lib/Checker/DivZeroChecker.cpp

   1 //== DivZeroChecker.cpp - Division by zero checker --------------*- C++ -*--==//
   2 //
   3 //                     The LLVM Compiler Infrastructure
   4 //
   5 // This file is distributed under the University of Illinois Open Source
   6 // License. See LICENSE.TXT for details.
   7 //
   8 //===----------------------------------------------------------------------===//
   9 //
  10 // This defines DivZeroChecker, a builtin check in GRExprEngine that performs
  11 // checks for division by zeros.
  12 //
  13 //===----------------------------------------------------------------------===//
  14
  15 #include "GRExprEngineInternalChecks.h"
  16 #include "clang/GR/BugReporter/BugType.h"
  17 #include "clang/GR/PathSensitive/CheckerVisitor.h"
  18
  19 using namespace clang;
  20
  21 namespace {
  22 class DivZeroChecker : public CheckerVisitor<DivZeroChecker> {
  23   BuiltinBug *BT;
  24 public:
  25   DivZeroChecker() : BT(0) {}
  26   static void *getTag();
  27   void PreVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B);
  28 };
  29 } // end anonymous namespace
  30
  31 void clang::RegisterDivZeroChecker(GRExprEngine &Eng) {
  32   Eng.registerCheck(new DivZeroChecker());
  33 }
  34
  35 void *DivZeroChecker::getTag() {
  36   static int x;
  37   return &x;
  38 }
  39
  40 void DivZeroChecker::PreVisitBinaryOperator(CheckerContext &C,
  41                                             const BinaryOperator *B) {
  42   BinaryOperator::Opcode Op = B->getOpcode();
  43   if (Op != BO_Div &&
  44       Op != BO_Rem &&
  45       Op != BO_DivAssign &&
  46       Op != BO_RemAssign)
  47     return;
  48
  49   if (!B->getRHS()->getType()->isIntegerType() ||
  50       !B->getRHS()->getType()->isScalarType())
  51     return;
  52
  53   SVal Denom = C.getState()->getSVal(B->getRHS());
  54   const DefinedSVal *DV = dyn_cast<DefinedSVal>(&Denom);
  55
  56   // Divide-by-undefined handled in the generic checking for uses of
  57   // undefined values.
  58   if (!DV)
  59     return;
  60
  61   // Check for divide by zero.
  62   ConstraintManager &CM = C.getConstraintManager();
  63   const GRState *stateNotZero, *stateZero;
  64   llvm::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DV);
  65
  66   if (stateZero && !stateNotZero) {
  67     if (ExplodedNode *N = C.generateSink(stateZero)) {
  68       if (!BT)
  69         BT = new BuiltinBug("Division by zero");
  70
  71       EnhancedBugReport *R =
  72         new EnhancedBugReport(*BT, BT->getDescription(), N);
  73
  74       R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
  75                            bugreporter::GetDenomExpr(N));
  76
  77       C.EmitReport(R);
  78     }
  79     return;
  80   }
  81
  82   // If we get here, then the denom should not be zero. We abandon the implicit
  83   // zero denom case for now.
  84   C.addTransition(stateNotZero);
  85 }