1ce53c4320
CFG tweak: in a WhileStmt, the condition variable initializer is evaluated every time the condition is checked.
...
llvm-svn: 92111
2009-12-24 01:34:10 +00:00
09bc3b7df6
Teach GRExprEngine to handle the initialization of the condition variable of a WhileStmt.
...
llvm-svn: 92106
2009-12-24 00:54:56 +00:00
1f07b4c439
Add CFG support for the initializer of the condition variable of a WhileStmt.
...
llvm-svn: 92105
2009-12-24 00:54:37 +00:00
589493227b
Teach GRExprEngine to handle the initialization of the condition variable of a SwitchStmt.
...
llvm-svn: 92102
2009-12-24 00:40:03 +00:00
8b5dc12e52
Add CFG support for the initializer of the condition variable of a SwitchStmt.
...
llvm-svn: 92101
2009-12-24 00:39:26 +00:00
bff9844327
Tidy up FindSubExprAssignments to not deference the child_iterator multiple times.
...
llvm-svn: 92087
2009-12-23 23:37:10 +00:00
cfca1f0dc1
move a few more symbols to .rodata/.data.rel.ro
...
llvm-svn: 92012
2009-12-23 17:49:57 +00:00
2923046ec4
Migrate the call inliner to the Checker interface.
...
llvm-svn: 91991
2009-12-23 08:56:18 +00:00
d2ab38e3f4
For inter-procedural analysis, predecessor node may be in another function.
...
So we should use the current program point.
llvm-svn: 91989
2009-12-23 08:54:57 +00:00
a7bcbde814
Add CFG support for the condition variable that can appear in IfStmts in C++ mode.
...
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.
llvm-svn: 91987
2009-12-23 04:49:01 +00:00
857f41c650
Suppress dead store warnings involving objects initialized with CXXExprTemporaries.
...
llvm-svn: 91986
2009-12-23 04:11:44 +00:00
76d5225271
Add stack trace pretty printing in GRExprEngine::VisitLValue().
...
llvm-svn: 91985
2009-12-23 04:09:43 +00:00
9a05f20d41
Teach GRExprEngine::VisitLValue to ignore CXXExprWithTempories (for now).
...
llvm-svn: 91982
2009-12-23 03:14:23 +00:00
25e280bf02
Fix PR 5857. When casting from a symbolic region to an integer back to a pointer value, we were not correctly layering the correct ElementRegion on the original SymbolicRegion.
...
llvm-svn: 91981
2009-12-23 02:52:14 +00:00
bb7a826844
Teach GRExprEngine::VisitLValue that we don't handle CXXZeroInitValueExprs yet.
...
llvm-svn: 91970
2009-12-23 01:25:13 +00:00
343b51271d
Also treat the type of the subexpression as a pointer in GRExprEngine::VisitCast when the expression is handled as an lvalue.
...
llvm-svn: 91969
2009-12-23 01:19:20 +00:00
22cc1a8438
Add basic support for analyzing CastExprs as lvalues.
...
llvm-svn: 91952
2009-12-23 00:26:16 +00:00
e19711d223
Add transfer functions support for visiting an Objective-C message expression as an lvalue when the return type is a C++ reference.
...
llvm-svn: 91926
2009-12-22 22:13:46 +00:00
fd62a33616
Add comments.
...
llvm-svn: 91818
2009-12-21 06:52:24 +00:00
4794801e27
Use the FunctionDecl's result type to know exactly if it returns a reference.
...
llvm-svn: 91751
2009-12-19 03:17:55 +00:00
af1bdd71af
Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
...
llvm-svn: 91710
2009-12-18 20:13:39 +00:00
48af0e0a71
Tweak formatting and comments.
...
llvm-svn: 91615
2009-12-17 20:10:17 +00:00
94cc33f33e
Convert GRExprEngine::VisitCallExpr() to use a worklist instead of recursion to evaluate the arguments of a CallExpr. This simplifies the logic and makes it easier to read. (it also avoids any issues with blowing out the stack if the CallExpr had a ridiculous number of arguments)
...
llvm-svn: 91613
2009-12-17 20:06:29 +00:00
da7d55a4a8
Reduce nesting by using early exits. No functionality change.
...
llvm-svn: 91610
2009-12-17 19:17:27 +00:00
f907cee544
Sort switch statement. No functionality change.
...
llvm-svn: 91591
2009-12-17 07:38:34 +00:00
2e2b258158
Fix check in GRExprEngine for the 'main' function to handle NULL IdentifierInfo*'s.
...
llvm-svn: 91577
2009-12-17 01:20:43 +00:00
d970acb60f
Completely remove ObjCObjectRegion (tests pass this time).
...
llvm-svn: 91572
2009-12-16 23:53:37 +00:00
3ab9e4cf87
Temporarily revert 91553.
...
llvm-svn: 91557
2009-12-16 19:46:44 +00:00
023bceaf1b
Remove use of ObjCObjectRegion from BasicStoreManager.
...
llvm-svn: 91553
2009-12-16 19:42:23 +00:00
6df9f54d6d
Add a new kind of region: CXXObjectRegion. Currently it has only one
...
attribute: the object type.
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.
llvm-svn: 91535
2009-12-16 11:27:52 +00:00
9bcc264494
Teach RetainSummaryManager::getSummary(FunctionDecl* FD) that 'FD->getIdentifier()' will not always return a non-null IdentifierInfo*.
...
llvm-svn: 91512
2009-12-16 06:06:43 +00:00
2d251557ef
Teach OSAtomicChecker that a FunctionDecl's name isn't always a simple IdentifierInfo*.
...
llvm-svn: 91511
2009-12-16 06:03:24 +00:00
85763180e7
Teach NoReturnFunctionChecker that FunctionDecl::getIdentifier() is not guaranteed to return a non-null IdentifierInfo*.
...
llvm-svn: 91510
2009-12-16 05:58:28 +00:00
4cad5fc035
Add (initial?) static analyzer support for handling C++ references.
...
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
llvm-svn: 91501
2009-12-16 03:18:58 +00:00
9158fb748c
Remove ValueManager::getRegionValueSymbolValOrUnknown(). It was just extra veneer on top of getRegionValueSymbolVal().
...
llvm-svn: 91471
2009-12-15 23:23:27 +00:00
2f3da9b205
update to match LLVM API change:
...
