UndefinedAssignmentChecker.cpp source code [clang/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp]

1	//===--- UndefinedAssignmentChecker.h ---------------------------- C++ ---==//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
10	// checks for assigning undefined values.
11	//
12	//===----------------------------------------------------------------------===//
13
14	#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15	#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
16	#include "clang/StaticAnalyzer/Core/Checker.h"
17	#include "clang/StaticAnalyzer/Core/CheckerManager.h"
18	#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
19
20	using namespace clang;
21	using namespace ento;
22
23	namespace {
24	class UndefinedAssignmentChecker
25	: public Checker<check::Bind> {
26	const BugType BT{this, "Assigned value is garbage or undefined"};
27
28	public:
29	void checkBind(SVal location, SVal val, const Stmt *S,
30	CheckerContext &C) const;
31	};
32	}
33
34	void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
35	const Stmt *StoreE,
36	CheckerContext &C) const {
37	if (!val.isUndef())
38	return;
39
40	// Do not report assignments of uninitialized values inside swap functions.
41	// This should allow to swap partially uninitialized structs
42	if (const FunctionDecl *EnclosingFunctionDecl =
43	dyn_cast<FunctionDecl>(Val: C.getStackFrame()->getDecl()))
44	if (C.getCalleeName(FunDecl: EnclosingFunctionDecl) == "swap")
45	return;
46
47	ExplodedNode *N = C.generateErrorNode();
48
49	if (!N)
50	return;
51
52	// Generate a report for this bug.
53	llvm::SmallString<`128`> Str;
54	llvm::raw_svector_ostream OS(Str);
55
56	const Expr ex = nullptr*;
57
58	while (StoreE) {
59	if (const UnaryOperator *U = dyn_cast<UnaryOperator>(Val: StoreE)) {
60	OS << "The expression is an uninitialized value. "
61	"The computed value will also be garbage";
62
63	ex = U->getSubExpr();
64	break;
65	}
66
67	if (const BinaryOperator *B = dyn_cast<BinaryOperator>(Val: StoreE)) {
68	if (B->isCompoundAssignmentOp()) {
69	if (C.getSVal(B->getLHS()).isUndef()) {
70	OS << "The left expression of the compound assignment is an "
71	"uninitialized value. The computed value will also be garbage";
72	ex = B->getLHS();
73	break;
74	}
75	}
76
77	ex = B->getRHS();
78	break;
79	}
80
81	if (const DeclStmt *DS = dyn_cast<DeclStmt>(Val: StoreE)) {
82	const VarDecl *VD = cast<VarDecl>(Val: DS->getSingleDecl());
83	ex = VD->getInit();
84	}
85
86	if (const auto *CD =
87	dyn_cast<CXXConstructorDecl>(Val: C.getStackFrame()->getDecl())) {
88	if (CD->isImplicit()) {
89	for (auto *I : CD->inits()) {
90	if (I->getInit()->IgnoreImpCasts() == StoreE) {
91	OS << "Value assigned to field '" << I->getMember()->getName()
92	<< "' in implicit constructor is garbage or undefined";
93	break;
94	}
95	}
96	}
97	}
98
99	break;
100	}
101
102	if (OS.str().empty())
103	OS << BT.getDescription();
104
105	auto R = std::make_unique<PathSensitiveBugReport>(args: BT, args: OS.str(), args&: N);
106	if (ex) {
107	R ->addRange(R: ex->getSourceRange());
108	bugreporter::trackExpressionValue(N, E: ex, R&: *R);
109	}
110	C.emitReport(R: std::move(R));
111	}
112
113	void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
114	mgr.registerChecker<UndefinedAssignmentChecker>();
115	}
116
117	bool ento::shouldRegisterUndefinedAssignmentChecker(const CheckerManager &mgr) {
118	return true;
119	}
120

source code of clang/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp