1 //== CheckerContext.cpp - Context info for path-sensitive checkers-----------=//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 //  This file defines CheckerContext that provides contextual info for
10 //  path-sensitive checkers.
11 //
12 //===----------------------------------------------------------------------===//
13 
14 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
15 #include "clang/Basic/Builtins.h"
16 #include "clang/Lex/Lexer.h"
17 
18 using namespace clang;
19 using namespace ento;
20 
getCalleeDecl(const CallExpr * CE) const21 const FunctionDecl *CheckerContext::getCalleeDecl(const CallExpr *CE) const {
22   const Expr *Callee = CE->getCallee();
23   SVal L = Pred->getSVal(Callee);
24   return L.getAsFunctionDecl();
25 }
26 
getCalleeName(const FunctionDecl * FunDecl) const27 StringRef CheckerContext::getCalleeName(const FunctionDecl *FunDecl) const {
28   if (!FunDecl)
29     return StringRef();
30   IdentifierInfo *funI = FunDecl->getIdentifier();
31   if (!funI)
32     return StringRef();
33   return funI->getName();
34 }
35 
getDeclDescription(const Decl * D)36 StringRef CheckerContext::getDeclDescription(const Decl *D) {
37   if (isa<ObjCMethodDecl>(D) || isa<CXXMethodDecl>(D))
38     return "method";
39   if (isa<BlockDecl>(D))
40     return "anonymous block";
41   return "function";
42 }
43 
isCLibraryFunction(const FunctionDecl * FD,StringRef Name)44 bool CheckerContext::isCLibraryFunction(const FunctionDecl *FD,
45                                         StringRef Name) {
46   // To avoid false positives (Ex: finding user defined functions with
47   // similar names), only perform fuzzy name matching when it's a builtin.
48   // Using a string compare is slow, we might want to switch on BuiltinID here.
49   unsigned BId = FD->getBuiltinID();
50   if (BId != 0) {
51     if (Name.empty())
52       return true;
53     StringRef BName = FD->getASTContext().BuiltinInfo.getName(BId);
54     if (BName.find(Name) != StringRef::npos)
55       return true;
56   }
57 
58   const IdentifierInfo *II = FD->getIdentifier();
59   // If this is a special C++ name without IdentifierInfo, it can't be a
60   // C library function.
61   if (!II)
62     return false;
63 
64   // Look through 'extern "C"' and anything similar invented in the future.
65   // If this function is not in TU directly, it is not a C library function.
66   if (!FD->getDeclContext()->getRedeclContext()->isTranslationUnit())
67     return false;
68 
69   // If this function is not externally visible, it is not a C library function.
70   // Note that we make an exception for inline functions, which may be
71   // declared in header files without external linkage.
72   if (!FD->isInlined() && !FD->isExternallyVisible())
73     return false;
74 
75   if (Name.empty())
76     return true;
77 
78   StringRef FName = II->getName();
79   if (FName.equals(Name))
80     return true;
81 
82   if (FName.startswith("__inline") && (FName.find(Name) != StringRef::npos))
83     return true;
84 
85   if (FName.startswith("__") && FName.endswith("_chk") &&
86       FName.find(Name) != StringRef::npos)
87     return true;
88 
89   return false;
90 }
91 
getMacroNameOrSpelling(SourceLocation & Loc)92 StringRef CheckerContext::getMacroNameOrSpelling(SourceLocation &Loc) {
93   if (Loc.isMacroID())
94     return Lexer::getImmediateMacroName(Loc, getSourceManager(),
95                                              getLangOpts());
96   SmallVector<char, 16> buf;
97   return Lexer::getSpelling(Loc, buf, getSourceManager(), getLangOpts());
98 }
99 
100 /// Evaluate comparison and return true if it's known that condition is true
evalComparison(SVal LHSVal,BinaryOperatorKind ComparisonOp,SVal RHSVal,ProgramStateRef State)101 static bool evalComparison(SVal LHSVal, BinaryOperatorKind ComparisonOp,
102                            SVal RHSVal, ProgramStateRef State) {
103   if (LHSVal.isUnknownOrUndef())
104     return false;
105   ProgramStateManager &Mgr = State->getStateManager();
106   if (!LHSVal.getAs<NonLoc>()) {
107     LHSVal = Mgr.getStoreManager().getBinding(State->getStore(),
108                                               LHSVal.castAs<Loc>());
109     if (LHSVal.isUnknownOrUndef() || !LHSVal.getAs<NonLoc>())
110       return false;
111   }
112 
113   SValBuilder &Bldr = Mgr.getSValBuilder();
114   SVal Eval = Bldr.evalBinOp(State, ComparisonOp, LHSVal, RHSVal,
115                              Bldr.getConditionType());
116   if (Eval.isUnknownOrUndef())
117     return false;
118   ProgramStateRef StTrue, StFalse;
119   std::tie(StTrue, StFalse) = State->assume(Eval.castAs<DefinedSVal>());
120   return StTrue && !StFalse;
121 }
122 
isGreaterOrEqual(const Expr * E,unsigned long long Val)123 bool CheckerContext::isGreaterOrEqual(const Expr *E, unsigned long long Val) {
124   DefinedSVal V = getSValBuilder().makeIntVal(Val, getASTContext().LongLongTy);
125   return evalComparison(getSVal(E), BO_GE, V, getState());
126 }
127 
isNegative(const Expr * E)128 bool CheckerContext::isNegative(const Expr *E) {
129   DefinedSVal V = getSValBuilder().makeIntVal(0, false);
130   return evalComparison(getSVal(E), BO_LT, V, getState());
131 }
132