[cfe-commits] r85996 - in /cfe/trunk: include/clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h include/clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h include/clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h lib/Analysis/CMakeLists.txt lib/Analysis/GRExprEngineInternalChecks.cpp lib/Analysis/UndefSizedVLAChecker.cpp lib/Analysis/VLASizeChecker.cpp lib/Analysis/ZeroSizedVLAChecker.cpp
Zhongxing Xu
xuzhongxing at gmail.com
Tue Nov 3 17:43:07 PST 2009
Author: zhongxingxu
Date: Tue Nov 3 19:43:07 2009
New Revision: 85996
URL: http://llvm.org/viewvc/llvm-project?rev=85996&view=rev
Log:
Merge ZeroSizedVLAChecker and UndefSizedVLAChecker.
Added:
cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h
cfe/trunk/lib/Analysis/VLASizeChecker.cpp
Removed:
cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h
cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h
cfe/trunk/lib/Analysis/UndefSizedVLAChecker.cpp
cfe/trunk/lib/Analysis/ZeroSizedVLAChecker.cpp
Modified:
cfe/trunk/lib/Analysis/CMakeLists.txt
cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
Removed: cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h?rev=85995&view=auto
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h (removed)
@@ -1,29 +0,0 @@
-//=== UndefSizedVLAChecker.h - Undefined dereference checker ----*- C++ -*-===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-//
-// This defines UndefSizedVLAChecker, a builtin check in GRExprEngine that
-// performs checks for declaration of VLA of undefined size.
-//
-//===----------------------------------------------------------------------===//
-
-#include "clang/Analysis/PathSensitive/Checker.h"
-
-namespace clang {
-
-class UndefSizedVLAChecker : public Checker {
- BugType *BT;
-
-public:
- UndefSizedVLAChecker() : BT(0) {}
- static void *getTag();
- ExplodedNode *CheckType(QualType T, ExplodedNode *Pred,
- const GRState *state, Stmt *S, GRExprEngine &Eng);
-};
-
-}
Added: cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h?rev=85996&view=auto
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h (added)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h Tue Nov 3 19:43:07 2009
@@ -0,0 +1,39 @@
+//=== VLASizeChecker.h - Undefined dereference checker ----------*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This defines two VLASizeCheckers, a builtin check in GRExprEngine that
+// performs checks for declaration of VLA of undefined or zero size.
+//
+//===----------------------------------------------------------------------===//
+
+#include "clang/Analysis/PathSensitive/Checker.h"
+
+namespace clang {
+
+class UndefSizedVLAChecker : public Checker {
+ BugType *BT;
+
+public:
+ UndefSizedVLAChecker() : BT(0) {}
+ static void *getTag();
+ ExplodedNode *CheckType(QualType T, ExplodedNode *Pred,
+ const GRState *state, Stmt *S, GRExprEngine &Eng);
+};
+
+class ZeroSizedVLAChecker : public Checker {
+ BugType *BT;
+
+public:
+ ZeroSizedVLAChecker() : BT(0) {}
+ static void *getTag();
+ ExplodedNode *CheckType(QualType T, ExplodedNode *Pred,
+ const GRState *state, Stmt *S, GRExprEngine &Eng);
+};
+
+}
Removed: cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h?rev=85995&view=auto
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h (removed)
@@ -1,29 +0,0 @@
-//=== ZeroSizedVLAChecker.cpp - Undefined dereference checker ---*- C++ -*-===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-//
-// This defines ZeorSizedVLAChecker, a builtin check in GRExprEngine that
-// performs checks for declaration of VLA of zero size.
