clang  10.0.0git
InvalidatedIteratorChecker.cpp
Go to the documentation of this file.
1 //===-- InvalidatedIteratorChecker.cpp ----------------------------*- C++ -*--//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Defines a checker for access of invalidated iterators.
10 //
11 //===----------------------------------------------------------------------===//
12 
18 
19 
20 #include "Iterator.h"
21 
22 using namespace clang;
23 using namespace ento;
24 using namespace iterator;
25 
26 namespace {
27 
28 class InvalidatedIteratorChecker
29  : public Checker<check::PreCall> {
30 
31  std::unique_ptr<BugType> InvalidatedBugType;
32 
33  void verifyAccess(CheckerContext &C, const SVal &Val) const;
34  void reportBug(const StringRef &Message, const SVal &Val,
35  CheckerContext &C, ExplodedNode *ErrNode) const;
36 public:
37  InvalidatedIteratorChecker();
38 
39  void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
40 
41 };
42 
43 } //namespace
44 
45 InvalidatedIteratorChecker::InvalidatedIteratorChecker() {
46  InvalidatedBugType.reset(
47  new BugType(this, "Iterator invalidated", "Misuse of STL APIs"));
48 }
49 
50 void InvalidatedIteratorChecker::checkPreCall(const CallEvent &Call,
51  CheckerContext &C) const {
52  // Check for access of invalidated position
53  const auto *Func = dyn_cast_or_null<FunctionDecl>(Call.getDecl());
54  if (!Func)
55  return;
56 
57  if (Func->isOverloadedOperator() &&
58  isAccessOperator(Func->getOverloadedOperator())) {
59  // Check for any kind of access of invalidated iterator positions
60  if (const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call)) {
61  verifyAccess(C, InstCall->getCXXThisVal());
62  } else {
63  verifyAccess(C, Call.getArgSVal(0));
64  }
65  }
66 }
67 
68 void InvalidatedIteratorChecker::verifyAccess(CheckerContext &C, const SVal &Val) const {
69  auto State = C.getState();
70  const auto *Pos = getIteratorPosition(State, Val);
71  if (Pos && !Pos->isValid()) {
72  auto *N = C.generateErrorNode(State);
73  if (!N) {
74  return;
75  }
76  reportBug("Invalidated iterator accessed.", Val, C, N);
77  }
78 }
79 
80 void InvalidatedIteratorChecker::reportBug(const StringRef &Message,
81  const SVal &Val, CheckerContext &C,
82  ExplodedNode *ErrNode) const {
83  auto R = std::make_unique<PathSensitiveBugReport>(*InvalidatedBugType,
84  Message, ErrNode);
85  R->markInteresting(Val);
86  C.emitReport(std::move(R));
87 }
88 
89 void ento::registerInvalidatedIteratorChecker(CheckerManager &mgr) {
90  mgr.registerChecker<InvalidatedIteratorChecker>();
91 }
92 
93 bool ento::shouldRegisterInvalidatedIteratorChecker(const LangOptions &LO) {
94  return true;
95 }
LineState State
Keeps track of the various options that can be enabled, which controls the dialect of C or C++ that i...
Definition: LangOptions.h:53
const IteratorPosition * getIteratorPosition(ProgramStateRef State, const SVal &Val)
Definition: Iterator.cpp:154
bool isAccessOperator(OverloadedOperatorKind OK)
Definition: Iterator.cpp:126
Dataflow Directional Tag Classes.