typedef llvm::SmallPtrSet<NodeTy*,2> NoReturnCallsTy;
typedef llvm::SmallPtrSet<NodeTy*,2> UndefResultsTy;
typedef llvm::SmallPtrSet<NodeTy*,2> RetsStackAddrTy;
+ typedef llvm::SmallPtrSet<NodeTy*,2> RetsUndefTy;
protected:
/// RetsStackAddr - Nodes in the ExplodedGraph that result from returning
/// the address of a stack variable.
RetsStackAddrTy RetsStackAddr;
+
+ /// RetsUndef - Nodes in the ExplodedGraph that result from returning
+ /// an undefined value.
+ RetsUndefTy RetsUndef;
/// UndefBranches - Nodes in the ExplodedGraph that result from
/// taking a branch based on an undefined value.
ret_stackaddr_iterator ret_stackaddr_begin() { return RetsStackAddr.begin(); }
ret_stackaddr_iterator ret_stackaddr_end() { return RetsStackAddr.end(); }
+ typedef RetsUndefTy::iterator ret_undef_iterator;
+ ret_undef_iterator ret_undef_begin() { return RetsUndef.begin(); }
+ ret_undef_iterator ret_undef_end() { return RetsUndef.end(); }
+
typedef UndefBranchesTy::iterator undef_branch_iterator;
undef_branch_iterator undef_branches_begin() { return UndefBranches.begin(); }
undef_branch_iterator undef_branches_end() { return UndefBranches.end(); }
return;
}
- NodeSet DstRet;
- QualType T = R->getType();
-
- if (T->isPointerLikeType()) {
-
- // Check if any of the return values return the address of a stack variable.
-
- NodeSet Tmp;
- Visit(R, Pred, Tmp);
-
- for (NodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
- SVal X = GetSVal((*I)->getState(), R);
-
- if (isa<loc::MemRegionVal>(X)) {
-
- // Determine if the value is on the stack.
- const MemRegion* R = cast<loc::MemRegionVal>(&X)->getRegion();
+ NodeSet Tmp;
+ Visit(R, Pred, Tmp);
- if (R && getStateManager().hasStackStorage(R)) {
-
- // Create a special node representing the v
-
- NodeTy* RetStackNode = Builder->generateNode(S, GetState(*I), *I);
-
- if (RetStackNode) {
- RetStackNode->markAsSink();
- RetsStackAddr.insert(RetStackNode);
- }
-
- continue;
+ for (NodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I != E; ++I) {
+ SVal X = GetSVal((*I)->getState(), R);
+
+ // Check if we return the address of a stack variable.
+ if (isa<loc::MemRegionVal>(X)) {
+ // Determine if the value is on the stack.
+ const MemRegion* R = cast<loc::MemRegionVal>(&X)->getRegion();
+
+ if (R && getStateManager().hasStackStorage(R)) {
+ // Create a special node representing the error.
+ if (NodeTy* N = Builder->generateNode(S, GetState(*I), *I)) {
+ N->markAsSink();
+ RetsStackAddr.insert(N);
}
+ continue;
}
-
- DstRet.Add(*I);
}
- }
- else
- Visit(R, Pred, DstRet);
-
- for (NodeSet::iterator I=DstRet.begin(), E=DstRet.end(); I!=E; ++I)
+ // Check if we return an undefined value.
+ else if (X.isUndef()) {
+ if (NodeTy* N = Builder->generateNode(S, GetState(*I), *I)) {
+ N->markAsSink();
+ RetsUndef.insert(N);
+ }
+ continue;
+ }
+
EvalReturn(Dst, S, *I);
+ }
}
//===----------------------------------------------------------------------===//
}
}
};
-
+
class VISIBILITY_HIDDEN RetStack : public BuiltinBug {
public:
RetStack() : BuiltinBug("return of stack address") {}
}
}
};
-
+
+class VISIBILITY_HIDDEN RetUndef : public BuiltinBug {
+public:
+ RetUndef() : BuiltinBug("uninitialized return value",
+ "Uninitialized or undefined return value returned to caller.") {}
+
+ virtual void EmitBuiltinWarnings(BugReporter& BR, GRExprEngine& Eng) {
+ Emit(BR, Eng.ret_undef_begin(), Eng.ret_undef_end());
+ }
+};
class VISIBILITY_HIDDEN UndefBranch : public BuiltinBug {
struct VISIBILITY_HIDDEN FindUndefExpr {
Register(new UndefResult());
Register(new BadCall());
Register(new RetStack());
+ Register(new RetUndef());
Register(new BadArg());
Register(new BadMsgExprArg());
Register(new BadReceiver());
projects / clang / commitdiff