//=== StringChecker.cpp -------------------------------------------*- C++ -*--//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// This file implements the modeling of the std::basic_string type.

// This involves checking preconditions of the operations and applying the

// effects of the operations, e.g. their post-conditions.

//

//===----------------------------------------------------------------------===//

#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"

#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"

#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"

using namespace clang;

using namespace ento;

namespace {

class StringChecker : public Checker<check::PreCall> {

  BugType BT_Null{this, "Dereference of null pointer", categories::LogicError};

  mutable const FunctionDecl *StringConstCharPtrCtor = nullptr;

  mutable CanQualType SizeTypeTy;

  const CallDescription TwoParamStdStringCtor = {

      {"std", "basic_string", "basic_string"}, 2, 2};

  bool isCharToStringCtor(const CallEvent &Call, const ASTContext &ACtx) const;

public:

  void checkPreCall(const CallEvent &Call, CheckerContext &C) const;

};

bool StringChecker::isCharToStringCtor(const CallEvent &Call,

                                       const ASTContext &ACtx) const {

  if (!TwoParamStdStringCtor.matches(Call))

    return false;

  const auto *FD = dyn_cast<FunctionDecl>(Call.getDecl());

  assert(FD);

  // See if we already cached it.

  if (StringConstCharPtrCtor && 
StringConstCharPtrCtor == FD7
)

    return true;

  // Verify that the parameters have the expected types:

  // - arg 1: `const CharT *`

  // - arg 2: some allocator - which is definately not `size_t`.

  const QualType Arg1Ty = Call.getArgExpr(0)->getType().getCanonicalType();

  const QualType Arg2Ty = Call.getArgExpr(1)->getType().getCanonicalType();

  if (!Arg1Ty->isPointerType())

    return false;

  // It makes sure that we don't select the `string(const char* p, size_t len)`

  // overload accidentally.

  if (Arg2Ty.getCanonicalType() == ACtx.getSizeType())

    return false;

  StringConstCharPtrCtor = FD; // Cache the decl of the right overload.

  return true;

}

void StringChecker::checkPreCall(const CallEvent &Call,

                                 CheckerContext &C) const {

  if (!isCharToStringCtor(Call, C.getASTContext()))

    return;

  const auto Param = Call.getArgSVal(0).getAs<Loc>();

  if (!Param)

    return;

  // We managed to constrain the parameter to non-null.

  ProgramStateRef NotNull, Null;

  std::tie(NotNull, Null) = C.getState()->assume(*Param);

  if (NotNull) {

    const auto Callback = [Param](PathSensitiveBugReport &BR) -> std::string {

      return BR.isInteresting(*Param) ? 
"Assuming the pointer is not null."2

                                      : 
""2
;

    };

    // Emit note only if this operation constrained the pointer to be null.

    C.addTransition(NotNull, Null ? 
C.getNoteTag(Callback)3
 : 
nullptr1
);

    return;

  }

  // We found a path on which the parameter is NULL.

  if (ExplodedNode *N = C.generateErrorNode(C.getState())) {

    auto R = std::make_unique<PathSensitiveBugReport>(

        BT_Null, "The parameter must not be null", N);

    bugreporter::trackExpressionValue(N, Call.getArgExpr(0), *R);

    C.emitReport(std::move(R));

  }

}

} // end anonymous namespace

void ento::registerStringChecker(CheckerManager &Mgr) {

  Mgr.registerChecker<StringChecker>();

}

bool ento::shouldRegisterStringChecker(const CheckerManager &) { return true; }