[cfe-commits] r126522 - in /cfe/trunk/lib/StaticAnalyzer/Checkers: CMakeLists.txt Checkers.td StackAddrEscapeChecker.cpp StackAddrLeakChecker.cpp

Ted Kremenek kremenek at apple.com
Fri Feb 25 14:00:43 PST 2011


Author: kremenek
Date: Fri Feb 25 16:00:43 2011
New Revision: 126522

URL: http://llvm.org/viewvc/llvm-project?rev=126522&view=rev
Log:
Tidy up help text in Checkers.td, and rename StackAddrLeakChecker to StackAddrEscapeChecker.

Added:
    cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
      - copied, changed from r126521, cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp
Removed:
    cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp
Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/CMakeLists.txt
    cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CMakeLists.txt?rev=126522&r1=126521&r2=126522&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CMakeLists.txt (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CMakeLists.txt Fri Feb 25 16:00:43 2011
@@ -27,8 +27,8 @@
   DebugCheckers.cpp
   DereferenceChecker.cpp
   DivZeroChecker.cpp
-  ExprEngine.cpp
   ExperimentalChecks.cpp
+  ExprEngine.cpp
   FixedAddressChecker.cpp
   IdempotentOperationChecker.cpp
   LLVMConventionsChecker.cpp
@@ -46,7 +46,7 @@
   PthreadLockChecker.cpp
   ReturnPointerRangeChecker.cpp
   ReturnUndefChecker.cpp
-  StackAddrLeakChecker.cpp
+  StackAddrEscapeChecker.cpp
   StreamChecker.cpp
   UndefBranchChecker.cpp
   UndefCapturedBlockVarChecker.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td?rev=126522&r1=126521&r2=126522&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/Checkers.td Fri Feb 25 16:00:43 2011
@@ -59,8 +59,8 @@
   HelpText<"Check for sending 'retain', 'release', or 'autorelease' directly to a Class">,
   DescFile<"BasicObjCFoundationChecks.cpp">;
 
-def NSAutoreleasePoolChecker : Checker<"NSAutoreleasePool">,
-  HelpText<"Warn for subpar uses of NSAutoreleasePool">,
+def NSAutoreleasePoolChecker : Checker<"NSAutoReleasePool">,
+  HelpText<"Warn for subpar uses of NSAutoReleasePool">,
   DescFile<"NSAutoreleasePoolChecker.cpp">;
 
 def ObjCMethSigsChecker : Checker<"MethodSigs">,
@@ -71,16 +71,16 @@
   HelpText<"Warn about private ivars that are never used">,
   DescFile<"ObjCUnusedIVarsChecker.cpp">;
 
-}
+} // end "cocoa"
 
-def StackAddrLeakChecker : Checker<"StackAddrLeak">,
+def StackAddrEscapeChecker : Checker<"StackAddrEscape">,
   InPackage<Core>,
-  HelpText<"Check that addresses to stack memory are not leaked outside the function">,
-  DescFile<"StackAddrLeakChecker.cpp">;
+  HelpText<"Check that addresses to stack memory do not escape the function">,
+  DescFile<"StackAddrEscapeChecker.cpp">;
 
 def DeadStoresChecker : Checker<"DeadStores">,
   InPackage<Core>,
-  HelpText<"Check for stores to dead variables">,
+  HelpText<"Check for values stored to a variables that are never read afterwards">,
   DescFile<"DeadStoresChecker.cpp">;
 
 def UnixAPIChecker : Checker<"API">,
@@ -90,12 +90,12 @@
 
 def MacOSXAPIChecker : Checker<"API">,
   InPackage<MacOSX>,
-  HelpText<"Check calls to various MacOSXAPIChecker">,
+  HelpText<"Check for proper uses of various Mac OS X APIs">,
   DescFile<"MacOSXAPIChecker.cpp">;
 
 def CFNumberCreateChecker : Checker<"CFNumber">,
   InPackage<MacOSX>,
-  HelpText<"Check for CFNumberCreate">,
+  HelpText<"Check for proper uses of CFNumberCreate">,
   DescFile<"BasicObjCFoundationChecks.cpp">;
 
 def CFRetainReleaseChecker : Checker<"CFRetainRelease">,

Copied: cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp (from r126521, cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp)
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp?p2=cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp&p1=cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp&r1=126521&r2=126522&rev=126522&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp Fri Feb 25 16:00:43 2011
@@ -1,4 +1,4 @@
-//=== StackAddrLeakChecker.cpp ------------------------------------*- C++ -*--//
+//=== StackAddrEscapeChecker.cpp ----------------------------------*- C++ -*--//
 //
 //                     The LLVM Compiler Infrastructure
 //
@@ -24,7 +24,7 @@
 using namespace ento;
 
 namespace {
-class StackAddrLeakChecker : public CheckerV2< check::PreStmt<ReturnStmt>,
+class StackAddrEscapeChecker : public CheckerV2< check::PreStmt<ReturnStmt>,
                                                check::EndPath > {
   mutable llvm::OwningPtr<BuiltinBug> BT_stackleak;
   mutable llvm::OwningPtr<BuiltinBug> BT_returnstack;
@@ -40,7 +40,7 @@
 };
 }
 
