[cfe-commits] r59903 - in /cfe/trunk: include/clang/Analysis/PathSensitive/GRExprEngine.h lib/Analysis/GRExprEngine.cpp lib/Analysis/GRExprEngineInternalChecks.cpp
Ted Kremenek
kremenek at apple.com
Mon Nov 24 10:52:56 PST 2008
Looks great!
On Nov 22, 2008, at 9:52 PM, Zhongxing Xu wrote:
> Author: zhongxingxu
> Date: Sat Nov 22 23:52:28 2008
> New Revision: 59903
>
> URL: http://llvm.org/viewvc/llvm-project?rev=59903&view=rev
> Log:
> Add out-of-bound memory access warning report code.
>
> Modified:
> cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
> cfe/trunk/lib/Analysis/GRExprEngine.cpp
> cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/
> GRExprEngine.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=59903&r1=59902&r2=59903&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
> (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
> Sat Nov 22 23:52:28 2008
> @@ -105,6 +105,7 @@
> typedef llvm::SmallPtrSet<NodeTy*,2> UndefResultsTy;
> typedef llvm::SmallPtrSet<NodeTy*,2> RetsStackAddrTy;
> typedef llvm::SmallPtrSet<NodeTy*,2> RetsUndefTy;
> + typedef llvm::SmallPtrSet<NodeTy*,2> OutOfBoundMemAccessesTy;
>
> protected:
>
> @@ -170,6 +171,14 @@
> /// message expressions where a pass-by-value argument has an
> undefined
> /// value.
> UndefArgsTy MsgExprUndefArgs;
> +
> + /// OutOfBoundMemAccesses - Nodes in the ExplodedGraph resulting
> from
> + /// out-of-bound memory accesses where the index MAY be out-of-
> bound.
> + OutOfBoundMemAccessesTy ImplicitOOBMemAccesses;
> +
> + /// OutOfBoundMemAccesses - Nodes in the ExplodedGraph resulting
> from
> + /// out-of-bound memory accesses where the index MUST be out-of-
> bound.
> + OutOfBoundMemAccessesTy ExplicitOOBMemAccesses;
>
> public:
> GRExprEngine(CFG& cfg, Decl& CD, ASTContext& Ctx, LiveVariables& L,
> @@ -282,7 +291,7 @@
> bool isUndefArg(const NodeTy* N) const {
> return N->isSink() &&
> (UndefArgs.find(const_cast<NodeTy*>(N)) != UndefArgs.end() ||
> - MsgExprUndefArgs.find(const_cast<NodeTy*>(N)) !=
> MsgExprUndefArgs.end());
> + MsgExprUndefArgs.find(const_cast<NodeTy*>(N)) !=
> MsgExprUndefArgs.end());
> }
>
> bool isUndefReceiver(const NodeTy* N) const {
> @@ -362,7 +371,21 @@
> undef_receivers_iterator undef_receivers_end() {
> return UndefReceivers.end();
> }
> -
> +
> + typedef OutOfBoundMemAccessesTy::iterator oob_memacc_iterator;
> + oob_memacc_iterator implicit_oob_memacc_begin() {
> + return ImplicitOOBMemAccesses.begin();
> + }
> + oob_memacc_iterator implicit_oob_memacc_end() {
> + return ImplicitOOBMemAccesses.end();
> + }
> + oob_memacc_iterator explicit_oob_memacc_begin() {
> + return ExplicitOOBMemAccesses.begin();
> + }
> + oob_memacc_iterator explicit_oob_memacc_end() {
> + return ExplicitOOBMemAccesses.end();
> + }
> +
> void AddCheck(GRSimpleAPICheck* A, Stmt::StmtClass C);
>
> /// ProcessStmt - Called by GRCoreEngine. Used to generate new
> successor
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=59903&r1=59902&r2=59903&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Sat Nov 22 23:52:28 2008
> @@ -1088,7 +1088,20 @@
> if (isFeasibleOutBound) {
> // Report warning.
>
> - StOutBound = 0;
> + // Make sink node manually.
> + ProgramPoint::Kind K = isLoad ? ProgramPoint::PostLoadKind
> + : ProgramPoint::PostStoreKind;
> +
> + NodeTy* OOBNode = Builder->generateNode(Ex, StOutBound,
> Pred, K);
> +
> + if (OOBNode) {
> + OOBNode->markAsSink();
> +
> + if (isFeasibleInBound)
> + ImplicitOOBMemAccesses.insert(OOBNode);
> + else
> + ExplicitOOBMemAccesses.insert(OOBNode);
> + }
> }
>
> return isFeasibleInBound ? StInBound : NULL;
> @@ -2529,8 +2542,8 @@
>
> SVal LHSVal;
>
> - if (Result.isUnknown() && (Loc::IsLocType(CTy) ||
> - (CTy->isScalarType() && CTy-
> >isIntegerType()))) {
> + if (Result.isUnknown() && (Loc::IsLocType(CTy)
> + || (CTy->isScalarType() && CTy-
> >isIntegerType()))) {
>
> unsigned Count = Builder->getCurrentBlockCount();
>
> @@ -2542,7 +2555,7 @@
> ? cast<SVal>(loc::SymbolVal(Sym))
> : cast<SVal>(nonloc::SymbolVal(Sym));
>
> - // However, we need to convert the symbol to the
> computation type.
> + // However, we need to convert the symbol to the
> computation type.
> Result = (LTy == CTy) ? LHSVal : EvalCast(LHSVal,CTy);
> }
> else {
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp?rev=59903&r1=59902&r2=59903&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp Sat Nov 22
> 23:52:28 2008
> @@ -322,6 +322,16 @@
> }
> };
>
> +class VISIBILITY_HIDDEN OutOfBoundMemoryAccess : public BuiltinBug {
> +public:
> + OutOfBoundMemoryAccess() : BuiltinBug("out-of-bound memory access",
> + "Load or store into an out-of-bound memory
> position.") {}
> +
> + virtual void EmitBuiltinWarnings(BugReporter& BR, GRExprEngine&
> Eng) {
> + Emit(BR, Eng.explicit_oob_memacc_begin(),
> Eng.explicit_oob_memacc_end());
> + }
> +};
> +
> //
> =
> =
> =
> ----------------------------------------------------------------------=
> ==//
> // __attribute__(nonnull) checking
>
> @@ -392,5 +402,6 @@
> Register(new BadArg());
> Register(new BadMsgExprArg());
> Register(new BadReceiver());
> + Register(new OutOfBoundMemoryAccess());
> AddCheck(new CheckAttrNonNull(), Stmt::CallExprClass);
> }
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list