Remove isPod() from DenseMapInfo, splitting it out to its own
isPodLike type trait. This is a generally useful type trait for
more than just DenseMap, and we really care about whether something
acts like a pod, not whether it really is a pod.
llvm-svn: 91422
2009-12-15 07:26:51 +00:00
29f3808667
Until we can make the dead stores checker smarter, dont' emit dead store warnings for C++ objects (whose constructors/destructors have possible side-effects).
...
llvm-svn: 91412
2009-12-15 04:12:12 +00:00
c98cdd175a
Start the ball rolling on C++ support in the static analyzer. For
...
now, don't construct CFGs that contain C++ try/catch statements, and
have GRExprEngine abort a path if it encounters a C++ construct it
doesn't understand (which is mostly everything at this point).
llvm-svn: 91389
2009-12-15 01:38:04 +00:00
814c416636
Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on captured block variables that are passed by reference
...
llvm-svn: 91348
2009-12-14 22:15:06 +00:00
cf86de4067
Use insert to avoid destroying existing nodes.
...
llvm-svn: 91258
2009-12-14 02:13:39 +00:00
c0484fa611
Add initial support for realloc() in MallocChecker.
...
llvm-svn: 91216
2009-12-12 12:29:38 +00:00
1615d45daa
Un-namespace-qualify llvm_unreachable. It's a macro, so the qualification gave
...
no extra safety anyway.
llvm-svn: 91207
2009-12-12 05:05:38 +00:00
4dab76a752
Switch PathDiagnostic to StringRef.
...
llvm-svn: 91155
2009-12-11 21:09:27 +00:00
f6d9cebafd
Enhance understanding of VarRegions referenced by a block whose declarations are outside the current stack frame. Fixes <rdar://problem/7462324>.
...
llvm-svn: 91107
2009-12-11 06:43:27 +00:00
9cb53b86af
Completely evaluate malloc/free in MallocChecker.cpp.
...
llvm-svn: 91100
2009-12-11 03:09:01 +00:00
1239de1592
Use 'class' instead of 'struct'.
...
llvm-svn: 91085
2009-12-11 00:55:44 +00:00
8573913760
Fix null dereference in OSAtomicChecker and special case SymbolicRegions. We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m.
...
llvm-svn: 90993
2009-12-09 23:29:55 +00:00
1042bf4ae2
Refactor OSAtomic evaluation logic into OSAtomicChecker.
...
llvm-svn: 90968
2009-12-09 12:23:28 +00:00
8cca37fae0
Use a temporary destination set such that we can clear fake auto transitions.
...
Otherwise, even when real evaluation occurs, the previous fake auto
transitions would still be in the destination set, causing fake state
bifurcation.
llvm-svn: 90967
2009-12-09 12:16:07 +00:00
1d153328be
OSAtomic simulation: use the original region as the location to load from,
...
instead of the ElementRegion obtained from casts.
Test cast: the leak cannot occur bacause the true branch cannot be taken.
llvm-svn: 90964
2009-12-09 08:32:57 +00:00
f5448561ed
remove dead code.
...
llvm-svn: 90953
2009-12-09 05:52:12 +00:00
d1dee7e71a
Insert instead of assign to the dest node set, since we use the dest node set
...
repeatedly.
llvm-svn: 90952
2009-12-09 05:48:53 +00:00
32c32892f7
Fix a horrid bug in GRExprEngine::CheckerVisit() that was identified
...
by the test case in PR 5627. Essentially we shouldn't clear the
ExplodedNodeSet where we deposit newly constructed nodes if that set
is the 'Dst' set passed in. It is not okay to clear that set because
it may already contain nodes.
llvm-svn: 90931
2009-12-09 02:45:41 +00:00
fe2f901269
Refactor builtin function evaluation into a checker.
...
llvm-svn: 90847
2009-12-08 09:07:59 +00:00
04af9f20fb
Add analysis support for blocks. This includes a few key changes:
...
- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.
This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects. Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object. In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).
llvm-svn: 90809
2009-12-07 22:05:27 +00:00
175447f743
Add EvalCallExpr interface to checker, and migrate the no-return function
...
handler to this interface.
GRExprEngine::CheckerEvalCall() will return true if one of the checkers has
processed the node. In the future this might return void when we have some
default checker.
llvm-svn: 90755
2009-12-07 09:17:35 +00:00
45805b9a50
Teach AnalysisContext::getBody() about BlockDecls.
...
llvm-svn: 90585
2009-12-04 20:34:55 +00:00
ed2246aa2a
Teach 'ExecutionContinues' (part of BugReporter's diagnostic generation) about BlockDecls.
...
llvm-svn: 90584
2009-12-04 20:34:31 +00:00
75d6fa27bd
Include BlockDeclRefExprs in constructed CFGs.
...
llvm-svn: 90583
2009-12-04 20:33:25 +00:00
c32f2c2e0f
Replace SymbolReaper::isLive(VarDecl) with SymbolReaper::isLive(VarRegion).
...
llvm-svn: 90582
2009-12-04 20:32:20 +00:00
6e8541ddd0
Rename instance variable to avoid name conflict with parameters, and modify addTransition() to compare the correct state values.
...
llvm-svn: 90552
2009-12-04 06:57:49 +00:00
c7916f9ff2
Allow BlockInvocationContext to wrap either a BlockDecl* or a BlockDataRegion*, giving us choice in our degree of context-sensitivity.
...
llvm-svn: 90516
2009-12-04 02:03:51 +00:00
43d4a899c4
Refactor LocationContext creation logic into a single member template.
...
llvm-svn: 90509
2009-12-04 01:28:56 +00:00
253882431e
Refactor FoldingSet profiling code for LocationContexts, and add a new BlockInvocationContext to represent the invocation of a block.
...
llvm-svn: 90506
2009-12-04 00:50:10 +00:00
721fcc007e
constify MemRegion* returned by MemRegionManager::getXXXRegion() methods.
...
llvm-svn: 90503
2009-12-04 00:26:31 +00:00
0ecd4c7d70
More template-logic for MemRegion construction out of MemRegion.h and into MemRegion.cpp.
...
llvm-svn: 90499
2009-12-04 00:05:57 +00:00
4b349cc9c5
Tweak handling of BlockDataRegions in RegionStoreManager::RemoveDeadBindings(): only the VarRegions for variables marked with the '__block' annotation should have their lifetime extended by a BlockDataRegion.
...
llvm-svn: 90462
2009-12-03 17:48:05 +00:00
39bba629f3
Add security syntactic checker for mktemp.