-SourceRange StackAddrLeakChecker::GenName(llvm::raw_ostream &os,
+SourceRange StackAddrEscapeChecker::GenName(llvm::raw_ostream &os,
                                           const MemRegion *R,
                                           SourceManager &SM) {
     // Get the base region, stripping away fields and elements.
@@ -83,7 +83,7 @@
   return range;
 }
 
-void StackAddrLeakChecker::EmitStackError(CheckerContext &C, const MemRegion *R,
+void StackAddrEscapeChecker::EmitStackError(CheckerContext &C, const MemRegion *R,
                                           const Expr *RetE) const {
   ExplodedNode *N = C.generateSink();
 
@@ -107,7 +107,7 @@
   C.EmitReport(report);
 }
 
-void StackAddrLeakChecker::checkPreStmt(const ReturnStmt *RS,
+void StackAddrEscapeChecker::checkPreStmt(const ReturnStmt *RS,
                                         CheckerContext &C) const {
   
   const Expr *RetE = RS->getRetValue();
@@ -126,7 +126,7 @@
   }
 }
 
-void StackAddrLeakChecker::checkEndPath(EndOfFunctionNodeBuilder &B,
+void StackAddrEscapeChecker::checkEndPath(EndOfFunctionNodeBuilder &B,
                                         ExprEngine &Eng) const {
 
   const GRState *state = B.getState();
@@ -200,6 +200,6 @@
   }
 }
 
-void ento::registerStackAddrLeakChecker(CheckerManager &mgr) {
-  mgr.registerChecker<StackAddrLeakChecker>();
+void ento::registerStackAddrEscapeChecker(CheckerManager &mgr) {
+  mgr.registerChecker<StackAddrEscapeChecker>();
 }

