/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/StaticAnalyzer/Checkers/NonnullGlobalConstantsChecker.cpp

Source (jump to first uncovered line)
//==- NonnullGlobalConstantsChecker.cpp ---------------------------*- C++ -*--//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
//  This checker adds an assumption that constant globals of certain types* are
//  non-null, as otherwise they generally do not convey any useful information.
//  The assumption is useful, as many framework use e. g. global const strings,
//  and the analyzer might not be able to infer the global value if the
//  definition is in a separate translation unit.
//  The following types (and their typedef aliases) are considered to be
//  non-null:
//   - `char* const`
//   - `const CFStringRef` from CoreFoundation
//   - `NSString* const` from Foundation
//   - `CFBooleanRef` from Foundation
//
//===----------------------------------------------------------------------===//

#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
#include <optional>

using namespace clang;
using namespace ento;

namespace {

class NonnullGlobalConstantsChecker : public Checker<check::Location> {
  mutable IdentifierInfo *NSStringII = nullptr;
  mutable IdentifierInfo *CFStringRefII = nullptr;
  mutable IdentifierInfo *CFBooleanRefII = nullptr;
  mutable IdentifierInfo *CFNullRefII = nullptr;

public:
  NonnullGlobalConstantsChecker() {}

  void checkLocation(SVal l, bool isLoad, const Stmt *S,
                     CheckerContext &C) const;

private:
  void initIdentifierInfo(ASTContext &Ctx) const;

  bool isGlobalConstString(SVal V) const;

  bool isNonnullType(QualType Ty) const;
};

} // namespace

/// Lazily initialize cache for required identifier information.
void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
  if (NSStringII)
    return;

  NSStringII = &Ctx.Idents.get("NSString");
  CFStringRefII = &Ctx.Idents.get("CFStringRef");
  CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
  CFNullRefII = &Ctx.Idents.get("CFNullRef");
}

/// Add an assumption that const string-like globals are non-null.
void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
                                                 const Stmt *S,
                                                 CheckerContext &C) const {
  initIdentifierInfo(C.getASTContext());
  if (!isLoad || !location.isValid()231k)
    return;

  ProgramStateRef State = C.getState();

  if (isGlobalConstString(location)) {
    SVal V = State->getSVal(location.castAs<Loc>());
    std::optional<DefinedOrUnknownSVal> Constr =
        V.getAs<DefinedOrUnknownSVal>();

    if (Constr) {

      // Assume that the variable is non-null.
      ProgramStateRef OutputState = State->assume(*Constr, true);
      C.addTransition(OutputState);
    }
  }
}

/// \param V loaded lvalue.
/// \return whether @c val is a string-like const global.
bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
  std::optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
  if (!RegionVal)
    return false;
  auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
  if (!Region)
    return false;
  const VarDecl *Decl = Region->getDecl();

  if (!Decl->hasGlobalStorage())
    return false;

  QualType Ty = Decl->getType();
  bool HasConst = Ty.isConstQualified();
  if (isNonnullType(Ty) && HasConst4.62k)
    return true;

  // Look through the typedefs.
  while (const Type *7.36kT = Ty.getTypePtr()) {
    if (const auto *AT = dyn_cast<AttributedType>(T)) {
      if (AT->getAttrKind() == attr::TypeNonNull)
        return true;
      Ty = AT->getModifiedType();
    } else if (const auto *ET = dyn_cast<ElaboratedType>(T)) {
      const auto *TT = dyn_cast<TypedefType>(ET->getNamedType());
      if (!TT)
        return false;
      Ty = TT->getDecl()->getUnderlyingType();
      // It is sufficient for any intermediate typedef
      // to be classified const.
      HasConst = HasConst || Ty.isConstQualified()158;
      if (isNonnullType(Ty) && HasConst4)
        return true;
    } else {
      return false;
    }
  }
  return false;
}

/// \return whether @c type is extremely unlikely to be null
bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {

  if (Ty->isPointerType() && Ty->getPointeeType()->isCharType()5.26k)
    return true;

  if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
    return T->getInterfaceDecl() &&
      T->getInterfaceDecl()->getIdentifier() == NSStringII54;
  } else if (auto *T = Ty->getAs<TypedefType>()) {
    IdentifierInfo* II = T->getDecl()->getIdentifier();
    return II == CFStringRefII || II == CFBooleanRefII333 || II == CFNullRefII331;
  }
  return false;
}

void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
  Mgr.registerChecker<NonnullGlobalConstantsChecker>();
}

bool ento::shouldRegisterNonnullGlobalConstantsChecker(const CheckerManager &mgr) {
  return true;
}

