[cfe-commits] r86523 - in /cfe/trunk: include/clang/Analysis/PathSensitive/SVals.h lib/Analysis/FixedAddressChecker.cpp lib/Analysis/GRExprEngineInternalChecks.cpp lib/Analysis/GRExprEngineInternalChecks.h lib/Analysis/SVals.cpp test/Analysis/ptr-arith.c

Ted Kremenek kremenek at apple.com
Mon Nov 9 17:55:44 CST 2009


Hi Zhongxing,

Very nice  I vaguely recall we use to do this check, albeit not as  
directly.  How do we want to handle cases like PR 5272 (http://llvm.org/bugs/show_bug.cgi?id=5272 
)?  Using hardcoded addresses is fine in certain circumstances.

On Nov 8, 2009, at 10:52 PM, Zhongxing Xu wrote:

> Author: zhongxingxu
> Date: Mon Nov  9 00:52:44 2009
> New Revision: 86523
>
> URL: http://llvm.org/viewvc/llvm-project?rev=86523&view=rev
> Log:
> Add checker for CWE-587: Assignment of a Fixed Address to a Pointer.
>
> Added:
>    cfe/trunk/lib/Analysis/FixedAddressChecker.cpp
> Modified:
>    cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
>    cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
>    cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h
>    cfe/trunk/lib/Analysis/SVals.cpp
>    cfe/trunk/test/Analysis/ptr-arith.c
>
> Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=86523&r1=86522&r2=86523&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original)
> +++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Mon Nov   
> 9 00:52:44 2009
> @@ -96,6 +96,8 @@
>     return getRawKind() > UnknownKind;
>   }
>
> +  bool isConstant() const;
> +
>   bool isZeroConstant() const;
>
>   /// hasConjuredSymbol - If this SVal wraps a conjured symbol,  
> return true;
>
> Added: cfe/trunk/lib/Analysis/FixedAddressChecker.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/FixedAddressChecker.cpp?rev=86523&view=auto
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/FixedAddressChecker.cpp (added)
> +++ cfe/trunk/lib/Analysis/FixedAddressChecker.cpp Mon Nov  9  
> 00:52:44 2009
> @@ -0,0 +1,69 @@
> +//=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C 
> ++ -*--===//
> +//
> +//                     The LLVM Compiler Infrastructure
> +//
> +// This file is distributed under the University of Illinois Open  
> Source
> +// License. See LICENSE.TXT for details.
> +//
> +// 
> = 
> = 
> = 
> ----------------------------------------------------------------------= 
> ==//
> +//
> +// This files defines FixedAddressChecker, a builtin checker that  
> checks for
> +// assignment of a fixed address to a pointer.
> +// This check corresponds to CWE-587.
> +//
> +// 
> = 
> = 
> = 
> ----------------------------------------------------------------------= 
> ==//
> +
> +#include "clang/Analysis/PathSensitive/CheckerVisitor.h"
> +#include "GRExprEngineInternalChecks.h"
> +
> +using namespace clang;
> +
> +namespace {
> +class VISIBILITY_HIDDEN FixedAddressChecker
> +  : public CheckerVisitor<FixedAddressChecker> {
> +  BuiltinBug *BT;
> +public:
> +  FixedAddressChecker() : BT(0) {}
> +  static void *getTag();
> +  void PreVisitBinaryOperator(CheckerContext &C, const  
> BinaryOperator *B);
> +};
> +}
> +
> +void *FixedAddressChecker::getTag() {
> +  static int x;
> +  return &x;
> +}
> +
> +void FixedAddressChecker::PreVisitBinaryOperator(CheckerContext &C,
> +                                                 const  
> BinaryOperator *B) {
> +  // Using a fixed address is not portable because that address  
> will probably
> +  // not be valid in all environments or platforms.
> +
> +  if (B->getOpcode() != BinaryOperator::Assign)
> +    return;
> +
> +  QualType T = B->getType();
> +  if (!T->isPointerType())
> +    return;
> +
> +  const GRState *state = C.getState();
> +
> +  SVal RV = state->getSVal(B->getRHS());
> +
> +  if (!RV.isConstant() || RV.isZeroConstant())
> +    return;
> +
> +  if (ExplodedNode *N = C.GenerateNode(B)) {
> +    if (!BT)
> +      BT = new BuiltinBug("Use fixed address",
> +                          "Using a fixed address is not portable  
> because that address will probably not be valid in all environments  
> or platforms.");
> +    RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription 
> ().c_str(),
> +                                             N);
> +    R->addRange(B->getRHS()->getSourceRange());
> +    C.EmitReport(R);
> +  }
> +}
> +
> +void clang::RegisterFixedAddressChecker(GRExprEngine &Eng) {
> +  Eng.registerCheck(new FixedAddressChecker());
> +}
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp?rev=86523&r1=86522&r2=86523&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp Mon Nov  9  
> 00:52:44 2009
> @@ -413,7 +413,7 @@
>   RegisterReturnStackAddressChecker(*this);
>   RegisterReturnUndefChecker(*this);
>   RegisterPointerSubChecker(*this);
> -
> +  RegisterFixedAddressChecker(*this);
>   // Note that this must be registered after  
> ReturnStackAddressChecker.
>   RegisterReturnPointerRangeChecker(*this);
> }
>
> Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h?rev=86523&r1=86522&r2=86523&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h (original)
> +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h Mon Nov  9  
> 00:52:44 2009
> @@ -24,6 +24,7 @@
> void RegisterReturnStackAddressChecker(GRExprEngine &Eng);
> void RegisterReturnUndefChecker(GRExprEngine &Eng);
> void RegisterVLASizeChecker(GRExprEngine &Eng);
> -void RegisterPointerSubChecker(GRExprEngine &Eng);
> +void RegisterPointerSubChecker(GRExprEngine &Eng);
> +void RegisterFixedAddressChecker(GRExprEngine &Eng);
> } // end clang namespace
> #endif
>
> Modified: cfe/trunk/lib/Analysis/SVals.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=86523&r1=86522&r2=86523&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/lib/Analysis/SVals.cpp (original)
> +++ cfe/trunk/lib/Analysis/SVals.cpp Mon Nov  9 00:52:44 2009
> @@ -173,6 +173,10 @@
> // Useful predicates.
> // 
> = 
> = 
> = 
> ----------------------------------------------------------------------= 
> ==//
>
> +bool SVal::isConstant() const {
> +  return isa<nonloc::ConcreteInt>(this) || isa<loc::ConcreteInt> 
> (this);
> +}
> +
> bool SVal::isZeroConstant() const {
>   if (isa<loc::ConcreteInt>(*this))
>     return cast<loc::ConcreteInt>(*this).getValue() == 0;
>
> Modified: cfe/trunk/test/Analysis/ptr-arith.c
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ptr-arith.c?rev=86523&r1=86522&r2=86523&view=diff
>
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> --- cfe/trunk/test/Analysis/ptr-arith.c (original)
> +++ cfe/trunk/test/Analysis/ptr-arith.c Mon Nov  9 00:52:44 2009
> @@ -36,3 +36,8 @@
>   int x, y;
>   int d = &y - &x; // expected-warning{{Subtraction of two pointers  
> that do not point to the same memory chunk may cause incorrect  
> result.}}
> }
> +
> +void f4() {
> +  int *p;
> +  p = (int*) 0x10000; // expected-warning{{Using a fixed address is  
> not portable because that address will probably not be valid in all  
> environments or platforms.}}
> +}
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits



More information about the cfe-commits mailing list