clang: lib/StaticAnalyzer/Checkers/ReturnUndefChecker.cpp Source File (original) (raw)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

21

22using namespace clang;

23using namespace ento;

24

25namespace {

26class ReturnUndefChecker : public Checker< check::PreStmt > {

27 const BugType BT_Undef{this, "Garbage return value"};

28 const BugType BT_NullReference{this, "Returning null reference"};

29

30 void emitUndef(CheckerContext &C, const Expr *RetE) const;

31 void checkReference(CheckerContext &C, const Expr *RetE,

32 DefinedOrUnknownSVal RetVal) const;

33public:

34 void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;

35};

36}

37

38void ReturnUndefChecker::checkPreStmt(const ReturnStmt *RS,

41 if (!RetE)

42 return;

43 SVal RetVal = C.getSVal(RetE);

44

45 const StackFrameContext *SFC = C.getStackFrame();

47

49

50

51

52

53

54

55

56

58 return;

59

60

61

62

65 return;

66

67 emitUndef(C, RetE);

68 return;

69 }

70

72 return;

73

75 checkReference(C, RetE, RetVal.castAs());

76 return;

77 }

78}

79

81 const Expr *RetE, const Expr *TrackingE = nullptr) {

83 if (!N)

84 return;

85

86 auto Report = std::make_unique(BT, Msg, N);

87

90

91 C.emitReport(std::move(Report));

92}

93

94void ReturnUndefChecker::emitUndef(CheckerContext &C, const Expr *RetE) const {

95 emitBug(C, BT_Undef, "Undefined or garbage value returned to caller", RetE);

96}

97

98void ReturnUndefChecker::checkReference(CheckerContext &C, const Expr *RetE,

99 DefinedOrUnknownSVal RetVal) const {

101 std::tie(StNonNull, StNull) = C.getState()->assume(RetVal);

102

103 if (StNonNull) {

104

105 C.addTransition(StNonNull);

106 return;

107 }

108

109

112}

113

114void ento::registerReturnUndefChecker(CheckerManager &mgr) {

116}

117

118bool ento::shouldRegisterReturnUndefChecker(const CheckerManager &mgr) {

119 return true;

120}

static void emitBug(CheckerContext &C, const BugType &BT, StringRef Msg, const Expr *RetE, const Expr *TrackingE=nullptr)

Definition ReturnUndefChecker.cpp:80

This represents one expression.

const Decl * getDecl() const

bool isNull() const

Return true if this QualType doesn't point to a type yet.

ReturnStmt - This represents a return, optionally of an expression: return; return 4;.

SourceRange getSourceRange() const LLVM_READONLY

SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...

bool isReferenceType() const

StringRef getDescription() const

static QualType getDeclaredResultType(const Decl *D)

Returns the result type of a function or method declaration.

CHECKER * registerChecker(AT &&...Args)

Register a single-part checker (derived from Checker): construct its singleton instance,...

Simple checker classes that implement one frontend (i.e.

T castAs() const

Convert to the specified SVal type, asserting that this SVal is of the desired type.

const Expr * getDerefExpr(const Stmt *S)

Given that expression S represents a pointer that would be dereferenced, try to find a sub-expression...

bool trackExpressionValue(const ExplodedNode *N, const Expr *E, PathSensitiveBugReport &R, TrackingOptions Opts={})

Attempts to add visitors to track expression value back to its point of origin.

IntrusiveRefCntPtr< const ProgramState > ProgramStateRef

The JSON file list parser is used to communicate input to InstallAPI.

bool isa(CodeGen::Address addr)