Line	Count	Source (jump to first uncovered line)
1		//==- NonnullGlobalConstantsChecker.cpp ---------------------------- C++ ---//
2		//
3		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4		// See https://llvm.org/LICENSE.txt for license information.
5		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6		//
7		//===----------------------------------------------------------------------===//
8		//
9		// This checker adds an assumption that constant globals of certain types* are
10		// non-null, as otherwise they generally do not convey any useful information.
11		// The assumption is useful, as many framework use e. g. global const strings,
12		// and the analyzer might not be able to infer the global value if the
13		// definition is in a separate translation unit.
14		// The following types (and their typedef aliases) are considered to be
15		// non-null:
16		// - `char* const`
17		// - `const CFStringRef` from CoreFoundation
18		// - `NSString* const` from Foundation
19		// - `CFBooleanRef` from Foundation
20		//
21		//===----------------------------------------------------------------------===//
22
23		#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
24		#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
25		#include "clang/StaticAnalyzer/Core/Checker.h"
26		#include "clang/StaticAnalyzer/Core/CheckerManager.h"
27		#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
28		#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
29		#include <optional>
30
31		using namespace clang;
32		using namespace ento;
33
34		namespace {
35
36		class NonnullGlobalConstantsChecker : public Checker<check::Location> {
37		mutable IdentifierInfo *NSStringII = nullptr;
38		mutable IdentifierInfo *CFStringRefII = nullptr;
39		mutable IdentifierInfo *CFBooleanRefII = nullptr;
40		mutable IdentifierInfo *CFNullRefII = nullptr;
41
42		public:
43	1.27k	NonnullGlobalConstantsChecker() {}
44
45		void checkLocation(SVal l, bool isLoad, const Stmt *S,
46		CheckerContext &C) const;
47
48		private:
49		void initIdentifierInfo(ASTContext &Ctx) const;
50
51		bool isGlobalConstString(SVal V) const;
52
53		bool isNonnullType(QualType Ty) const;
54		};
55
56		} // namespace
57
58		/// Lazily initialize cache for required identifier information.
59	263k	void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
60	263k	if (NSStringII)
61	262k	return;
62
63	1.15k	NSStringII = &Ctx.Idents.get("NSString");
64	1.15k	CFStringRefII = &Ctx.Idents.get("CFStringRef");
65	1.15k	CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
66	1.15k	CFNullRefII = &Ctx.Idents.get("CFNullRef");
67	1.15k	}
68
69		/// Add an assumption that const string-like globals are non-null.
70		void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
71		const Stmt *S,
72	263k	CheckerContext &C) const {
73	263k	initIdentifierInfo(C.getASTContext());
74	263k	if (!isLoad \|\| !location.isValid()231k )
75	32.6k	return;
76
77	230k	ProgramStateRef State = C.getState();
78
79	230k	if (isGlobalConstString(location)) {
80	40	SVal V = State->getSVal(location.castAs<Loc>());
81	40	std::optional<DefinedOrUnknownSVal> Constr =
82	40	V.getAs<DefinedOrUnknownSVal>();
83
84	40	if (Constr) {
85
86		// Assume that the variable is non-null.
87	40	ProgramStateRef OutputState = State->assume(*Constr, true);
88	40	C.addTransition(OutputState);
89	40	}
90	40	}
91	230k	}
92
93		/// \param V loaded lvalue.
94		/// \return whether @c val is a string-like const global.
95	230k	bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
96	230k	std::optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
97	230k	if (!RegionVal)
98	250	return false;
99	230k	auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
100	230k	if (!Region)
101	48.6k	return false;
102	182k	const VarDecl *Decl = Region->getDecl();
103
104	182k	if (!Decl->hasGlobalStorage())
105	174k	return false;
106
107	7.40k	QualType Ty = Decl->getType();
108	7.40k	bool HasConst = Ty.isConstQualified();
109	7.40k	if (isNonnullType(Ty) && HasConst4.62k )
110	35	return true;
111
112		// Look through the typedefs.
113	7.69k	while (const Type *7.36k T = Ty.getTypePtr()) {
114	7.69k	if (const auto *AT = dyn_cast<AttributedType>(T)) {
115	1	if (AT->getAttrKind() == attr::TypeNonNull)
116	1	return true;
117	0	Ty = AT->getModifiedType();
118	7.69k	} else if (const auto *ET = dyn_cast<ElaboratedType>(T)) {
119	340	const auto *TT = dyn_cast<TypedefType>(ET->getNamedType());
120	340	if (!TT)
121	8	return false;
122	332	Ty = TT->getDecl()->getUnderlyingType();
123		// It is sufficient for any intermediate typedef
124		// to be classified const.
125	332	HasConst = HasConst \|\| Ty.isConstQualified()158 ;
126	332	if (isNonnullType(Ty) && HasConst4 )
127	4	return true;
128	7.35k	} else {
129	7.35k	return false;
130	7.35k	}
131	7.69k	}
132	0	return false;
133	7.36k	}
134
135		/// \return whether @c type is extremely unlikely to be null
136	7.73k	bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {
137
138	7.73k	if (Ty->isPointerType() && Ty->getPointeeType()->isCharType()5.26k )
139	4.55k	return true;
140
141	3.17k	if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
142	59	return T->getInterfaceDecl() &&
143	59	T->getInterfaceDecl()->getIdentifier() == NSStringII54 ;
144	3.11k	} else if (auto *T = Ty->getAs<TypedefType>()) {
145	363	IdentifierInfo* II = T->getDecl()->getIdentifier();
146	363	return II == CFStringRefII \|\| II == CFBooleanRefII333 \|\| II == CFNullRefII331 ;
147	363	}
148	2.75k	return false;
149	3.17k	}
150
151	1.27k	void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
152	1.27k	Mgr.registerChecker<NonnullGlobalConstantsChecker>();
153	1.27k	}
154
155	2.55k	bool ento::shouldRegisterNonnullGlobalConstantsChecker(const CheckerManager &mgr) {
156	2.55k	return true;
157	2.55k	}

Coverage Report

Created: 2023-09-30 09:22