1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
|
//== IdenticalExprChecker.cpp - Identical expression checker----------------==//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
///
/// \file
/// \brief This defines IdenticalExprChecker, a check that warns about
/// unintended use of identical expressions.
///
/// It checks for use of identical expressions with comparison operators.
///
//===----------------------------------------------------------------------===//
#include "ClangSACheckers.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/AST/RecursiveASTVisitor.h"
using namespace clang;
using namespace ento;
static bool isIdenticalExpr(const ASTContext &Ctx, const Expr *Expr1,
const Expr *Expr2);
//===----------------------------------------------------------------------===//
// FindIdenticalExprVisitor - Identify nodes using identical expressions.
//===----------------------------------------------------------------------===//
namespace {
class FindIdenticalExprVisitor
: public RecursiveASTVisitor<FindIdenticalExprVisitor> {
public:
explicit FindIdenticalExprVisitor(BugReporter &B, AnalysisDeclContext *A)
: BR(B), AC(A) {}
// FindIdenticalExprVisitor only visits nodes
// that are binary operators.
bool VisitBinaryOperator(const BinaryOperator *B);
private:
BugReporter &BR;
AnalysisDeclContext *AC;
};
} // end anonymous namespace
bool FindIdenticalExprVisitor::VisitBinaryOperator(const BinaryOperator *B) {
BinaryOperator::Opcode Op = B->getOpcode();
if (!BinaryOperator::isComparisonOp(Op))
return true;
//
// Special case for floating-point representation.
//
// If expressions on both sides of comparison operator are of type float,
// then for some comparison operators no warning shall be
// reported even if the expressions are identical from a symbolic point of
// view. Comparison between expressions, declared variables and literals
// are treated differently.
//
// != and == between float literals that have the same value should NOT warn.
// < > between float literals that have the same value SHOULD warn.
//
// != and == between the same float declaration should NOT warn.
// < > between the same float declaration SHOULD warn.
//
// != and == between eq. expressions that evaluates into float
// should NOT warn.
// < > between eq. expressions that evaluates into float
// should NOT warn.
//
const Expr *LHS = B->getLHS()->IgnoreParenImpCasts();
const Expr *RHS = B->getRHS()->IgnoreParenImpCasts();
const DeclRefExpr *DeclRef1 = dyn_cast<DeclRefExpr>(LHS);
const DeclRefExpr *DeclRef2 = dyn_cast<DeclRefExpr>(RHS);
const FloatingLiteral *FloatLit1 = dyn_cast<FloatingLiteral>(LHS);
const FloatingLiteral *FloatLit2 = dyn_cast<FloatingLiteral>(RHS);
if ((DeclRef1) && (DeclRef2)) {
if ((DeclRef1->getType()->hasFloatingRepresentation()) &&
(DeclRef2->getType()->hasFloatingRepresentation())) {
if (DeclRef1->getDecl() == DeclRef2->getDecl()) {
if ((Op == BO_EQ) || (Op == BO_NE)) {
return true;
}
}
}
} else if ((FloatLit1) && (FloatLit2)) {
if (FloatLit1->getValue().bitwiseIsEqual(FloatLit2->getValue())) {
if ((Op == BO_EQ) || (Op == BO_NE)) {
return true;
}
}
} else if (LHS->getType()->hasFloatingRepresentation()) {
// If any side of comparison operator still has floating-point
// representation, then it's an expression. Don't warn.
// Here only LHS is checked since RHS will be implicit casted to float.
return true;
} else {
// No special case with floating-point representation, report as usual.
}
if (isIdenticalExpr(AC->getASTContext(), B->getLHS(), B->getRHS())) {
PathDiagnosticLocation ELoc =
PathDiagnosticLocation::createOperatorLoc(B, BR.getSourceManager());
StringRef Message;
if (((Op == BO_EQ) || (Op == BO_LE) || (Op == BO_GE)))
Message = "comparison of identical expressions always evaluates to true";
else
Message = "comparison of identical expressions always evaluates to false";
BR.EmitBasicReport(AC->getDecl(), "Compare of identical expressions",
categories::LogicError, Message, ELoc);
}
// We want to visit ALL nodes (subexpressions of binary comparison
// expressions too) that contains comparison operators.
// True is always returned to traverse ALL nodes.
return true;
}
/// \brief Determines whether two expression trees are identical regarding
/// operators and symbols.
///
/// Exceptions: expressions containing macros or functions with possible side
/// effects are never considered identical.
/// Limitations: (t + u) and (u + t) are not considered identical.
/// t*(u + t) and t*u + t*t are not considered identical.
