Bug Summary

File:tools/clang/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp
Warning:line 102, column 29
Access to field 'CurrentState' results in a dereference of a null pointer (loaded from variable 'Req')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name MPIBugReporter.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -mthread-model posix -relaxed-aliasing -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -momit-leaf-frame-pointer -ffunction-sections -fdata-sections -resource-dir /usr/lib/llvm-7/lib/clang/7.0.0 -D _DEBUG -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-7~svn338205/build-llvm/tools/clang/lib/StaticAnalyzer/Checkers -I /build/llvm-toolchain-snapshot-7~svn338205/tools/clang/lib/StaticAnalyzer/Checkers -I /build/llvm-toolchain-snapshot-7~svn338205/tools/clang/include -I /build/llvm-toolchain-snapshot-7~svn338205/build-llvm/tools/clang/include -I /build/llvm-toolchain-snapshot-7~svn338205/build-llvm/include -I /build/llvm-toolchain-snapshot-7~svn338205/include -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/x86_64-linux-gnu/c++/8 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/x86_64-linux-gnu/c++/8 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/backward -internal-isystem /usr/include/clang/7.0.0/include/ -internal-isystem /usr/local/include -internal-isystem /usr/lib/llvm-7/lib/clang/7.0.0/include -internal-externc-isystem /usr/lib/gcc/x86_64-linux-gnu/8/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-class-memaccess -Wno-comment -std=c++11 -fdeprecated-macro -fdebug-compilation-dir /build/llvm-toolchain-snapshot-7~svn338205/build-llvm/tools/clang/lib/StaticAnalyzer/Checkers -ferror-limit 19 -fmessage-length 0 -fvisibility-inlines-hidden -fobjc-runtime=gcc -fno-common -fdiagnostics-show-option -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -o /tmp/scan-build-2018-07-29-043837-17923-1 -x c++ /build/llvm-toolchain-snapshot-7~svn338205/tools/clang/lib/StaticAnalyzer/Checkers/MPI-Checker/MPIBugReporter.cpp -faddrsig
1//===-- MPIBugReporter.cpp - bug reporter -----------------------*- C++ -*-===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9///
10/// \file
11/// This file defines prefabricated reports which are emitted in
12/// case of MPI related bugs, detected by path-sensitive analysis.
13///
14//===----------------------------------------------------------------------===//
15
16#include "MPIBugReporter.h"
17#include "MPIChecker.h"
18#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
19
20namespace clang {
21namespace ento {
22namespace mpi {
23
24void MPIBugReporter::reportDoubleNonblocking(
25 const CallEvent &MPICallEvent, const ento::mpi::Request &Req,
26 const MemRegion *const RequestRegion,
27 const ExplodedNode *const ExplNode,
28 BugReporter &BReporter) const {
29
30 std::string ErrorText;
31 ErrorText = "Double nonblocking on request " +
32 RequestRegion->getDescriptiveName() + ". ";
33
34 auto Report = llvm::make_unique<BugReport>(*DoubleNonblockingBugType,
35 ErrorText, ExplNode);
36
37 Report->addRange(MPICallEvent.getSourceRange());
38 SourceRange Range = RequestRegion->sourceRange();
39
40 if (Range.isValid())
41 Report->addRange(Range);
42
43 Report->addVisitor(llvm::make_unique<RequestNodeVisitor>(
44 RequestRegion, "Request is previously used by nonblocking call here. "));
45 Report->markInteresting(RequestRegion);
46
47 BReporter.emitReport(std::move(Report));
48}
49
50void MPIBugReporter::reportMissingWait(
51 const ento::mpi::Request &Req, const MemRegion *const RequestRegion,
52 const ExplodedNode *const ExplNode,
53 BugReporter &BReporter) const {
54 std::string ErrorText{"Request " + RequestRegion->getDescriptiveName() +
55 " has no matching wait. "};
56
57 auto Report =
58 llvm::make_unique<BugReport>(*MissingWaitBugType, ErrorText, ExplNode);
59
60 SourceRange Range = RequestRegion->sourceRange();
61 if (Range.isValid())
62 Report->addRange(Range);
63 Report->addVisitor(llvm::make_unique<RequestNodeVisitor>(
64 RequestRegion, "Request is previously used by nonblocking call here. "));
65 Report->markInteresting(RequestRegion);
66
67 BReporter.emitReport(std::move(Report));
68}
69
70void MPIBugReporter::reportUnmatchedWait(
71 const CallEvent &CE, const clang::ento::MemRegion *const RequestRegion,
72 const ExplodedNode *const ExplNode,
73 BugReporter &BReporter) const {
74 std::string ErrorText{"Request " + RequestRegion->getDescriptiveName() +
75 " has no matching nonblocking call. "};
76
77 auto Report =
78 llvm::make_unique<BugReport>(*UnmatchedWaitBugType, ErrorText, ExplNode);
79
80 Report->addRange(CE.getSourceRange());
81 SourceRange Range = RequestRegion->sourceRange();
82 if (Range.isValid())
83 Report->addRange(Range);
84
85 BReporter.emitReport(std::move(Report));
86}
87
88std::shared_ptr<PathDiagnosticPiece>
89MPIBugReporter::RequestNodeVisitor::VisitNode(const ExplodedNode *N,
90 const ExplodedNode *PrevN,
91 BugReporterContext &BRC,
92 BugReport &BR) {
93
94 if (IsNodeFound)
1
Assuming the condition is false
2
Taking false branch
95 return nullptr;
96
97 const Request *const Req = N->getState()->get<RequestMap>(RequestRegion);
3
Calling 'ProgramState::get'
4
Returning from 'ProgramState::get'
5
'Req' initialized here
98 const Request *const PrevReq =
99 PrevN->getState()->get<RequestMap>(RequestRegion);
100
101 // Check if request was previously unused or in a different state.
102 if ((Req && !PrevReq) || (Req->CurrentState != PrevReq->CurrentState)) {
6
Assuming 'Req' is null
7
Access to field 'CurrentState' results in a dereference of a null pointer (loaded from variable 'Req')
103 IsNodeFound = true;
104
105 ProgramPoint P = PrevN->getLocation();
106 PathDiagnosticLocation L =
107 PathDiagnosticLocation::create(P, BRC.getSourceManager());
108
109 return std::make_shared<PathDiagnosticEventPiece>(L, ErrorText);
110 }
111
112 return nullptr;
113}
114
115} // end of namespace: mpi
116} // end of namespace: ento
117} // end of namespace: clang