InvalidatedIteratorChecker.cpp revision 360784
1//===-- InvalidatedIteratorChecker.cpp ----------------------------*- C++ -*--// 2// 3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4// See https://llvm.org/LICENSE.txt for license information. 5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6// 7//===----------------------------------------------------------------------===// 8// 9// Defines a checker for access of invalidated iterators. 10// 11//===----------------------------------------------------------------------===// 12 13#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" 14#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" 15#include "clang/StaticAnalyzer/Core/Checker.h" 16#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" 17#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" 18 19 20#include "Iterator.h" 21 22using namespace clang; 23using namespace ento; 24using namespace iterator; 25 26namespace { 27 28class InvalidatedIteratorChecker 29 : public Checker<check::PreCall> { 30 31 std::unique_ptr<BugType> InvalidatedBugType; 32 33 void verifyAccess(CheckerContext &C, const SVal &Val) const; 34 void reportBug(const StringRef &Message, const SVal &Val, 35 CheckerContext &C, ExplodedNode *ErrNode) const; 36public: 37 InvalidatedIteratorChecker(); 38 39 void checkPreCall(const CallEvent &Call, CheckerContext &C) const; 40 41}; 42 43} //namespace 44 45InvalidatedIteratorChecker::InvalidatedIteratorChecker() { 46 InvalidatedBugType.reset( 47 new BugType(this, "Iterator invalidated", "Misuse of STL APIs")); 48} 49 50void InvalidatedIteratorChecker::checkPreCall(const CallEvent &Call, 51 CheckerContext &C) const { 52 // Check for access of invalidated position 53 const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl()); 54 if (!Func) 55 return; 56 57 if (Func->isOverloadedOperator() && 58 isAccessOperator(Func->getOverloadedOperator())) { 59 // Check for any kind of access of invalidated iterator positions 60 if (const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call)) { 61 verifyAccess(C, InstCall->getCXXThisVal()); 62 } else { 63 verifyAccess(C, Call.getArgSVal(0)); 64 } 65 } 66} 67 68void InvalidatedIteratorChecker::verifyAccess(CheckerContext &C, const SVal &Val) const { 69 auto State = C.getState(); 70 const auto *Pos = getIteratorPosition(State, Val); 71 if (Pos && !Pos->isValid()) { 72 auto *N = C.generateErrorNode(State); 73 if (!N) { 74 return; 75 } 76 reportBug("Invalidated iterator accessed.", Val, C, N); 77 } 78} 79 80void InvalidatedIteratorChecker::reportBug(const StringRef &Message, 81 const SVal &Val, CheckerContext &C, 82 ExplodedNode *ErrNode) const { 83 auto R = std::make_unique<PathSensitiveBugReport>(*InvalidatedBugType, 84 Message, ErrNode); 85 R->markInteresting(Val); 86 C.emitReport(std::move(R)); 87} 88 89void ento::registerInvalidatedIteratorChecker(CheckerManager &mgr) { 90 mgr.registerChecker<InvalidatedIteratorChecker>(); 91} 92 93bool ento::shouldRegisterInvalidatedIteratorChecker(const LangOptions &LO) { 94 return true; 95} 96