maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
llvm-project/clang/lib/StaticAnalyzer/Checkers/ObjCSuperDeallocChecker.cpp

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

291 lines
9.3 KiB
C++
Raw Normal View History

[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
//===- ObjCSuperDeallocChecker.cpp - Check correct use of [super dealloc] -===//
//
Update the file headers across all of the LLVM projects in the monorepo to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
2019-01-19 16:50:56 +08:00
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
//
//===----------------------------------------------------------------------===//
//
// This defines ObjCSuperDeallocChecker, a builtin check that warns when
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
// self is used after a call to [super dealloc] in MRR mode.
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
//
//===----------------------------------------------------------------------===//
[analyzer][NFC] Move CheckerRegistry from the Core directory to Frontend ClangCheckerRegistry is a very non-obvious, poorly documented, weird concept. It derives from CheckerRegistry, and is placed in lib/StaticAnalyzer/Frontend, whereas it's base is located in lib/StaticAnalyzer/Core. It was, from what I can imagine, used to circumvent the problem that the registry functions of the checkers are located in the clangStaticAnalyzerCheckers library, but that library depends on clangStaticAnalyzerCore. However, clangStaticAnalyzerFrontend depends on both of those libraries. One can make the observation however, that CheckerRegistry has no place in Core, it isn't used there at all! The only place where it is used is Frontend, which is where it ultimately belongs. This move implies that since include/clang/StaticAnalyzer/Checkers/ClangCheckers.h only contained a single function: class CheckerRegistry; void registerBuiltinCheckers(CheckerRegistry &registry); it had to re purposed, as CheckerRegistry is no longer available to clangStaticAnalyzerCheckers. It was renamed to BuiltinCheckerRegistration.h, which actually describes it a lot better -- it does not contain the registration functions for checkers, but only those generated by the tblgen files. Differential Revision: https://reviews.llvm.org/D54436 llvm-svn: 349275
2018-12-16 00:23:51 +08:00
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h"
using namespace clang;
using namespace ento;
namespace {
class ObjCSuperDeallocChecker
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
: public Checker<check::PostObjCMessage, check::PreObjCMessage,
check::PreCall, check::Location> {
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
mutable IdentifierInfo *IIdealloc, *IINSObject;
mutable Selector SELdealloc;
std::unique_ptr<BugType> DoubleSuperDeallocBugType;
void initIdentifierInfoAndSelectors(ASTContext &Ctx) const;
bool isSuperDeallocMessage(const ObjCMethodCall &M) const;
public:
ObjCSuperDeallocChecker();
void checkPostObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const;
void checkPreObjCMessage(const ObjCMethodCall &M, CheckerContext &C) const;
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
void checkLocation(SVal l, bool isLoad, const Stmt *S,
CheckerContext &C) const;
private:
void diagnoseCallArguments(const CallEvent &CE, CheckerContext &C) const;
void reportUseAfterDealloc(SymbolRef Sym, StringRef Desc, const Stmt *S,
CheckerContext &C) const;
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
};
} // End anonymous namespace.
// Remember whether [super dealloc] has previously been called on the
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
// SymbolRef for the receiver.