...
Patch by Lei Zhang!
llvm-svn: 90444
2009-12-03 09:15:23 +00:00
98f2067ca4
Update CMake for CallGraph.cpp move.
...
llvm-svn: 90443
2009-12-03 09:14:19 +00:00
5bee5c4ff0
Add value invalidation logic for block-captured variables. Conceptually invoking a block (without specific reasoning of what the block does) can invalidate any value to it by reference when the block was created.
...
llvm-svn: 90431
2009-12-03 08:25:47 +00:00
4a815fc82e
Make BlockDataRegion::referenced_vars_iterator an actual class that enforces that all MemRegions iterated over are VarRegions.
...
llvm-svn: 90430
2009-12-03 08:09:21 +00:00
19a30ca8c0
Fix layering violation by moving Analysis/CallGraph to Index
...
llvm-svn: 90424
2009-12-03 07:20:04 +00:00
e5716cbae7
Add batch version of 'StoreManager::InvalidateRegion()' for invalidating multiple regions as once. After adopting this in the CFRefCount::EvalCall(), we see a reduction in analysis time of 1.5% when analyzing all of SQLite3.
...
llvm-svn: 90405
2009-12-03 03:27:11 +00:00
f66b72094a
Add a heuristic to the dead stores checker to prune dead stores for variables annotated with '__block'. This is overly conservative, but now the analyzer doesn't report dead stores for variables that can be updated by a block call.
...
llvm-svn: 90364
2009-12-03 00:46:16 +00:00
af35329f71
Hard bifurcate the state into nil receiver and non-nil receiver, so that
...
we don't need to use the DoneEvaluation hack when check for
ObjCMessageExpr.
PreVisitObjCMessageExpr() only checks for undefined receiver or arguments.
Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface.
llvm-svn: 90296
2009-12-02 05:49:12 +00:00
117e472b52
Provide the correct vector size for referenced variables.
...
llvm-svn: 90267
2009-12-01 22:12:34 +00:00
d3a241a9c6
Fix early-return logic in scanReachableSymbols() to match the rest of the recursive logic in the methods of ScanReachableSymbols.
...
llvm-svn: 90245
2009-12-01 17:50:25 +00:00
693ba203a1
Eliminate another VISIBILITY_HIDDEN
...
llvm-svn: 90139
2009-11-30 16:08:24 +00:00
9fc223a6b1
Adapt to the DOTGraphTraits changes in LLVM.
...
llvm-svn: 90137
2009-11-30 14:16:05 +00:00
6341553c93
Port BugReporter and BugType to StringRef.
...
llvm-svn: 90086
2009-11-29 18:27:55 +00:00
ff3750f306
Kill some unnecessary calls to c_str().
...
llvm-svn: 90084
2009-11-29 18:03:28 +00:00
33e88a7be7
Fix null dereference in UndefResultChecker identified by running the analyzer over Postgresql.
...
llvm-svn: 90060
2009-11-29 06:37:44 +00:00
4e75cd063f
Cleanup includes and forward decls.
...
llvm-svn: 90034
2009-11-28 10:50:44 +00:00
435ef9b383
Remove unneeded includes.
...
llvm-svn: 90032
2009-11-28 09:41:31 +00:00
65c6566b5b
lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespace
...
llvm-svn: 90028
2009-11-28 06:07:30 +00:00
2350e0c3ba
Improve diagnostics in ReturnStackAddressChecker for returning a stack-allocated block. Implements the rest of <rdar://problem/7387385>.
...
llvm-svn: 89940
2009-11-26 07:14:50 +00:00
f89dcdaf19
Add a PostVisitBlockExpr() method to RetainReleaseChecker to query for
...
the set of variables "captured" by a block. Until the analysis gets
more sophisticated, for now we stop the retain count tracking of any
objects (transitively) referenced by these variables.
llvm-svn: 89929
2009-11-26 02:38:19 +00:00
94f8c4a7d5
Teach RegionStoreManager::RemoveDeadBindings() about BlockDataRegions. Any VarRegion for a "captured" variable should also be considered live.
...
llvm-svn: 89928
2009-11-26 02:35:42 +00:00
3378b610ae
Add iterators to BlockDataRegion that allow clients to iterate over the VarRegions for "captured" variables for a block.
...
llvm-svn: 89927
2009-11-26 02:34:36 +00:00
705fd953ef
Added batch versions of GRState::scanReachableSymbols() so that clients can scan a collection of SVals or MemRegions all at once.
...
llvm-svn: 89926
2009-11-26 02:32:19 +00:00
0f5e6f8805
Enhance LiveVariables to understand that blocks can extend the liveness of a variable by "capturing" them in a BlockExpr.
...
This required two changes:
1) Added 'getReferencedgetReferencedBlockVars()' to AnalysisContext so
that clients can iterate over the "captured" variables in a block.
2) Modified LiveVariables to take an AnalysisContext& in its
constructor and to call getReferencedgetReferencedBlockVars() when it
processes a BlockExpr*.
llvm-svn: 89924
2009-11-26 02:31:33 +00:00
1646cf6d05
Add missing case in switch statement.
...
llvm-svn: 89903
2009-11-25 23:58:21 +00:00
b63ad7a6c1
Refine MemRegions for blocks. Add a new region called
...
'BlockDataRegion' to distinguish between the code associated with a
block (which is represented by 'BlockTextRegion') and an instance of a
block, which includes both code and data. 'BlockDataRegion' has an
associated LocationContext, which can be used to eventually model the
lifetime of a block object once LocationContexts can represent scopes
(and iterations around a loop, etc.).
llvm-svn: 89900
2009-11-25 23:53:07 +00:00
80f70b54aa
Remove recently added FIXME. The appropriate FIXME is already in MemRegionManager::getVarRegion().
...
llvm-svn: 89897
2009-11-25 23:30:34 +00:00
a3d6e62003
Add FIXME.
...
llvm-svn: 89892
2009-11-25 22:41:34 +00:00
e6929ffc21
Add post-visit Checker support in GRExprEngine for BlockExpr.
...
llvm-svn: 89890
2009-11-25 22:23:25 +00:00
70a8788368
Add a new RetainReleaseChecker class (that subclasses CheckerVisitor) to extend the functionality of the retain/release checker using the new Checker interface. Pieces of CFRefCount will gradually be migrated to this new class over time.
