[analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.

Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126609 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/include/clang/Driver/CC1Options.td b/include/clang/Driver/CC1Options.td
index a5240bf460ef0a1f9c0b563b4db0d5ca591eaab2..46f59168c5bc38f1031da8ac70f134b1e753d646 100644 (file)
--- a/include/clang/Driver/CC1Options.td
+++ b/include/clang/Driver/CC1Options.td
@@ -46,8 +46,6 @@ def analysis_WarnUninitVals : Flag<"-warn-uninit-values">,
   HelpText<"Warn about uses of uninitialized variables">;
 def analysis_ObjCMemChecker : Flag<"-analyzer-check-objc-mem">,
   HelpText<"Run the [Core] Foundation reference count checker">;
-def analysis_WarnBufferOverflows : Flag<"-analyzer-check-buffer-overflows">,
-  HelpText<"Warn about buffer overflows">;
 
 def analyzer_store : Separate<"-analyzer-store">,
   HelpText<"Source Code Analysis - Abstract Memory Store Models">;

diff --git a/include/clang/Frontend/AnalyzerOptions.h b/include/clang/Frontend/AnalyzerOptions.h
index ad42daed8b7e6196d0f4e4c52983a076c1f3b043..ae1b29032245c493b6569e65d4391855480b5a36 100644 (file)
--- a/include/clang/Frontend/AnalyzerOptions.h
+++ b/include/clang/Frontend/AnalyzerOptions.h
@@ -69,7 +69,6 @@ public:
   unsigned AnalyzerDisplayProgress : 1;
   unsigned AnalyzeNestedBlocks : 1;
   unsigned EagerlyAssume : 1;
-  unsigned BufferOverflows : 1;
   unsigned PurgeDead : 1;
   unsigned TrimGraph : 1;
   unsigned VisualizeEGDot : 1;
@@ -90,7 +89,6 @@ public:
     AnalyzerDisplayProgress = 0;
     AnalyzeNestedBlocks = 0;
     EagerlyAssume = 0;
-    BufferOverflows = 0;    
     PurgeDead = 1;
     TrimGraph = 0;
     VisualizeEGDot = 0;

diff --git a/lib/Frontend/CompilerInvocation.cpp b/lib/Frontend/CompilerInvocation.cpp
index e4fb0bd91f1ef60fd8a3af3cc61d0d2804ff1cfc..6600ff94f5eb397940001f849e7823c49b793635 100644 (file)
--- a/lib/Frontend/CompilerInvocation.cpp
+++ b/lib/Frontend/CompilerInvocation.cpp
@@ -112,8 +112,6 @@ static void AnalyzerOptsToArgs(const AnalyzerOptions &Opts,
     Res.push_back("-analyzer-viz-egraph-graphviz");
   if (Opts.VisualizeEGDot)
     Res.push_back("-analyzer-viz-egraph-ubigraph");
-  if (Opts.BufferOverflows)
-    Res.push_back("-analyzer-check-buffer-overflows");
 
   for (unsigned i = 0, e = Opts.CheckersControlList.size(); i != e; ++i) {
     const std::pair<std::string, bool> &opt = Opts.CheckersControlList[i];
@@ -875,7 +873,6 @@ static void ParseAnalyzerArgs(AnalyzerOptions &Opts, ArgList &Args,
   Opts.MaxLoop = Args.getLastArgIntValue(OPT_analyzer_max_loop, 4, Diags);
   Opts.EagerlyTrimEGraph = !Args.hasArg(OPT_analyzer_no_eagerly_trim_egraph);
   Opts.InlineCall = Args.hasArg(OPT_analyzer_inline_call);
-  Opts.BufferOverflows = Args.hasArg(OPT_analysis_WarnBufferOverflows);
 
   Opts.CheckersControlList.clear();
   for (arg_iterator it = Args.filtered_begin(OPT_analyzer_checker,

diff --git a/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp b/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
index f803d27a2678080153f2c3ec38de4f5a17369dbb..bfea54ec1894497c3721beb70d3a77db62a53192 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
+++ b/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
@@ -12,9 +12,11 @@
 //
 //===----------------------------------------------------------------------===//
 
-#include "InternalChecks.h"
+#include "ClangSACheckers.h"
+#include "clang/StaticAnalyzer/Core/CheckerV2.h"
+#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
-#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerVisitor.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
 #include "clang/AST/CharUnits.h"
 
@@ -23,18 +25,16 @@ using namespace ento;
 
 namespace {
 class ArrayBoundCheckerV2 : 
-    public CheckerVisitor<ArrayBoundCheckerV2> {      
-  BuiltinBug *BT;
+    public CheckerV2<check::Location> {
+  mutable llvm::OwningPtr<BuiltinBug> BT;
       
   enum OOB_Kind { OOB_Precedes, OOB_Excedes };
   
   void reportOOB(CheckerContext &C, const GRState *errorState,
-                 OOB_Kind kind);
+                 OOB_Kind kind) const;
       
 public:
-  ArrayBoundCheckerV2() : BT(0) {}
-  static void *getTag() { static int x = 0; return &x; }
-  void visitLocation(CheckerContext &C, const Stmt *S, SVal l, bool isLoad);
+  void checkLocation(SVal l, bool isLoad, CheckerContext &C) const;
 };
 