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
REGISTER_SET_WITH_PROGRAMSTATE(CalledSuperDealloc, SymbolRef)
Move class into anonymous namespace. NFC. llvm-svn: 262716
2016-03-04 22:18:52 +08:00
namespace {
[analyzer] Do not run visitors until the fixpoint, run only once. In the current implementation, we run visitors until the fixed point is reached. That is, if a visitor adds another visitor, the currently processed path is destroyed, all diagnostics is discarded, and it is regenerated again, until it's no longer modified. This pattern has a few negative implications: - This loop does not even guarantee to terminate. E.g. just imagine two visitors bouncing a diagnostics around. - Performance-wise, e.g. for sqlite3 all visitors are being re-run at least 10 times for some bugs. We have already seen a few reports where it leads to timeouts. - If we want to add more computationally intense visitors, this will become worse. - From architectural standpoint, the current layout requires copying visitors, which is conceptually wrong, and can be annoying (e.g. no unique_ptr on visitors allowed). The proposed change is a much simpler architecture: the outer loop processes nodes upwards, and whenever the visitor is added it only processes current nodes and above, thus guaranteeing termination. Differential Revision: https://reviews.llvm.org/D47856 llvm-svn: 335666
2018-06-27 05:12:08 +08:00
class SuperDeallocBRVisitor final : public BugReporterVisitor {
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
SymbolRef ReceiverSymbol;
bool Satisfied;
public:
SuperDeallocBRVisitor(SymbolRef ReceiverSymbol)
[analyzer][NFC] Refactoring BugReporter.cpp P3.: std::shared_pointer<PathDiagnosticPiece> -> PathDiagnosticPieceRef find clang/ -type f -exec sed -i 's/std::shared_ptr<PathDiagnosticPiece>/PathDiagnosticPieceRef/g' {} \; git diff -U3 --no-color HEAD^ | clang-format-diff-6.0 -p1 -i Just as C++ is meant to be refactored, right? Differential Revision: https://reviews.llvm.org/D65381 llvm-svn: 368717
2019-08-14 00:45:48 +08:00
: ReceiverSymbol(ReceiverSymbol), Satisfied(false) {}
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
[analyzer][NFC] Refactoring BugReporter.cpp P3.: std::shared_pointer<PathDiagnosticPiece> -> PathDiagnosticPieceRef find clang/ -type f -exec sed -i 's/std::shared_ptr<PathDiagnosticPiece>/PathDiagnosticPieceRef/g' {} \; git diff -U3 --no-color HEAD^ | clang-format-diff-6.0 -p1 -i Just as C++ is meant to be refactored, right? Differential Revision: https://reviews.llvm.org/D65381 llvm-svn: 368717
2019-08-14 00:45:48 +08:00
PathDiagnosticPieceRef VisitNode(const ExplodedNode *Succ,
BugReporterContext &BRC,
[analyzer] NFC: Introduce sub-classes for path-sensitive and basic reports. Checkers are now required to specify whether they're creating a path-sensitive report or a path-insensitive report by constructing an object of the respective type. This makes BugReporter more independent from the rest of the Static Analyzer because all Analyzer-specific code is now in sub-classes. Differential Revision: https://reviews.llvm.org/D66572 llvm-svn: 371450
2019-09-10 04:34:40 +08:00
PathSensitiveBugReport &BR) override;
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
void Profile(llvm::FoldingSetNodeID &ID) const override {
ID.Add(ReceiverSymbol);
}
};
Move class into anonymous namespace. NFC. llvm-svn: 262716
2016-03-04 22:18:52 +08:00
} // End anonymous namespace.
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
void ObjCSuperDeallocChecker::checkPreObjCMessage(const ObjCMethodCall &M,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
SymbolRef ReceiverSymbol = M.getReceiverSVal().getAsSymbol();
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
if (!ReceiverSymbol) {
diagnoseCallArguments(M, C);
return;
}
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
bool AlreadyCalled = State->contains<CalledSuperDealloc>(ReceiverSymbol);
if (!AlreadyCalled)
return;
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
StringRef Desc;
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
if (isSuperDeallocMessage(M)) {
Desc = "[super dealloc] should not be called multiple times";
} else {
Desc = StringRef();
}
reportUseAfterDealloc(ReceiverSymbol, Desc, M.getOriginExpr(), C);
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
}
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
void ObjCSuperDeallocChecker::checkPreCall(const CallEvent &Call,
CheckerContext &C) const {
diagnoseCallArguments(Call, C);
}
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
void ObjCSuperDeallocChecker::checkPostObjCMessage(const ObjCMethodCall &M,
CheckerContext &C) const {
// Check for [super dealloc] method call.
if (!isSuperDeallocMessage(M))
return;
ProgramStateRef State = C.getState();
[analyzer] Track runtime types represented by Obj-C Class objects Summary: Objective-C Class objects can be used to do a dynamic dispatch on class methods. The analyzer had a few places where we tried to overcome the dynamic nature of it and still guess the actual function that is being called. That was done mostly using some simple heuristics covering the most widespread cases (e.g. [[self class] classmethod]). This solution introduces a way to track types represented by Class objects and work with that instead of direct AST matching. rdar://problem/50739539 Differential Revision: https://reviews.llvm.org/D78286
2020-04-22 23:15:03 +08:00
const LocationContext *LC = C.getLocationContext();
SymbolRef SelfSymbol = State->getSelfSVal(LC).getAsSymbol();
assert(SelfSymbol && "No receiver symbol at call to [super dealloc]?");
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
// We add this transition in checkPostObjCMessage to avoid warning when
// we inline a call to [super dealloc] where the inlined call itself
// calls [super dealloc].
