/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/StaticAnalyzer/Checkers/UndefinedAssignmentChecker.cpp

Source (jump to first uncovered line)
//===--- UndefinedAssignmentChecker.h ---------------------------*- C++ -*--==//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
// checks for assigning undefined values.
//
//===----------------------------------------------------------------------===//

#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"

using namespace clang;
using namespace ento;

namespace {
class UndefinedAssignmentChecker
  : public Checker<check::Bind> {
  mutable std::unique_ptr<BugType> BT;

public:
  void checkBind(SVal location, SVal val, const Stmt *S,
                 CheckerContext &C) const;
};
}

void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
                                           const Stmt *StoreE,
                                           CheckerContext &C) const {
  if (!val.isUndef())
    return;

  // Do not report assignments of uninitialized values inside swap functions.
  // This should allow to swap partially uninitialized structs
  if (const FunctionDecl *EnclosingFunctionDecl =
      dyn_cast<FunctionDecl>(C.getStackFrame()->getDecl()))
    if (C.getCalleeName(EnclosingFunctionDecl) == "swap")
      return;

  ExplodedNode *N = C.generateErrorNode();

  if (!N)
    return;

  static const char *const DefaultMsg =
      "Assigned value is garbage or undefined";
  if (!BT)
    BT.reset(new BugType(this, DefaultMsg));

  // Generate a report for this bug.
  llvm::SmallString<128> Str;
  llvm::raw_svector_ostream OS(Str);

  const Expr *ex = nullptr;

  while (StoreE) {
    if (const UnaryOperator *U = dyn_cast<UnaryOperator>(StoreE)) {
      OS << "The expression is an uninitialized value. "
            "The computed value will also be garbage";

      ex = U->getSubExpr();
      break;
    }

    if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
      if (B->isCompoundAssignmentOp()) {
        if (C.getSVal(B->getLHS()).isUndef()) {
          OS << "The left expression of the compound assignment is an "
                "uninitialized value. The computed value will also be garbage";
          ex = B->getLHS();
          break;
        }
      }

      ex = B->getRHS();
      break;
    }

    if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
      const VarDecl *VD = cast<VarDecl>(DS->getSingleDecl());
      ex = VD->getInit();
    }

    if (const auto *CD =
            dyn_cast<CXXConstructorDecl>(C.getStackFrame()->getDecl())) {
      if (CD->isImplicit()) {
        for (auto *I : CD->inits()) {
          if (I->getInit()->IgnoreImpCasts() == StoreE) {
            OS << "Value assigned to field '" << I->getMember()->getName()
               << "' in implicit constructor is garbage or undefined";
            break;
          }
        }
      }
    }

    break;
  }

  if (OS.str().empty())
    OS << DefaultMsg;

  auto R = std::make_unique<PathSensitiveBugReport>(*BT, OS.str(), N);
  if (ex) {
    R->addRange(ex->getSourceRange());
    bugreporter::trackExpressionValue(N, ex, *R);
  }
  C.emitReport(std::move(R));
}

void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
  mgr.registerChecker<UndefinedAssignmentChecker>();
}

bool ento::shouldRegisterUndefinedAssignmentChecker(const CheckerManager &mgr) {
  return true;
}

Line	Count	Source (jump to first uncovered line)
1		//===--- UndefinedAssignmentChecker.h ---------------------------- C++ ---==//
2		//
3		// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4		// See https://llvm.org/LICENSE.txt for license information.
5		// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6		//
7		//===----------------------------------------------------------------------===//
8		//
9		// This defines UndefinedAssignmentChecker, a builtin check in ExprEngine that
10		// checks for assigning undefined values.
11		//
12		//===----------------------------------------------------------------------===//
13
14		#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15		#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
16		#include "clang/StaticAnalyzer/Core/Checker.h"
17		#include "clang/StaticAnalyzer/Core/CheckerManager.h"
18		#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
19
20		using namespace clang;
21		using namespace ento;
22
23		namespace {
24		class UndefinedAssignmentChecker
25		: public Checker<check::Bind> {
26		mutable std::unique_ptr<BugType> BT;
27
28		public:
29		void checkBind(SVal location, SVal val, const Stmt *S,
30		CheckerContext &C) const;
31		};
32		}
33
34		void UndefinedAssignmentChecker::checkBind(SVal location, SVal val,
35		const Stmt *StoreE,
36	82.2k	CheckerContext &C) const {
37	82.2k	if (!val.isUndef())
38	81.9k	return;
39
40		// Do not report assignments of uninitialized values inside swap functions.
41		// This should allow to swap partially uninitialized structs
42	380	if (const FunctionDecl *EnclosingFunctionDecl =
43	380	dyn_cast<FunctionDecl>(C.getStackFrame()->getDecl()))
44	379	if (C.getCalleeName(EnclosingFunctionDecl) == "swap")
45	1	return;
46
47	379	ExplodedNode *N = C.generateErrorNode();
48
49	379	if (!N)
50	0	return;
51
52	379	static const char *const DefaultMsg =
53	379	"Assigned value is garbage or undefined";
54	379	if (!BT)
55	288	BT.reset(new BugType(this, DefaultMsg));
56
57		// Generate a report for this bug.
58	379	llvm::SmallString<128> Str;
59	379	llvm::raw_svector_ostream OS(Str);
60
61	379	const Expr *ex = nullptr;
62
63	379	while (StoreE) {
64	379	if (const UnaryOperator *U = dyn_cast<UnaryOperator>(StoreE)) {
65	260	OS << "The expression is an uninitialized value. "
66	260	"The computed value will also be garbage";
67
68	260	ex = U->getSubExpr();
69	260	break;
70	260	}
71
72	119	if (const BinaryOperator *B = dyn_cast<BinaryOperator>(StoreE)) {
73	29	if (B->isCompoundAssignmentOp()) {
74	4	if (C.getSVal(B->getLHS()).isUndef()) {
75	3	OS << "The left expression of the compound assignment is an "
76	3	"uninitialized value. The computed value will also be garbage";
77	3	ex = B->getLHS();
78	3	break;
79	3	}
80	4	}
81
82	26	ex = B->getRHS();
83	26	break;
84	29	}
85
86	90	if (const DeclStmt *DS = dyn_cast<DeclStmt>(StoreE)) {
87	69	const VarDecl *VD = cast<VarDecl>(DS->getSingleDecl());
88	69	ex = VD->getInit();
89	69	}
90
91	90	if (const auto *CD =
92	90	dyn_cast<CXXConstructorDecl>(C.getStackFrame()->getDecl())) {
93	21	if (CD->isImplicit()) {
94	6	for (auto *I : CD->inits()) {
95	6	if (I->getInit()->IgnoreImpCasts() == StoreE) {
96	4	OS << "Value assigned to field '" << I->getMember()->getName()
97	4	<< "' in implicit constructor is garbage or undefined";
98	4	break;
99	4	}
100	6	}
101	4	}
102	21	}
103
104	90	break;
105	119	}
106
107	379	if (OS.str().empty())
108	112	OS << DefaultMsg;
109
110	379	auto R = std::make_unique<PathSensitiveBugReport>(*BT, OS.str(), N);
111	379	if (ex) {
112	358	R->addRange(ex->getSourceRange());
113	358	bugreporter::trackExpressionValue(N, ex, *R);
114	358	}
115	379	C.emitReport(std::move(R));
116	379	}
117
118	1.27k	void ento::registerUndefinedAssignmentChecker(CheckerManager &mgr) {
119	1.27k	mgr.registerChecker<UndefinedAssignmentChecker>();
120	1.27k	}
121
122	2.55k	bool ento::shouldRegisterUndefinedAssignmentChecker(const CheckerManager &mgr) {
123	2.55k	return true;
124	2.55k	}

Coverage Report

Created: 2023-09-30 09:22