1 //== Checker.h - Registration mechanism for checkers -------------*- C++ -*--=//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 //  This file defines Checker, used to create and register checkers.
11 //
12 //===----------------------------------------------------------------------===//
13 
14 #ifndef LLVM_CLANG_STATICANALYZER_CORE_CHECKER_H
15 #define LLVM_CLANG_STATICANALYZER_CORE_CHECKER_H
16 
17 #include "clang/Analysis/ProgramPoint.h"
18 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h"
20 #include "llvm/Support/Casting.h"
21 
22 namespace clang {
23 namespace ento {
24   class BugReporter;
25 
26 namespace check {
27 
28 template <typename DECL>
29 class ASTDecl {
30   template <typename CHECKER>
_checkDecl(void * checker,const Decl * D,AnalysisManager & mgr,BugReporter & BR)31   static void _checkDecl(void *checker, const Decl *D, AnalysisManager& mgr,
32                          BugReporter &BR) {
33     ((const CHECKER *)checker)->checkASTDecl(cast<DECL>(D), mgr, BR);
34   }
35 
_handlesDecl(const Decl * D)36   static bool _handlesDecl(const Decl *D) {
37     return isa<DECL>(D);
38   }
39 public:
40   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)41   static void _register(CHECKER *checker, CheckerManager &mgr) {
42     mgr._registerForDecl(CheckerManager::CheckDeclFunc(checker,
43                                                        _checkDecl<CHECKER>),
44                          _handlesDecl);
45   }
46 };
47 
48 class ASTCodeBody {
49   template <typename CHECKER>
_checkBody(void * checker,const Decl * D,AnalysisManager & mgr,BugReporter & BR)50   static void _checkBody(void *checker, const Decl *D, AnalysisManager& mgr,
51                          BugReporter &BR) {
52     ((const CHECKER *)checker)->checkASTCodeBody(D, mgr, BR);
53   }
54 
55 public:
56   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)57   static void _register(CHECKER *checker, CheckerManager &mgr) {
58     mgr._registerForBody(CheckerManager::CheckDeclFunc(checker,
59                                                        _checkBody<CHECKER>));
60   }
61 };
62 
63 class EndOfTranslationUnit {
64   template <typename CHECKER>
_checkEndOfTranslationUnit(void * checker,const TranslationUnitDecl * TU,AnalysisManager & mgr,BugReporter & BR)65   static void _checkEndOfTranslationUnit(void *checker,
66                                          const TranslationUnitDecl *TU,
67                                          AnalysisManager& mgr,
68                                          BugReporter &BR) {
69     ((const CHECKER *)checker)->checkEndOfTranslationUnit(TU, mgr, BR);
70   }
71 
72 public:
73   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)74   static void _register(CHECKER *checker, CheckerManager &mgr){
75     mgr._registerForEndOfTranslationUnit(
76                               CheckerManager::CheckEndOfTranslationUnit(checker,
77                                           _checkEndOfTranslationUnit<CHECKER>));
78   }
79 };
80 
81 template <typename STMT>
82 class PreStmt {
83   template <typename CHECKER>
_checkStmt(void * checker,const Stmt * S,CheckerContext & C)84   static void _checkStmt(void *checker, const Stmt *S, CheckerContext &C) {
85     ((const CHECKER *)checker)->checkPreStmt(cast<STMT>(S), C);
86   }
87 
_handlesStmt(const Stmt * S)88   static bool _handlesStmt(const Stmt *S) {
89     return isa<STMT>(S);
90   }
91 public:
92   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)93   static void _register(CHECKER *checker, CheckerManager &mgr) {
94     mgr._registerForPreStmt(CheckerManager::CheckStmtFunc(checker,
95                                                           _checkStmt<CHECKER>),
96                             _handlesStmt);
97   }
98 };
99 
100 template <typename STMT>
101 class PostStmt {
102   template <typename CHECKER>
_checkStmt(void * checker,const Stmt * S,CheckerContext & C)103   static void _checkStmt(void *checker, const Stmt *S, CheckerContext &C) {
104     ((const CHECKER *)checker)->checkPostStmt(cast<STMT>(S), C);
105   }
106 
_handlesStmt(const Stmt * S)107   static bool _handlesStmt(const Stmt *S) {
108     return isa<STMT>(S);
109   }
110 public:
111   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)112   static void _register(CHECKER *checker, CheckerManager &mgr) {
113     mgr._registerForPostStmt(CheckerManager::CheckStmtFunc(checker,
114                                                            _checkStmt<CHECKER>),
115                              _handlesStmt);
116   }
117 };
118 
119 class PreObjCMessage {
120   template <typename CHECKER>
_checkObjCMessage(void * checker,const ObjCMethodCall & msg,CheckerContext & C)121   static void _checkObjCMessage(void *checker, const ObjCMethodCall &msg,
