#include "clang/AST/Expr.h"
#include "clang/AST/ASTContext.h"
#include "clang/Analysis/Analyses/LiveVariables.h"
+#include "clang/Basic/Diagnostic.h"
#include "llvm/Support/Casting.h"
#include "llvm/Support/DataTypes.h"
bool StateCleaned;
- ASTContext& getContext() const { return G.getContext(); }
-
public:
GRConstants(GraphTy& g) : G(g), Liveness(G.getCFG(), G.getFunctionDecl()),
Builder(NULL),
Liveness.runOnAllBlocks(G.getCFG(), NULL, true);
}
+ /// getContext - Return the ASTContext associated with this analysis.
+ ASTContext& getContext() const { return G.getContext(); }
+
/// getCFG - Returns the CFG associated with this analysis.
CFG& getCFG() { return G.getCFG(); }
return N->isSink() && ExplicitNullDeref.count(const_cast<NodeTy*>(N)) != 0;
}
+ typedef NullDerefTy::iterator null_iterator;
+ null_iterator null_begin() { return ExplicitNullDeref.begin(); }
+ null_iterator null_end() { return ExplicitNullDeref.end(); }
/// ProcessStmt - Called by GREngine. Used to generate new successor
/// nodes by processing the 'effects' of a block-level statement.
#endif
namespace clang {
-void RunGRConstants(CFG& cfg, FunctionDecl& FD, ASTContext& Ctx) {
+void RunGRConstants(CFG& cfg, FunctionDecl& FD, ASTContext& Ctx,
+ Diagnostic& Diag) {
+
GREngine<GRConstants> Engine(cfg, FD, Ctx);
- Engine.ExecuteWorkList();
+ Engine.ExecuteWorkList();
+
+ // Look for explicit-Null dereferences and warn about them.
+ GRConstants* CheckerState = &Engine.getCheckerState();
+
+ for (GRConstants::null_iterator I=CheckerState->null_begin(),
+ E=CheckerState->null_end(); I!=E; ++I) {
+
+ const PostStmt& L = cast<PostStmt>((*I)->getLocation());
+ Expr* E = cast<Expr>(L.getStmt());
+
+ Diag.Report(FullSourceLoc(E->getExprLoc(), Ctx.getSourceManager()),
+ diag::chkr_null_deref_after_check);
+ }
+
+
#ifndef NDEBUG
- GraphPrintCheckerState = &Engine.getCheckerState();
+ GraphPrintCheckerState = CheckerState;
llvm::ViewGraph(*Engine.getGraph().roots_begin(),"GRConstants");
GraphPrintCheckerState = NULL;
#endif
namespace {
class GRConstantsVisitor : public CFGVisitor {
+ Diagnostic &Diags;
ASTContext* Ctx;
public:
+ GRConstantsVisitor(Diagnostic &diags) : Diags(diags) {}
virtual void Initialize(ASTContext &Context) { Ctx = &Context; }
virtual void VisitCFG(CFG& C, FunctionDecl&);
};
} // end anonymous namespace
-ASTConsumer* clang::CreateGRConstants() {
- return new GRConstantsVisitor();
+ASTConsumer* clang::CreateGRConstants(Diagnostic &Diags) {
+ return new GRConstantsVisitor(Diags);
}
void GRConstantsVisitor::VisitCFG(CFG& C, FunctionDecl& FD) {
- RunGRConstants(C, FD, *Ctx);
+ RunGRConstants(C, FD, *Ctx, Diags);
}
//===----------------------------------------------------------------------===//
#define LLVM_CLANG_GRCONSTANTS
namespace clang {
+ class Diagnostic;
/// RunGRConstants - This is a simple driver to run the GRConstants analysis
/// on a provided CFG. This interface will eventually be replaced with
/// something more elaborate as the requirements on the interface become
/// clearer.
- void RunGRConstants(CFG& cfg, FunctionDecl& FD, ASTContext& Ctx);
+ void RunGRConstants(CFG& cfg, FunctionDecl& FD, ASTContext& Ctx,
+ Diagnostic& Diag);
} // end clang namespace
DIAG(ext_return_has_expr, EXTENSION,
"void function '%0' should not return a value")
+//===----------------------------------------------------------------------===//
+// Static Analysis Warnings (Bug-Finding)
+//===----------------------------------------------------------------------===//
+
+DIAG(chkr_null_deref_after_check, ERROR,
+ "NULL pointer is dereferenced after it is checked for NULL.")
#undef DIAG
projects / clang / commitdiff