...
llvm-svn: 89889
2009-11-25 22:17:44 +00:00
945422794b
Move RegisterChecks() to the end of the file. No functionality change.
...
llvm-svn: 89888
2009-11-25 22:08:49 +00:00
d0fe8047dd
Make RegisterInternalChecks() part of GRExprEngine's private implementation by making it a static function within GRExprEngine.cpp.
...
llvm-svn: 89884
2009-11-25 21:51:20 +00:00
efb5003f95
Register internal checks with GRExprEngine when it is constructed, not manually in AnalysisConsumer.cpp.
...
llvm-svn: 89883
2009-11-25 21:45:48 +00:00
acdc817ed9
When dispatching to Checker objects in GRExprEngine::CheckerVisit(),
...
only stop processing the checkers after all the nodes for a current
check have been processed. This (I believe) handles the case where
PredSet (the input nodes) contains more than one node due to state
bifurcation. Zhongxing: can you review this?
llvm-svn: 89882
2009-11-25 21:40:22 +00:00
e6a2780c96
Add really basic support for blocks in the retain/release checker. For now, anytime we pass a tracked object to a block call we stop tracking it.
...
llvm-svn: 89831
2009-11-25 01:35:18 +00:00
470bfa47db
Allow building of CFGs for ASTs that contain BlockExprs.
...
llvm-svn: 89830
2009-11-25 01:34:30 +00:00
cfe223f637
Add transfer function support for BlockExpr.
...
llvm-svn: 89829
2009-11-25 01:33:13 +00:00
10a50e7371
Split CodeTextRegion into FunctionTextRegion and BlockTextRegion. This a precursor to having basic static analysis support for blocks.
...
llvm-svn: 89828
2009-11-25 01:32:22 +00:00
1fc1f20efd
For the nil-receiver checker, take into account the behavioral changes that got introduced in Mac OS X 10.5 and later, notably return values of double, float, etc., will not be garbage. Fixes <rdar://problem/6829160>.
...
llvm-svn: 89809
2009-11-24 22:48:18 +00:00
005e8a06f2
Cleanups and fixes to the nil-receiver checker, some of it fallout the
...
initial transition of the nil-receiver checker to the Checker
interface as done in r89745. Some important changes include:
1) We consolidate the BugType object used for nil receiver bug
reports, and don't include the type of the returned value in the
BugType (which would be wrong if a nil receiver bug was reported more
than once)
2) Added a new (temporary) flag to CheckerContext: DoneEvauating.
This is used by GRExprEngine when evaluating message expressions to
not continue evaluating the message expression if this flag is set.
This flag is currently set by the nil receiver checker. This is an
intermediate solution to allow the nil-receiver checker to properly
work as a plug-in outside of GRExprEngine. Basically, this flag
indicates that the entire message expression has been evaluated, not
just a precondition (which is what the nil-receiver checker does).
This flag *should not* be repurposed for general use, but just to pull
more things out of GRExprEngine that already in there as we devise a
better interface in the Checker class.
3) Cleaned up the logic in the nil-receiver checker, making the
control-flow a lot easier to read.
llvm-svn: 89804
2009-11-24 21:41:28 +00:00
c2998766f0
We can remove this file now.
...
llvm-svn: 89751
2009-11-24 08:28:49 +00:00
c6123a1a3c
Refactor undefined result checker. This is the last one.
...
llvm-svn: 89750
2009-11-24 08:24:26 +00:00
9e200798c2
Refactor NilReceiverStructRet and NilReceiverLargerThanVoidPtrRet into
...
CallAndMessageChecker.
llvm-svn: 89745
2009-11-24 07:06:39 +00:00
72269ec8cb
rename UndefinedArgChecker to CallAndMessageChecker.
...
llvm-svn: 89735
2009-11-24 04:45:44 +00:00
da32375115
Rename: UndefinedArgChecker.cpp => CallAndMessageChecker.cpp
...
llvm-svn: 89734
2009-11-24 04:08:01 +00:00
c0229557dd
Enhance null dereference diagnostics by indicating what variable (if any) was dereferenced. Addresses <rdar://problem/7039161>.
...
llvm-svn: 89726
2009-11-24 01:33:10 +00:00
b0c0b08c71
After performing a bounds check in ArrayBoundChecker, record the fact that a bounds check succeeded by transitioning the ExplodedGraph.
...
llvm-svn: 89712
2009-11-23 23:23:26 +00:00
f57351570e
Clean up the Checker API a little more, resolving some hidden bugs
...
along the way. Important changes:
1) To generate a sink node, use GenerateSink(); GenerateNode() is for
generating regular transitions. This makes the API clearer and also
allows us to use the 'bool' option to GenerateNode() for a different
purpose.
2) GenerateNode() now automatically adds the generated node to the
destination ExplodedNodeSet (autotransition) unless the client
specifies otherwise with a bool flag. Several checkers did not call
'addTransition()' after calling 'GenerateNode()', causing the
simulation path to be prematurely culled when a non-fail stop bug was
encountered.
3) Add variants of GenerateNode()/GenerateSink() that take neither a
Stmt* or a GRState*; most callers of GenerateNode() just pass in the
same Stmt* as provided when the CheckerContext object is created; we
can just use that the majority of the time. This cleanup also allows
us to potentially coelesce the APIs for evaluating branches and
end-of-paths (which currently directly use builders).
4) addTransition() no longer needs to be called except for a few
cases. We now have a variant of addTransition() that takes a
GRState*; this allows one to propagate the updated state without
caring about generating a new node explicitly. This nicely cleaned up
a bunch of cases that called autoTransition() with a bunch of
conditional logic surround the call (that common logic has now been
swallowed up by addTransition() itself).
llvm-svn: 89707
2009-11-23 22:22:01 +00:00
b43737387b
Provide out-of-line definition for destructor of Checker.
...
llvm-svn: 89688
2009-11-23 18:53:03 +00:00
02d6aca867
Tweak UndefBranchChecker to register the most nested "undefined" expression with bugreporter::registerTrackNullOrUndefValue instead of the condition itself.
...
llvm-svn: 89682
2009-11-23 18:12:03 +00:00
d4dca6fde6
Cleanup title/description of "undefined branch" BugType and add some test cases for this check.
...
llvm-svn: 89679
2009-11-23 17:58:48 +00:00
1c3feb5b25
Fix CMake build
...
llvm-svn: 89650
2009-11-23 12:03:50 +00:00
5f76620b53
UndefBranchChecker: more bug reporter helper information emit.
