diff options
| author | Anna Zaks <ganna@apple.com> | 2012-01-21 05:07:33 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2012-01-21 05:07:33 +0000 |
| commit | 3bfd6d701ee297bd062967e11400daae51b36eb2 (patch) | |
| tree | e4f056f362380991ddfbed24e878f03f4bf817ce /lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp | |
| parent | 416de514f8a7a9c121e45ae450d0faef9e5a0ef9 (diff) | |
[analyzer] Make VLA checker taint aware.
Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148626 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp b/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp index 041e74e764..2c7dcd47a9 100644 --- a/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp +++ b/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp @@ -28,7 +28,7 @@ class ArrayBoundCheckerV2 : public Checker<check::Location> { mutable llvm::OwningPtr<BuiltinBug> BT; - enum OOB_Kind { OOB_Precedes, OOB_Excedes }; + enum OOB_Kind { OOB_Precedes, OOB_Excedes, OOB_Tainted }; void reportOOB(CheckerContext &C, const ProgramState *errorState, OOB_Kind kind) const; @@ -157,7 +157,7 @@ void ArrayBoundCheckerV2::checkLocation(SVal location, bool isLoad, // If we are under constrained and the index variables are tainted, report. if (state_exceedsUpperBound && state_withinUpperBound) { if (state->isTainted(rawOffset.getByteOffset())) - reportOOB(checkerContext, state_exceedsUpperBound, OOB_Excedes); + reportOOB(checkerContext, state_exceedsUpperBound, OOB_Tainted); return; } @@ -193,9 +193,18 @@ void ArrayBoundCheckerV2::reportOOB(CheckerContext &checkerContext, llvm::SmallString<256> buf; llvm::raw_svector_ostream os(buf); - os << "Out of bound memory access " - << (kind == OOB_Precedes ? "(accessed memory precedes memory block)" - : "(access exceeds upper limit of memory block)"); + os << "Out of bound memory access "; + switch (kind) { + case OOB_Precedes: + os << "(accessed memory precedes memory block)"; + break; + case OOB_Excedes: + os << "(access exceeds upper limit of memory block)"; + break; + case OOB_Tainted: + os << "(index is tainted)"; + break; + } checkerContext.EmitReport(new BugReport(*BT, os.str(), errorNode)); } |