Coverage Report

Created: 2020-10-24 06:27

/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/StaticAnalyzer/Checkers/NonnullGlobalConstantsChecker.cpp
Line
Count
Source (jump to first uncovered line)
1
//==- NonnullGlobalConstantsChecker.cpp ---------------------------*- C++ -*--//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
//  This checker adds an assumption that constant globals of certain types* are
10
//  non-null, as otherwise they generally do not convey any useful information.
11
//  The assumption is useful, as many framework use e. g. global const strings,
12
//  and the analyzer might not be able to infer the global value if the
13
//  definition is in a separate translation unit.
14
//  The following types (and their typedef aliases) are considered to be
15
//  non-null:
16
//   - `char* const`
17
//   - `const CFStringRef` from CoreFoundation
18
//   - `NSString* const` from Foundation
19
//   - `CFBooleanRef` from Foundation
20
//
21
//===----------------------------------------------------------------------===//
22
23
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
24
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
25
#include "clang/StaticAnalyzer/Core/Checker.h"
26
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
27
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
28
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
29
30
using namespace clang;
31
using namespace ento;
32
33
namespace {
34
35
class NonnullGlobalConstantsChecker : public Checker<check::Location> {
36
  mutable IdentifierInfo *NSStringII = nullptr;
37
  mutable IdentifierInfo *CFStringRefII = nullptr;
38
  mutable IdentifierInfo *CFBooleanRefII = nullptr;
39
  mutable IdentifierInfo *CFNullRefII = nullptr;
40
41
public:
42
1.07k
  NonnullGlobalConstantsChecker() {}
43
44
  void checkLocation(SVal l, bool isLoad, const Stmt *S,
45
                     CheckerContext &C) const;
46
47
private:
48
  void initIdentifierInfo(ASTContext &Ctx) const;
49
50
  bool isGlobalConstString(SVal V) const;
51
52
  bool isNonnullType(QualType Ty) const;
53
};
54
55
} // namespace
56
57
/// Lazily initialize cache for required identifier information.
58
172k
void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
59
172k
  if (NSStringII)
60
171k
    return;
61
62
964
  NSStringII = &Ctx.Idents.get("NSString");
63
964
  CFStringRefII = &Ctx.Idents.get("CFStringRef");
64
964
  CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
65
964
  CFNullRefII = &Ctx.Idents.get("CFNullRef");
66
964
}
67
68
/// Add an assumption that const string-like globals are non-null.
69
void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
70
                                                 const Stmt *S,
71
172k
                                                 CheckerContext &C) const {
72
172k
  initIdentifierInfo(C.getASTContext());
73
172k
  if (!isLoad || 
!location.isValid()142k
)
74
29.2k
    return;
75
76
142k
  ProgramStateRef State = C.getState();
77
78
142k
  if (isGlobalConstString(location)) {
79
40
    SVal V = State->getSVal(location.castAs<Loc>());
80
40
    Optional<DefinedOrUnknownSVal> Constr = V.getAs<DefinedOrUnknownSVal>();
81
82
40
    if (Constr) {
83
84
      // Assume that the variable is non-null.
85
40
      ProgramStateRef OutputState = State->assume(*Constr, true);
86
40
      C.addTransition(OutputState);
87
40
    }
88
40
  }
89
142k
}
90
91
/// \param V loaded lvalue.
92
/// \return whether {@code val} is a string-like const global.
93
142k
bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
94
142k
  Optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
95
142k
  if (!RegionVal)
96
221
    return false;
97
142k
  auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
98
142k
  if (!Region)
99
39.6k
    return false;
100
102k
  const VarDecl *Decl = Region->getDecl();
101
102
102k
  if (!Decl->hasGlobalStorage())
103
96.3k
    return false;
104
105
6.61k
  QualType Ty = Decl->getType();
106
6.61k
  bool HasConst = Ty.isConstQualified();
107
6.61k
  if (isNonnullType(Ty) && 
HasConst4.60k
)
108
34
    return true;
109
110
  // Look through the typedefs.
111
6.84k
  
while (const Type *6.57k
T = Ty.getTypePtr()) {
112
6.84k
    if (const auto *TT = dyn_cast<TypedefType>(T)) {
113
271
      Ty = TT->getDecl()->getUnderlyingType();
114
      // It is sufficient for any intermediate typedef
115
      // to be classified const.
116
271
      HasConst = HasConst || 
Ty.isConstQualified()97
;
117
271
      if (isNonnullType(Ty) && 
HasConst4
)
118
4
        return true;
119
6.57k
    } else if (const auto *AT = dyn_cast<AttributedType>(T)) {
120
2
      if (AT->getAttrKind() == attr::TypeNonNull)
121
2
        return true;
122
0
      Ty = AT->getModifiedType();
123
6.57k
    } else {
124
6.57k
      return false;
125
6.57k
    }
126
6.84k
  }
127
0
  return false;
128
6.57k
}
129
130
/// \return whether {@code type} is extremely unlikely to be null
131
6.88k
bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {
132
133
6.88k
  if (Ty->isPointerType() && 
Ty->getPointeeType()->isCharType()5.21k
)
134
4.54k
    return true;
135
136
2.33k
  if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
137
59
    return T->getInterfaceDecl() &&
138
54
      T->getInterfaceDecl()->getIdentifier() == NSStringII;
139
2.27k
  } else if (auto *T = dyn_cast<TypedefType>(Ty)) {
140
300
    IdentifierInfo* II = T->getDecl()->getIdentifier();
141
300
    return II == CFStringRefII || 
II == CFBooleanRefII272
||
II == CFNullRefII270
;
142
300
  }
143
1.97k
  return false;
144
1.97k
}
145
146
1.07k
void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
147
1.07k
  Mgr.registerChecker<NonnullGlobalConstantsChecker>();
148
1.07k
}
149
150
2.14k
bool ento::shouldRegisterNonnullGlobalConstantsChecker(const CheckerManager &mgr) {
151
2.14k
  return true;
152
2.14k
}