diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-04-08 03:07:17 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-04-08 03:07:17 +0000 |
| commit | 899b3de7bc32434fc406f35255cc828ba8372b3d (patch) | |
| tree | 5daccbcf492df6d6147f7f170572e86de1caedd3 /lib/Analysis/GRExprEngineInternalChecks.cpp | |
| parent | 9fd0b1f845a61e71dd8099f596532d34c519630a (diff) | |
New static analyzer check by Nikita Zhuk!
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718. The patch also includes test cases."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68585 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/GRExprEngineInternalChecks.cpp')
| -rw-r--r-- | lib/Analysis/GRExprEngineInternalChecks.cpp | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/Analysis/GRExprEngineInternalChecks.cpp b/lib/Analysis/GRExprEngineInternalChecks.cpp index 45baebd32b..f4efdb1250 100644 --- a/lib/Analysis/GRExprEngineInternalChecks.cpp +++ b/lib/Analysis/GRExprEngineInternalChecks.cpp @@ -98,6 +98,37 @@ public: } } }; + +class VISIBILITY_HIDDEN NilReceiverLargerThanVoidPtrRet : public BugType { + GRExprEngine &Eng; +public: + NilReceiverLargerThanVoidPtrRet(GRExprEngine* eng) : + BugType("'nil' receiver with return type larger than sizeof(void *)", + "Logic Errors"), + Eng(*eng) {} + + void FlushReports(BugReporter& BR) { + for (GRExprEngine::nil_receiver_larger_than_voidptr_ret_iterator + I=Eng.nil_receiver_larger_than_voidptr_ret_begin(), + E=Eng.nil_receiver_larger_than_voidptr_ret_end(); I!=E; ++I) { + + std::string sbuf; + llvm::raw_string_ostream os(sbuf); + PostStmt P = cast<PostStmt>((*I)->getLocation()); + ObjCMessageExpr *ME = cast<ObjCMessageExpr>(P.getStmt()); + os << "The receiver in the message expression is 'nil' and results in the" + " returned value (of type '" + << ME->getType().getAsString() + << "' and of size " + << Eng.getContext().getTypeSize(ME->getType()) / 8 + << " bytes) to be garbage or otherwise undefined."; + + RangedBugReport *R = new RangedBugReport(*this, os.str().c_str(), *I); + R->addRange(ME->getReceiver()->getSourceRange()); + BR.EmitReport(R); + } + } +}; class VISIBILITY_HIDDEN UndefinedDeref : public BuiltinBug { public: @@ -465,6 +496,7 @@ void GRExprEngine::RegisterInternalChecks() { BR.Register(new OutOfBoundMemoryAccess(this)); BR.Register(new BadSizeVLA(this)); BR.Register(new NilReceiverStructRet(this)); + BR.Register(new NilReceiverLargerThanVoidPtrRet(this)); // The following checks do not need to have their associated BugTypes // explicitly registered with the BugReporter. If they issue any BugReports, |