...
llvm-svn: 89643
2009-11-23 03:29:59 +00:00
56dd5f0f70
Initial refactor of UndefBranchChecker. We still use GRBranchNodeBuilder
...
in the checker directly. But I don't have a better approach for now.
llvm-svn: 89640
2009-11-23 03:20:54 +00:00
12b64959ce
Change CheckDeadStores to use Expr::isNullPointerConstant, which will correctly determine whether an expression is a null pointer constant.
...
Patch by Kovarththanan Rajaratnam!
llvm-svn: 89621
2009-11-22 20:26:21 +00:00
014af28ce3
Undefined compound assignment result is checked in UndefinedAssignmentChecker. So this check is redundant.
...
llvm-svn: 89592
2009-11-22 13:36:20 +00:00
39638e133a
Remove invalid comments. The result is undefined only when operands are undefined.
...
llvm-svn: 89591
2009-11-22 13:30:10 +00:00
7f83e97b00
Save and restore the HasGen flag in MallocChecker.
...
llvm-svn: 89590
2009-11-22 13:22:34 +00:00
df58afae56
Don't include a dead header.
...
llvm-svn: 89587
2009-11-22 12:51:08 +00:00
f0b7fc8890
Remove UndefinedAssignmentChecker's header.
...
llvm-svn: 89585
2009-11-22 12:29:52 +00:00
d354278b51
Make FixedAddressChecker and experimental check; it currently produces a ton of false positives when analyzing some projects (e.g., Wine).
...
llvm-svn: 89560
2009-11-21 17:55:24 +00:00
9d6daf2cc4
Restructure DereferenceChecker slightly to handle caching out when we would report a null dereference more than once.
...
llvm-svn: 89526
2009-11-21 01:50:48 +00:00
caf2c51fad
Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker also handled undefined receivers in message expressions.
...
llvm-svn: 89524
2009-11-21 01:25:37 +00:00
f7adea43b4
More checker refactoring. Passing undefined values in a message expression is now handled by UndefinedArgChecker.
...
llvm-svn: 89519
2009-11-21 00:49:41 +00:00
7d875c7e7e
Fix typo GCC 4.3 warned about.
...
llvm-svn: 89453
2009-11-20 10:03:00 +00:00
a4f7c180ae
Add simple static analyzer checker to check for sending 'release', 'retain', etc. directly to a class. Fixes <rdar://problem/7252064>.
...
llvm-svn: 89449
2009-11-20 05:27:05 +00:00
c1f161c012
Unused ivar checker: ivars referenced by lexically nested functions should not be flagged as unused. Fixes <rdar://problem/7254495>.
...
llvm-svn: 89448
2009-11-20 04:31:57 +00:00
ab0ae2139a
Revert r89437 and add a comment.
...
llvm-svn: 89446
2009-11-20 03:50:46 +00:00
6d9a942174
It's unnecessary to check for unknown at this point.
...
llvm-svn: 89437
2009-11-20 01:56:48 +00:00
dd2b2b23c8
Fix null dereference in NSAutoreleasePoolChecker when analyzing messages sent to blocks.
...
llvm-svn: 89413
2009-11-20 00:12:36 +00:00
439a6d146c
Fix crash when using --analyzer-store=region when handling initializers with nested arrays/structs whose values are not explicitly specified. Fixes <rdar://problem/7403269>.
...
llvm-svn: 89384
2009-11-19 20:20:24 +00:00
0c54d2da14
Remove printf statement.
...
llvm-svn: 89383
2009-11-19 20:01:53 +00:00
4b35a2ed08
Only fetch the ASTContext object within the assertion.
...
llvm-svn: 89375
2009-11-19 19:04:08 +00:00
5d26212f6b
Silence -Asserts warning.
...
llvm-svn: 89373
2009-11-19 18:53:25 +00:00
23baa01af4
Add PreVisitReturn to Malloc checker. Now we can recognize returned memory
...
block.
llvm-svn: 89071
2009-11-17 08:58:18 +00:00
4668c7ed1c
Add EvalEndPath interface to Checker. Now we can check memory leaked at the
...
end of the path. Need to unify interfaces.
llvm-svn: 89063
2009-11-17 07:54:15 +00:00
f19f251523
Clear the dest set.
...
llvm-svn: 89060
2009-11-17 07:19:51 +00:00
1b8fe5b716
First part of changes to eliminate problems with cv-qualifiers and
...
sugared types. The basic problem is that our qualifier accessors
(getQualifiers, getCVRQualifiers, isConstQualified, etc.) only look at
the current QualType and not at any qualifiers that come from sugared
types, meaning that we won't see these qualifiers through, e.g.,
typedefs:
typedef const int CInt;
typedef CInt Self;
Self.isConstQualified() currently returns false!
Various bugs (e.g., PR5383) have cropped up all over the front end due
to such problems. I'm addressing this problem by splitting each
qualifier accessor into two versions:
- the "local" version only returns qualifiers on this particular
QualType instance
- the "normal" version that will eventually combine qualifiers from this
QualType instance with the qualifiers on the canonical type to
produce the full set of qualifiers.
This commit adds the local versions and switches a few callers from
the "normal" version (e.g., isConstQualified) over to the "local"
version (e.g., isLocalConstQualified) when that is the right thing to
do, e.g., because we're printing or serializing the qualifiers. Also,
switch a bunch of
Context.getCanonicalType(T1).getUnqualifiedType() == Context.getCanonicalType(T2).getQualifiedType()
expressions over to
Context.hasSameUnqualifiedType(T1, T2)
llvm-svn: 88969
2009-11-16 21:35:15 +00:00
731f46264f
* Do the same thing to the basicstore as in r84163.
...
* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the
region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
we can let all Retrieve() methods simply return SVal.
llvm-svn: 88888
2009-11-16 04:49:44 +00:00
223f5119e1
Remove an unused parameter.
...
llvm-svn: 88882
2009-11-16 02:52:18 +00:00
f4c511b026
Change *BugReport constructors to take StringRefs.
...
- Eliminates many calls to std::string.c_str()
- Fixes an invalid read in ReturnStackAddressChecker due to an unsafe call to
StringRef.data() which doesn't guarantee null-termination.
llvm-svn: 88779
2009-11-14 12:08:24 +00:00
1a0dd2e30b
Move definition of GRExprEngine::ProcessEndPath() out-of-line.
