[cfe-commits] r117334 - in /cfe/trunk: lib/Checker/DereferenceChecker.cpp test/Analysis/null-deref-ps.c test/Analysis/plist-output-alternate.m
Ted Kremenek
kremenek at apple.com
Mon Oct 25 17:06:13 PDT 2010
Author: kremenek
Date: Mon Oct 25 19:06:13 2010
New Revision: 117334
URL: http://llvm.org/viewvc/llvm-project?rev=117334&view=rev
Log:
Tweak null dereference checker to give better diagnostics for null dereferences resulting from array accesses.
Modified:
cfe/trunk/lib/Checker/DereferenceChecker.cpp
cfe/trunk/test/Analysis/null-deref-ps.c
cfe/trunk/test/Analysis/plist-output-alternate.m
Modified: cfe/trunk/lib/Checker/DereferenceChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/DereferenceChecker.cpp?rev=117334&r1=117333&r2=117334&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/DereferenceChecker.cpp (original)
+++ cfe/trunk/lib/Checker/DereferenceChecker.cpp Mon Oct 25 19:06:13 2010
@@ -36,6 +36,9 @@
ImplicitNullDerefNodes.data() +
ImplicitNullDerefNodes.size());
}
+ void AddDerefSource(llvm::raw_ostream &os,
+ llvm::SmallVectorImpl<SourceRange> &Ranges,
+ const Expr *Ex, bool loadedFrom = false);
};
} // end anonymous namespace
@@ -52,6 +55,33 @@
return checker->getImplicitNodes();
}
+void DereferenceChecker::AddDerefSource(llvm::raw_ostream &os,
+ llvm::SmallVectorImpl<SourceRange> &Ranges,
+ const Expr *Ex,
+ bool loadedFrom) {
+ switch (Ex->getStmtClass()) {
+ default:
+ return;
+ case Stmt::DeclRefExprClass: {
+ const DeclRefExpr *DR = cast<DeclRefExpr>(Ex);
+ if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) {
+ os << " (" << (loadedFrom ? "loaded from" : "from")
+ << " variable '" << VD->getName() << "')";
+ Ranges.push_back(DR->getSourceRange());
+ }
+ return;
+ }
+ case Stmt::MemberExprClass: {
+ const MemberExpr *ME = cast<MemberExpr>(Ex);
+ os << " (" << (loadedFrom ? "loaded from" : "via")
+ << " field '" << ME->getMemberNameInfo() << "')";
+ SourceLocation L = ME->getMemberLoc();
+ Ranges.push_back(SourceRange(L, L));
+ break;
+ }
+ }
+}
+
void DereferenceChecker::VisitLocation(CheckerContext &C, const Stmt *S,
SVal l) {
// Check for dereference of an undefined value.
