add tests

Author: hongxuchen

plugin/DBZ.cc

@@ -17,39 +17,42 @@ class MyDZChecker
  CheckerContext &C) const;
 
 public:
-voidcheckPreStmt(BinaryOperator const *B, CheckerContext &C) const;
 MyDZChecker()
- : BT(std::make_unique<BugType>(this, "hello-my-div-by-zero",
- categories::LogicError)){}
+ : BT(std::make_unique<BugType>(this, "chx-DBZ", categories::LogicError)){
+ }
+voidcheckPreStmt(BinaryOperator const *B, CheckerContext &C) const;
 voidcheckPostCall(CallEvent const &, CheckerContext &) const;
 };
 
 voidMyDZChecker::reportBug(constchar *Msg, ProgramStateRef StateZero,
  CheckerContext &C) const{
 if (ExplodedNode *N = C.generateSink(StateZero)){
  BugReport *R = newBugReport(*BT, Msg, N);
-bugreporter::trackNullOrUndefValue(N, bugreporter::GetDenomExpr(N), *R);
+//bugreporter::trackNullOrUndefValue(N, bugreporter::GetDenomExpr(N), *R);
  C.emitReport(R);
  }
 }
 
 voidMyDZChecker::checkPreStmt(const BinaryOperator *B,
  CheckerContext &C) const{
  BinaryOperator::Opcode Op = B->getOpcode();
-if (Op != BO_Div && Op != BO_Rem && Op != BO_DivAssign && Op != BO_RemAssign)
+if (Op != BinaryOperatorKind::BO_Div && Op != BinaryOperatorKind::BO_Rem &&
+ Op != BinaryOperatorKind::BO_DivAssign &&
+ Op != BinaryOperatorKind::BO_RemAssign)
 return;
 
 if (!B->getRHS()->getType()->isScalarType()) return;
 
  SVal Denom = C.getState()->getSVal(B->getRHS(), C.getLocationContext());
- Optional<DefinedSVal> DV = Denom.getAs<DefinedSVal>();
+ SVal Numer = C.getState()->getSVal(B->getLHS(), C.getLocationContext());
+ Optional<DefinedSVal> DVR = Denom.getAs<DefinedSVal>();
+ Optional<DefinedSVal> DVL = Numer.getAs<DefinedSVal>();
 
-if (!DV) return;
+if (!DVR) return;
 
-// Check for divide by zero.
  ConstraintManager &CM = C.getConstraintManager();
  ProgramStateRef stateNotZero, stateZero;
-std::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DV);
+std::tie(stateNotZero, stateZero) = CM.assumeDual(C.getState(), *DVR);
 
 if (stateNotZero != nullptr){
  stateNotZero->dump();
@@ -58,19 +61,19 @@ void MyDZChecker::checkPreStmt(const BinaryOperator *B,
  stateZero->dump();
  }
 
-if (!stateNotZero){
+// surely 0
+if (stateNotZero == nullptr){
 assert(stateZero);
-reportBug("my-divide-by-zero", stateZero, C);
+reportBug("chx.DBZ - DBZ", stateZero, C);
 return;
  }
 
 /// std::cerr << (stateNotZero != nullptr) << " " << (stateZero != nullptr)
 /// << '\n'
 
-bool TaintedD = C.getState()->isTainted(*DV);
-/// if (TaintedD){
+bool TaintedD = C.getState()->isTainted(*DVR);
 if ((stateNotZero != nullptr && stateZero != nullptr && TaintedD)){
-reportBug("tainted, possibly div zero", stateZero, C);
+reportBug("chx.DBZ - tainted DBZ", stateZero, C);
 return;
  }
 

plugin/MyCheckers.cc

@@ -2,8 +2,8 @@
 #include"heartbleed.cc"
 
 extern"C"voidclang_registerCheckers(CheckerRegistry &registry){
- registry.addChecker<chx::MyDZChecker>("chx.DZChecker", "DZChecker");
- registry.addChecker<chx::NetworkTaintChecker>("chx.NetChecker", "NetChecker");
+ registry.addChecker<chx::MyDZChecker>("chx.DBZ", "MyDBZ");
+ registry.addChecker<chx::NetworkTaintChecker>("chx.Net", "MyNet");
 }
 
 extern"C"constchar clang_analyzerAPIVersionString[] =

test/plugin/DivideByZero/DivideByZero.c

@@ -1,7 +1,25 @@
-//RUN: %clang_cc1 -analyze -analyzer-checker=chx -verify %s
+//RUN: %clang -c -Xclang -analyze -Xclang -analyzer-checker=chx -Xclang -verify %s -o /dev/null
 
-intmain(void){
+#include<stdlib.h>
+
+intlocal_zero(void){
 inta=0;
+return3 / a; // expected-warning{{chx.DBZ - DBZ}}
+}
+
+intrand_zero(void){
+inta=rand();
+return3 / a; // expected-warning{{chx.DBZ - tainted DBZ}}
+}
+
+staticintga=0;
+externintgb;
+intstatic_global_zero (intv){
+intra=v / ga;
+intrb=v / gb;
+returnra+rb;
+}
 
-return3 / a; // expected-warning{{my-divide-by-zero}}
+inttest4(intb){
+return1 / b; // no-warning
 }