122                                 CheckerContext &C) {
123     ((const CHECKER *)checker)->checkPreObjCMessage(msg, C);
124   }
125 
126 public:
127   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)128   static void _register(CHECKER *checker, CheckerManager &mgr) {
129     mgr._registerForPreObjCMessage(
130      CheckerManager::CheckObjCMessageFunc(checker, _checkObjCMessage<CHECKER>));
131   }
132 };
133 
134 class ObjCMessageNil {
135   template <typename CHECKER>
_checkObjCMessage(void * checker,const ObjCMethodCall & msg,CheckerContext & C)136   static void _checkObjCMessage(void *checker, const ObjCMethodCall &msg,
137                                 CheckerContext &C) {
138     ((const CHECKER *)checker)->checkObjCMessageNil(msg, C);
139   }
140 
141 public:
142   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)143   static void _register(CHECKER *checker, CheckerManager &mgr) {
144     mgr._registerForObjCMessageNil(
145      CheckerManager::CheckObjCMessageFunc(checker, _checkObjCMessage<CHECKER>));
146   }
147 };
148 
149 class PostObjCMessage {
150   template <typename CHECKER>
_checkObjCMessage(void * checker,const ObjCMethodCall & msg,CheckerContext & C)151   static void _checkObjCMessage(void *checker, const ObjCMethodCall &msg,
152                                 CheckerContext &C) {
153     ((const CHECKER *)checker)->checkPostObjCMessage(msg, C);
154   }
155 
156 public:
157   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)158   static void _register(CHECKER *checker, CheckerManager &mgr) {
159     mgr._registerForPostObjCMessage(
160      CheckerManager::CheckObjCMessageFunc(checker, _checkObjCMessage<CHECKER>));
161   }
162 };
163 
164 class PreCall {
165   template <typename CHECKER>
_checkCall(void * checker,const CallEvent & msg,CheckerContext & C)166   static void _checkCall(void *checker, const CallEvent &msg,
167                          CheckerContext &C) {
168     ((const CHECKER *)checker)->checkPreCall(msg, C);
169   }
170 
171 public:
172   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)173   static void _register(CHECKER *checker, CheckerManager &mgr) {
174     mgr._registerForPreCall(
175      CheckerManager::CheckCallFunc(checker, _checkCall<CHECKER>));
176   }
177 };
178 
179 class PostCall {
180   template <typename CHECKER>
_checkCall(void * checker,const CallEvent & msg,CheckerContext & C)181   static void _checkCall(void *checker, const CallEvent &msg,
182                          CheckerContext &C) {
183     ((const CHECKER *)checker)->checkPostCall(msg, C);
184   }
185 
186 public:
187   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)188   static void _register(CHECKER *checker, CheckerManager &mgr) {
189     mgr._registerForPostCall(
190      CheckerManager::CheckCallFunc(checker, _checkCall<CHECKER>));
191   }
192 };
193 
194 class Location {
195   template <typename CHECKER>
_checkLocation(void * checker,const SVal & location,bool isLoad,const Stmt * S,CheckerContext & C)196   static void _checkLocation(void *checker,
197                              const SVal &location, bool isLoad, const Stmt *S,
198                              CheckerContext &C) {
199     ((const CHECKER *)checker)->checkLocation(location, isLoad, S, C);
200   }
201 
202 public:
203   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)204   static void _register(CHECKER *checker, CheckerManager &mgr) {
205     mgr._registerForLocation(
206            CheckerManager::CheckLocationFunc(checker, _checkLocation<CHECKER>));
207   }
208 };
209 
210 class Bind {
211   template <typename CHECKER>
_checkBind(void * checker,const SVal & location,const SVal & val,const Stmt * S,CheckerContext & C)212   static void _checkBind(void *checker,
213                          const SVal &location, const SVal &val, const Stmt *S,
214                          CheckerContext &C) {
215     ((const CHECKER *)checker)->checkBind(location, val, S, C);
216   }
217 
218 public:
219   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)220   static void _register(CHECKER *checker, CheckerManager &mgr) {
221     mgr._registerForBind(
222            CheckerManager::CheckBindFunc(checker, _checkBind<CHECKER>));
223   }
224 };
225 
226 class EndAnalysis {
227   template <typename CHECKER>
_checkEndAnalysis(void * checker,ExplodedGraph & G,BugReporter & BR,ExprEngine & Eng)228   static void _checkEndAnalysis(void *checker, ExplodedGraph &G,
229                                 BugReporter &BR, ExprEngine &Eng) {
230     ((const CHECKER *)checker)->checkEndAnalysis(G, BR, Eng);
231   }
232 
233 public:
234   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)235   static void _register(CHECKER *checker, CheckerManager &mgr) {
236     mgr._registerForEndAnalysis(
237      CheckerManager::CheckEndAnalysisFunc(checker, _checkEndAnalysis<CHECKER>));
238   }
239 };
240 
241 class BeginFunction {
242   template <typename CHECKER>
_checkBeginFunction(void * checker,CheckerContext & C)243   static void _checkBeginFunction(void *checker, CheckerContext &C) {
244     ((const CHECKER *)checker)->checkBeginFunction(C);
245   }
246 
247 public:
248   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)249   static void _register(CHECKER *checker, CheckerManager &mgr) {
250     mgr._registerForBeginFunction(CheckerManager::CheckBeginFunctionFunc(
251         checker, _checkBeginFunction<CHECKER>));
252   }
253 };
254 
255 class EndFunction {
256   template <typename CHECKER>
_checkEndFunction(void * checker,CheckerContext & C)257   static void _checkEndFunction(void *checker,
258                                 CheckerContext &C) {
259     ((const CHECKER *)checker)->checkEndFunction(C);
260   }
261 
262 public:
263   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)264   static void _register(CHECKER *checker, CheckerManager &mgr) {
265     mgr._registerForEndFunction(
266      CheckerManager::CheckEndFunctionFunc(checker, _checkEndFunction<CHECKER>));
267   }
268 };
269 
270 class BranchCondition {
271   template <typename CHECKER>
_checkBranchCondition(void * checker,const Stmt * Condition,CheckerContext & C)272   static void _checkBranchCondition(void *checker, const Stmt *Condition,
273                                     CheckerContext & C) {
274     ((const CHECKER *)checker)->checkBranchCondition(Condition, C);
275   }
276 
277 public:
278   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)279   static void _register(CHECKER *checker, CheckerManager &mgr) {
280     mgr._registerForBranchCondition(
281       CheckerManager::CheckBranchConditionFunc(checker,
282                                                _checkBranchCondition<CHECKER>));
283   }
284 };
285 
286 class LiveSymbols {
287   template <typename CHECKER>
_checkLiveSymbols(void * checker,ProgramStateRef state,SymbolReaper & SR)288   static void _checkLiveSymbols(void *checker, ProgramStateRef state,
289                                 SymbolReaper &SR) {
290     ((const CHECKER *)checker)->checkLiveSymbols(state, SR);
291   }
292 
293 public:
294   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)295   static void _register(CHECKER *checker, CheckerManager &mgr) {
296     mgr._registerForLiveSymbols(
297      CheckerManager::CheckLiveSymbolsFunc(checker, _checkLiveSymbols<CHECKER>));
298   }
299 };
300 
301 class DeadSymbols {
302   template <typename CHECKER>
_checkDeadSymbols(void * checker,SymbolReaper & SR,CheckerContext & C)303   static void _checkDeadSymbols(void *checker,
304                                 SymbolReaper &SR, CheckerContext &C) {
305     ((const CHECKER *)checker)->checkDeadSymbols(SR, C);
306   }
307 
308 public:
309   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)310   static void _register(CHECKER *checker, CheckerManager &mgr) {
311     mgr._registerForDeadSymbols(
312      CheckerManager::CheckDeadSymbolsFunc(checker, _checkDeadSymbols<CHECKER>));
313   }
314 };
315 
316 class RegionChanges {
317   template <typename CHECKER>
318   static ProgramStateRef
_checkRegionChanges(void * checker,ProgramStateRef state,const InvalidatedSymbols * invalidated,ArrayRef<const MemRegion * > Explicits,ArrayRef<const MemRegion * > Regions,const CallEvent * Call)319   _checkRegionChanges(void *checker,
320                       ProgramStateRef state,
321                       const InvalidatedSymbols *invalidated,
322                       ArrayRef<const MemRegion *> Explicits,
323                       ArrayRef<const MemRegion *> Regions,
324                       const CallEvent *Call) {
325     return ((const CHECKER *)checker)->checkRegionChanges(state, invalidated,
326                                                       Explicits, Regions, Call);
327   }
328   template <typename CHECKER>
_wantsRegionChangeUpdate(void * checker,ProgramStateRef state)329   static bool _wantsRegionChangeUpdate(void *checker,
330                                        ProgramStateRef state) {
331     return ((const CHECKER *)checker)->wantsRegionChangeUpdate(state);
332   }
333 
334 public:
335   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)336   static void _register(CHECKER *checker, CheckerManager &mgr) {
337     mgr._registerForRegionChanges(
338           CheckerManager::CheckRegionChangesFunc(checker,
