diff options
| author | Ted Kremenek <kremenek@apple.com> | 2008-07-31 20:31:27 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2008-07-31 20:31:27 +0000 |
| commit | a7045d663d69304699ee4c56f3516ea8c90dfc44 (patch) | |
| tree | 576bf28374780fd4ce37dc18288253dbb38eedc9 /clang/lib/Analysis | |
| parent | 962178e77e37fdae7693f01953605e4ef37421be (diff) | |
| download | bcm5719-llvm-a7045d663d69304699ee4c56f3516ea8c90dfc44.tar.gz bcm5719-llvm-a7045d663d69304699ee4c56f3516ea8c90dfc44.zip | |
Enhanced path-sensitive return-of-stack-address check to print out the name of the variable whose address was returned.
llvm-svn: 54253
Diffstat (limited to 'clang/lib/Analysis')
| -rw-r--r-- | clang/lib/Analysis/GRExprEngineInternalChecks.cpp | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/clang/lib/Analysis/GRExprEngineInternalChecks.cpp b/clang/lib/Analysis/GRExprEngineInternalChecks.cpp index 853c6544e83..05c44001266 100644 --- a/clang/lib/Analysis/GRExprEngineInternalChecks.cpp +++ b/clang/lib/Analysis/GRExprEngineInternalChecks.cpp @@ -15,7 +15,7 @@ #include "clang/Analysis/PathSensitive/BugReporter.h" #include "clang/Analysis/PathSensitive/GRExprEngine.h" #include "llvm/Support/Compiler.h" - +#include <sstream> using namespace clang; @@ -42,9 +42,12 @@ class VISIBILITY_HIDDEN BuiltinBug : public BugTypeCacheLocation { const char* name; const char* desc; public: - BuiltinBug(const char* n, const char* d) : name(n), desc(d) {} + BuiltinBug(const char* n, const char* d = 0) : name(n), desc(d) {} virtual const char* getName() const { return name; } - virtual const char* getDescription() const { return desc; } + virtual const char* getDescription() const { + return desc ? desc : name; + } + virtual void EmitBuiltinWarnings(BugReporter& BR, GRExprEngine& Eng) = 0; virtual void EmitWarnings(BugReporter& BR) { EmitBuiltinWarnings(BR, cast<GRBugReporter>(BR).getEngine()); @@ -177,20 +180,29 @@ public: class VISIBILITY_HIDDEN RetStack : public BuiltinBug { public: - RetStack() : BuiltinBug("return of stack address", - "Address of stack-allocated variable returned.") {} + RetStack() : BuiltinBug("return of stack address") {} virtual void EmitBuiltinWarnings(BugReporter& BR, GRExprEngine& Eng) { for (GRExprEngine::ret_stackaddr_iterator I=Eng.ret_stackaddr_begin(), End = Eng.ret_stackaddr_end(); I!=End; ++I) { - - // Generate a report for this bug. - RangedBugReport report(*this, *I); - + ExplodedNode<ValueState>* N = *I; Stmt *S = cast<PostStmt>(N->getLocation()).getStmt(); Expr* E = cast<ReturnStmt>(S)->getRetValue(); assert (E && "Return expression cannot be NULL"); + + // Get the value associated with E. + lval::DeclVal V = + cast<lval::DeclVal>(Eng.getStateManager().GetRVal(N->getState(), E)); + + // Generate a report for this bug. + std::ostringstream os; + os << "Address of stack memory associated with local variable '" + << V.getDecl()->getName() << "' returned."; + + std::string s = os.str(); + + RangedBugReport report(*this, N, s.c_str()); report.addRange(E->getSourceRange()); // Emit the warning. |
