MacOSXAPIChecker.cpp revision 221345 
1218887Sdim// MacOSXAPIChecker.h - Checks proper use of various MacOS X APIs --*- C++ -*-//
2218887Sdim//
3218887Sdim//                     The LLVM Compiler Infrastructure
4218887Sdim//
5218887Sdim// This file is distributed under the University of Illinois Open Source
6218887Sdim// License. See LICENSE.TXT for details.
7218887Sdim//
8218887Sdim//===----------------------------------------------------------------------===//
9218887Sdim//
10218887Sdim// This defines MacOSXAPIChecker, which is an assortment of checks on calls
11218887Sdim// to various, widely used Mac OS X functions.
12218887Sdim//
13218887Sdim// FIXME: What's currently in BasicObjCFoundationChecks.cpp should be migrated
14218887Sdim// to here, using the new Checker interface.
15218887Sdim//
16218887Sdim//===----------------------------------------------------------------------===//
17218887Sdim
18218887Sdim#include "ClangSACheckers.h"
19221345Sdim#include "clang/StaticAnalyzer/Core/Checker.h"
20218887Sdim#include "clang/StaticAnalyzer/Core/CheckerManager.h"
21219077Sdim#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
22218887Sdim#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
23218887Sdim#include "clang/StaticAnalyzer/Core/PathSensitive/GRStateTrait.h"
24219077Sdim#include "clang/Basic/TargetInfo.h"
25218887Sdim#include "llvm/ADT/SmallString.h"
26218887Sdim#include "llvm/ADT/StringSwitch.h"
27218887Sdim#include "llvm/Support/raw_ostream.h"
28218887Sdim
29218887Sdimusing namespace clang;
30218887Sdimusing namespace ento;
31218887Sdim
32218887Sdimnamespace {
33221345Sdimclass MacOSXAPIChecker : public Checker< check::PreStmt<CallExpr> > {
34218887Sdim  enum SubChecks {
35218887Sdim    DispatchOnce = 0,
36218887Sdim    DispatchOnceF,
37218887Sdim    NumChecks
38218887Sdim  };
39218887Sdim
40219077Sdim  mutable BugType *BTypes[NumChecks];
41218887Sdim
42218887Sdimpublic:
43218887Sdim  MacOSXAPIChecker() { memset(BTypes, 0, sizeof(*BTypes) * NumChecks); }
44219077Sdim  ~MacOSXAPIChecker() {
45219077Sdim    for (unsigned i=0; i != NumChecks; ++i)
46219077Sdim      delete BTypes[i];
47219077Sdim  }
48218887Sdim
49219077Sdim  void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
50218887Sdim};
51218887Sdim} //end anonymous namespace
52218887Sdim
53218887Sdim//===----------------------------------------------------------------------===//
54218887Sdim// dispatch_once and dispatch_once_f
55218887Sdim//===----------------------------------------------------------------------===//
56218887Sdim
57218887Sdimstatic void CheckDispatchOnce(CheckerContext &C, const CallExpr *CE,
58218887Sdim                              BugType *&BT, const IdentifierInfo *FI) {
59218887Sdim
60218887Sdim  if (!BT) {
61218887Sdim    llvm::SmallString<128> S;
62218887Sdim    llvm::raw_svector_ostream os(S);
63218887Sdim    os << "Improper use of '" << FI->getName() << '\'';
64218887Sdim    BT = new BugType(os.str(), "Mac OS X API");
65218887Sdim  }
66218887Sdim
67218887Sdim  if (CE->getNumArgs() < 1)
68218887Sdim    return;
69218887Sdim
70218887Sdim  // Check if the first argument is stack allocated.  If so, issue a warning
71218887Sdim  // because that's likely to be bad news.
