xref: /src/contrib/llvm-project/clang/lib/StaticAnalyzer/Checkers/STLAlgorithmModeling.cpp (revision 0fca6ea1d4eea4c934cfff25ac9ee8ad6fe95583) 
1ac9a064cSDimitry Andric //===-- STLAlgorithmModeling.cpp ----------------------------------*- C++ -*--//
2cfca06d7SDimitry Andric //
3cfca06d7SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4cfca06d7SDimitry Andric // See https://llvm.org/LICENSE.txt for license information.
5cfca06d7SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6cfca06d7SDimitry Andric //
7cfca06d7SDimitry Andric //===----------------------------------------------------------------------===//
8cfca06d7SDimitry Andric //
9cfca06d7SDimitry Andric // Models STL algorithms.
10cfca06d7SDimitry Andric //
11cfca06d7SDimitry Andric //===----------------------------------------------------------------------===//
12cfca06d7SDimitry Andric 
13cfca06d7SDimitry Andric #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
14cfca06d7SDimitry Andric #include "clang/StaticAnalyzer/Core/Checker.h"
15c0981da4SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"
16cfca06d7SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
17cfca06d7SDimitry Andric #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
18cfca06d7SDimitry Andric 
19cfca06d7SDimitry Andric #include "Iterator.h"
20cfca06d7SDimitry Andric 
21cfca06d7SDimitry Andric using namespace clang;
22cfca06d7SDimitry Andric using namespace ento;
23cfca06d7SDimitry Andric using namespace iterator;
24cfca06d7SDimitry Andric 
25cfca06d7SDimitry Andric namespace {
26cfca06d7SDimitry Andric 
27cfca06d7SDimitry Andric class STLAlgorithmModeling : public Checker<eval::Call> {
28cfca06d7SDimitry Andric   bool evalFind(CheckerContext &C, const CallExpr *CE) const;
29cfca06d7SDimitry Andric 
30cfca06d7SDimitry Andric   void Find(CheckerContext &C, const CallExpr *CE, unsigned paramNum) const;
31cfca06d7SDimitry Andric 
32cfca06d7SDimitry Andric   using FnCheck = bool (STLAlgorithmModeling::*)(CheckerContext &,
33cfca06d7SDimitry Andric                                                 const CallExpr *) const;
34cfca06d7SDimitry Andric 
35cfca06d7SDimitry Andric   const CallDescriptionMap<FnCheck> Callbacks = {
36ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find"}, 3}, &STLAlgorithmModeling::evalFind},
37ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find"}, 4}, &STLAlgorithmModeling::evalFind},
38ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_if"}, 3},
39ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
40ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_if"}, 4},
41ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
42ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_if_not"}, 3},
43ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
44ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_if_not"}, 4},
45ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
46ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_first_of"}, 4},
47ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
48ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_first_of"}, 5},
49ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
50ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_first_of"}, 6},
51ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
52ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_end"}, 4},
53ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
54ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_end"}, 5},
55ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
56ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "find_end"}, 6},
57ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
58ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "lower_bound"}, 3},
59ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
60ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "lower_bound"}, 4},
61ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
62ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "upper_bound"}, 3},
63ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
64ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "upper_bound"}, 4},
65ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
66ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search"}, 3},
67ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
68ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search"}, 4},
69ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
70ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search"}, 5},
71ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
72ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search"}, 6},
73ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
74ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search_n"}, 4},
75ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
76ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search_n"}, 5},
77ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
78ac9a064cSDimitry Andric       {{CDM::SimpleFunc, {"std", "search_n"}, 6},
79ac9a064cSDimitry Andric        &STLAlgorithmModeling::evalFind},
80cfca06d7SDimitry Andric   };
81cfca06d7SDimitry Andric 
82cfca06d7SDimitry Andric public:
83cfca06d7SDimitry Andric   STLAlgorithmModeling() = default;
84cfca06d7SDimitry Andric 
857fa27ce4SDimitry Andric   bool AggressiveStdFindModeling = false;
86cfca06d7SDimitry Andric 
87cfca06d7SDimitry Andric   bool evalCall(const CallEvent &Call, CheckerContext &C) const;
88cfca06d7SDimitry Andric }; //
89cfca06d7SDimitry Andric 
evalCall(const CallEvent & Call,CheckerContext & C) const90cfca06d7SDimitry Andric bool STLAlgorithmModeling::evalCall(const CallEvent &Call,
91cfca06d7SDimitry Andric                                     CheckerContext &C) const {
92cfca06d7SDimitry Andric   const auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
93cfca06d7SDimitry Andric   if (!CE)
94cfca06d7SDimitry Andric     return false;
95cfca06d7SDimitry Andric 
96cfca06d7SDimitry Andric   const FnCheck *Handler = Callbacks.lookup(Call);
97cfca06d7SDimitry Andric   if (!Handler)
98cfca06d7SDimitry Andric     return false;
99cfca06d7SDimitry Andric 
100cfca06d7SDimitry Andric   return (this->**Handler)(C, CE);
101cfca06d7SDimitry Andric }
102cfca06d7SDimitry Andric 
evalFind(CheckerContext & C,const CallExpr * CE) const103cfca06d7SDimitry Andric bool STLAlgorithmModeling::evalFind(CheckerContext &C,
104cfca06d7SDimitry Andric                                     const CallExpr *CE) const {
105cfca06d7SDimitry Andric   // std::find()-like functions either take their primary range in the first
106cfca06d7SDimitry Andric   // two parameters, or if the first parameter is "execution policy" then in
107cfca06d7SDimitry Andric   // the second and third. This means that the second parameter must always be
108cfca06d7SDimitry Andric   // an iterator.
