Hey Zhongxing, On Sun, Nov 8, 2009 at 10:52 PM, Zhongxing Xu <[email protected]> wrote: > Author: zhongxingxu > Date: Mon Nov 9 00:52:44 2009 > New Revision: 86523 > > URL: http://llvm.org/viewvc/llvm-project?rev=86523&view=rev > Log: > Add checker for CWE-587: Assignment of a Fixed Address to a Pointer. > > Added: > cfe/trunk/lib/Analysis/FixedAddressChecker.cpp
Just a reminder, when you add new .cpp files please update CMakeLists.txt to include the new file (I already added this one though). - Daniel > Modified: > cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h > cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp > cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h > cfe/trunk/lib/Analysis/SVals.cpp > cfe/trunk/test/Analysis/ptr-arith.c > > Modified: cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h?rev=86523&r1=86522&r2=86523&view=diff > > ============================================================================== > --- cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h (original) > +++ cfe/trunk/include/clang/Analysis/PathSensitive/SVals.h Mon Nov 9 > 00:52:44 2009 > @@ -96,6 +96,8 @@ > return getRawKind() > UnknownKind; > } > > + bool isConstant() const; > + > bool isZeroConstant() const; > > /// hasConjuredSymbol - If this SVal wraps a conjured symbol, return true; > > Added: cfe/trunk/lib/Analysis/FixedAddressChecker.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/FixedAddressChecker.cpp?rev=86523&view=auto > > ============================================================================== > --- cfe/trunk/lib/Analysis/FixedAddressChecker.cpp (added) > +++ cfe/trunk/lib/Analysis/FixedAddressChecker.cpp Mon Nov 9 00:52:44 2009 > @@ -0,0 +1,69 @@ > +//=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C++ > -*--===// > +// > +// The LLVM Compiler Infrastructure > +// > +// This file is distributed under the University of Illinois Open Source > +// License. See LICENSE.TXT for details. > +// > +//===----------------------------------------------------------------------===// > +// > +// This files defines FixedAddressChecker, a builtin checker that checks for > +// assignment of a fixed address to a pointer. > +// This check corresponds to CWE-587. > +// > +//===----------------------------------------------------------------------===// > + > +#include "clang/Analysis/PathSensitive/CheckerVisitor.h" > +#include "GRExprEngineInternalChecks.h" > + > +using namespace clang; > + > +namespace { > +class VISIBILITY_HIDDEN FixedAddressChecker > + : public CheckerVisitor<FixedAddressChecker> { > + BuiltinBug *BT; > +public: > + FixedAddressChecker() : BT(0) {} > + static void *getTag(); > + void PreVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B); > +}; > +} > + > +void *FixedAddressChecker::getTag() { > + static int x; > + return &x; > +} > + > +void FixedAddressChecker::PreVisitBinaryOperator(CheckerContext &C, > + const BinaryOperator *B) { > + // Using a fixed address is not portable because that address will probably > + // not be valid in all environments or platforms. > + > + if (B->getOpcode() != BinaryOperator::Assign) > + return; > + > + QualType T = B->getType(); > + if (!T->isPointerType()) > + return; > + > + const GRState *state = C.getState(); > + > + SVal RV = state->getSVal(B->getRHS()); > + > + if (!RV.isConstant() || RV.isZeroConstant()) > + return; > + > + if (ExplodedNode *N = C.GenerateNode(B)) { > + if (!BT) > + BT = new BuiltinBug("Use fixed address", > + "Using a fixed address is not portable because > that address will probably not be valid in all environments or platforms."); > + RangedBugReport *R = new RangedBugReport(*BT, > BT->getDescription().c_str(), > + N); > + R->addRange(B->getRHS()->getSourceRange()); > + C.EmitReport(R); > + } > +} > + > +void clang::RegisterFixedAddressChecker(GRExprEngine &Eng) { > + Eng.registerCheck(new FixedAddressChecker()); > +} > > Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp?rev=86523&r1=86522&r2=86523&view=diff > > ============================================================================== > --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp (original) > +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.cpp Mon Nov 9 00:52:44 > 2009 > @@ -413,7 +413,7 @@ > RegisterReturnStackAddressChecker(*this); > RegisterReturnUndefChecker(*this); > RegisterPointerSubChecker(*this); > - > + RegisterFixedAddressChecker(*this); > // Note that this must be registered after ReturnStackAddressChecker. > RegisterReturnPointerRangeChecker(*this); > } > > Modified: cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h?rev=86523&r1=86522&r2=86523&view=diff > > ============================================================================== > --- cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h (original) > +++ cfe/trunk/lib/Analysis/GRExprEngineInternalChecks.h Mon Nov 9 00:52:44 > 2009 > @@ -24,6 +24,7 @@ > void RegisterReturnStackAddressChecker(GRExprEngine &Eng); > void RegisterReturnUndefChecker(GRExprEngine &Eng); > void RegisterVLASizeChecker(GRExprEngine &Eng); > -void RegisterPointerSubChecker(GRExprEngine &Eng); > +void RegisterPointerSubChecker(GRExprEngine &Eng); > +void RegisterFixedAddressChecker(GRExprEngine &Eng); > } // end clang namespace > #endif > > Modified: cfe/trunk/lib/Analysis/SVals.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/SVals.cpp?rev=86523&r1=86522&r2=86523&view=diff > > ============================================================================== > --- cfe/trunk/lib/Analysis/SVals.cpp (original) > +++ cfe/trunk/lib/Analysis/SVals.cpp Mon Nov 9 00:52:44 2009 > @@ -173,6 +173,10 @@ > // Useful predicates. > //===----------------------------------------------------------------------===// > > +bool SVal::isConstant() const { > + return isa<nonloc::ConcreteInt>(this) || isa<loc::ConcreteInt>(this); > +} > + > bool SVal::isZeroConstant() const { > if (isa<loc::ConcreteInt>(*this)) > return cast<loc::ConcreteInt>(*this).getValue() == 0; > > Modified: cfe/trunk/test/Analysis/ptr-arith.c > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/ptr-arith.c?rev=86523&r1=86522&r2=86523&view=diff > > ============================================================================== > --- cfe/trunk/test/Analysis/ptr-arith.c (original) > +++ cfe/trunk/test/Analysis/ptr-arith.c Mon Nov 9 00:52:44 2009 > @@ -36,3 +36,8 @@ > int x, y; > int d = &y - &x; // expected-warning{{Subtraction of two pointers that do > not point to the same memory chunk may cause incorrect result.}} > } > + > +void f4() { > + int *p; > + p = (int*) 0x10000; // expected-warning{{Using a fixed address is not > portable because that address will probably not be valid in all environments > or platforms.}} > +} > > > _______________________________________________ > cfe-commits mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits > _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
