[analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.

Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow

llvm-svn: 126609

clang/include/clang/Driver/CC1Options.td

@@ -46,8 +46,6 @@ def analysis_WarnUninitVals : Flag<"-warn-uninit-values">,
   HelpText<"Warn about uses of uninitialized variables">;
 def analysis_ObjCMemChecker : Flag<"-analyzer-check-objc-mem">,
   HelpText<"Run the [Core] Foundation reference count checker">;
-def analysis_WarnBufferOverflows : Flag<"-analyzer-check-buffer-overflows">,
-  HelpText<"Warn about buffer overflows">;
 
 def analyzer_store : Separate<"-analyzer-store">,
   HelpText<"Source Code Analysis - Abstract Memory Store Models">;

clang/include/clang/Frontend/AnalyzerOptions.h

@@ -69,7 +69,6 @@ public:
   unsigned AnalyzerDisplayProgress : 1;
   unsigned AnalyzeNestedBlocks : 1;
   unsigned EagerlyAssume : 1;
-  unsigned BufferOverflows : 1;
   unsigned PurgeDead : 1;
   unsigned TrimGraph : 1;
   unsigned VisualizeEGDot : 1;
@@ -90,7 +89,6 @@ public:
     AnalyzerDisplayProgress = 0;
     AnalyzeNestedBlocks = 0;
     EagerlyAssume = 0;
-    BufferOverflows = 0;    
     PurgeDead = 1;
     TrimGraph = 0;
     VisualizeEGDot = 0;

clang/lib/Frontend/CompilerInvocation.cpp

@@ -112,8 +112,6 @@ static void AnalyzerOptsToArgs(const AnalyzerOptions &Opts,
     Res.push_back("-analyzer-viz-egraph-graphviz");
   if (Opts.VisualizeEGDot)
     Res.push_back("-analyzer-viz-egraph-ubigraph");
-  if (Opts.BufferOverflows)
-    Res.push_back("-analyzer-check-buffer-overflows");
 
   for (unsigned i = 0, e = Opts.CheckersControlList.size(); i != e; ++i) {
     const std::pair<std::string, bool> &opt = Opts.CheckersControlList[i];
@@ -875,7 +873,6 @@ static void ParseAnalyzerArgs(AnalyzerOptions &Opts, ArgList &Args,
   Opts.MaxLoop = Args.getLastArgIntValue(OPT_analyzer_max_loop, 4, Diags);
   Opts.EagerlyTrimEGraph = !Args.hasArg(OPT_analyzer_no_eagerly_trim_egraph);
   Opts.InlineCall = Args.hasArg(OPT_analyzer_inline_call);
-  Opts.BufferOverflows = Args.hasArg(OPT_analysis_WarnBufferOverflows);
 
   Opts.CheckersControlList.clear();
   for (arg_iterator it = Args.filtered_begin(OPT_analyzer_checker,

clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp

@@ -12,9 +12,11 @@
 //
 //===----------------------------------------------------------------------===//
 
-#include "InternalChecks.h"
+#include "ClangSACheckers.h"
+#include "clang/StaticAnalyzer/Core/CheckerV2.h"
+#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
-#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerVisitor.h"
 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
 #include "clang/AST/CharUnits.h"
 
@@ -23,18 +25,16 @@ using namespace ento;
 
 namespace {
 class ArrayBoundCheckerV2 : 
-    public CheckerVisitor<ArrayBoundCheckerV2> {      
-  BuiltinBug *BT;
+    public CheckerV2<check::Location> {
+  mutable llvm::OwningPtr<BuiltinBug> BT;
       
   enum OOB_Kind { OOB_Precedes, OOB_Excedes };
   
   void reportOOB(CheckerContext &C, const GRState *errorState,
-                 OOB_Kind kind);
+                 OOB_Kind kind) const;
       
 public:
-  ArrayBoundCheckerV2() : BT(0) {}
-  static void *getTag() { static int x = 0; return &x; }
-  void visitLocation(CheckerContext &C, const Stmt *S, SVal l, bool isLoad);
+  void checkLocation(SVal l, bool isLoad, CheckerContext &C) const;
 };
 
