Add initial implementation of checking for uses of floating point as a loop counter.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76833 91177308-0d34-0410-b5e6-96231b3b80d8

include/clang/Analysis/LocalCheckers.h

@@ -48,6 +48,9 @@ void CheckObjCUnusedIvar(ObjCImplementationDecl* D, BugReporter& BR);
   
 void RegisterAppleChecks(GRExprEngine& Eng);
   
+void CheckSecuritySyntaxOnly(Decl *D, BugReporter &BR);
+
+  
 } // end namespace clang
 
 #endif

include/clang/Frontend/Analyses.def

@@ -24,6 +24,10 @@ ANALYSIS(CFGView, "cfg-view",
 ANALYSIS(DisplayLiveVariables, "dump-live-variables",
          "Print results of live variable analysis", Code)
 
+ANALYSIS(SecuritySyntacticChecks, "warn-security-syntactic",
+         "Perform quick security checks that require no data flow",
+         Code)
+
 ANALYSIS(WarnDeadStores, "warn-dead-stores",
          "Warn about stores to dead variables", Code)
 

lib/Analysis/CMakeLists.txt

@@ -15,6 +15,7 @@ add_clang_library(clangAnalysis
   CheckObjCDealloc.cpp
   CheckObjCInstMethSignature.cpp
   CheckObjCUnusedIVars.cpp
+  CheckSecuritySyntaxOnly.cpp
   Environment.cpp
   ExplodedGraph.cpp
   GRBlockCounter.cpp

lib/Analysis/CheckSecuritySyntaxOnly.cpp

@@ -0,0 +1,122 @@
+//==- CheckSecuritySyntaxOnly.cpp - Basic security checks --------*- C++ -*-==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+//  This file defines a set of flow-insensitive security checks.
+//
+//===----------------------------------------------------------------------===//
+
+#include "clang/Analysis/PathSensitive/BugReporter.h"
+#include "clang/Analysis/LocalCheckers.h"
+#include "clang/AST/StmtVisitor.h"
+#include "llvm/Support/Compiler.h"
+
+using namespace clang;
+
+namespace {
+class VISIBILITY_HIDDEN WalkAST : public StmtVisitor<WalkAST> {
+  BugReporter &BR;
+public:
+  WalkAST(BugReporter &br) : BR(br) {}
+  
+  // Statement visitor methods.
+  void VisitDoStmt(DoStmt *S);
+  void VisitWhileStmt(WhileStmt *S);
+  void VisitForStmt(ForStmt *S);
+
+  void VisitChildren(Stmt *S);
+  void VisitStmt(Stmt *S) { VisitChildren(S); }
+  
+  // Checker-specific methods.
+  void CheckLoopConditionForFloat(Stmt *Loop, Expr *Condition); 
+};
+} // end anonymous namespace
+
+//===----------------------------------------------------------------------===//
+// AST walking.
+//===----------------------------------------------------------------------===//
+
+void WalkAST::VisitChildren(Stmt *S) {
+  for (Stmt::child_iterator I = S->child_begin(), E = S->child_end(); I!=E; ++I)
+    if (Stmt *child = *I)
+      Visit(child);
+}
+
+void WalkAST::VisitDoStmt(DoStmt *S) {
+  CheckLoopConditionForFloat(S, S->getCond());
+  VisitChildren(S);
+}
+
+void WalkAST::VisitForStmt(ForStmt *S) {
+  if (Expr *Cond = S->getCond())  
+    CheckLoopConditionForFloat(S, Cond);  
+
+  VisitChildren(S);
+}
+
+void WalkAST::VisitWhileStmt(WhileStmt *S) {
+  CheckLoopConditionForFloat(S, S->getCond());
+  VisitChildren(S);
+}
+
+//===----------------------------------------------------------------------===//
+// Checking logic.
+//===----------------------------------------------------------------------===//
+
+static Expr* IsFloatCondition(Expr *Condition) {  
+  while (Condition) {
+    Condition = Condition->IgnoreParenCasts();
+
+    if (Condition->getType()->isFloatingType())
+      return Condition;
+
+    switch (Condition->getStmtClass()) {
+      case Stmt::BinaryOperatorClass: {
+        BinaryOperator *B = cast<BinaryOperator>(Condition);
+
+        Expr *LHS = B->getLHS();
+        if (LHS->getType()->isFloatingType())
+          return LHS;
+
+        Expr *RHS = B->getRHS();
+        if (RHS->getType()->isFloatingType())
+          return RHS;
+
+        return NULL;
+      }
+      case Stmt::UnaryOperatorClass: {
+        UnaryOperator *U = cast<UnaryOperator>(Condition);
+        if (U->isArithmeticOp()) {
+          Condition = U->getSubExpr();
+          continue;
+        }
+        return NULL;
+      }
+      default:
+        break;
+    }
+  }
+  return NULL;
+}
+
+void WalkAST::CheckLoopConditionForFloat(Stmt *Loop, Expr *Condition) {
+  if ((Condition = IsFloatCondition(Condition))) {
+    const char *bugType = "Floating point value used in loop condition";
+    SourceRange R = Condition->getSourceRange();    
+    BR.EmitBasicReport(bugType, "Security", bugType, Loop->getLocStart(),&R, 1);
+  }
+}
+
+//===----------------------------------------------------------------------===//
+// Entry point for check.
+//===----------------------------------------------------------------------===//
+
+void clang::CheckSecuritySyntaxOnly(Decl *D, BugReporter &BR) {  
+  WalkAST walker(BR);
+  walker.Visit(D->getBody());  
+}

lib/Frontend/AnalysisConsumer.cpp

@@ -492,6 +492,11 @@ static void ActionCFGView(AnalysisManager& mgr) {
   }
 }
 
+static void ActionSecuritySyntacticChecks(AnalysisManager &mgr) {
+  BugReporter BR(mgr);  
+  CheckSecuritySyntaxOnly(mgr.getCodeDecl(), BR);
+}
+
 static void ActionWarnObjCDealloc(AnalysisManager& mgr) {
   if (mgr.getLangOptions().getGCMode() == LangOptions::GCOnly)
     return;