339                                                  _checkRegionChanges<CHECKER>),
340           CheckerManager::WantsRegionChangeUpdateFunc(checker,
341                                             _wantsRegionChangeUpdate<CHECKER>));
342   }
343 };
344 
345 class PointerEscape {
346   template <typename CHECKER>
347   static ProgramStateRef
_checkPointerEscape(void * Checker,ProgramStateRef State,const InvalidatedSymbols & Escaped,const CallEvent * Call,PointerEscapeKind Kind,RegionAndSymbolInvalidationTraits * ETraits)348   _checkPointerEscape(void *Checker,
349                      ProgramStateRef State,
350                      const InvalidatedSymbols &Escaped,
351                      const CallEvent *Call,
352                      PointerEscapeKind Kind,
353                      RegionAndSymbolInvalidationTraits *ETraits) {
354 
355     if (!ETraits)
356       return ((const CHECKER *)Checker)->checkPointerEscape(State,
357                                                             Escaped,
358                                                             Call,
359                                                             Kind);
360 
361     InvalidatedSymbols RegularEscape;
362     for (InvalidatedSymbols::const_iterator I = Escaped.begin(),
363                                             E = Escaped.end(); I != E; ++I)
364       if (!ETraits->hasTrait(*I,
365               RegionAndSymbolInvalidationTraits::TK_PreserveContents) &&
366           !ETraits->hasTrait(*I,
367               RegionAndSymbolInvalidationTraits::TK_SuppressEscape))
368         RegularEscape.insert(*I);
369 
370     if (RegularEscape.empty())
371       return State;
372 
373     return ((const CHECKER *)Checker)->checkPointerEscape(State,
374                                                           RegularEscape,
375                                                           Call,
376                                                           Kind);
377   }
378 
379 public:
380   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)381   static void _register(CHECKER *checker, CheckerManager &mgr) {
382     mgr._registerForPointerEscape(
383           CheckerManager::CheckPointerEscapeFunc(checker,
384                                                 _checkPointerEscape<CHECKER>));
385   }
386 };
387 
388 class ConstPointerEscape {
389   template <typename CHECKER>
390   static ProgramStateRef
_checkConstPointerEscape(void * Checker,ProgramStateRef State,const InvalidatedSymbols & Escaped,const CallEvent * Call,PointerEscapeKind Kind,RegionAndSymbolInvalidationTraits * ETraits)391   _checkConstPointerEscape(void *Checker,
392                       ProgramStateRef State,
393                       const InvalidatedSymbols &Escaped,
394                       const CallEvent *Call,
395                       PointerEscapeKind Kind,
396                       RegionAndSymbolInvalidationTraits *ETraits) {
397 
398     if (!ETraits)
399       return State;
400 
401     InvalidatedSymbols ConstEscape;
402     for (InvalidatedSymbols::const_iterator I = Escaped.begin(),
403                                             E = Escaped.end(); I != E; ++I)
404       if (ETraits->hasTrait(*I,
405               RegionAndSymbolInvalidationTraits::TK_PreserveContents) &&
406           !ETraits->hasTrait(*I,
407               RegionAndSymbolInvalidationTraits::TK_SuppressEscape))
408         ConstEscape.insert(*I);
409 
410     if (ConstEscape.empty())
411       return State;
412 
413     return ((const CHECKER *)Checker)->checkConstPointerEscape(State,
414                                                                ConstEscape,
415                                                                Call,
416                                                                Kind);
417   }
418 
419 public:
420   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)421   static void _register(CHECKER *checker, CheckerManager &mgr) {
422     mgr._registerForPointerEscape(
423       CheckerManager::CheckPointerEscapeFunc(checker,
424                                             _checkConstPointerEscape<CHECKER>));
425   }
426 };
427 
428 
429 template <typename EVENT>
430 class Event {
431   template <typename CHECKER>
_checkEvent(void * checker,const void * event)432   static void _checkEvent(void *checker, const void *event) {
433     ((const CHECKER *)checker)->checkEvent(*(const EVENT *)event);
434   }
435 public:
436   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)437   static void _register(CHECKER *checker, CheckerManager &mgr) {
438     mgr._registerListenerForEvent<EVENT>(
439                  CheckerManager::CheckEventFunc(checker, _checkEvent<CHECKER>));
440   }