///
static bool isIdenticalExpr(const ASTContext &Ctx, const Expr *Expr1,
const Expr *Expr2) {
// If Expr1 & Expr2 are of different class then they are not
// identical expression.
if (Expr1->getStmtClass() != Expr2->getStmtClass())
return false;
// If Expr1 has side effects then don't warn even if expressions
// are identical.
if (Expr1->HasSideEffects(Ctx))
return false;
// Is expression is based on macro then don't warn even if
// the expressions are identical.
if ((Expr1->getExprLoc().isMacroID()) || (Expr2->getExprLoc().isMacroID()))
return false;
// If all children of two expressions are identical, return true.
Expr::const_child_iterator I1 = Expr1->child_begin();
Expr::const_child_iterator I2 = Expr2->child_begin();
while (I1 != Expr1->child_end() && I2 != Expr2->child_end()) {
const Expr *Child1 = dyn_cast<Expr>(*I1);
const Expr *Child2 = dyn_cast<Expr>(*I2);
if (!Child1 || !Child2 || !isIdenticalExpr(Ctx, Child1, Child2))
return false;
++I1;
++I2;
}
// If there are different number of children in the expressions, return false.
// (TODO: check if this is a redundant condition.)
if (I1 != Expr1->child_end())
return false;
if (I2 != Expr2->child_end())
return false;
switch (Expr1->getStmtClass()) {
default:
return false;
case Stmt::ArraySubscriptExprClass:
case Stmt::CStyleCastExprClass:
case Stmt::ImplicitCastExprClass:
case Stmt::ParenExprClass:
return true;
case Stmt::BinaryOperatorClass: {
const BinaryOperator *BinOp1 = dyn_cast<BinaryOperator>(Expr1);
const BinaryOperator *BinOp2 = dyn_cast<BinaryOperator>(Expr2);
return BinOp1->getOpcode() == BinOp2->getOpcode();
}
case Stmt::CharacterLiteralClass: {
const CharacterLiteral *CharLit1 = dyn_cast<CharacterLiteral>(Expr1);
const CharacterLiteral *CharLit2 = dyn_cast<CharacterLiteral>(Expr2);
return CharLit1->getValue() == CharLit2->getValue();
}
case Stmt::DeclRefExprClass: {
const DeclRefExpr *DeclRef1 = dyn_cast<DeclRefExpr>(Expr1);
const DeclRefExpr *DeclRef2 = dyn_cast<DeclRefExpr>(Expr2);
return DeclRef1->getDecl() == DeclRef2->getDecl();
}
case Stmt::IntegerLiteralClass: {
const IntegerLiteral *IntLit1 = dyn_cast<IntegerLiteral>(Expr1);
const IntegerLiteral *IntLit2 = dyn_cast<IntegerLiteral>(Expr2);
return IntLit1->getValue() == IntLit2->getValue();
}
case Stmt::FloatingLiteralClass: {
const FloatingLiteral *FloatLit1 = dyn_cast<FloatingLiteral>(Expr1);
const FloatingLiteral *FloatLit2 = dyn_cast<FloatingLiteral>(Expr2);
return FloatLit1->getValue().bitwiseIsEqual(FloatLit2->getValue());
}
case Stmt::MemberExprClass: {
const MemberExpr *MemberExpr1 = dyn_cast<MemberExpr>(Expr1);
const MemberExpr *MemberExpr2 = dyn_cast<MemberExpr>(Expr2);
return MemberExpr1->getMemberDecl() == MemberExpr2->getMemberDecl();
}
case Stmt::UnaryOperatorClass: {
const UnaryOperator *UnaryOp1 = dyn_cast<UnaryOperator>(Expr1);
const UnaryOperator *UnaryOp2 = dyn_cast<UnaryOperator>(Expr2);
if (UnaryOp1->getOpcode() != UnaryOp2->getOpcode())
return false;
return !UnaryOp1->isIncrementDecrementOp();
}
}
}
//===----------------------------------------------------------------------===//
// FindIdenticalExprChecker
//===----------------------------------------------------------------------===//
namespace {
class FindIdenticalExprChecker : public Checker<check::ASTCodeBody> {
public:
void checkASTCodeBody(const Decl *D, AnalysisManager &Mgr,
BugReporter &BR) const {
FindIdenticalExprVisitor Visitor(BR, Mgr.getAnalysisDeclContext(D));
Visitor.TraverseDecl(const_cast<Decl *>(D));
}
};
} // end anonymous namespace
void ento::registerIdenticalExprChecker(CheckerManager &Mgr) {
Mgr.registerChecker<FindIdenticalExprChecker>();
}
|