[analyzer] Track runtime types represented by Obj-C Class objects Summary: Objective-C Class objects can be used to do a dynamic dispatch on class methods. The analyzer had a few places where we tried to overcome the dynamic nature of it and still guess the actual function that is being called. That was done mostly using some simple heuristics covering the most widespread cases (e.g. [[self class] classmethod]). This solution introduces a way to track types represented by Class objects and work with that instead of direct AST matching. rdar://problem/50739539 Differential Revision: https://reviews.llvm.org/D78286
2020-04-22 23:15:03 +08:00
State = State->add<CalledSuperDealloc>(SelfSymbol);
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
C.addTransition(State);
}
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
void ObjCSuperDeallocChecker::checkLocation(SVal L, bool IsLoad, const Stmt *S,
CheckerContext &C) const {
SymbolRef BaseSym = L.getLocSymbolInBase();
if (!BaseSym)
return;
ProgramStateRef State = C.getState();
if (!State->contains<CalledSuperDealloc>(BaseSym))
return;
const MemRegion *R = L.getAsRegion();
if (!R)
return;
// Climb the super regions to find the base symbol while recording
// the second-to-last region for error reporting.
const MemRegion *PriorSubRegion = nullptr;
while (const SubRegion *SR = dyn_cast<SubRegion>(R)) {
if (const SymbolicRegion *SymR = dyn_cast<SymbolicRegion>(SR)) {
BaseSym = SymR->getSymbol();
break;
} else {
R = SR->getSuperRegion();
PriorSubRegion = SR;
}
}
StringRef Desc = StringRef();
auto *IvarRegion = dyn_cast_or_null<ObjCIvarRegion>(PriorSubRegion);
[analyzer] Fix a memory error in r261935 caught by the Windows bots. It was using a temporary StringRef after its underlying storage was freed. llvm-svn: 261944
2016-02-26 08:23:41 +08:00
std::string Buf;
llvm::raw_string_ostream OS(Buf);
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
if (IvarRegion) {
[analyzer] Fix capitalization in ObjCSuperDeallocChecker diagnostic. llvm-svn: 262520
2016-03-03 05:22:48 +08:00
OS << "Use of instance variable '" << *IvarRegion->getDecl() <<
[analyzer] Shorten ObjcSuperDeallocChecker diagnostics. Change "use of 'self' after it has been freed with call to [super dealloc]" to "use of 'self' after it has been deallocated" and "use of instance variable '_ivar' after the instance has been freed with call to [super dealloc]" to "use of instance variable '_ivar' after 'self' has been deallocated". llvm-svn: 261945
2016-02-26 08:47:42 +08:00
"' after 'self' has been deallocated";
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
Desc = OS.str();
}
reportUseAfterDealloc(BaseSym, Desc, S, C);
}
[analyzer] Prune some incorrect \param doc comment annotations. llvm-svn: 261970
2016-02-26 11:41:31 +08:00
/// Report a use-after-dealloc on Sym. If not empty,
/// Desc will be used to describe the error; otherwise,
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
/// a default warning will be used.
void ObjCSuperDeallocChecker::reportUseAfterDealloc(SymbolRef Sym,
StringRef Desc,
const Stmt *S,
CheckerContext &C) const {
// We have a use of self after free.
// This likely causes a crash, so stop exploring the
// path by generating a sink.
ExplodedNode *ErrNode = C.generateErrorNode();
// If we've already reached this node on another path, return.
if (!ErrNode)
return;
if (Desc.empty())
[analyzer] Fix capitalization in ObjCSuperDealloc checker diagnostic. Change "use of 'self'..." to "Use of 'self'...". The convention is to start diagnostics with a capital letter. rdar://problem/28322494 llvm-svn: 285759
2016-11-02 06:16:39 +08:00
Desc = "Use of 'self' after it has been deallocated";
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
// Generate the report.