 // FIXME: Eventually replace RegionRawOffset with this class.
@@ -62,13 +62,8 @@ public:
 };
 }
 
-void ento::RegisterArrayBoundCheckerV2(ExprEngine &Eng) {
-  Eng.registerCheck(new ArrayBoundCheckerV2());
-}
-
-void ArrayBoundCheckerV2::visitLocation(CheckerContext &checkerContext,
-                                        const Stmt *S,
-                                        SVal location, bool isLoad) {
+void ArrayBoundCheckerV2::checkLocation(SVal location, bool isLoad,
+                                        CheckerContext &checkerContext) const {
 
   // NOTE: Instead of using GRState::assumeInBound(), we are prototyping
   // some new logic here that reasons directly about memory region extents.
@@ -153,14 +148,14 @@ void ArrayBoundCheckerV2::visitLocation(CheckerContext &checkerContext,
 
 void ArrayBoundCheckerV2::reportOOB(CheckerContext &checkerContext,
                                     const GRState *errorState,
-                                    OOB_Kind kind) {
+                                    OOB_Kind kind) const {
   
   ExplodedNode *errorNode = checkerContext.generateSink(errorState);
   if (!errorNode)
     return;
 
   if (!BT)
-    BT = new BuiltinBug("Out-of-bound access");
+    BT.reset(new BuiltinBug("Out-of-bound access"));
 
   // FIXME: This diagnostics are preliminary.  We should get far better
   // diagnostics for explaining buffer overruns.
@@ -274,4 +269,6 @@ RegionRawOffsetV2 RegionRawOffsetV2::computeOffset(const GRState *state,
 }
 
 
-
+void ento::registerArrayBoundCheckerV2(CheckerManager &mgr) {
+  mgr.registerChecker<ArrayBoundCheckerV2>();
+}

clang/lib/StaticAnalyzer/Checkers/Checkers.td

@@ -134,6 +134,12 @@ def AnalyzerStatsChecker : Checker<"Stats">,
 
 let Group = AllExperimental in {
 
+def ArrayBoundCheckerV2 : Checker<"Overflow">,
+  InPackage<CoreExperimental>,
+  HelpText<"Warn about buffer overflows">,
+  DescFile<"ArrayBoundCheckerV2.cpp">,
+  Hidden; // Must be specified explicitly in order to run.
+
 def MallocChecker : Checker<"Malloc">,
   InPackage<CoreExperimental>,
   HelpText<"Check for potential memory leaks, double free, and use-after-free problems">,

clang/lib/StaticAnalyzer/Checkers/InternalChecks.h

@@ -23,7 +23,6 @@ class ExprEngine;
 
 // Foundational checks that handle basic semantics.
 void RegisterAdjustedReturnValueChecker(ExprEngine &Eng);
-void RegisterArrayBoundCheckerV2(ExprEngine &Eng);
 void RegisterAttrNonNullChecker(ExprEngine &Eng);
 void RegisterBuiltinFunctionChecker(ExprEngine &Eng);
 void RegisterCallAndMessageChecker(ExprEngine &Eng);

clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp

@@ -31,7 +31,6 @@
 #include "clang/StaticAnalyzer/Core/PathDiagnosticClients.h"
 
 // FIXME: Restructure checker registration.
-#include "../Checkers/InternalChecks.h"
 #include "../Checkers/BasicObjCFoundationChecks.h"
 
 #include "clang/Basic/FileManager.h"
@@ -340,9 +339,6 @@ static void ActionExprEngine(AnalysisConsumer &C, AnalysisManager& mgr,
 
   RegisterNSErrorChecks(Eng.getBugReporter(), Eng, *D);
 
-  if (C.Opts.BufferOverflows)
-    RegisterArrayBoundCheckerV2(Eng);
-
   // Set the graph auditor.
   llvm::OwningPtr<ExplodedNode::Auditor> Auditor;
   if (mgr.shouldVisualizeUbigraph()) {

clang/test/Analysis/out-of-bounds.c

@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify %s
+// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-check-objc-mem -analyzer-checker=core.experimental.Overflow -verify %s
 
 // Tests doing an out-of-bounds access after the end of an array using:
 // - constant integer index