-//
-//===----------------------------------------------------------------------===//
-
-#include "clang/Analysis/PathSensitive/Checker.h"
-
-namespace clang {
-
-class ZeroSizedVLAChecker : public Checker {
- BugType *BT;
-
-public:
- ZeroSizedVLAChecker() : BT(0) {}
- static void *getTag();
- ExplodedNode *CheckType(QualType T, ExplodedNode *Pred,
- const GRState *state, Stmt *S, GRExprEngine &Eng);
-};
-
-}
Modified: cfe/trunk/lib/Analysis/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CMakeLists.txt?rev=85996&r1=85995&r2=85996&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/CMakeLists.txt (original)
+++ cfe/trunk/lib/Analysis/CMakeLists.txt Tue Nov 3 19:43:07 2009
@@ -42,11 +42,10 @@
SimpleSValuator.cpp
Store.cpp
SymbolManager.cpp
- UndefSizedVLAChecker.cpp
UndefinedArgChecker.cpp
UninitializedValues.cpp
ValueManager.cpp
- ZeroSizedVLAChecker.cpp
+ VLASizeChecker.cpp
)
add_dependencies(clangAnalysis ClangDiagnosticAnalysis)
Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp?rev=85996&r1=85995&r2=85996&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp Tue Nov 3 19:43:07 2009
@@ -20,8 +20,7 @@
#include "clang/Analysis/PathSensitive/Checkers/BadCallChecker.h"
#include "clang/Analysis/PathSensitive/Checkers/UndefinedArgChecker.h"
#include "clang/Analysis/PathSensitive/Checkers/AttrNonNullChecker.h"
-#include "clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h"
-#include "clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h"
+#include "clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h"
#include "clang/Analysis/PathDiagnostic.h"
#include "clang/Basic/SourceManager.h"
#include "llvm/Support/Compiler.h"
Removed: cfe/trunk/lib/Analysis/UndefSizedVLAChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/UndefSizedVLAChecker.cpp?rev=85995&view=auto
==============================================================================
--- cfe/trunk/lib/Analysis/UndefSizedVLAChecker.cpp (original)
+++ cfe/trunk/lib/Analysis/UndefSizedVLAChecker.cpp (removed)
@@ -1,54 +0,0 @@
-//=== UndefSizedVLAChecker.cpp - Undefined dereference checker --*- C++ -*-===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-//
-// This defines UndefSizedVLAChecker, a builtin check in GRExprEngine that
-// performs checks for declaration of VLA of undefined size.
-//
-//===----------------------------------------------------------------------===//
-
-#include "clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h"
-#include "clang/Analysis/PathSensitive/GRExprEngine.h"
-#include "clang/Analysis/PathSensitive/BugReporter.h"
-
-using namespace clang;
-
-void *UndefSizedVLAChecker::getTag() {
- static int x = 0;
- return &x;
-}
-
-ExplodedNode *UndefSizedVLAChecker::CheckType(QualType T, ExplodedNode *Pred,
- const GRState *state,
- Stmt *S, GRExprEngine &Eng) {
- GRStmtNodeBuilder &Builder = Eng.getBuilder();
- BugReporter &BR = Eng.getBugReporter();
-
- if (VariableArrayType* VLA = dyn_cast<VariableArrayType>(T)) {
- // FIXME: Handle multi-dimensional VLAs.
- Expr* SE = VLA->getSizeExpr();
- SVal Size_untested = state->getSVal(SE);
-
- if (Size_untested.isUndef()) {
- if (ExplodedNode* N = Builder.generateNode(S, state, Pred)) {
- N->markAsSink();
- if (!BT)
- BT = new BugType("Declare variable-length array (VLA) of undefined "
- "size", "Logic error");
-
- EnhancedBugReport *R =
- new EnhancedBugReport(*BT, BT->getName().c_str(), N);
- R->addRange(SE->getSourceRange());
- R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE);
- BR.EmitReport(R);
- }
- return 0;
- }
- }
- return Pred;
-}
Added: cfe/trunk/lib/Analysis/VLASizeChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/VLASizeChecker.cpp?rev=85996&view=auto
==============================================================================
--- cfe/trunk/lib/Analysis/VLASizeChecker.cpp (added)
+++ cfe/trunk/lib/Analysis/VLASizeChecker.cpp Tue Nov 3 19:43:07 2009
@@ -0,0 +1,102 @@
+//=== VLASizeChecker.cpp - Undefined dereference checker --------*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This defines two VLASizeCheckers, a builtin check in GRExprEngine that
+// performs checks for declaration of VLA of undefined or zero size.
+//
+//===----------------------------------------------------------------------===//
+
+#include "clang/Analysis/PathSensitive/Checkers/VLASizeChecker.h"
+#include "clang/Analysis/PathSensitive/GRExprEngine.h"
+#include "clang/Analysis/PathSensitive/BugReporter.h"
+
+using namespace clang;
+
+void *UndefSizedVLAChecker::getTag() {
+ static int x = 0;
+ return &x;
+}
+
+ExplodedNode *UndefSizedVLAChecker::CheckType(QualType T, ExplodedNode *Pred,
+ const GRState *state,
+ Stmt *S, GRExprEngine &Eng) {
+ GRStmtNodeBuilder &Builder = Eng.getBuilder();
+ BugReporter &BR = Eng.getBugReporter();
+
+ if (VariableArrayType* VLA = dyn_cast<VariableArrayType>(T)) {
+ // FIXME: Handle multi-dimensional VLAs.
