[cfe-commits] r59903 - in /cfe/trunk: include/clang/Analysis/PathSensitive/GRExprEngine.h lib/Analysis/GRExprEngine.cpp lib/Analysis/GRExprEngineInternalChecks.cpp
Zhongxing Xu
xuzhongxing at gmail.com
Sat Nov 22 21:52:29 PST 2008
Author: zhongxingxu
Date: Sat Nov 22 23:52:28 2008
New Revision: 59903
URL: http://llvm.org/viewvc/llvm-project?rev=59903&view=rev
Log:
Add out-of-bound memory access warning report code.
Modified:
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
cfe/trunk/lib/Analysis/GRExprEngine.cpp
cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=59903&r1=59902&r2=59903&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Sat Nov 22 23:52:28 2008
@@ -105,6 +105,7 @@
typedef llvm::SmallPtrSet<NodeTy*,2> UndefResultsTy;
typedef llvm::SmallPtrSet<NodeTy*,2> RetsStackAddrTy;
typedef llvm::SmallPtrSet<NodeTy*,2> RetsUndefTy;
+ typedef llvm::SmallPtrSet<NodeTy*,2> OutOfBoundMemAccessesTy;
protected:
@@ -170,6 +171,14 @@
/// message expressions where a pass-by-value argument has an undefined
/// value.
UndefArgsTy MsgExprUndefArgs;
+
+ /// OutOfBoundMemAccesses - Nodes in the ExplodedGraph resulting from
+ /// out-of-bound memory accesses where the index MAY be out-of-bound.
+ OutOfBoundMemAccessesTy ImplicitOOBMemAccesses;
+
+ /// OutOfBoundMemAccesses - Nodes in the ExplodedGraph resulting from
+ /// out-of-bound memory accesses where the index MUST be out-of-bound.
+ OutOfBoundMemAccessesTy ExplicitOOBMemAccesses;
public:
GRExprEngine(CFG& cfg, Decl& CD, ASTContext& Ctx, LiveVariables& L,
@@ -282,7 +291,7 @@
bool isUndefArg(const NodeTy* N) const {
return N->isSink() &&
(UndefArgs.find(const_cast<NodeTy*>(N)) != UndefArgs.end() ||
- MsgExprUndefArgs.find(const_cast<NodeTy*>(N)) != MsgExprUndefArgs.end());
+ MsgExprUndefArgs.find(const_cast<NodeTy*>(N)) != MsgExprUndefArgs.end());
}
bool isUndefReceiver(const NodeTy* N) const {
@@ -362,7 +371,21 @@
undef_receivers_iterator undef_receivers_end() {
return UndefReceivers.end();
}
-
+
+ typedef OutOfBoundMemAccessesTy::iterator oob_memacc_iterator;
+ oob_memacc_iterator implicit_oob_memacc_begin() {
+ return ImplicitOOBMemAccesses.begin();
+ }
+ oob_memacc_iterator implicit_oob_memacc_end() {
+ return ImplicitOOBMemAccesses.end();
+ }
+ oob_memacc_iterator explicit_oob_memacc_begin() {
+ return ExplicitOOBMemAccesses.begin();
+ }
+ oob_memacc_iterator explicit_oob_memacc_end() {
+ return ExplicitOOBMemAccesses.end();
+ }
+
void AddCheck(GRSimpleAPICheck* A, Stmt::StmtClass C);
/// ProcessStmt - Called by GRCoreEngine. Used to generate new successor
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=59903&r1=59902&r2=59903&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Sat Nov 22 23:52:28 2008
@@ -1088,7 +1088,20 @@
if (isFeasibleOutBound) {
// Report warning.
- StOutBound = 0;
+ // Make sink node manually.
+ ProgramPoint::Kind K = isLoad ? ProgramPoint::PostLoadKind
+ : ProgramPoint::PostStoreKind;
+
+ NodeTy* OOBNode = Builder->generateNode(Ex, StOutBound, Pred, K);
+
+ if (OOBNode) {
+ OOBNode->markAsSink();
+
+ if (isFeasibleInBound)
+ ImplicitOOBMemAccesses.insert(OOBNode);
+ else
+ ExplicitOOBMemAccesses.insert(OOBNode);
+ }
}
return isFeasibleInBound ? StInBound : NULL;
@@ -2529,8 +2542,8 @@
SVal LHSVal;
- if (Result.isUnknown() && (Loc::IsLocType(CTy) ||
- (CTy->isScalarType() && CTy->isIntegerType()))) {
+ if (Result.isUnknown() && (Loc::IsLocType(CTy)
+ || (CTy->isScalarType() && CTy->isIntegerType()))) {
unsigned Count = Builder->getCurrentBlockCount();
@@ -2542,7 +2555,7 @@
? cast<SVal>(loc::SymbolVal(Sym))
: cast<SVal>(nonloc::SymbolVal(Sym));
- // However, we need to convert the symbol to the computation type.
+ // However, we need to convert the symbol to the computation type.
Result = (LTy == CTy) ? LHSVal : EvalCast(LHSVal,CTy);
}
else {
Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp?rev=59903&r1=59902&r2=59903&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp Sat Nov 22 23:52:28 2008
@@ -322,6 +322,16 @@
}
};
+class VISIBILITY_HIDDEN OutOfBoundMemoryAccess : public BuiltinBug {
+public:
+ OutOfBoundMemoryAccess() : BuiltinBug("out-of-bound memory access",
+ "Load or store into an out-of-bound memory position.") {}
+
+ virtual void EmitBuiltinWarnings(BugReporter& BR, GRExprEngine& Eng) {
+ Emit(BR, Eng.explicit_oob_memacc_begin(), Eng.explicit_oob_memacc_end());
+ }
+};
+
//===----------------------------------------------------------------------===//
// __attribute__(nonnull) checking
@@ -392,5 +402,6 @@
Register(new BadArg());
Register(new BadMsgExprArg());
Register(new BadReceiver());
+ Register(new OutOfBoundMemoryAccess());
AddCheck(new CheckAttrNonNull(), Stmt::CallExprClass);
}
More information about the cfe-commits
mailing list