1 //==- NonnullGlobalConstantsChecker.cpp ---------------------------*- C++ -*--//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This checker adds an assumption that constant globals of certain types* are
11 // non-null, as otherwise they generally do not convey any useful information.
12 // The assumption is useful, as many framework use e. g. global const strings,
13 // and the analyzer might not be able to infer the global value if the
14 // definition is in a separate translation unit.
15 // The following types (and their typedef aliases) are considered to be
18 // - `const CFStringRef` from CoreFoundation
19 // - `NSString* const` from Foundation
20 // - `CFBooleanRef` from Foundation
22 //===----------------------------------------------------------------------===//
24 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
25 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
26 #include "clang/StaticAnalyzer/Core/Checker.h"
27 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
28 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
29 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
31 using namespace clang;
36 class NonnullGlobalConstantsChecker : public Checker<check::Location> {
37 mutable IdentifierInfo *NSStringII = nullptr;
38 mutable IdentifierInfo *CFStringRefII = nullptr;
39 mutable IdentifierInfo *CFBooleanRefII = nullptr;
42 NonnullGlobalConstantsChecker() {}
44 void checkLocation(SVal l, bool isLoad, const Stmt *S,
45 CheckerContext &C) const;
48 void initIdentifierInfo(ASTContext &Ctx) const;
50 bool isGlobalConstString(SVal V) const;
52 bool isNonnullType(QualType Ty) const;
57 /// Lazily initialize cache for required identifier information.
58 void NonnullGlobalConstantsChecker::initIdentifierInfo(ASTContext &Ctx) const {
62 NSStringII = &Ctx.Idents.get("NSString");
63 CFStringRefII = &Ctx.Idents.get("CFStringRef");
64 CFBooleanRefII = &Ctx.Idents.get("CFBooleanRef");
67 /// Add an assumption that const string-like globals are non-null.
68 void NonnullGlobalConstantsChecker::checkLocation(SVal location, bool isLoad,
70 CheckerContext &C) const {
71 initIdentifierInfo(C.getASTContext());
72 if (!isLoad || !location.isValid())
75 ProgramStateRef State = C.getState();
77 if (isGlobalConstString(location)) {
78 SVal V = State->getSVal(location.castAs<Loc>());
79 Optional<DefinedOrUnknownSVal> Constr = V.getAs<DefinedOrUnknownSVal>();
83 // Assume that the variable is non-null.
84 ProgramStateRef OutputState = State->assume(*Constr, true);
85 C.addTransition(OutputState);
90 /// \param V loaded lvalue.
91 /// \return whether {@code val} is a string-like const global.
92 bool NonnullGlobalConstantsChecker::isGlobalConstString(SVal V) const {
93 Optional<loc::MemRegionVal> RegionVal = V.getAs<loc::MemRegionVal>();
96 auto *Region = dyn_cast<VarRegion>(RegionVal->getAsRegion());
99 const VarDecl *Decl = Region->getDecl();
101 if (!Decl->hasGlobalStorage())
104 QualType Ty = Decl->getType();
105 bool HasConst = Ty.isConstQualified();
106 if (isNonnullType(Ty) && HasConst)
109 // Look through the typedefs.
110 while (auto *T = dyn_cast<TypedefType>(Ty)) {
111 Ty = T->getDecl()->getUnderlyingType();
113 // It is sufficient for any intermediate typedef
114 // to be classified const.
115 HasConst = HasConst || Ty.isConstQualified();
116 if (isNonnullType(Ty) && HasConst)
122 /// \return whether {@code type} is extremely unlikely to be null
123 bool NonnullGlobalConstantsChecker::isNonnullType(QualType Ty) const {
125 if (Ty->isPointerType() && Ty->getPointeeType()->isCharType())
128 if (auto *T = dyn_cast<ObjCObjectPointerType>(Ty)) {
129 return T->getInterfaceDecl() &&
130 T->getInterfaceDecl()->getIdentifier() == NSStringII;
131 } else if (auto *T = dyn_cast<TypedefType>(Ty)) {
132 IdentifierInfo* II = T->getDecl()->getIdentifier();
133 return II == CFStringRefII || II == CFBooleanRefII;
138 void ento::registerNonnullGlobalConstantsChecker(CheckerManager &Mgr) {
139 Mgr.registerChecker<NonnullGlobalConstantsChecker>();