...
llvm-svn: 88729
2009-11-14 01:05:20 +00:00
4ef13f8ac9
Add clang-cc option "--analyzer-experimental-internal-checks". This
...
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
llvm-svn: 88671
2009-11-13 18:46:29 +00:00
c7460964ac
Malloc checker basically works now.
...
llvm-svn: 87094
2009-11-13 07:48:11 +00:00
c4902a52a0
Hook up Malloc checker.
...
llvm-svn: 87093
2009-11-13 07:25:27 +00:00
a4276b091d
Check in a new interface of Checker, which will soon be used.
...
llvm-svn: 87092
2009-11-13 06:53:04 +00:00
0320ad28c7
GRStateManager::CurrentStmt is not used. Remove it.
...
llvm-svn: 87091
2009-11-13 06:04:01 +00:00
3c55718016
Pull static variable within function (for slightly faster startup time).
...
llvm-svn: 87065
2009-11-13 01:58:01 +00:00
a2968e59e3
retain/release checker: refactor some of the summary lookup logic for instance method summaries. No real functionality change, but it paves the way for new enhancements.
...
llvm-svn: 87062
2009-11-13 01:54:21 +00:00
aedb7434c8
Add clang-cc option "-analyzer-experimental-checks" to enable experimental path-sensitive checks. The idea is to separate "barely working" or "skunkworks" checks from ones that should always run. Later we need more fine-grain checker control.
...
llvm-svn: 87053
2009-11-13 01:15:47 +00:00
1eb8569bcb
Fix MSVC build.
...
llvm-svn: 86983
2009-11-12 12:30:05 +00:00
c6d9292197
update CMakefile
...
llvm-svn: 86979
2009-11-12 08:39:33 +00:00
88cca6b085
Add boilerplate logic for a malloc/free checker.
...
llvm-svn: 86978
2009-11-12 08:38:56 +00:00
6c37c5c356
PthreadLockChecker doesn't need PreVisitCallExpr() yet. All the current logic should be done in PostVisitCallExpr()
...
llvm-svn: 86959
2009-11-12 06:26:58 +00:00
d48568f641
Add most of the boilerplate logic for a simple pthread_mutux_lock() -> pthread_mutex_unlock() checker. We need to add a visitor method to Checker for handling dead symbols in order to detect locks that are not unlocked.
...
llvm-svn: 86958
2009-11-12 06:17:47 +00:00
386a2a52d3
Remove obsolete 'struct NullDerefTag'.
...
llvm-svn: 86957
2009-11-12 06:16:18 +00:00
a971afb90f
Enhance Checker class (and GRExprEngine) to support PostVisitation for CallExprs. No clients (yet).
...
llvm-svn: 86949
2009-11-12 04:35:08 +00:00
8f6c4e8617
Remove GRExprEngine::EvalCall(). It had a single callsite in GRExprEngine, and was easily inlined.
...
llvm-svn: 86948
2009-11-12 04:16:35 +00:00
383c273966
Make StoreManager::getSizeInElements() always return DefinedOrUnknownSVal.
...
llvm-svn: 86932
2009-11-12 02:48:32 +00:00
7cf8238291
Remove some stale ErrorNodes variables in GRExprEngine and the old buffer overflow logic in GRExprEngineInternalChecks.cpp.
...
llvm-svn: 86877
2009-11-11 20:16:36 +00:00
062c291949
After drinking caffeine, add the two files missing from the previous submit.
...
Sorry about that.
llvm-svn: 86869
2009-11-11 19:43:37 +00:00
5375309250
Move the ManagerRegistry to the Analysis library to resolve the layering violation.
...
llvm-svn: 86863
2009-11-11 19:10:59 +00:00
b166712d02
Add undefined array subscript checker.
...
llvm-svn: 86837
2009-11-11 13:42:54 +00:00
83c4374e72
Remove the old out-of-bound checking code.
...
llvm-svn: 86836
2009-11-11 12:52:39 +00:00
4f7759a339
Reimplement out-of-bound array access checker with the new checker interface.
...
Now only one test case is XFAIL'ed.
llvm-svn: 86834
2009-11-11 12:33:27 +00:00
3ef93badbe
ReturnPointerRangeChecker: use StripCasts() instead of checking for zero index
...
explicitly.
Fix 80-col violations.
llvm-svn: 86833
2009-11-11 11:55:54 +00:00
23ede2d9d1
Update CMake.
...
llvm-svn: 86822
2009-11-11 08:14:02 +00:00
04552cbef0
CastToStructChecker: use 'isStructureType()' instead of 'isRecordType()' to determine if a pointer is casted to a struct pointer. This fixes an observed false positive when a value is casted to a union.
...
llvm-svn: 86813
2009-11-11 06:43:42 +00:00
55d59bf785
Fix display of "ANALYZE" statements in AnalysisConsumer by correctly resetting the flag indicating that the current Decl* has not yet been displayed. Also move this out of AnalysisManager, since AnalysisManager should not handle text output to the user.
...
llvm-svn: 86812
2009-11-11 06:28:42 +00:00
4325315935
Remove public headers for UndefinedArgChecker, AttrNonNullChecker, and BadCallChecker, making their implementations completely private.
...
llvm-svn: 86809
2009-11-11 05:50:44 +00:00
5e1f78aeb1
Refactor DereferenceChecker to use only the new Checker API instead of
...
the old builder API. This percolated a bunch of changes up to the
Checker class (where CheckLocation has been renamed VisitLocation) and
GRExprEngine. ProgramPoint now has the notion of a "LocationCheck"
point (with PreLoad and PreStore respectively), and a bunch of the old
ProgramPoints that are no longer used have been removed.
llvm-svn: 86798
2009-11-11 03:26:34 +00:00
f9667229a1
Ignore parentheses when check the type of the expr.
...
llvm-svn: 86677
2009-11-10 08:33:44 +00:00
537db5d652
SizeofPointerChecker: Many false positives have the form 'sizeof *p'.
...
This is reasonable because people know what they are doing when they
intentionally dereference the pointer.
So now we only emit warning when a pointer variable is use literally.
llvm-svn: 86673
2009-11-10 07:52:53 +00:00
456706c205
Now we can safely use the argument expression's source range.
...
llvm-svn: 86663
2009-11-10 04:22:08 +00:00
9a7448ceef
SizeofPointerChecker: If an explicit type specifier is used, do not issue warnings.