109cfca06d7SDimitry Andric   if (!isIteratorType(CE->getArg(1)->getType()))
110cfca06d7SDimitry Andric     return false;
111cfca06d7SDimitry Andric 
112cfca06d7SDimitry Andric   // If no "execution policy" parameter is used then the first argument is the
113cfca06d7SDimitry Andric   // beginning of the range.
114cfca06d7SDimitry Andric   if (isIteratorType(CE->getArg(0)->getType())) {
115cfca06d7SDimitry Andric     Find(C, CE, 0);
116cfca06d7SDimitry Andric     return true;
117cfca06d7SDimitry Andric   }
118cfca06d7SDimitry Andric 
119cfca06d7SDimitry Andric   // If "execution policy" parameter is used then the second argument is the
120cfca06d7SDimitry Andric   // beginning of the range.
121cfca06d7SDimitry Andric   if (isIteratorType(CE->getArg(2)->getType())) {
122cfca06d7SDimitry Andric     Find(C, CE, 1);
123cfca06d7SDimitry Andric     return true;
124cfca06d7SDimitry Andric   }
125cfca06d7SDimitry Andric 
126cfca06d7SDimitry Andric   return false;
127cfca06d7SDimitry Andric }
128cfca06d7SDimitry Andric 
Find(CheckerContext & C,const CallExpr * CE,unsigned paramNum) const129cfca06d7SDimitry Andric void STLAlgorithmModeling::Find(CheckerContext &C, const CallExpr *CE,
130cfca06d7SDimitry Andric                                 unsigned paramNum) const {
131cfca06d7SDimitry Andric   auto State = C.getState();
132cfca06d7SDimitry Andric   auto &SVB = C.getSValBuilder();
133cfca06d7SDimitry Andric   const auto *LCtx = C.getLocationContext();
134cfca06d7SDimitry Andric 
135cfca06d7SDimitry Andric   SVal RetVal = SVB.conjureSymbolVal(nullptr, CE, LCtx, C.blockCount());
136cfca06d7SDimitry Andric   SVal Param = State->getSVal(CE->getArg(paramNum), LCtx);
137cfca06d7SDimitry Andric 
138cfca06d7SDimitry Andric   auto StateFound = State->BindExpr(CE, LCtx, RetVal);
139cfca06d7SDimitry Andric 
140cfca06d7SDimitry Andric   // If we have an iterator position for the range-begin argument then we can
141cfca06d7SDimitry Andric   // assume that in case of successful search the position of the found element
142cfca06d7SDimitry Andric   // is not ahead of it.