+ Expr* SE = VLA->getSizeExpr();
+ SVal Size_untested = state->getSVal(SE);
+
+ if (Size_untested.isUndef()) {
+ if (ExplodedNode* N = Builder.generateNode(S, state, Pred)) {
+ N->markAsSink();
+ if (!BT)
+ BT = new BugType("Declare variable-length array (VLA) of undefined "
+ "size", "Logic error");
+
+ EnhancedBugReport *R =
+ new EnhancedBugReport(*BT, BT->getName().c_str(), N);
+ R->addRange(SE->getSourceRange());
+ R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE);
+ BR.EmitReport(R);
+ }
+ return 0;
+ }
+ }
+ return Pred;
+}
+
+void *ZeroSizedVLAChecker::getTag() {
+ static int x;
+ return &x;
+}
+
+ExplodedNode *ZeroSizedVLAChecker::CheckType(QualType T, ExplodedNode *Pred,
+ const GRState *state, Stmt *S,
+ GRExprEngine &Eng) {
+ GRStmtNodeBuilder &Builder = Eng.getBuilder();
+ BugReporter &BR = Eng.getBugReporter();
+
+ if (VariableArrayType* VLA = dyn_cast<VariableArrayType>(T)) {
+ // FIXME: Handle multi-dimensional VLAs.
+ Expr* SE = VLA->getSizeExpr();
+ SVal Size_untested = state->getSVal(SE);
+
+ DefinedOrUnknownSVal *Size = dyn_cast<DefinedOrUnknownSVal>(&Size_untested);
+ // Undefined size is checked in another checker.
+ if (!Size)
+ return Pred;
+
+ const GRState *zeroState = state->Assume(*Size, false);
+ state = state->Assume(*Size, true);
+
+ if (zeroState && !state) {
+ if (ExplodedNode* N = Builder.generateNode(S, zeroState, Pred)) {
+ N->markAsSink();
+ if (!BT)
+ BT = new BugType("Declare variable-length array (VLA) of zero size",
+ "Logic error");
+
+ EnhancedBugReport *R =
+ new EnhancedBugReport(*BT, BT->getName().c_str(), N);
+ R->addRange(SE->getSourceRange());
+ R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE);
+ BR.EmitReport(R);
+ }
+ }
+ if (!state)
+ return 0;
+
+ return Builder.generateNode(S, state, Pred);
+ }
+ else
+ return Pred;
+}
+
Removed: cfe/trunk/lib/Analysis/ZeroSizedVLAChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/ZeroSizedVLAChecker.cpp?rev=85995&view=auto
==============================================================================
--- cfe/trunk/lib/Analysis/ZeroSizedVLAChecker.cpp (original)
+++ cfe/trunk/lib/Analysis/ZeroSizedVLAChecker.cpp (removed)
@@ -1,66 +0,0 @@
-//=== ZeroSizedVLAChecker.cpp - Undefined dereference checker ---*- C++ -*-===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-//
-// This defines ZeorSizedVLAChecker, a builtin check in GRExprEngine that
-// performs checks for declaration of VLA of zero size.
-//
-//===----------------------------------------------------------------------===//
-
-#include "clang/Analysis/PathSensitive/Checkers/ZeroSizedVLAChecker.h"
-#include "clang/Analysis/PathSensitive/GRExprEngine.h"
-#include "clang/Analysis/PathSensitive/BugReporter.h"
-
-using namespace clang;
-
-void *ZeroSizedVLAChecker::getTag() {
- static int x;
- return &x;
-}
-
-ExplodedNode *ZeroSizedVLAChecker::CheckType(QualType T, ExplodedNode *Pred,
- const GRState *state, Stmt *S,
- GRExprEngine &Eng) {
- GRStmtNodeBuilder &Builder = Eng.getBuilder();
- BugReporter &BR = Eng.getBugReporter();
-
- if (VariableArrayType* VLA = dyn_cast<VariableArrayType>(T)) {
- // FIXME: Handle multi-dimensional VLAs.
- Expr* SE = VLA->getSizeExpr();
- SVal Size_untested = state->getSVal(SE);
-
- DefinedOrUnknownSVal *Size = dyn_cast<DefinedOrUnknownSVal>(&Size_untested);
- // Undefined size is checked in another checker.
- if (!Size)
- return Pred;
-
- const GRState *zeroState = state->Assume(*Size, false);
- state = state->Assume(*Size, true);
-
- if (zeroState && !state) {
- if (ExplodedNode* N = Builder.generateNode(S, zeroState, Pred)) {
- N->markAsSink();
- if (!BT)
- BT = new BugType("Declare variable-length array (VLA) of zero size",
- "Logic error");
-
- EnhancedBugReport *R =
- new EnhancedBugReport(*BT, BT->getName().c_str(), N);
- R->addRange(SE->getSourceRange());
- R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE);
- BR.EmitReport(R);
- }
- }
- if (!state)
- return 0;
-
- return Builder.generateNode(S, state, Pred);
- }
- else
- return Pred;
-}
More information about the cfe-commits
mailing list