[cfe-commits] r106274 - in /cfe/trunk: lib/Checker/StreamChecker.cpp test/Analysis/stream.c
Zhongxing Xu
xuzhongxing at gmail.com
Thu Jun 17 19:47:46 PDT 2010
Author: zhongxingxu
Date: Thu Jun 17 21:47:46 2010
New Revision: 106274
URL: http://llvm.org/viewvc/llvm-project?rev=106274&view=rev
Log:
Add null stream check for more APIs.
Modified:
cfe/trunk/lib/Checker/StreamChecker.cpp
cfe/trunk/test/Analysis/stream.c
Modified: cfe/trunk/lib/Checker/StreamChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/StreamChecker.cpp?rev=106274&r1=106273&r2=106274&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/StreamChecker.cpp (original)
+++ cfe/trunk/lib/Checker/StreamChecker.cpp Thu Jun 17 21:47:46 2010
@@ -24,11 +24,13 @@
namespace {
class StreamChecker : public CheckerVisitor<StreamChecker> {
- IdentifierInfo *II_fopen, *II_fread;
+ IdentifierInfo *II_fopen, *II_fread, *II_fseek, *II_ftell, *II_rewind;
BuiltinBug *BT_nullfp;
public:
- StreamChecker() : II_fopen(0), II_fread(0), BT_nullfp(0) {}
+ StreamChecker()
+ : II_fopen(0), II_fread(0), II_fseek(0), II_ftell(0), II_rewind(0),
+ BT_nullfp(0) {}
static void *getTag() {
static int x;
@@ -40,9 +42,13 @@
private:
void FOpen(CheckerContext &C, const CallExpr *CE);
void FRead(CheckerContext &C, const CallExpr *CE);
+ void FSeek(CheckerContext &C, const CallExpr *CE);
+ void FTell(CheckerContext &C, const CallExpr *CE);
+ void Rewind(CheckerContext &C, const CallExpr *CE);
+ bool CheckNullStream(SVal SV, const GRState *state, CheckerContext &C);
};
-}
+} // end anonymous namespace
void clang::RegisterStreamChecker(GRExprEngine &Eng) {
Eng.registerCheck(new StreamChecker());
@@ -63,6 +69,15 @@
if (!II_fread)
II_fread = &Ctx.Idents.get("fread");
+ if (!II_fseek)
+ II_fseek = &Ctx.Idents.get("fseek");
+
+ if (!II_ftell)
+ II_ftell = &Ctx.Idents.get("ftell");
+
+ if (!II_rewind)
+ II_rewind = &Ctx.Idents.get("rewind");
+
if (FD->getIdentifier() == II_fopen) {
FOpen(C, CE);
return true;
@@ -73,6 +88,21 @@
return true;
}
+ if (FD->getIdentifier() == II_fseek) {
+ FSeek(C, CE);
+ return true;
+ }
+
+ if (FD->getIdentifier() == II_ftell) {
+ FTell(C, CE);
+ return true;
+ }
+
+ if (FD->getIdentifier() == II_rewind) {
+ Rewind(C, CE);
+ return true;
+ }
+
return false;
}
@@ -96,23 +126,47 @@
void StreamChecker::FRead(CheckerContext &C, const CallExpr *CE) {
const GRState *state = C.getState();
+ if (CheckNullStream(state->getSVal(CE->getArg(3)), state, C))
+ return;
+}
- // Assume CallAndMessageChecker has been run.
- SVal StreamVal = state->getSVal(CE->getArg(3));
+void StreamChecker::FSeek(CheckerContext &C, const CallExpr *CE) {
+ const GRState *state = C.getState();
+ if (CheckNullStream(state->getSVal(CE->getArg(0)), state, C))
+ return;
+}
+
+void StreamChecker::FTell(CheckerContext &C, const CallExpr *CE) {
+ const GRState *state = C.getState();
+ if (CheckNullStream(state->getSVal(CE->getArg(0)), state, C))
+ return;
+}
+
+void StreamChecker::Rewind(CheckerContext &C, const CallExpr *CE) {
+ const GRState *state = C.getState();
+ if (CheckNullStream(state->getSVal(CE->getArg(0)), state, C))
+ return;
+}
- if (const DefinedSVal *DV = dyn_cast<DefinedSVal>(&StreamVal)) {
- ConstraintManager &CM = C.getConstraintManager();
- const GRState *stateNotNull, *stateNull;
- llvm::tie(stateNotNull, stateNull) = CM.AssumeDual(state, *DV);
-
- if (!stateNotNull && stateNull) {
- if (ExplodedNode *N = C.GenerateSink(stateNull)) {
- if (!BT_nullfp)
- BT_nullfp = new BuiltinBug("NULL stream pointer",
+bool StreamChecker::CheckNullStream(SVal SV, const GRState *state,
+ CheckerContext &C) {
+ const DefinedSVal *DV = dyn_cast<DefinedSVal>(&SV);
+ if (!DV)
+ return false;
+
+ ConstraintManager &CM = C.getConstraintManager();
+ const GRState *stateNotNull, *stateNull;
+ llvm::tie(stateNotNull, stateNull) = CM.AssumeDual(state, *DV);
+
+ if (!stateNotNull && stateNull) {
+ if (ExplodedNode *N = C.GenerateSink(stateNull)) {
+ if (!BT_nullfp)
+ BT_nullfp = new BuiltinBug("NULL stream pointer",
"Stream pointer might be NULL.");
- BugReport *R =new BugReport(*BT_nullfp, BT_nullfp->getDescription(), N);
- C.EmitReport(R);
- }
+ BugReport *R =new BugReport(*BT_nullfp, BT_nullfp->getDescription(), N);
+ C.EmitReport(R);
}
+ return true;
}
+ return false;
}
Modified: cfe/trunk/test/Analysis/stream.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/stream.c?rev=106274&r1=106273&r2=106274&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/stream.c (original)
+++ cfe/trunk/test/Analysis/stream.c Thu Jun 17 21:47:46 2010
@@ -2,11 +2,33 @@
typedef __typeof__(sizeof(int)) size_t;
typedef struct _IO_FILE FILE;
-FILE *fopen(const char *path, const char *mode);
-size_t fread(void *ptr, size_t size, size_t nmemb, FILE *stream);
+#define SEEK_SET 0 /* Seek from beginning of file. */
+#define SEEK_CUR 1 /* Seek from current position. */
+#define SEEK_END 2 /* Seek from end of file. */
+extern FILE *fopen(const char *path, const char *mode);
+extern size_t fread(void *ptr, size_t size, size_t nmemb, FILE *stream);
+extern int fseek (FILE *__stream, long int __off, int __whence);
+extern long int ftell (FILE *__stream);
+extern void rewind (FILE *__stream);
void f1(void) {
FILE *p = fopen("foo", "r");
char buf[1024];
fread(buf, 1, 1, p); // expected-warning {{Stream pointer might be NULL.}}
}
+
+void f2(void) {
+ FILE *p = fopen("foo", "r");
+ fseek(p, 1, SEEK_SET); // expected-warning {{Stream pointer might be NULL.}}
+}
+
+void f3(void) {
+ FILE *p = fopen("foo", "r");
+ ftell(p); // expected-warning {{Stream pointer might be NULL.}}
+}
+
+void f4(void) {
+ FILE *p = fopen("foo", "r");
+ rewind(p); // expected-warning {{Stream pointer might be NULL.}}
+}
+
More information about the cfe-commits
mailing list