143cfca06d7SDimitry Andric   // FIXME: Reverse iterators
144cfca06d7SDimitry Andric   const auto *Pos = getIteratorPosition(State, Param);
145cfca06d7SDimitry Andric   if (Pos) {
146cfca06d7SDimitry Andric     StateFound = createIteratorPosition(StateFound, RetVal, Pos->getContainer(),
147cfca06d7SDimitry Andric                                         CE, LCtx, C.blockCount());
148cfca06d7SDimitry Andric     const auto *NewPos = getIteratorPosition(StateFound, RetVal);
149cfca06d7SDimitry Andric     assert(NewPos && "Failed to create new iterator position.");
150cfca06d7SDimitry Andric 
151cfca06d7SDimitry Andric     SVal GreaterOrEqual = SVB.evalBinOp(StateFound, BO_GE,
152cfca06d7SDimitry Andric                                         nonloc::SymbolVal(NewPos->getOffset()),
153cfca06d7SDimitry Andric                                         nonloc::SymbolVal(Pos->getOffset()),
154cfca06d7SDimitry Andric                                         SVB.getConditionType());
155145449b1SDimitry Andric     assert(isa<DefinedSVal>(GreaterOrEqual) &&
156cfca06d7SDimitry Andric            "Symbol comparison must be a `DefinedSVal`");
157cfca06d7SDimitry Andric     StateFound = StateFound->assume(GreaterOrEqual.castAs<DefinedSVal>(), true);
158cfca06d7SDimitry Andric   }
159cfca06d7SDimitry Andric 
160cfca06d7SDimitry Andric   Param = State->getSVal(CE->getArg(paramNum + 1), LCtx);
161cfca06d7SDimitry Andric 
162cfca06d7SDimitry Andric   // If we have an iterator position for the range-end argument then we can
163cfca06d7SDimitry Andric   // assume that in case of successful search the position of the found element
164cfca06d7SDimitry Andric   // is ahead of it.
165cfca06d7SDimitry Andric   // FIXME: Reverse iterators
166cfca06d7SDimitry Andric   Pos = getIteratorPosition(State, Param);
167cfca06d7SDimitry Andric   if (Pos) {
168cfca06d7SDimitry Andric     StateFound = createIteratorPosition(StateFound, RetVal, Pos->getContainer(),
169cfca06d7SDimitry Andric                                         CE, LCtx, C.blockCount());
170cfca06d7SDimitry Andric     const auto *NewPos = getIteratorPosition(StateFound, RetVal);
171cfca06d7SDimitry Andric     assert(NewPos && "Failed to create new iterator position.");
172cfca06d7SDimitry Andric 
173cfca06d7SDimitry Andric     SVal Less = SVB.evalBinOp(StateFound, BO_LT,
174cfca06d7SDimitry Andric                               nonloc::SymbolVal(NewPos->getOffset()),
175cfca06d7SDimitry Andric                               nonloc::SymbolVal(Pos->getOffset()),
176cfca06d7SDimitry Andric                               SVB.getConditionType());
177145449b1SDimitry Andric     assert(isa<DefinedSVal>(Less) &&
178cfca06d7SDimitry Andric            "Symbol comparison must be a `DefinedSVal`");
179cfca06d7SDimitry Andric     StateFound = StateFound->assume(Less.castAs<DefinedSVal>(), true);
180cfca06d7SDimitry Andric   }
181cfca06d7SDimitry Andric 
182cfca06d7SDimitry Andric   C.addTransition(StateFound);
183cfca06d7SDimitry Andric 
184cfca06d7SDimitry Andric   if (AggressiveStdFindModeling) {
185cfca06d7SDimitry Andric     auto StateNotFound = State->BindExpr(CE, LCtx, Param);
186cfca06d7SDimitry Andric     C.addTransition(StateNotFound);
187cfca06d7SDimitry Andric   }
188cfca06d7SDimitry Andric }
189cfca06d7SDimitry Andric 
190cfca06d7SDimitry Andric } // namespace
191cfca06d7SDimitry Andric 
registerSTLAlgorithmModeling(CheckerManager & Mgr)192cfca06d7SDimitry Andric void ento::registerSTLAlgorithmModeling(CheckerManager &Mgr) {
193cfca06d7SDimitry Andric   auto *Checker = Mgr.registerChecker<STLAlgorithmModeling>();
194cfca06d7SDimitry Andric   Checker->AggressiveStdFindModeling =
195cfca06d7SDimitry Andric       Mgr.getAnalyzerOptions().getCheckerBooleanOption(Checker,
196cfca06d7SDimitry Andric                                                   "AggressiveStdFindModeling");
197cfca06d7SDimitry Andric }
198cfca06d7SDimitry Andric 
shouldRegisterSTLAlgorithmModeling(const CheckerManager & mgr)199cfca06d7SDimitry Andric bool ento::shouldRegisterSTLAlgorithmModeling(const CheckerManager &mgr) {
200cfca06d7SDimitry Andric   return true;
201cfca06d7SDimitry Andric }
202cfca06d7SDimitry Andric 
203