xref: /llvm-project/clang/lib/StaticAnalyzer/Checkers/UndefResultChecker.cpp (revision d99bd55a5e092774214ba31fc5a871bfc31e711c) 
1 //=== UndefResultChecker.cpp ------------------------------------*- C++ -*-===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This defines UndefResultChecker, a builtin check in ExprEngine that
11 // performs checks for undefined results of non-assignment binary operators.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "ExprEngineInternalChecks.h"
16 #include "clang/StaticAnalyzer/BugReporter/BugType.h"
17 #include "clang/StaticAnalyzer/PathSensitive/CheckerVisitor.h"
18 #include "clang/StaticAnalyzer/PathSensitive/ExprEngine.h"
19 
20 using namespace clang;
21 using namespace ento;
22 
23 namespace {
24 class UndefResultChecker
25   : public CheckerVisitor<UndefResultChecker> {
26 
27   BugType *BT;
28 
29 public:
30   UndefResultChecker() : BT(0) {}
31   static void *getTag() { static int tag = 0; return &tag; }
32   void PostVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B);
33 };
34 } // end anonymous namespace
35 
36 void ento::RegisterUndefResultChecker(ExprEngine &Eng) {
37   Eng.registerCheck(new UndefResultChecker());
38 }
39 
40 void UndefResultChecker::PostVisitBinaryOperator(CheckerContext &C,
41                                                  const BinaryOperator *B) {
42   const GRState *state = C.getState();
43   if (state->getSVal(B).isUndef()) {
44     // Generate an error node.
45     ExplodedNode *N = C.generateSink();
46     if (!N)
47       return;
48 
49     if (!BT)
50       BT = new BuiltinBug("Result of operation is garbage or undefined");
51 
52     llvm::SmallString<256> sbuf;
53     llvm::raw_svector_ostream OS(sbuf);
54     const Expr *Ex = NULL;
55     bool isLeft = true;
56 
57     if (state->getSVal(B->getLHS()).isUndef()) {
58       Ex = B->getLHS()->IgnoreParenCasts();
59       isLeft = true;
60     }
61     else if (state->getSVal(B->getRHS()).isUndef()) {
62       Ex = B->getRHS()->IgnoreParenCasts();
63       isLeft = false;
64     }
65 
66     if (Ex) {
67       OS << "The " << (isLeft ? "left" : "right")
68          << " operand of '"
69          << BinaryOperator::getOpcodeStr(B->getOpcode())
70          << "' is a garbage value";
71     }
72     else {
73       // Neither operand was undefined, but the result is undefined.
74       OS << "The result of the '"
75          << BinaryOperator::getOpcodeStr(B->getOpcode())
76          << "' expression is undefined";
77     }
78     EnhancedBugReport *report = new EnhancedBugReport(*BT, OS.str(), N);
79     if (Ex) {
80       report->addRange(Ex->getSourceRange());
81       report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, Ex);
82     }
83     else
84       report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, B);
85     C.EmitReport(report);
86   }
87 }
88