[analyzer] NFC: Introduce sub-classes for path-sensitive and basic reports. Checkers are now required to specify whether they're creating a path-sensitive report or a path-insensitive report by constructing an object of the respective type. This makes BugReporter more independent from the rest of the Static Analyzer because all Analyzer-specific code is now in sub-classes. Differential Revision: https://reviews.llvm.org/D66572 llvm-svn: 371450
2019-09-10 04:34:40 +08:00
auto BR = std::make_unique<PathSensitiveBugReport>(*DoubleSuperDeallocBugType,
Desc, ErrNode);
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
BR->addRange(S->getSourceRange());
[Clang] Migrate llvm::make_unique to std::make_unique Now that we've moved to C++14, we no longer need the llvm::make_unique implementation from STLExtras.h. This patch is a mechanical replacement of (hopefully) all the llvm::make_unique instances across the monorepo. Differential revision: https://reviews.llvm.org/D66259 llvm-svn: 368942
2019-08-15 07:04:18 +08:00
BR->addVisitor(std::make_unique<SuperDeallocBRVisitor>(Sym));
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
C.emitReport(std::move(BR));
}
[analyzer] Prune some incorrect \param doc comment annotations. llvm-svn: 261970
2016-02-26 11:41:31 +08:00
/// Diagnose if any of the arguments to CE have already been
[analyzer] Warn on use of 'self' after call to to [super dealloc]. Referring to 'self' after a call to [super dealloc] is a use-after-free in Objective-C because NSObject's -dealloc frees the memory pointed to by self. This patch extends the ObjCSuperDeallocChecker to catch this error. rdar://problem/6953275 Differential Revision: http://reviews.llvm.org/D17528 llvm-svn: 261935
2016-02-26 07:36:52 +08:00
/// dealloc'd.
void ObjCSuperDeallocChecker::diagnoseCallArguments(const CallEvent &CE,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
unsigned ArgCount = CE.getNumArgs();
for (unsigned I = 0; I < ArgCount; I++) {
SymbolRef Sym = CE.getArgSVal(I).getAsSymbol();
if (!Sym)
continue;
if (State->contains<CalledSuperDealloc>(Sym)) {
reportUseAfterDealloc(Sym, StringRef(), CE.getArgExpr(I), C);
return;
}
}
}
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
ObjCSuperDeallocChecker::ObjCSuperDeallocChecker()
: IIdealloc(nullptr), IINSObject(nullptr) {
DoubleSuperDeallocBugType.reset(
new BugType(this, "[super dealloc] should not be called more than once",
categories::CoreFoundationObjectiveC));
}
void
ObjCSuperDeallocChecker::initIdentifierInfoAndSelectors(ASTContext &Ctx) const {
if (IIdealloc)
return;
IIdealloc = &Ctx.Idents.get("dealloc");
IINSObject = &Ctx.Idents.get("NSObject");
SELdealloc = Ctx.Selectors.getSelector(0, &IIdealloc);
}
bool
ObjCSuperDeallocChecker::isSuperDeallocMessage(const ObjCMethodCall &M) const {
if (M.getOriginExpr()->getReceiverKind() != ObjCMessageExpr::SuperInstance)
return false;
ASTContext &Ctx = M.getState()->getStateManager().getContext();
initIdentifierInfoAndSelectors(Ctx);
return M.getSelector() == SELdealloc;
}
[analyzer][NFC] Refactoring BugReporter.cpp P3.: std::shared_pointer<PathDiagnosticPiece> -> PathDiagnosticPieceRef find clang/ -type f -exec sed -i 's/std::shared_ptr<PathDiagnosticPiece>/PathDiagnosticPieceRef/g' {} \; git diff -U3 --no-color HEAD^ | clang-format-diff-6.0 -p1 -i Just as C++ is meant to be refactored, right? Differential Revision: https://reviews.llvm.org/D65381 llvm-svn: 368717
2019-08-14 00:45:48 +08:00
PathDiagnosticPieceRef
Migrate PathDiagnosticPiece to std::shared_ptr Simplifies and makes explicit the memory ownership model rather than implicitly passing/acquiring ownership. llvm-svn: 291143
2017-01-06 01:26:53 +08:00
SuperDeallocBRVisitor::VisitNode(const ExplodedNode *Succ,
[analyzer] NFC: Introduce sub-classes for path-sensitive and basic reports. Checkers are now required to specify whether they're creating a path-sensitive report or a path-insensitive report by constructing an object of the respective type. This makes BugReporter more independent from the rest of the Static Analyzer because all Analyzer-specific code is now in sub-classes. Differential Revision: https://reviews.llvm.org/D66572 llvm-svn: 371450
2019-09-10 04:34:40 +08:00
BugReporterContext &BRC,
PathSensitiveBugReport &) {
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
if (Satisfied)
return nullptr;
ProgramStateRef State = Succ->getState();
bool CalledNow =
Succ->getState()->contains<CalledSuperDealloc>(ReceiverSymbol);
bool CalledBefore =
[analyzer] [NFC] Remove unused parameters, as found by -Wunused-parameter Differential Revision: https://reviews.llvm.org/D52640 llvm-svn: 343353
2018-09-29 02:49:41 +08:00
Succ->getFirstPred()->getState()->contains<CalledSuperDealloc>(
ReceiverSymbol);
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
// Is Succ the node on which the analyzer noted that [super dealloc] was
// called on ReceiverSymbol?
