = llvm::make_unique<BugReport>( 176 *BT_Suspicious, 177 "Potential copy-paste error; did you really mean to use '" + 178 Pair.FirstCloneInfo.Variable->getNameAsString() + "' here?", 179 PathDiagnosticLocation::createBegin(Pair.FirstCloneInfo.Mention, SM, 180 ADC)); 181 R->addRange(Pair.FirstCloneInfo.Mention->getSourceRange()); 182 183 R->addNote("Similar code using '" + 184 Pair.SecondCloneInfo.Variable->getNameAsString() + "' here", 185 PathDiagnosticLocation::createBegin(Pair.SecondCloneInfo.Mention, 186 SM, ADC), 187 Pair.SecondCloneInfo.Mention->getSourceRange()); 188 189 BR.emitReport(std::move(R)); 190 } 191 } 192 193 //===----------------------------------------------------------------------===// 194 // Register CloneChecker 195 //===----------------------------------------------------------------------===// 196 197 void ento::registerCloneChecker(CheckerManager &Mgr) { 198 Mgr.registerChecker<CloneChecker>(); 199 } 200