diff options
Diffstat (limited to 'lib/Analysis/UndefSizedVLAChecker.cpp')
| -rw-r--r-- | lib/Analysis/UndefSizedVLAChecker.cpp | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/lib/Analysis/UndefSizedVLAChecker.cpp b/lib/Analysis/UndefSizedVLAChecker.cpp new file mode 100644 index 0000000000..e51e10e3aa --- /dev/null +++ b/lib/Analysis/UndefSizedVLAChecker.cpp @@ -0,0 +1,54 @@ +//=== UndefSizedVLAChecker.cpp - Undefined dereference checker --*- C++ -*-===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This defines UndefSizedVLAChecker, a builtin check in GRExprEngine that +// performs checks for declaration of VLA of undefined size. +// +//===----------------------------------------------------------------------===// + +#include "clang/Analysis/PathSensitive/Checkers/UndefSizedVLAChecker.h" +#include "clang/Analysis/PathSensitive/GRExprEngine.h" +#include "clang/Analysis/PathSensitive/BugReporter.h" + +using namespace clang; + +void *UndefSizedVLAChecker::getTag() { + static int x = 0; + return &x; +} + +ExplodedNode *UndefSizedVLAChecker::CheckType(QualType T, ExplodedNode *Pred, + const GRState *state, + Stmt *S, GRExprEngine &Eng) { + GRStmtNodeBuilder &Builder = Eng.getBuilder(); + BugReporter &BR = Eng.getBugReporter(); + + if (VariableArrayType* VLA = dyn_cast<VariableArrayType>(T)) { + // FIXME: Handle multi-dimensional VLAs. + Expr* SE = VLA->getSizeExpr(); + SVal Size_untested = state->getSVal(SE); + + if (Size_untested.isUndef()) { + if (ExplodedNode* N = Builder.generateNode(S, state, Pred)) { + N->markAsSink(); + if (!BT) + BT = new BugType("Declare variable-length array (VLA) of undefined " + "size", "Logic error"); + + EnhancedBugReport *R = + new EnhancedBugReport(*BT, BT->getName().c_str(), N); + R->addRange(SE->getSourceRange()); + R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE); + BR.EmitReport(R); + } + return 0; + } + } + return Pred; +} |