...
llvm-svn: 86662
2009-11-10 04:20:20 +00:00
77c470e8c7
Use the source range of the whole sizeof expression, otherwise it crashes when
...
the argument is not an expression.
llvm-svn: 86660
2009-11-10 03:27:00 +00:00
80bbc6d138
Refine PointerSubChecker: compare the base region instead of the original
...
region, so that arithmetic within a memory chunk is allowed.
llvm-svn: 86652
2009-11-10 02:37:53 +00:00
f8f3f9ddbc
Rename: StripCasts describes what it does better.
...
getBaseRegion will be used in another method.
llvm-svn: 86649
2009-11-10 02:17:20 +00:00
612e38026a
Fix clang's use of DenseMap iterators after r86636 fixed their constness.
...
Patch by Victor Zverovich!
llvm-svn: 86638
2009-11-10 01:17:45 +00:00
4ef1d400d9
Make sure that Type::getAs<ArrayType>() (or Type::getAs<subclass of
...
ArrayType>()) does not instantiate. Update all callers that used this
unsafe feature to use the appropriate ASTContext::getAs*ArrayType method.
llvm-svn: 86596
2009-11-09 22:08:55 +00:00
dd51f7cca2
Remove stale FIXME.
...
llvm-svn: 86595
2009-11-09 21:56:44 +00:00
ab0e27ff0c
Add check for pointer arithmetic on non-array variables.
...
llvm-svn: 86538
2009-11-09 13:23:31 +00:00
d6e7f9d4b2
Add check for obsolete function call of getpw().
...
llvm-svn: 86537
2009-11-09 12:19:26 +00:00
d09b22aa5a
remove redundant file name in CMakeLists.txt.
...
llvm-svn: 86536
2009-11-09 09:35:41 +00:00
08670a89aa
update CMakeList.txt
...
llvm-svn: 86535
2009-11-09 09:32:38 +00:00
53272bbf40
Update CMake
...
llvm-svn: 86533
2009-11-09 08:13:45 +00:00
f69973c858
Add comments.
...
llvm-svn: 86532
2009-11-09 08:13:04 +00:00
f06c684a33
Add checker for CWE-588: Attempt to Access Child of a Non-structure Pointer.
...
llvm-svn: 86529
2009-11-09 08:07:38 +00:00
65c0db98ab
Update CMake
...
llvm-svn: 86528
2009-11-09 08:04:31 +00:00
85000203bb
Put all long strings in 80-col.
...
llvm-svn: 86527
2009-11-09 07:29:39 +00:00
6c306c8b89
Add checker for CWE-587: Assignment of a Fixed Address to a Pointer.
...
llvm-svn: 86523
2009-11-09 06:52:44 +00:00
86b1e01c13
Add checker for CWE-469: Use of Pointer Subtraction to Determine Size. This
...
checker does not build sink nodes. Because svaluator computes an unknown value
for the subtraction now.
llvm-svn: 86517
2009-11-09 05:34:10 +00:00
0f92ec6ebd
Add a test case for CWE-467, and simplify the wording of the warning.
...
llvm-svn: 86504
2009-11-09 02:28:12 +00:00
489232c466
Update CMake file.
...
llvm-svn: 86479
2009-11-08 18:30:42 +00:00
b0a05f7ca1
Add a checker for CWE-467: Use of sizeof() on a Pointer Type.
...
llvm-svn: 86464
2009-11-08 13:10:34 +00:00
975a119f31
Use SaveAndRestore to simplify logic in LiveVariables::runOnAllBlocks(). Patch by Kovarththanan Rajaratnam!
...
llvm-svn: 86343
2009-11-07 05:57:35 +00:00
ae3361de2d
Remove Checker::CheckType() (and instead using CheckerVisitor::PreVisitDeclStmt()), and refactor VLASizeChecker to have only one Checker subclass (not two) and to not use the node builders directly (and instead use the newer CheckerContext).
...
llvm-svn: 86329
2009-11-07 03:56:57 +00:00
795c611cfa
Make the VLASizeChecker implementation private, and its creation only known to GRExprEngineInternalChecks.cpp.
...
llvm-svn: 86292
2009-11-06 21:51:50 +00:00
53a70c055d
Make the implementation of DivZeroChecker private.
...
llvm-svn: 86288
2009-11-06 20:47:51 +00:00
df9ca633b6
Sentence-case bug type, and pull tests from region-only-test.c into misc-ps-region.store.m (removing an extra unneeded test file). Also add a bunch of FIXME comments for future enhancements.
...
llvm-svn: 86282
2009-11-06 20:16:31 +00:00
45540e91d1
add some const qualifiers, patch by Kovarththanan Rajaratnam!
...
llvm-svn: 86260
2009-11-06 18:01:14 +00:00
167bce9cf1
Add a checker for CWE-466: Return of Pointer Value Outside of Expected Range.
...
llvm-svn: 86252
2009-11-06 13:30:44 +00:00
bee01e5b61
static analyzer: refactor checking logic for returning the address of a stack variable or a garbage
...
value into their own respective subclasses of Checker (and put them in .cpp files where their
implementation details are hidden from GRExprEngine).
llvm-svn: 86215
2009-11-06 02:24:13 +00:00
2980b975ee
Minor cleanup: use BuiltinBug (which will soon be renamed) for DeferenceChecker and friends so that they always report the same bug type.
...
llvm-svn: 86208
2009-11-06 00:44:32 +00:00
c92ff053e9
Tweak wording and classifications of analyzer diagnostics.
...
llvm-svn: 86127
2009-11-05 08:30:12 +00:00
209e31b883
Modify GRExprEngine::EvalBind() to take both a "store expression" and
...
an "assign expression", representing the expressions where the value
binding occurs and the assignment takes place respectively. These are
largely syntactic clues for better error reporting.
llvm-svn: 86084
2009-11-05 00:42:23 +00:00
0300bbcf80
Update CMake.
...
llvm-svn: 86015
2009-11-04 06:39:40 +00:00
9346a56793
Add FIXME.
...
llvm-svn: 86004
2009-11-04 04:24:44 +00:00
ef910047b2
Catch uses of undefined values when they are used in assignment, thus catching such bugs closer to the source.
...
llvm-svn: 86003
2009-11-04 04:24:16 +00:00
259d46407a
Merge ZeroSizedVLAChecker and UndefSizedVLAChecker.
