lib/Checker/UndefCapturedBlockVarChecker.cpp

   1 // UndefCapturedBlockVarChecker.cpp - Uninitialized captured vars -*- C++ -*-=//
   2 //
   3 //                     The LLVM Compiler Infrastructure
   4 //
   5 // This file is distributed under the University of Illinois Open Source
   6 // License. See LICENSE.TXT for details.
   7 //
   8 //===----------------------------------------------------------------------===//
   9 //
  10 // This checker detects blocks that capture uninitialized values.
  11 //
  12 //===----------------------------------------------------------------------===//
  13
  14 #include "GRExprEngineInternalChecks.h"
  15 #include "clang/GR/PathSensitive/CheckerVisitor.h"
  16 #include "clang/GR/PathSensitive/GRExprEngine.h"
  17 #include "clang/GR/BugReporter/BugType.h"
  18 #include "llvm/Support/raw_ostream.h"
  19
  20 using namespace clang;
  21
  22 namespace {
  23 class UndefCapturedBlockVarChecker
  24   : public CheckerVisitor<UndefCapturedBlockVarChecker> {
  25  BugType *BT;
  26
  27 public:
  28   UndefCapturedBlockVarChecker() : BT(0) {}
  29   static void *getTag() { static int tag = 0; return &tag; }
  30   void PostVisitBlockExpr(CheckerContext &C, const BlockExpr *BE);
  31 };
  32 } // end anonymous namespace
  33
  34 void clang::RegisterUndefCapturedBlockVarChecker(GRExprEngine &Eng) {
  35   Eng.registerCheck(new UndefCapturedBlockVarChecker());
  36 }
  37
  38 static const BlockDeclRefExpr *FindBlockDeclRefExpr(const Stmt *S,
  39                                                     const VarDecl *VD){
  40   if (const BlockDeclRefExpr *BR = dyn_cast<BlockDeclRefExpr>(S))
  41     if (BR->getDecl() == VD)
  42       return BR;
  43
  44   for (Stmt::const_child_iterator I = S->child_begin(), E = S->child_end();
  45        I!=E; ++I)
  46     if (const Stmt *child = *I) {
  47       const BlockDeclRefExpr *BR = FindBlockDeclRefExpr(child, VD);
  48       if (BR)
  49         return BR;
  50     }
  51
  52   return NULL;
  53 }
  54
  55 void
  56 UndefCapturedBlockVarChecker::PostVisitBlockExpr(CheckerContext &C,
  57                                                  const BlockExpr *BE) {
  58   if (!BE->hasBlockDeclRefExprs())
  59     return;
  60
  61   const GRState *state = C.getState();
  62   const BlockDataRegion *R =
  63     cast<BlockDataRegion>(state->getSVal(BE).getAsRegion());
  64
  65   BlockDataRegion::referenced_vars_iterator I = R->referenced_vars_begin(),
  66                                             E = R->referenced_vars_end();
  67
  68   for (; I != E; ++I) {
  69     // This VarRegion is the region associated with the block; we need
  70     // the one associated with the encompassing context.
  71     const VarRegion *VR = *I;
  72     const VarDecl *VD = VR->getDecl();
  73
  74     if (VD->getAttr<BlocksAttr>() || !VD->hasLocalStorage())
  75       continue;
  76
  77     // Get the VarRegion associated with VD in the local stack frame.
  78     const LocationContext *LC = C.getPredecessor()->getLocationContext();
  79     VR = C.getSValBuilder().getRegionManager().getVarRegion(VD, LC);
  80
  81     if (state->getSVal(VR).isUndef())
  82       if (ExplodedNode *N = C.generateSink()) {
  83         if (!BT)
  84           BT = new BuiltinBug("Captured block variable is uninitialized");
  85
  86         // Generate a bug report.
  87         llvm::SmallString<128> buf;
  88         llvm::raw_svector_ostream os(buf);
  89
  90         os << "Variable '" << VD->getName() << "' is captured by block with "
  91               "a garbage value";
  92
  93         EnhancedBugReport *R = new EnhancedBugReport(*BT, os.str(), N);
  94         if (const Expr *Ex = FindBlockDeclRefExpr(BE->getBody(), VD))
  95           R->addRange(Ex->getSourceRange());
  96         R->addVisitorCreator(bugreporter::registerFindLastStore, VR);
  97         // need location of block
  98         C.EmitReport(R);
  99       }
 100   }
 101 }