if (CalledNow && !CalledBefore) {
Satisfied = true;
ProgramPoint P = Succ->getLocation();
PathDiagnosticLocation L =
PathDiagnosticLocation::create(P, BRC.getSourceManager());
if (!L.isValid() || !L.asLocation().isValid())
return nullptr;
Migrate PathDiagnosticPiece to std::shared_ptr Simplifies and makes explicit the memory ownership model rather than implicitly passing/acquiring ownership. llvm-svn: 291143
2017-01-06 01:26:53 +08:00
return std::make_shared<PathDiagnosticEventPiece>(
[analyzer] Detect duplicate [super dealloc] calls Add an alpha path checker that warns about duplicate calls to [super dealloc]. This will form the foundation of a checker that will detect uses of 'self' after calling [super dealloc]. Part of rdar://problem/6953275. Based on a patch by David Kilzer! Differential Revision: http://reviews.llvm.org/D5238 llvm-svn: 261545
2016-02-23 01:56:24 +08:00
L, "[super dealloc] called here");
}
return nullptr;
}
//===----------------------------------------------------------------------===//
// Checker Registration.
//===----------------------------------------------------------------------===//
void ento::registerObjCSuperDeallocChecker(CheckerManager &Mgr) {
Mgr.registerChecker<ObjCSuperDeallocChecker>();
}
[analyzer] Supply all checkers with a shouldRegister function Introduce the boolean ento::shouldRegister##CHECKERNAME(const LangOptions &LO) function very similarly to ento::register##CHECKERNAME. This will force every checker to implement this function, but maybe it isn't that bad: I saw a lot of ObjC or C++ specific checkers that should probably not register themselves based on some LangOptions (mine too), but they do anyways. A big benefit of this is that all registry functions now register their checker, once it is called, registration is guaranteed. This patch is a part of a greater effort to reinvent checker registration, more info here: D54438#1315953 Differential Revision: https://reviews.llvm.org/D55424 llvm-svn: 352277
2019-01-26 22:23:08 +08:00
[analyzer][NFC] Change LangOptions to CheckerManager in the shouldRegister* functions Some checkers may not only depend on language options but also analyzer options. To make this possible this patch changes the parameter of the shouldRegister* function to CheckerManager to be able to query the analyzer options when deciding whether the checker should be registered. Differential Revision: https://reviews.llvm.org/D75271
2020-03-27 21:29:31 +08:00
bool ento::shouldRegisterObjCSuperDeallocChecker(const CheckerManager &mgr) {
[analyzer] Supply all checkers with a shouldRegister function Introduce the boolean ento::shouldRegister##CHECKERNAME(const LangOptions &LO) function very similarly to ento::register##CHECKERNAME. This will force every checker to implement this function, but maybe it isn't that bad: I saw a lot of ObjC or C++ specific checkers that should probably not register themselves based on some LangOptions (mine too), but they do anyways. A big benefit of this is that all registry functions now register their checker, once it is called, registration is guaranteed. This patch is a part of a greater effort to reinvent checker registration, more info here: D54438#1315953 Differential Revision: https://reviews.llvm.org/D55424 llvm-svn: 352277
2019-01-26 22:23:08 +08:00
return true;
}