File: NoOwnershipChangeVisitor.cpp

package info (click to toggle)
llvm-toolchain-20 1%3A20.1.6-1~exp1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 2,111,304 kB
  • sloc: cpp: 7,438,677; ansic: 1,393,822; asm: 1,012,926; python: 241,650; f90: 86,635; objc: 75,479; lisp: 42,144; pascal: 17,286; sh: 10,027; ml: 5,082; perl: 4,730; awk: 3,523; makefile: 3,349; javascript: 2,251; xml: 892; fortran: 672
file content (108 lines) | stat: -rw-r--r-- 4,139 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
//===--------------------------------------------------------------*- C++ -*--//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//

#include "NoOwnershipChangeVisitor.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporterVisitors.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState_Fwd.h"
#include "llvm/ADT/SetOperations.h"

using namespace clang;
using namespace ento;
using OwnerSet = NoOwnershipChangeVisitor::OwnerSet;

namespace {
// Collect which entities point to the allocated memory, and could be
// responsible for deallocating it.
class OwnershipBindingsHandler : public StoreManager::BindingsHandler {
  SymbolRef Sym;
  OwnerSet &Owners;

public:
  OwnershipBindingsHandler(SymbolRef Sym, OwnerSet &Owners)
      : Sym(Sym), Owners(Owners) {}

  bool HandleBinding(StoreManager &SMgr, Store Store, const MemRegion *Region,
                     SVal Val) override {
    if (Val.getAsSymbol() == Sym)
      Owners.insert(Region);
    return true;
  }

  LLVM_DUMP_METHOD void dump() const { dumpToStream(llvm::errs()); }
  LLVM_DUMP_METHOD void dumpToStream(llvm::raw_ostream &out) const {
    out << "Owners: {\n";
    for (const MemRegion *Owner : Owners) {
      out << "  ";
      Owner->dumpToStream(out);
      out << ",\n";
    }
    out << "}\n";
  }
};
} // namespace

OwnerSet NoOwnershipChangeVisitor::getOwnersAtNode(const ExplodedNode *N) {
  OwnerSet Ret;

  ProgramStateRef State = N->getState();
  OwnershipBindingsHandler Handler{Sym, Ret};
  State->getStateManager().getStoreManager().iterBindings(State->getStore(),
                                                          Handler);
  return Ret;
}

LLVM_DUMP_METHOD std::string
NoOwnershipChangeVisitor::getFunctionName(const ExplodedNode *CallEnterN) {
  if (const CallExpr *CE = llvm::dyn_cast_or_null<CallExpr>(
          CallEnterN->getLocationAs<CallEnter>()->getCallExpr()))
    if (const FunctionDecl *FD = CE->getDirectCallee())
      return FD->getQualifiedNameAsString();
  return "";
}

bool NoOwnershipChangeVisitor::wasModifiedInFunction(
    const ExplodedNode *CallEnterN, const ExplodedNode *CallExitEndN) {
  const Decl *Callee =
      CallExitEndN->getFirstPred()->getLocationContext()->getDecl();
  if (!doesFnIntendToHandleOwnership(
          Callee,
          CallExitEndN->getState()->getAnalysisManager().getASTContext()))
    return true;

  if (hasResourceStateChanged(CallEnterN->getState(), CallExitEndN->getState()))
    return true;

  OwnerSet CurrOwners = getOwnersAtNode(CallEnterN);
  OwnerSet ExitOwners = getOwnersAtNode(CallExitEndN);

  // Owners in the current set may be purged from the analyzer later on.
  // If a variable is dead (is not referenced directly or indirectly after
  // some point), it will be removed from the Store before the end of its
  // actual lifetime.
  // This means that if the ownership status didn't change, CurrOwners
  // must be a superset of, but not necessarily equal to ExitOwners.
  return !llvm::set_is_subset(ExitOwners, CurrOwners);
}

PathDiagnosticPieceRef NoOwnershipChangeVisitor::maybeEmitNoteForParameters(
    PathSensitiveBugReport &R, const CallEvent &Call, const ExplodedNode *N) {
  // TODO: Factor the logic of "what constitutes as an entity being passed
  // into a function call" out by reusing the code in
  // NoStoreFuncVisitor::maybeEmitNoteForParameters, maybe by incorporating
  // the printing technology in UninitializedObject's FieldChainInfo.
  ArrayRef<ParmVarDecl *> Parameters = Call.parameters();
  for (unsigned I = 0; I < Call.getNumArgs() && I < Parameters.size(); ++I) {
    SVal V = Call.getArgSVal(I);
    if (V.getAsSymbol() == Sym)
      return emitNote(N);
  }
  return nullptr;
}