...
llvm-svn: 85996
2009-11-04 01:43:07 +00:00
b006b82daf
Refactor StoreManager::BindDecl() to take a VarRegion* instead of a VarDecl*, and modify GRExprEngine::EvalBind() to handle decl initialization as well. This paves the way for adding "checker" visitation in EvalBind().
...
llvm-svn: 85983
2009-11-04 00:09:15 +00:00
0fbbb0877d
Change GRTransferFuncs::RegisterChecks() to take a GRExprEngine& instead of a BugReporter&. This paves the way for pulling some of the retain/release checker into a "Checker" class.
...
llvm-svn: 85971
2009-11-03 23:30:34 +00:00
8d43a6ac3d
Merge NullDerefChecker.[h,cpp] and UndefDerefChecker.[h,cpp]. They are essentially two parts of the same check.
...
llvm-svn: 85911
2009-11-03 18:41:06 +00:00
8a712c7866
Update CMakeLists.
...
llvm-svn: 85898
2009-11-03 13:37:33 +00:00
27fee83ec4
Pull VLA size checker into its own files.
...
Split it to two checkers, one for undefined size,
the other for zero size, so that we don't need to query the size
when emitting the bug report.
llvm-svn: 85895
2009-11-03 12:13:38 +00:00
18c7ceee16
Implement: <rdar://problem/6250216> Warn against using -[NSAutoreleasePool release] in GC mode
...
llvm-svn: 85887
2009-11-03 08:03:59 +00:00
924316d7d7
Move 'static inline' functions GetNullarySelector() and GetUnarySelector() from CFRefCount.cpp to ASTContext.h. These functions are likely to be generally useful.
...
llvm-svn: 85886
2009-11-03 08:00:42 +00:00
9b9d731a8b
Pull AttrNonNullChecker into its own files.
...
llvm-svn: 85883
2009-11-03 07:35:33 +00:00
b42929d773
Update CMake file.
...
llvm-svn: 85879
2009-11-03 07:14:39 +00:00
df8016aabb
Rename NSErrorCheck to NSErrorChecker.
...
llvm-svn: 85877
2009-11-03 06:59:59 +00:00
3684c65ded
Update CMake file.
...
llvm-svn: 85876
2009-11-03 06:46:41 +00:00
ab162e1873
Pull UndefinedArgChecker into its own files.
...
llvm-svn: 85875
2009-11-03 06:46:03 +00:00
0deca3486e
Pull BadCallChecker into its own files.
...
llvm-svn: 85868
2009-11-03 05:48:04 +00:00
43edaa8432
retain/release checker: CGBitmapContextCreateWithData() returns an owned object.
...
llvm-svn: 85867
2009-11-03 05:39:12 +00:00
d1b67db2e8
retain/release checker: Add special handling of CGBitmapContextCreateWithData().
...
Fixes: <rdar://problem/7358899>
llvm-svn: 85864
2009-11-03 05:34:07 +00:00
fac290d359
Remove GRExprEngine::CheckerVisitLocation(). It was only called in one place, so we inlined it in to GRExprEngine::EvalLocation().
...
llvm-svn: 85838
2009-11-02 23:19:29 +00:00
6b289a9cf6
Update CMake file.
...
llvm-svn: 85652
2009-10-31 12:15:23 +00:00
b1c24724dd
Move CheckDivZero into its own files.
...
llvm-svn: 85651
2009-10-31 10:02:37 +00:00
358ced08d0
Move UndefDerefChecker into its own file.
...
llvm-svn: 85645
2009-10-31 08:44:33 +00:00
5f5c954329
fix 80-col.
...
llvm-svn: 85642
2009-10-31 03:36:08 +00:00
5c2040b182
Tighten computation of ExprVal using ?: expression. No functionality change.
...
llvm-svn: 85618
2009-10-30 22:01:29 +00:00
6f2a705a24
Make checkers run in deterministic order.
...
llvm-svn: 85597
2009-10-30 17:47:32 +00:00
89f5c189db
Move NullDerefChecker.h instead a 'Checkers' subdirectory.
...
llvm-svn: 85596
2009-10-30 17:28:40 +00:00
f613e89617
Move all logic for the null dereference checker from GRExprEngineInternalChecks.cpp to a separate .cpp file.
...
llvm-svn: 85595
2009-10-30 17:24:47 +00:00
b9eda67380
Fix PR5316: make assignment expressions can be visited as lvalue. Then we
...
can get the correct base lvalue.
Revert r85578.
llvm-svn: 85579
2009-10-30 07:19:39 +00:00
e96a30a531
Handle loading of field values from LazyCompoundVals in GRExprEngine::VisitMemberExpr().
...
This fixes the crash reported in PR 5316.
llvm-svn: 85578
2009-10-30 05:48:30 +00:00
aa4121d062
Add an assertion to ensure NullDerefChecker exists.
...
llvm-svn: 85497
2009-10-29 05:56:54 +00:00
1dbdbcc04c
Fix accidental use of CheckSVal instead of CheckLocation, and add a
...
small test case to show we handle dereferences of undefined values.
llvm-svn: 85492
2009-10-29 05:33:39 +00:00
1f0a56e4c9
Fix an insidious bug in RegionStore::RemoveDeadBindings() pointed out
...
by Zhongxing Xu. RemoveDeadBindings() would falsely prune
SymbolicRegions from the store that wrapped derived symbols whose
liveness could only be determined after scanning the store.
llvm-svn: 85484
2009-10-29 05:14:17 +00:00
6b8bfb376b
Move NullDeref and UndefDeref into their own checker.
...
Add a CheckLocation() interface to Checker.
Now ImplicitNullDeref nodes are cached in NullDerefChecker.
More cleanups follow.
llvm-svn: 85471
2009-10-29 02:09:30 +00:00
f7b87cb529
[llvm up]
...
Switch a few ugly switch-on-string-literal constructs to use the new
llvm::StringSwitch.
llvm-svn: 85461
2009-10-29 00:41:01 +00:00
1c9401ec15
Unused ivars checker: also check methods in categories that are defined in the same translation unit. Fixes <rdar://problem/6260004>.
...
llvm-svn: 85442
2009-10-28 22:18:22 +00:00
faba9fe5e4
Pull ivar scanning logic into another utility function. This refactoring will enable scanning
...
categories as well (WIP). No functionality change yet.
llvm-svn: 85423
2009-10-28 20:37:47 +00:00
Ted Kremenek