From 69355798abdbe5e78d1185af7d4600b9355b5814 Mon Sep 17 00:00:00 2001
From: Argyrios Kyrtzidis <akyrtzi@gmail.com>
Date: Thu, 24 Feb 2011 08:41:57 +0000
Subject: [PATCH] [analyzer] Migrate ReturnPointerRangeChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126369 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Checkers/Checkers.td       |  5 +++
 .../Checkers/ExperimentalChecks.cpp           |  3 --
 lib/StaticAnalyzer/Checkers/InternalChecks.h  |  1 -
 .../Checkers/ReturnPointerRangeChecker.cpp    | 34 ++++++++-----------
 test/Analysis/misc-ps-region-store.m          |  4 +--
 5 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/lib/StaticAnalyzer/Checkers/Checkers.td b/lib/StaticAnalyzer/Checkers/Checkers.td
index 1dc7486664..df959b85c2 100644
--- a/lib/StaticAnalyzer/Checkers/Checkers.td
+++ b/lib/StaticAnalyzer/Checkers/Checkers.td
@@ -174,6 +174,11 @@ def SecuritySyntaxChecker : Checker<"SecuritySyntactic">,
   HelpText<"Perform quick security checks that require no data flow">,
   DescFile<"CheckSecuritySyntaxOnly.cpp">;
 
+def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
+  InPackage<CoreExperimental>,
+  HelpText<"Check for an out-of-bound pointer being returned to callers">,
+  DescFile<"ReturnPointerRangeChecker.cpp">;
+
 def ObjCDeallocChecker : Checker<"Dealloc">,
   InPackage<CocoaExperimental>,
   HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">,
diff --git a/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp b/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp
index d9bb4801c3..bcae801e29 100644
--- a/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp
+++ b/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp
@@ -29,9 +29,6 @@ void ento::RegisterExperimentalInternalChecks(ExprEngine &Eng) {
   // These are internal checks that should eventually migrate to
   // RegisterInternalChecks() once they have been further tested.
   
-  // Note that this must be registered after ReturnStackAddresEngsChecker.
-  RegisterReturnPointerRangeChecker(Eng);
-  
   RegisterArrayBoundChecker(Eng);
   RegisterCastSizeChecker(Eng);
 }
diff --git a/lib/StaticAnalyzer/Checkers/InternalChecks.h b/lib/StaticAnalyzer/Checkers/InternalChecks.h
index e855386fff..f6246f4fb1 100644
--- a/lib/StaticAnalyzer/Checkers/InternalChecks.h
+++ b/lib/StaticAnalyzer/Checkers/InternalChecks.h
@@ -32,7 +32,6 @@ void RegisterCastSizeChecker(ExprEngine &Eng);
 void RegisterDereferenceChecker(ExprEngine &Eng);
 void RegisterDivZeroChecker(ExprEngine &Eng);
 void RegisterNoReturnFunctionChecker(ExprEngine &Eng);
-void RegisterReturnPointerRangeChecker(ExprEngine &Eng);
 void RegisterReturnUndefChecker(ExprEngine &Eng);
 void RegisterUndefBranchChecker(ExprEngine &Eng);
 void RegisterUndefCapturedBlockVarChecker(ExprEngine &Eng);
diff --git a/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp b/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
index 838a00f187..298515609c 100644
--- a/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
@@ -12,9 +12,11 @@
 //
 //===----------------------------------------------------------------------===//
 
-#include "InternalChecks.h"
+#include "ClangSACheckers.h"
+#include "clang/StaticAnalyzer/Core/CheckerV2.h"
+#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
-#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerVisitor.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
 
 using namespace clang;
@@ -22,25 +24,15 @@ using namespace ento;
 
 namespace {
 class ReturnPointerRangeChecker : 
-    public CheckerVisitor<ReturnPointerRangeChecker> {      
-  BuiltinBug *BT;
+    public CheckerV2< check::PreStmt<ReturnStmt> > {
+  mutable llvm::OwningPtr<BuiltinBug> BT;
 public:
-    ReturnPointerRangeChecker() : BT(0) {}
-    static void *getTag();
-    void PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *RS);
+    void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;
 };
 }
 
-void ento::RegisterReturnPointerRangeChecker(ExprEngine &Eng) {
-  Eng.registerCheck(new ReturnPointerRangeChecker());
-}
-
-void *ReturnPointerRangeChecker::getTag() {
-  static int x = 0; return &x;
-}
-
-void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C,
-                                                   const ReturnStmt *RS) {
+void ReturnPointerRangeChecker::checkPreStmt(const ReturnStmt *RS,
+                                             CheckerContext &C) const {
   const GRState *state = C.getState();
 
   const Expr *RetE = RS->getRetValue();
@@ -77,9 +69,9 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C,
     // FIXME: This bug correspond to CWE-466.  Eventually we should have bug
     // types explicitly reference such exploit categories (when applicable).
     if (!BT)
-      BT = new BuiltinBug("Return of pointer value outside of expected range",
+      BT.reset(new BuiltinBug("Return of pointer value outside of expected range",
            "Returned pointer value points outside the original object "
-           "(potential buffer overflow)");
+           "(potential buffer overflow)"));
 
     // FIXME: It would be nice to eventually make this diagnostic more clear,
     // e.g., by referencing the original declaration or by saying *why* this
@@ -93,3 +85,7 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C,
     C.EmitReport(report);
   }
 }
+
+void ento::registerReturnPointerRangeChecker(CheckerManager &mgr) {
+  mgr.registerChecker<ReturnPointerRangeChecker>();
+}
diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index b35a834c33..6cec133b0b 100644
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -1,5 +1,5 @@
-// RUN: %clang_cc1 -triple i386-apple-darwin9 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s
-// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -DTEST_64 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks   -analyzer-opt-analyze-nested-blocks %s
+// RUN: %clang_cc1 -triple i386-apple-darwin9 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-checker=core.experimental.ReturnPtrRange -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s
+// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -DTEST_64 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-checker=core.experimental.ReturnPtrRange -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks   -analyzer-opt-analyze-nested-blocks %s
 
 typedef long unsigned int size_t;
 void *memcpy(void *, const void *, size_t);
-- 
2.50.1