@@ -96,31 +126,29 @@
llvm::SmallVector<SourceRange, 2> Ranges;
switch (S->getStmtClass()) {
+ case Stmt::ArraySubscriptExprClass: {
+ llvm::raw_svector_ostream os(buf);
+ os << "Array access";
+ const ArraySubscriptExpr *AE = cast<ArraySubscriptExpr>(S);
+ AddDerefSource(os, Ranges, AE->getBase()->IgnoreParenCasts());
+ os << " results in a null pointer dereference";
+ break;
+ }
case Stmt::UnaryOperatorClass: {
+ llvm::raw_svector_ostream os(buf);
+ os << "Dereference of null pointer";
const UnaryOperator *U = cast<UnaryOperator>(S);
- const Expr *SU = U->getSubExpr()->IgnoreParens();
- if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(SU)) {
- if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) {
- llvm::raw_svector_ostream os(buf);
- os << "Dereference of null pointer (loaded from variable '"
- << VD->getName() << "')";
- Ranges.push_back(DR->getSourceRange());
- }
- }
+ AddDerefSource(os, Ranges, U->getSubExpr()->IgnoreParens(), true);
break;
}
case Stmt::MemberExprClass: {
const MemberExpr *M = cast<MemberExpr>(S);
- if (M->isArrow())
- if (DeclRefExpr *DR =
- dyn_cast<DeclRefExpr>(M->getBase()->IgnoreParenCasts())) {
- if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) {
- llvm::raw_svector_ostream os(buf);
- os << "Field access results in a dereference of a null pointer "
- "(loaded from variable '" << VD->getName() << "')";
- Ranges.push_back(M->getBase()->getSourceRange());
- }
- }
+ if (M->isArrow()) {
+ llvm::raw_svector_ostream os(buf);
+ os << "Access to field '" << M->getMemberNameInfo()
+ << "' results in a dereference of a null pointer";
+ AddDerefSource(os, Ranges, M->getBase()->IgnoreParenCasts(), true);
+ }
break;
}
case Stmt::ObjCIvarRefExprClass: {
Modified: cfe/trunk/test/Analysis/null-deref-ps.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/null-deref-ps.c?rev=117334&r1=117333&r2=117334&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/null-deref-ps.c (original)
+++ cfe/trunk/test/Analysis/null-deref-ps.c Mon Oct 25 19:06:13 2010
@@ -26,7 +26,7 @@
if (p)
p->x = 1;
- return p->x++; // expected-warning{{Field access results in a dereference of a null pointer (loaded from variable 'p')}}
+ return p->x++; // expected-warning{{Access to field 'x' results in a dereference of a null pointer (loaded from variable 'p')}}
}
int f3(char* x) {
@@ -36,7 +36,7 @@
if (x)
return x[i - 1];
- return x[i+1]; // expected-warning{{Dereference of null pointer}}
+ return x[i+1]; // expected-warning{{Array access (from variable 'x') results in a null pointer dereference}}
}
int f3_b(char* x) {
@@ -46,7 +46,7 @@
if (x)
return x[i - 1];
- return x[i+1]++; // expected-warning{{Dereference of null pointer}}
+ return x[i+1]++; // expected-warning{{Array access (from variable 'x') results in a null pointer dereference}}
}
int f4(int *p) {
Modified: cfe/trunk/test/Analysis/plist-output-alternate.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/plist-output-alternate.m?rev=117334&r1=117333&r2=117334&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/plist-output-alternate.m (original)
+++ cfe/trunk/test/Analysis/plist-output-alternate.m Mon Oct 25 19:06:13 2010
@@ -743,23 +743,23 @@
// CHECK: <array>
// CHECK: <dict>
// CHECK: <key>line</key><integer>37</integer>
-// CHECK: <key>col</key><integer>3</integer>
+// CHECK: <key>col</key><integer>7</integer>
// CHECK: <key>file</key><integer>0</integer>
// CHECK: </dict>
// CHECK: <dict>
// CHECK: <key>line</key><integer>37</integer>
-// CHECK: <key>col</key><integer>8</integer>
+// CHECK: <key>col</key><integer>7</integer>
// CHECK: <key>file</key><integer>0</integer>
// CHECK: </dict>
// CHECK: </array>
// CHECK: </array>
// CHECK: <key>extended_message</key>
-// CHECK: <string>Dereference of null pointer</string>
+// CHECK: <string>Dereference of null pointer (loaded from field 'p')</string>
// CHECK: <key>message</key>
-// CHECK: <string>Dereference of null pointer</string>
+// CHECK: <string>Dereference of null pointer (loaded from field 'p')</string>
// CHECK: </dict>
// CHECK: </array>
-// CHECK: <key>description</key><string>Dereference of null pointer</string>
+// CHECK: <key>description</key><string>Dereference of null pointer (loaded from field 'p')</string>
// CHECK: <key>category</key><string>Logic error</string>
// CHECK: <key>type</key><string>Dereference of null pointer</string>
// CHECK: <key>location</key>
More information about the cfe-commits
mailing list