1 //== TraversalChecker.cpp -------------------------------------- -*- C++ -*--=//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // These checkers print various aspects of the ExprEngine's traversal of the CFG
11 // as it builds the ExplodedGraph.
12 //
13 //===----------------------------------------------------------------------===//
14 #include "ClangSACheckers.h"
15 #include "clang/AST/ParentMap.h"
16 #include "clang/AST/StmtObjC.h"
17 #include "clang/StaticAnalyzer/Core/Checker.h"
18 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
19 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
21 #include "llvm/Support/raw_ostream.h"
22 
23 using namespace clang;
24 using namespace ento;
25 
26 namespace {
27 class TraversalDumper : public Checker< check::BranchCondition,
28                                         check::BeginFunction,
29                                         check::EndFunction > {
30 public:
31   void checkBranchCondition(const Stmt *Condition, CheckerContext &C) const;
32   void checkBeginFunction(CheckerContext &C) const;
33   void checkEndFunction(CheckerContext &C) const;
34 };
35 }
36 
checkBranchCondition(const Stmt * Condition,CheckerContext & C) const37 void TraversalDumper::checkBranchCondition(const Stmt *Condition,
38                                            CheckerContext &C) const {
39   // Special-case Objective-C's for-in loop, which uses the entire loop as its
40   // condition. We just print the collection expression.
41   const Stmt *Parent = dyn_cast<ObjCForCollectionStmt>(Condition);
42   if (!Parent) {
43     const ParentMap &Parents = C.getLocationContext()->getParentMap();
44     Parent = Parents.getParent(Condition);
45   }
46 
47   // It is mildly evil to print directly to llvm::outs() rather than emitting
48   // warnings, but this ensures things do not get filtered out by the rest of
49   // the static analyzer machinery.
50   SourceLocation Loc = Parent->getLocStart();
51   llvm::outs() << C.getSourceManager().getSpellingLineNumber(Loc) << " "
52                << Parent->getStmtClassName() << "\n";
53 }
54 
checkBeginFunction(CheckerContext & C) const55 void TraversalDumper::checkBeginFunction(CheckerContext &C) const {
56   llvm::outs() << "--BEGIN FUNCTION--\n";
57 }
58 
checkEndFunction(CheckerContext & C) const59 void TraversalDumper::checkEndFunction(CheckerContext &C) const {
60   llvm::outs() << "--END FUNCTION--\n";
61 }
62 
registerTraversalDumper(CheckerManager & mgr)63 void ento::registerTraversalDumper(CheckerManager &mgr) {
64   mgr.registerChecker<TraversalDumper>();
65 }
66 
67 //------------------------------------------------------------------------------
68 
69 namespace {
70 class CallDumper : public Checker< check::PreCall,
71                                    check::PostCall > {
72 public:
73   void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
74   void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
75 };
76 }
77 
checkPreCall(const CallEvent & Call,CheckerContext & C) const78 void CallDumper::checkPreCall(const CallEvent &Call, CheckerContext &C) const {
79   unsigned Indentation = 0;
80   for (const LocationContext *LC = C.getLocationContext()->getParent();
81        LC != nullptr; LC = LC->getParent())
82     ++Indentation;
83 
84   // It is mildly evil to print directly to llvm::outs() rather than emitting
85   // warnings, but this ensures things do not get filtered out by the rest of
86   // the static analyzer machinery.
87   llvm::outs().indent(Indentation);
88   Call.dump(llvm::outs());
89 }
90 
checkPostCall(const CallEvent & Call,CheckerContext & C) const91 void CallDumper::checkPostCall(const CallEvent &Call, CheckerContext &C) const {
92   const Expr *CallE = Call.getOriginExpr();
93   if (!CallE)
94     return;
95 
96   unsigned Indentation = 0;
97   for (const LocationContext *LC = C.getLocationContext()->getParent();
98        LC != nullptr; LC = LC->getParent())
99     ++Indentation;
100 
101   // It is mildly evil to print directly to llvm::outs() rather than emitting
102   // warnings, but this ensures things do not get filtered out by the rest of
103   // the static analyzer machinery.
104   llvm::outs().indent(Indentation);
105   if (Call.getResultType()->isVoidType())
106     llvm::outs() << "Returning void\n";
107   else
108     llvm::outs() << "Returning " << C.getSVal(CallE) << "\n";
109 }
110 
registerCallDumper(CheckerManager & mgr)111 void ento::registerCallDumper(CheckerManager &mgr) {
112   mgr.registerChecker<CallDumper>();
113 }
114