Clang Project

clang_source_code/lib/StaticAnalyzer/Checkers/UndefCapturedBlockVarChecker.cpp
1// UndefCapturedBlockVarChecker.cpp - Uninitialized captured vars -*- C++ -*-=//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This checker detects blocks that capture uninitialized values.
10//
11//===----------------------------------------------------------------------===//
12
13#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
14#include "clang/AST/Attr.h"
15#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
16#include "clang/StaticAnalyzer/Core/Checker.h"
17#include "clang/StaticAnalyzer/Core/CheckerManager.h"
18#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
19#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
20#include "llvm/ADT/SmallString.h"
21#include "llvm/Support/raw_ostream.h"
22
23using namespace clang;
24using namespace ento;
25
26namespace {
27class UndefCapturedBlockVarChecker
28  : public Checker< check::PostStmt<BlockExpr> > {
29  mutable std::unique_ptr<BugTypeBT;
30
31public:
32  void checkPostStmt(const BlockExpr *BECheckerContext &Cconst;
33};
34// end anonymous namespace
35
36static const DeclRefExpr *FindBlockDeclRefExpr(const Stmt *S,
37                                               const VarDecl *VD) {
38  if (const DeclRefExpr *BR = dyn_cast<DeclRefExpr>(S))
39    if (BR->getDecl() == VD)
40      return BR;
41
42  for (const Stmt *Child : S->children())
43    if (Child)
44      if (const DeclRefExpr *BR = FindBlockDeclRefExpr(Child, VD))
45        return BR;
46
47  return nullptr;
48}
49
50void
51UndefCapturedBlockVarChecker::checkPostStmt(const BlockExpr *BE,
52                                            CheckerContext &Cconst {
53  if (!BE->getBlockDecl()->hasCaptures())
54    return;
55
56  ProgramStateRef state = C.getState();
57  auto *R = cast<BlockDataRegion>(C.getSVal(BE).getAsRegion());
58
59  BlockDataRegion::referenced_vars_iterator I = R->referenced_vars_begin(),
60                                            E = R->referenced_vars_end();
61
62  for (; I != E; ++I) {
63    // This VarRegion is the region associated with the block; we need
64    // the one associated with the encompassing context.
65    const VarRegion *VR = I.getCapturedRegion();
66    const VarDecl *VD = VR->getDecl();
67
68    if (VD->hasAttr<BlocksAttr>() || !VD->hasLocalStorage())
69      continue;
70
71    // Get the VarRegion associated with VD in the local stack frame.
72    if (Optional<UndefinedVal> V =
73          state->getSVal(I.getOriginalRegion()).getAs<UndefinedVal>()) {
74      if (ExplodedNode *N = C.generateErrorNode()) {
75        if (!BT)
76          BT.reset(
77              new BuiltinBug(this"uninitialized variable captured by block"));
78
79        // Generate a bug report.
80        SmallString<128buf;
81        llvm::raw_svector_ostream os(buf);
82
83        os << "Variable '" << VD->getName()
84           << "' is uninitialized when captured by block";
85
86        auto R = llvm::make_unique<BugReport>(*BT, os.str(), N);
87        if (const Expr *Ex = FindBlockDeclRefExpr(BE->getBody(), VD))
88          R->addRange(Ex->getSourceRange());
89        R->addVisitor(llvm::make_unique<FindLastStoreBRVisitor>(
90            *V, VR, /*EnableNullFPSuppression*/ false));
91        R->disablePathPruning();
92        // need location of block
93        C.emitReport(std::move(R));
94      }
95    }
96  }
97}
98
99void ento::registerUndefCapturedBlockVarChecker(CheckerManager &mgr) {
100  mgr.registerChecker<UndefCapturedBlockVarChecker>();
101}
102
103bool ento::shouldRegisterUndefCapturedBlockVarChecker(const LangOptions &LO) {
104  return true;
105}
106
CodeThinker, Enjoy your reading code