[cfe-commits] r86523 - in /cfe/trunk: include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/FixedAddressChecker.cpp lib/Analysis/GRExprEngineInternalChecks.cpp lib/Analysis/GRExprEngineInternalChecks.h lib/Analysis/SVals.cpp test/Analysis/ptr
Daniel Dunbar
daniel at zuster.org
Mon Nov 9 00:13:56 PST 2009
Hey Zhongxing,
On Sun, Nov 8, 2009 at 10:52 PM, Zhongxing Xu <xuzhongxing at gmail.com> wrote:
> Author: zhongxingxu
> Date: Mon Nov 9 00:52:44 2009
> New Revision: 86523
>
> URL: http://llvm.org/viewvc/llvm-project?rev=86523&view=rev
> Log:
> Add checker for CWE-587: Assignment of a Fixed Address to a Pointer.
>
> Added:
> cfe/trunk/lib/Analysis/FixedAddressChecker.cpp
Just a reminder, when you add new .cpp files please update
CMakeLists.txt to include the new file (I already added this one
though).
- Daniel
> Modified:
> cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
> cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
> cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h
> cfe/trunk/lib/Analysis/SVals.cpp
> cfe/trunk/test/Analysis/ptr-arith.c
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=86523&r1=86522&r2=86523&view=diff
>
> ==============================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Mon Nov 9 00:52:44 2009
> @@ -96,6 +96,8 @@
> return getRawKind() > UnknownKind;
> }
>
> + bool isConstant() const;
> +
> bool isZeroConstant() const;
>
> /// hasConjuredSymbol - If this SVal wraps a conjured symbol, return true;
>
> Added: cfe/trunk/lib/Analysis/FixedAddressChecker.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/FixedAddressChecker.cpp?rev=86523&view=auto
>
> ==============================================================================
> --- cfe/trunk/lib/Analysis/FixedAddressChecker.cpp (added)
> +++ cfe/trunk/lib/Analysis/FixedAddressChecker.cpp Mon Nov 9 00:52:44 2009
> @@ -0,0 +1,69 @@
> +//=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C++ -*--===//
> +//
> +// The LLVM Compiler Infrastructure
> +//
> +// This file is distributed under the University of Illinois Open Source
> +// License. See LICENSE.TXT for details.
> +//
> +//===----------------------------------------------------------------------===//
> +//
> +// This files defines FixedAddressChecker, a builtin checker that checks for
> +// assignment of a fixed address to a pointer.
> +// This check corresponds to CWE-587.
> +//
> +//===----------------------------------------------------------------------===//
> +
> +#include "clang/Analysis/PathSensitive/CheckerVisitor.h"
> +#include "GRExprEngineInternalChecks.h"
> +
> +using namespace clang;
> +
> +namespace {
> +class VISIBILITY_HIDDEN FixedAddressChecker
> + : public CheckerVisitor<FixedAddressChecker> {
> + BuiltinBug *BT;
> +public:
> + FixedAddressChecker() : BT(0) {}
> + static void *getTag();
> + void PreVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B);
> +};
> +}
> +
> +void *FixedAddressChecker::getTag() {
> + static int x;
> + return &x;
> +}
> +
> +void FixedAddressChecker::PreVisitBinaryOperator(CheckerContext &C,
> + const BinaryOperator *B) {
> + // Using a fixed address is not portable because that address will probably
> + // not be valid in all environments or platforms.
> +
> + if (B->getOpcode() != BinaryOperator::Assign)
> + return;
> +
> + QualType T = B->getType();
> + if (!T->isPointerType())
> + return;
> +
> + const GRState *state = C.getState();
> +
> + SVal RV = state->getSVal(B->getRHS());
> +
> + if (!RV.isConstant() || RV.isZeroConstant())
> + return;
> +
> + if (ExplodedNode *N = C.GenerateNode(B)) {
> + if (!BT)
> + BT = new BuiltinBug("Use fixed address",
> + "Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.");
> + RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription().c_str(),
> + N);
> + R->addRange(B->getRHS()->getSourceRange());
> + C.EmitReport(R);
> + }
> +}
> +
> +void clang::RegisterFixedAddressChecker(GRExprEngine &Eng) {
> + Eng.registerCheck(new FixedAddressChecker());
> +}
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp?rev=86523&r1=86522&r2=86523&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp Mon Nov 9 00:52:44 2009
> @@ -413,7 +413,7 @@
> RegisterReturnStackAddressChecker(*this);
> RegisterReturnUndefChecker(*this);
> RegisterPointerSubChecker(*this);
> -
> + RegisterFixedAddressChecker(*this);
> // Note that this must be registered after ReturnStackAddressChecker.
> RegisterReturnPointerRangeChecker(*this);
> }
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h?rev=86523&r1=86522&r2=86523&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h Mon Nov 9 00:52:44 2009
> @@ -24,6 +24,7 @@
> void RegisterReturnStackAddressChecker(GRExprEngine &Eng);
> void RegisterReturnUndefChecker(GRExprEngine &Eng);
> void RegisterVLASizeChecker(GRExprEngine &Eng);
> -void RegisterPointerSubChecker(GRExprEngine &Eng);
> +void RegisterPointerSubChecker(GRExprEngine &Eng);
> +void RegisterFixedAddressChecker(GRExprEngine &Eng);
> } // end clang namespace
> #endif
>
> Modified: cfe/trunk/lib/Analysis/SVals.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=86523&r1=86522&r2=86523&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/Analysis/SVals.cpp (original)
> +++ cfe/trunk/lib/Analysis/SVals.cpp Mon Nov 9 00:52:44 2009
> @@ -173,6 +173,10 @@
> // Useful predicates.
> //===----------------------------------------------------------------------===//
>
> +bool SVal::isConstant() const {
> + return isa<nonloc::ConcreteInt>(this) || isa<loc::ConcreteInt>(this);
> +}
> +
> bool SVal::isZeroConstant() const {
> if (isa<loc::ConcreteInt>(*this))
> return cast<loc::ConcreteInt>(*this).getValue() == 0;
>
> Modified: cfe/trunk/test/Analysis/ptr-arith.c
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ptr-arith.c?rev=86523&r1=86522&r2=86523&view=diff
>
> ==============================================================================
> --- cfe/trunk/test/Analysis/ptr-arith.c (original)
> +++ cfe/trunk/test/Analysis/ptr-arith.c Mon Nov 9 00:52:44 2009
> @@ -36,3 +36,8 @@
> int x, y;
> int d = &y - &x; // expected-warning{{Subtraction of two pointers that do not point to the same memory chunk may cause incorrect result.}}
> }
> +
> +void f4() {
> + int *p;
> + p = (int*) 0x10000; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.}}
> +}
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
More information about the cfe-commits
mailing list