 // FIXME: Eventually replace RegionRawOffset with this class.
@@ -62,13 +62,8 @@ public:
 };
 }
 
-void ento::RegisterArrayBoundCheckerV2(ExprEngine &Eng) {
-  Eng.registerCheck(new ArrayBoundCheckerV2());
-}
-
-void ArrayBoundCheckerV2::visitLocation(CheckerContext &checkerContext,
-                                        const Stmt *S,
-                                        SVal location, bool isLoad) {
+void ArrayBoundCheckerV2::checkLocation(SVal location, bool isLoad,
+                                        CheckerContext &checkerContext) const {
 
   // NOTE: Instead of using GRState::assumeInBound(), we are prototyping
   // some new logic here that reasons directly about memory region extents.
@@ -153,14 +148,14 @@ void ArrayBoundCheckerV2::visitLocation(CheckerContext &checkerContext,
 
 void ArrayBoundCheckerV2::reportOOB(CheckerContext &checkerContext,
                                     const GRState *errorState,
-                                    OOB_Kind kind) {
+                                    OOB_Kind kind) const {
   
   ExplodedNode *errorNode = checkerContext.generateSink(errorState);
   if (!errorNode)
     return;
 
   if (!BT)
-    BT = new BuiltinBug("Out-of-bound access");
+    BT.reset(new BuiltinBug("Out-of-bound access"));
 
   // FIXME: This diagnostics are preliminary.  We should get far better
   // diagnostics for explaining buffer overruns.
@@ -274,4 +269,6 @@ RegionRawOffsetV2 RegionRawOffsetV2::computeOffset(const GRState *state,
 }
 
 
-
+void ento::registerArrayBoundCheckerV2(CheckerManager &mgr) {
+  mgr.registerChecker<ArrayBoundCheckerV2>();
+}

diff --git a/lib/StaticAnalyzer/Checkers/Checkers.td b/lib/StaticAnalyzer/Checkers/Checkers.td
index 1ed8434ad9a5ff71f97526b2f2dd67e41a032b9b..801efef5b71a56d7b0698f7a1c6e3c0e014144f4 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/Checkers.td
+++ b/lib/StaticAnalyzer/Checkers/Checkers.td
@@ -134,6 +134,12 @@ def AnalyzerStatsChecker : Checker<"Stats">,
 
 let Group = AllExperimental in {
 
+def ArrayBoundCheckerV2 : Checker<"Overflow">,
+  InPackage<CoreExperimental>,
+  HelpText<"Warn about buffer overflows">,
+  DescFile<"ArrayBoundCheckerV2.cpp">,
+  Hidden; // Must be specified explicitly in order to run.
+
 def MallocChecker : Checker<"Malloc">,
   InPackage<CoreExperimental>,
   HelpText<"Check for potential memory leaks, double free, and use-after-free problems">,

diff --git a/lib/StaticAnalyzer/Checkers/InternalChecks.h b/lib/StaticAnalyzer/Checkers/InternalChecks.h
index e7c38ee25d8f3aece8b741e0f61e9d1025227f17..3845a69d36f2a4bb9765a6393b00994455ddeecd 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/InternalChecks.h
+++ b/lib/StaticAnalyzer/Checkers/InternalChecks.h
@@ -23,7 +23,6 @@ class ExprEngine;
 
 // Foundational checks that handle basic semantics.
 void RegisterAdjustedReturnValueChecker(ExprEngine &Eng);
-void RegisterArrayBoundCheckerV2(ExprEngine &Eng);
 void RegisterAttrNonNullChecker(ExprEngine &Eng);
 void RegisterBuiltinFunctionChecker(ExprEngine &Eng);
 void RegisterCallAndMessageChecker(ExprEngine &Eng);

diff --git a/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp b/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
index 50afdef1d59b1c46f6ad82aef1b2faee9ee4f42f..26ee0403e2f751a74ba9c73acbb9719380ab21cf 100644 (file)
--- a/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
+++ b/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp
@@ -31,7 +31,6 @@
 #include "clang/StaticAnalyzer/Core/PathDiagnosticClients.h"
 
 // FIXME: Restructure checker registration.
-#include "../Checkers/InternalChecks.h"
 #include "../Checkers/BasicObjCFoundationChecks.h"
 
 #include "clang/Basic/FileManager.h"
@@ -340,9 +339,6 @@ static void ActionExprEngine(AnalysisConsumer &C, AnalysisManager& mgr,
 
   RegisterNSErrorChecks(Eng.getBugReporter(), Eng, *D);
 
-  if (C.Opts.BufferOverflows)
-    RegisterArrayBoundCheckerV2(Eng);
-
   // Set the graph auditor.
   llvm::OwningPtr<ExplodedNode::Auditor> Auditor;
   if (mgr.shouldVisualizeUbigraph()) {

diff --git a/test/Analysis/out-of-bounds.c b/test/Analysis/out-of-bounds.c
index b8d6e442ff5714f0a8fd0527a76cc7d3c69bb026..c4d1f4ba6bb230a1b14d97dc2217a46f744b0c31 100644 (file)
--- a/test/Analysis/out-of-bounds.c
+++ b/test/Analysis/out-of-bounds.c
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify %s
+// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-check-objc-mem -analyzer-checker=core.experimental.Overflow -verify %s
 
 // Tests doing an out-of-bounds access after the end of an array using:
 // - constant integer index