StaticAnalyzer/Checkers/UndefinedArraySubscriptChecker.cpp

*0b57cec5SDimitry Andric//===--- UndefinedArraySubscriptChecker.h ----------------------*- C++ -*--===//
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
*0b57cec5SDimitry Andric// See https://llvm.org/LICENSE.txt for license information.
*0b57cec5SDimitry Andric// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric//===----------------------------------------------------------------------===//
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric// This defines UndefinedArraySubscriptChecker, a builtin check in ExprEngine
*0b57cec5SDimitry Andric// that performs checks for undefined array subscripts.
*0b57cec5SDimitry Andric//
*0b57cec5SDimitry Andric//===----------------------------------------------------------------------===//
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
*0b57cec5SDimitry Andric#include "clang/AST/DeclCXX.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/Checker.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/CheckerManager.h"
*0b57cec5SDimitry Andric#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricusing namespace clang;
*0b57cec5SDimitry Andricusing namespace ento;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricnamespace {
*0b57cec5SDimitry Andricclass UndefinedArraySubscriptChecker
*0b57cec5SDimitry Andric  : public Checker< check::PreStmt<ArraySubscriptExpr> > {
*0b57cec5SDimitry Andric  mutable std::unique_ptr<BugType> BT;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricpublic:
*0b57cec5SDimitry Andric  void checkPreStmt(const ArraySubscriptExpr *A, CheckerContext &C) const;
*0b57cec5SDimitry Andric};
*0b57cec5SDimitry Andric} // end anonymous namespace
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricvoid
*0b57cec5SDimitry AndricUndefinedArraySubscriptChecker::checkPreStmt(const ArraySubscriptExpr *A,
*0b57cec5SDimitry Andric                                             CheckerContext &C) const {
*0b57cec5SDimitry Andric  const Expr *Index = A->getIdx();
*0b57cec5SDimitry Andric  if (!C.getSVal(Index).isUndef())
*0b57cec5SDimitry Andric    return;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  // Sema generates anonymous array variables for copying array struct fields.
*0b57cec5SDimitry Andric  // Don't warn if we're in an implicitly-generated constructor.
*0b57cec5SDimitry Andric  const Decl *D = C.getLocationContext()->getDecl();
*0b57cec5SDimitry Andric  if (const CXXConstructorDecl *Ctor = dyn_cast<CXXConstructorDecl>(D))
*0b57cec5SDimitry Andric    if (Ctor->isDefaulted())
*0b57cec5SDimitry Andric      return;
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  ExplodedNode *N = C.generateErrorNode();
*0b57cec5SDimitry Andric  if (!N)
*0b57cec5SDimitry Andric    return;
*0b57cec5SDimitry Andric  if (!BT)
*0b57cec5SDimitry Andric    BT.reset(new BuiltinBug(this, "Array subscript is undefined"));
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andric  // Generate a report for this bug.
*0b57cec5SDimitry Andric  auto R = std::make_unique<PathSensitiveBugReport>(*BT, BT->getDescription(), N);
*0b57cec5SDimitry Andric  R->addRange(A->getIdx()->getSourceRange());
*0b57cec5SDimitry Andric  bugreporter::trackExpressionValue(N, A->getIdx(), *R);
*0b57cec5SDimitry Andric  C.emitReport(std::move(R));
*0b57cec5SDimitry Andric}
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricvoid ento::registerUndefinedArraySubscriptChecker(CheckerManager &mgr) {
*0b57cec5SDimitry Andric  mgr.registerChecker<UndefinedArraySubscriptChecker>();
*0b57cec5SDimitry Andric}
*0b57cec5SDimitry Andric
*0b57cec5SDimitry Andricbool ento::shouldRegisterUndefinedArraySubscriptChecker(const CheckerManager &mgr) {
*0b57cec5SDimitry Andric  return true;
*0b57cec5SDimitry Andric}