441 };
442 
443 } // end check namespace
444 
445 namespace eval {
446 
447 class Assume {
448   template <typename CHECKER>
_evalAssume(void * checker,ProgramStateRef state,const SVal & cond,bool assumption)449   static ProgramStateRef _evalAssume(void *checker,
450                                          ProgramStateRef state,
451                                          const SVal &cond,
452                                          bool assumption) {
453     return ((const CHECKER *)checker)->evalAssume(state, cond, assumption);
454   }
455 
456 public:
457   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)458   static void _register(CHECKER *checker, CheckerManager &mgr) {
459     mgr._registerForEvalAssume(
460                  CheckerManager::EvalAssumeFunc(checker, _evalAssume<CHECKER>));
461   }
462 };
463 
464 class Call {
465   template <typename CHECKER>
_evalCall(void * checker,const CallExpr * CE,CheckerContext & C)466   static bool _evalCall(void *checker, const CallExpr *CE, CheckerContext &C) {
467     return ((const CHECKER *)checker)->evalCall(CE, C);
468   }
469 
470 public:
471   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)472   static void _register(CHECKER *checker, CheckerManager &mgr) {
473     mgr._registerForEvalCall(
474                      CheckerManager::EvalCallFunc(checker, _evalCall<CHECKER>));
475   }
476 };
477 
478 } // end eval namespace
479 
480 class CheckerBase : public ProgramPointTag {
481   CheckName Name;
482   friend class ::clang::ento::CheckerManager;
483 
484 public:
485   StringRef getTagDescription() const override;
486   CheckName getCheckName() const;
487 
488   /// See CheckerManager::runCheckersForPrintState.
printState(raw_ostream & Out,ProgramStateRef State,const char * NL,const char * Sep)489   virtual void printState(raw_ostream &Out, ProgramStateRef State,
490                           const char *NL, const char *Sep) const { }
491 };
492 
493 /// Dump checker name to stream.
494 raw_ostream& operator<<(raw_ostream &Out, const CheckerBase &Checker);
495 
496 /// Tag that can use a checker name as a message provider
497 /// (see SimpleProgramPointTag).
498 class CheckerProgramPointTag : public SimpleProgramPointTag {
499 public:
500   CheckerProgramPointTag(StringRef CheckerName, StringRef Msg);
501   CheckerProgramPointTag(const CheckerBase *Checker, StringRef Msg);
502 };
503 
504 template <typename CHECK1, typename... CHECKs>
505 class Checker : public CHECK1, public CHECKs..., public CheckerBase {
506 public:
507   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)508   static void _register(CHECKER *checker, CheckerManager &mgr) {
509     CHECK1::_register(checker, mgr);
510     Checker<CHECKs...>::_register(checker, mgr);
511   }
512 };
513 
514 template <typename CHECK1>
515 class Checker<CHECK1> : public CHECK1, public CheckerBase {
516 public:
517   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)518   static void _register(CHECKER *checker, CheckerManager &mgr) {
519     CHECK1::_register(checker, mgr);
520   }
521 };
522 
523 template <typename EVENT>
524 class EventDispatcher {
525   CheckerManager *Mgr;
526 public:
EventDispatcher()527   EventDispatcher() : Mgr(nullptr) { }
528 
529   template <typename CHECKER>
_register(CHECKER * checker,CheckerManager & mgr)530   static void _register(CHECKER *checker, CheckerManager &mgr) {
531     mgr._registerDispatcherForEvent<EVENT>();
532     static_cast<EventDispatcher<EVENT> *>(checker)->Mgr = &mgr;
533   }
534 
dispatchEvent(const EVENT & event)535   void dispatchEvent(const EVENT &event) const {
536     Mgr->_dispatchEvent(event);
537   }
538 };
539 
540 /// \brief We dereferenced a location that may be null.
541 struct ImplicitNullDerefEvent {
542   SVal Location;
543   bool IsLoad;
544   ExplodedNode *SinkNode;
545   BugReporter *BR;
546   // When true, the dereference is in the source code directly. When false, the
547   // dereference might happen later (for example pointer passed to a parameter
548   // that is marked with nonnull attribute.)
549   bool IsDirectDereference;
550 };
551 
552 /// \brief A helper class which wraps a boolean value set to false by default.
553 ///
554 /// This class should behave exactly like 'bool' except that it doesn't need to
555 /// be explicitly initialized.
556 struct DefaultBool {
557   bool val;
DefaultBoolDefaultBool558   DefaultBool() : val(false) {}
559   /*implicit*/ operator bool&() { return val; }
560   /*implicit*/ operator const bool&() const { return val; }
561   DefaultBool &operator=(bool b) { val = b; return *this; }
562 };
563 
564 } // end ento namespace
565 
566 } // end clang namespace
567 
568 #endif
569