[analyzer] Add taint awareness to DivZeroChecker.

llvm-svn: 148566
author: Anna Zaks <ganna@apple.com> 2012-01-20 20:28:31 +0000
committer: Anna Zaks <ganna@apple.com> 2012-01-20 20:28:31 +0000
commit: 8298af85a6da7b7b583b549eaa6ca1d16d2d34ec (patch)
tree: 49f6908f887f86d2eb8282a80137cf80a054fc44 /clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
parent: 91f5a3f253a3d7282923e690cc47cbc8710a7928 (diff)
download: bcm5719-llvm-8298af85a6da7b7b583b549eaa6ca1d16d2d34ec.tar.gz
bcm5719-llvm-8298af85a6da7b7b583b549eaa6ca1d16d2d34ec.zip
1 files changed, 26 insertions, 11 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
index 12fd6f4e76d..b9ed384e0aa 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
@@ -24,11 +24,31 @@ using namespace ento;
 namespace {
 class DivZeroChecker : public Checker< check::PreStmt<BinaryOperator> > {
   mutable llvm::OwningPtr<BuiltinBug> BT;
+  void reportBug(const char *Msg,
+                 const ProgramState *StateZero,
+                 CheckerContext &C) const ;
 public:
   void checkPreStmt(const BinaryOperator *B, CheckerContext &C) const;
 };  
 } // end anonymous namespace
 
+void DivZeroChecker::reportBug(const char *Msg,
+                               const ProgramState *StateZero,
+                               CheckerContext &C) const {
+  if (ExplodedNode *N = C.generateSink(StateZero)) {
+    if (!BT)
+      BT.reset(new BuiltinBug(Msg));
+
+    BugReport *R =
+      new BugReport(*BT, BT->getDescription(), N);
+
+    R->addVisitor(bugreporter::getTrackNullOrUndefValueVisitor(N,
+                                 bugreporter::GetDenomExpr(N)));
+
+    C.EmitReport(R);
+  }
+}
+
 void DivZeroChecker::checkPreStmt(const BinaryOperator *B,
                                   CheckerContext &C) const {
   BinaryOperator::Opcode Op = B->getOpcode();
@@ -57,18 +77,13 @@ void DivZeroChecker::checkPreStmt(const BinaryOperator *B,
 
   if (!stateNotZero) {
     assert(stateZero);
-    if (ExplodedNode *N = C.generateSink(stateZero)) {
-      if (!BT)
-        BT.reset(new BuiltinBug("Division by zero"));
-
-      BugReport *R = 
-        new BugReport(*BT, BT->getDescription(), N);
-
-      R->addVisitor(bugreporter::getTrackNullOrUndefValueVisitor(N,
-                                   bugreporter::GetDenomExpr(N)));
+    reportBug("Division by zero", stateZero, C);
+    return;
+  }
 
-      C.EmitReport(R);
-    }
+  bool TaintedD = C.getState()->isTainted(*DV);
+  if ((stateNotZero && stateZero && TaintedD)) {
+    reportBug("Division by a tainted value, possibly zero", stateZero, C);
     return;
   }
author	Anna Zaks <ganna@apple.com>	2012-01-20 20:28:31 +0000
committer	Anna Zaks <ganna@apple.com>	2012-01-20 20:28:31 +0000
commit	8298af85a6da7b7b583b549eaa6ca1d16d2d34ec (patch)
tree	49f6908f887f86d2eb8282a80137cf80a054fc44 /clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
parent	91f5a3f253a3d7282923e690cc47cbc8710a7928 (diff)
download	bcm5719-llvm-8298af85a6da7b7b583b549eaa6ca1d16d2d34ec.tar.gz bcm5719-llvm-8298af85a6da7b7b583b549eaa6ca1d16d2d34ec.zip