Removed: cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp?rev=126521&view=auto
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/StackAddrLeakChecker.cpp (removed)
@@ -1,205 +0,0 @@
-//=== StackAddrLeakChecker.cpp ------------------------------------*- C++ -*--//
-//
-//                     The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-//
-// This file defines stack address leak checker, which checks if an invalid 
-// stack address is stored into a global or heap location. See CERT DCL30-C.
-//
-//===----------------------------------------------------------------------===//
-
-#include "ClangSACheckers.h"
-#include "clang/StaticAnalyzer/Core/CheckerV2.h"
-#include "clang/StaticAnalyzer/Core/CheckerManager.h"
-#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
-#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
-#include "clang/StaticAnalyzer/Core/PathSensitive/GRState.h"
-#include "clang/Basic/SourceManager.h"
-#include "llvm/ADT/SmallString.h"
-using namespace clang;
-using namespace ento;
-
-namespace {
-class StackAddrLeakChecker : public CheckerV2< check::PreStmt<ReturnStmt>,
-                                               check::EndPath > {
-  mutable llvm::OwningPtr<BuiltinBug> BT_stackleak;
-  mutable llvm::OwningPtr<BuiltinBug> BT_returnstack;
-
-public:
-  void checkPreStmt(const ReturnStmt *RS, CheckerContext &C) const;
-  void checkEndPath(EndOfFunctionNodeBuilder &B, ExprEngine &Eng) const;
-private:
-  void EmitStackError(CheckerContext &C, const MemRegion *R,
-                      const Expr *RetE) const;
-  static SourceRange GenName(llvm::raw_ostream &os, const MemRegion *R,
-                             SourceManager &SM);
-};
-}
-
-SourceRange StackAddrLeakChecker::GenName(llvm::raw_ostream &os,
-                                          const MemRegion *R,
-                                          SourceManager &SM) {
-    // Get the base region, stripping away fields and elements.
-  R = R->getBaseRegion();
-  SourceRange range;
-  os << "Address of ";
-  
-  // Check if the region is a compound literal.
-  if (const CompoundLiteralRegion* CR = dyn_cast<CompoundLiteralRegion>(R)) { 
-    const CompoundLiteralExpr* CL = CR->getLiteralExpr();
-    os << "stack memory associated with a compound literal "
-          "declared on line "
-        << SM.getInstantiationLineNumber(CL->getLocStart())
-        << " returned to caller";    
-    range = CL->getSourceRange();
-  }
-  else if (const AllocaRegion* AR = dyn_cast<AllocaRegion>(R)) {
-    const Expr* ARE = AR->getExpr();
-    SourceLocation L = ARE->getLocStart();
-    range = ARE->getSourceRange();    
-    os << "stack memory allocated by call to alloca() on line "
-       << SM.getInstantiationLineNumber(L);
-  }
-  else if (const BlockDataRegion *BR = dyn_cast<BlockDataRegion>(R)) {
-    const BlockDecl *BD = BR->getCodeRegion()->getDecl();
-    SourceLocation L = BD->getLocStart();
-    range = BD->getSourceRange();
-    os << "stack-allocated block declared on line "
-       << SM.getInstantiationLineNumber(L);
-  }
-  else if (const VarRegion *VR = dyn_cast<VarRegion>(R)) {
-    os << "stack memory associated with local variable '"
-       << VR->getString() << '\'';
-    range = VR->getDecl()->getSourceRange();
-  }
-  else {
-    assert(false && "Invalid region in ReturnStackAddressChecker.");
-  } 
-  
-  return range;
-}
-
-void StackAddrLeakChecker::EmitStackError(CheckerContext &C, const MemRegion *R,
-                                          const Expr *RetE) const {
-  ExplodedNode *N = C.generateSink();
-
-  if (!N)
-    return;
-
-  if (!BT_returnstack)
-   BT_returnstack.reset(
-                 new BuiltinBug("Return of address to stack-allocated memory"));
-
-  // Generate a report for this bug.
-  llvm::SmallString<512> buf;
-  llvm::raw_svector_ostream os(buf);
-  SourceRange range = GenName(os, R, C.getSourceManager());
-  os << " returned to caller";
-  RangedBugReport *report = new RangedBugReport(*BT_returnstack, os.str(), N);
-  report->addRange(RetE->getSourceRange());
-  if (range.isValid())
-    report->addRange(range);
-
-  C.EmitReport(report);
-}
-
-void StackAddrLeakChecker::checkPreStmt(const ReturnStmt *RS,
-                                        CheckerContext &C) const {
-  
-  const Expr *RetE = RS->getRetValue();
-  if (!RetE)
-    return;
- 
-  SVal V = C.getState()->getSVal(RetE);
-  const MemRegion *R = V.getAsRegion();
-
-  if (!R || !R->hasStackStorage())
-    return;  
-  
-  if (R->hasStackStorage()) {
-    EmitStackError(C, R, RetE);
-    return;
-  }
-}
-
-void StackAddrLeakChecker::checkEndPath(EndOfFunctionNodeBuilder &B,
-                                        ExprEngine &Eng) const {
-
-  const GRState *state = B.getState();
-
-  // Iterate over all bindings to global variables and see if it contains
-  // a memory region in the stack space.
-  class CallBack : public StoreManager::BindingsHandler {
-  private:
-    const StackFrameContext *CurSFC;
-  public:
-    llvm::SmallVector<std::pair<const MemRegion*, const MemRegion*>, 10> V;
-
-    CallBack(const LocationContext *LCtx)
-      : CurSFC(LCtx->getCurrentStackFrame()) {}
-    
-    bool HandleBinding(StoreManager &SMgr, Store store,
-                       const MemRegion *region, SVal val) {
-      
-      if (!isa<GlobalsSpaceRegion>(region->getMemorySpace()))
-        return true;
-      
-      const MemRegion *vR = val.getAsRegion();
-      if (!vR)
-        return true;
-      
-      if (const StackSpaceRegion *SSR = 
-          dyn_cast<StackSpaceRegion>(vR->getMemorySpace())) {
-        // If the global variable holds a location in the current stack frame,
-        // record the binding to emit a warning.
-        if (SSR->getStackFrame() == CurSFC)
-          V.push_back(std::make_pair(region, vR));
-      }
-      
-      return true;
-    }
-  };
-    
-  CallBack cb(B.getPredecessor()->getLocationContext());
-  state->getStateManager().getStoreManager().iterBindings(state->getStore(),cb);
-
-  if (cb.V.empty())
-    return;
-
-  // Generate an error node.
-  ExplodedNode *N = B.generateNode(state);
-  if (!N)
-    return;
-
-  if (!BT_stackleak)
-    BT_stackleak.reset(
-      new BuiltinBug("Stack address stored into global variable",
-                     "Stack address was saved into a global variable. "
-                     "This is dangerous because the address will become "
-                     "invalid after returning from the function"));
-  
-  for (unsigned i = 0, e = cb.V.size(); i != e; ++i) {
-    // Generate a report for this bug.
-    llvm::SmallString<512> buf;
-    llvm::raw_svector_ostream os(buf);
-    SourceRange range = GenName(os, cb.V[i].second,
-                                Eng.getContext().getSourceManager());
-    os << " is still referred to by the global variable '";
-    const VarRegion *VR = cast<VarRegion>(cb.V[i].first->getBaseRegion());
-    os << VR->getDecl()->getNameAsString() 
-       << "' upon returning to the caller.  This will be a dangling reference";
-    RangedBugReport *report = new RangedBugReport(*BT_stackleak, os.str(), N);
-    if (range.isValid())
-      report->addRange(range);
-
-    Eng.getBugReporter().EmitReport(report);
-  }
-}
-
-void ento::registerStackAddrLeakChecker(CheckerManager &mgr) {
-  mgr.registerChecker<StackAddrLeakChecker>();
-}





More information about the cfe-commits mailing list