72218887Sdim  const GRState *state = C.getState();
73218887Sdim  const MemRegion *R = state->getSVal(CE->getArg(0)).getAsRegion();
74218887Sdim  if (!R || !isa<StackSpaceRegion>(R->getMemorySpace()))
75218887Sdim    return;
76218887Sdim
77218887Sdim  ExplodedNode *N = C.generateSink(state);
78218887Sdim  if (!N)
79218887Sdim    return;
80218887Sdim
81218887Sdim  llvm::SmallString<256> S;
82218887Sdim  llvm::raw_svector_ostream os(S);
83218887Sdim  os << "Call to '" << FI->getName() << "' uses";
84218887Sdim  if (const VarRegion *VR = dyn_cast<VarRegion>(R))
85218887Sdim    os << " the local variable '" << VR->getDecl()->getName() << '\'';
86218887Sdim  else
87218887Sdim    os << " stack allocated memory";
88218887Sdim  os << " for the predicate value.  Using such transient memory for "
89218887Sdim        "the predicate is potentially dangerous.";
90218887Sdim  if (isa<VarRegion>(R) && isa<StackLocalsSpaceRegion>(R->getMemorySpace()))
91218887Sdim    os << "  Perhaps you intended to declare the variable as 'static'?";
92218887Sdim
93218887Sdim  EnhancedBugReport *report = new EnhancedBugReport(*BT, os.str(), N);
94218887Sdim  report->addRange(CE->getArg(0)->getSourceRange());
95218887Sdim  C.EmitReport(report);
96218887Sdim}
97218887Sdim
98218887Sdim//===----------------------------------------------------------------------===//
99218887Sdim// Central dispatch function.
100218887Sdim//===----------------------------------------------------------------------===//
101218887Sdim
102218887Sdimtypedef void (*SubChecker)(CheckerContext &C, const CallExpr *CE, BugType *&BT,
103218887Sdim                           const IdentifierInfo *FI);
104218887Sdimnamespace {
105218887Sdim  class SubCheck {
106218887Sdim    SubChecker SC;
107218887Sdim    BugType **BT;
108218887Sdim  public:
109218887Sdim    SubCheck(SubChecker sc, BugType *& bt) : SC(sc), BT(&bt) {}
110218887Sdim    SubCheck() : SC(NULL), BT(NULL) {}
111218887Sdim
112218887Sdim    void run(CheckerContext &C, const CallExpr *CE,
113218887Sdim             const IdentifierInfo *FI) const {
114218887Sdim      if (SC)
115218887Sdim        SC(C, CE, *BT, FI);
116218887Sdim    }
117218887Sdim  };
118218887Sdim} // end anonymous namespace
119218887Sdim
120219077Sdimvoid MacOSXAPIChecker::checkPreStmt(const CallExpr *CE,
121219077Sdim                                    CheckerContext &C) const {
122218887Sdim  // FIXME: Mostly copy and paste from UnixAPIChecker.  Should refactor.
123218887Sdim  const GRState *state = C.getState();
124218887Sdim  const Expr *Callee = CE->getCallee();
125218887Sdim  const FunctionTextRegion *Fn =
126218887Sdim    dyn_cast_or_null<FunctionTextRegion>(state->getSVal(Callee).getAsRegion());
127218887Sdim
128218887Sdim  if (!Fn)
129218887Sdim    return;
130218887Sdim
131218887Sdim  const IdentifierInfo *FI = Fn->getDecl()->getIdentifier();
132218887Sdim  if (!FI)
133218887Sdim    return;
134218887Sdim
135218887Sdim  const SubCheck &SC =
136218887Sdim    llvm::StringSwitch<SubCheck>(FI->getName())
137218887Sdim      .Case("dispatch_once", SubCheck(CheckDispatchOnce, BTypes[DispatchOnce]))
138218887Sdim      .Case("dispatch_once_f", SubCheck(CheckDispatchOnce,
139218887Sdim                                        BTypes[DispatchOnceF]))
140218887Sdim      .Default(SubCheck());
141218887Sdim
142218887Sdim  SC.run(C, CE, FI);
143218887Sdim}
144219077Sdim
145219077Sdim//===----------------------------------------------------------------------===//
146219077Sdim// Registration.
147219077Sdim//===----------------------------------------------------------------------===//
148219077Sdim
149219077Sdimvoid ento::registerMacOSXAPIChecker(CheckerManager &mgr) {
150219077Sdim  mgr.registerChecker<MacOSXAPIChecker>();
151219077Sdim}
152