StaticAnalyzer/Checkers/FixedAddressChecker.cpp

*0b57cec5SDimitry Andric//=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C++ -*--===//
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
*0b57cec5SDimitry Andric// See https://llvm.org/LICENSE.txt for license information.
*0b57cec5SDimitry Andric// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric//===----------------------------------------------------------------------===//
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric// This files defines FixedAddressChecker, a builtin checker that checks for
*0b57cec5SDimitry Andric// assignment of a fixed address to a pointer.
*0b57cec5SDimitry Andric// This check corresponds to CWE-587.
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric//===----------------------------------------------------------------------===//
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/Checker.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/CheckerManager.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricusing namespace clang;
*0b57cec5SDimitry Andricusing namespace ento;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricnamespace {
*0b57cec5SDimitry Andricclass FixedAddressChecker
*0b57cec5SDimitry Andric  : public Checker< check::PreStmt<BinaryOperator> > {
*0b57cec5SDimitry Andric  mutable std::unique_ptr<BuiltinBug> BT;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricpublic:
*0b57cec5SDimitry Andric  void checkPreStmt(const BinaryOperator *B, CheckerContext &C) const;
*0b57cec5SDimitry Andric};
*0b57cec5SDimitry Andric}
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricvoid FixedAddressChecker::checkPreStmt(const BinaryOperator *B,
*0b57cec5SDimitry Andric                                       CheckerContext &C) const {
*0b57cec5SDimitry Andric  // Using a fixed address is not portable because that address will probably
*0b57cec5SDimitry Andric  // not be valid in all environments or platforms.
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  if (B->getOpcode() != BO_Assign)
*0b57cec5SDimitry Andric    return;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  QualType T = B->getType();
*0b57cec5SDimitry Andric  if (!T->isPointerType())
*0b57cec5SDimitry Andric    return;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  SVal RV = C.getSVal(B->getRHS());
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  if (!RV.isConstant() || RV.isZeroConstant())
*0b57cec5SDimitry Andric    return;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  if (ExplodedNode *N = C.generateNonFatalErrorNode()) {
*0b57cec5SDimitry Andric    if (!BT)
*0b57cec5SDimitry Andric      BT.reset(
*0b57cec5SDimitry Andric          new BuiltinBug(this, "Use fixed address",
*0b57cec5SDimitry Andric                         "Using a fixed address is not portable because that "
*0b57cec5SDimitry Andric                         "address will probably not be valid in all "
*0b57cec5SDimitry Andric                         "environments or platforms."));
*0b57cec5SDimitry Andric    auto R =
*0b57cec5SDimitry Andric        std::make_unique<PathSensitiveBugReport>(*BT, BT->getDescription(), N);
*0b57cec5SDimitry Andric    R->addRange(B->getRHS()->getSourceRange());
*0b57cec5SDimitry Andric    C.emitReport(std::move(R));
*0b57cec5SDimitry Andric  }
*0b57cec5SDimitry Andric}
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricvoid ento::registerFixedAddressChecker(CheckerManager &mgr) {
*0b57cec5SDimitry Andric  mgr.registerChecker<FixedAddressChecker>();
*0b57cec5SDimitry Andric}
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricbool ento::shouldRegisterFixedAddressChecker(const CheckerManager &mgr) {
*0b57cec5SDimitry Andric  return true;
}