[cfe-commits] r126369 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/Checkers.td lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp lib/StaticAnalyzer/Checkers/InternalChecks.h lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp test/Analysis/misc-ps-region-store.m
Argyrios Kyrtzidis
akyrtzi at gmail.com
Thu Feb 24 00:41:57 PST 2011
Author: akirtzidis
Date: Thu Feb 24 02:41:57 2011
New Revision: 126369
URL: http://llvm.org/viewvc/llvm-project?rev=126369&view=rev
Log:
[analyzer] Migrate ReturnPointerRangeChecker to CheckerV2.
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td
cfe/trunk/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp
cfe/trunk/lib/StaticAnalyzer/Checkers/InternalChecks.h
cfe/trunk/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
cfe/trunk/test/Analysis/misc-ps-region-store.m
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td?rev=126369&r1=126368&r2=126369&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td Thu Feb 24 02:41:57 2011
@@ -174,6 +174,11 @@
HelpText<"Perform quick security checks that require no data flow">,
DescFile<"CheckSecuritySyntaxOnly.cpp">;
+def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
+ InPackage<CoreExperimental>,
+ HelpText<"Check for an out-of-bound pointer being returned to callers">,
+ DescFile<"ReturnPointerRangeChecker.cpp">;
+
def ObjCDeallocChecker : Checker<"Dealloc">,
InPackage<CocoaExperimental>,
HelpText<"Warn about Objective-C classes that lack a correct implementation of -dealloc">,
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp?rev=126369&r1=126368&r2=126369&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp Thu Feb 24 02:41:57 2011
@@ -29,9 +29,6 @@
// These are internal checks that should eventually migrate to
// RegisterInternalChecks() once they have been further tested.
- // Note that this must be registered after ReturnStackAddresEngsChecker.
- RegisterReturnPointerRangeChecker(Eng);
-
RegisterArrayBoundChecker(Eng);
RegisterCastSizeChecker(Eng);
}
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/InternalChecks.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/InternalChecks.h?rev=126369&r1=126368&r2=126369&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/InternalChecks.h (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/InternalChecks.h Thu Feb 24 02:41:57 2011
@@ -32,7 +32,6 @@
void RegisterDereferenceChecker(ExprEngine &Eng);
void RegisterDivZeroChecker(ExprEngine &Eng);
void RegisterNoReturnFunctionChecker(ExprEngine &Eng);
-void RegisterReturnPointerRangeChecker(ExprEngine &Eng);
void RegisterReturnUndefChecker(ExprEngine &Eng);
void RegisterUndefBranchChecker(ExprEngine &Eng);
void RegisterUndefCapturedBlockVarChecker(ExprEngine &Eng);
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp?rev=126369&r1=126368&r2=126369&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp Thu Feb 24 02:41:57 2011
@@ -12,9 +12,11 @@
//
//===----------------------------------------------------------------------===//
-#include "InternalChecks.h"
+#include "ClangSACheckers.h"
+#include "clang/StaticAnalyzer/Core/CheckerV2.h"
+#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
-#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerVisitor.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
using namespace clang;
@@ -22,25 +24,15 @@
namespace {
class ReturnPointerRangeChecker :
- public CheckerVisitor<ReturnPointerRangeChecker> {
- BuiltinBug *BT;
+ public CheckerV2< check::PreStmt<ReturnStmt> > {
+ mutable llvm::OwningPtr<BuiltinBug> BT;
public:
- ReturnPointerRangeChecker() : BT(0) {}
- static void *getTag();
- void PreVisitReturnStmt(CheckerContext &C, const ReturnStmt *RS);
+ void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;
};
}
-void ento::RegisterReturnPointerRangeChecker(ExprEngine &Eng) {
- Eng.registerCheck(new ReturnPointerRangeChecker());
-}
-
-void *ReturnPointerRangeChecker::getTag() {
- static int x = 0; return &x;
-}
-
-void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C,
- const ReturnStmt *RS) {
+void ReturnPointerRangeChecker::checkPreStmt(const ReturnStmt *RS,
+ CheckerContext &C) const {
const GRState *state = C.getState();
const Expr *RetE = RS->getRetValue();
@@ -77,9 +69,9 @@
// FIXME: This bug correspond to CWE-466. Eventually we should have bug
// types explicitly reference such exploit categories (when applicable).
if (!BT)
- BT = new BuiltinBug("Return of pointer value outside of expected range",
+ BT.reset(new BuiltinBug("Return of pointer value outside of expected range",
"Returned pointer value points outside the original object "
- "(potential buffer overflow)");
+ "(potential buffer overflow)"));
// FIXME: It would be nice to eventually make this diagnostic more clear,
// e.g., by referencing the original declaration or by saying *why* this
@@ -93,3 +85,7 @@
C.EmitReport(report);
}
}
+
+void ento::registerReturnPointerRangeChecker(CheckerManager &mgr) {
+ mgr.registerChecker<ReturnPointerRangeChecker>();
+}
Modified: cfe/trunk/test/Analysis/misc-ps-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.m?rev=126369&r1=126368&r2=126369&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.m (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.m Thu Feb 24 02:41:57 2011
@@ -1,5 +1,5 @@
-// RUN: %clang_cc1 -triple i386-apple-darwin9 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s
-// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -DTEST_64 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s
+// RUN: %clang_cc1 -triple i386-apple-darwin9 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-checker=core.experimental.ReturnPtrRange -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s
+// RUN: %clang_cc1 -triple x86_64-apple-darwin9 -DTEST_64 -analyze -analyzer-checker=core.experimental.IdempotentOps -analyzer-checker=core.experimental.CastToStruct -analyzer-checker=core.experimental.ReturnPtrRange -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -verify -fblocks -analyzer-opt-analyze-nested-blocks %s
typedef long unsigned int size_t;
void *memcpy(void *, const void *, size_t);
More information about the cfe-commits
mailing list