1cbaacc4a0
Migrate some stuff from NamedDecl::getName() to
...
NamedDecl::getNameAsString() to make it more explicit.
llvm-svn: 59937
2008-11-24 04:00:27 +00:00
e4b95698df
Rename Selector::getName() to Selector::getAsString(), and add
...
a new NamedDecl::getAsString() method.
Change uses of Selector::getName() to just pass in a Selector
where possible (e.g. to diagnostics) instead of going through
an std::string.
This also adds new formatters for objcinstance and objcclass
as described in the dox.
llvm-svn: 59933
2008-11-24 03:33:13 +00:00
8361d4c51b
Add a comment about the signedness.
...
llvm-svn: 59932
2008-11-24 02:30:48 +00:00
a61731dd0d
Add getSize() support for StringRegion.
...
llvm-svn: 59930
2008-11-24 02:18:56 +00:00
aa86cff14c
Add out-of-bound memory access warning report code.
...
llvm-svn: 59903
2008-11-23 05:52:28 +00:00
cdf25053ee
Clean up code by using utility methods.
...
llvm-svn: 59899
2008-11-23 04:30:35 +00:00
bd414e34c2
remove a dead enum
...
llvm-svn: 59879
2008-11-22 20:47:38 +00:00
8a1810f06b
New AST node to access "implicit" setter/getter using property dor syntax.
...
Issuing diagnostics when assigning to read-only properties.
This is work in progress.
llvm-svn: 59874
2008-11-22 18:39:36 +00:00
4c8bf0086a
Remove debug code.
...
llvm-svn: 59870
2008-11-22 13:23:00 +00:00
4d45b34a8a
Initial support for checking out of bound memory access. Only support
...
ConcreteInt index for now.
llvm-svn: 59869
2008-11-22 13:21:46 +00:00
0b63f96ab5
- Clean up transfer function logic for 'return' statements.
...
- Add check for returning an undefined value to a caller.
llvm-svn: 59764
2008-11-21 00:27:44 +00:00
e5816f213d
Add support for symbolicating global structs and arrays in RegionStoreManager::getInitialStore().
...
llvm-svn: 59619
2008-11-19 11:06:24 +00:00
b8e54884c8
Add SymbolData for array elements and struct fields.
...
llvm-svn: 59618
2008-11-19 11:03:17 +00:00
23be067407
rewrite FormatDiagnostic to be less gross and a lot more efficient.
...
This also makes it illegal to have bare '%'s in diagnostics. If you
want a % in a diagnostic, use %%.
llvm-svn: 59596
2008-11-19 06:51:40 +00:00
c0145fd0bf
Fix warning about RegionStoreManager::Retrieve() not always returning a value.
...
llvm-svn: 59571
2008-11-19 00:27:37 +00:00
f87a7abcd4
handle the case that the array element is of structure type when bind the whole array to a single value (for example, UnknownVal, UndefinedVal).
...
llvm-svn: 59521
2008-11-18 13:11:04 +00:00
8488c8297c
This reworks some of the Diagnostic interfaces a bit to change how diagnostics
...
are formed. In particular, a diagnostic with all its strings and ranges is now
packaged up and sent to DiagnosticClients as a DiagnosticInfo instead of as a
ton of random stuff. This has the benefit of simplifying the interface, making
it more extensible, and allowing us to do more checking for things like access
past the end of the various arrays passed in.
In addition to introducing DiagnosticInfo, this also substantially changes how
Diagnostic::Report works. Instead of being passed in all of the info required
to issue a diagnostic, Report now takes only the required info (a location and
ID) and returns a fresh DiagnosticInfo *by value*. The caller is then free to
stuff strings and ranges into the DiagnosticInfo with the << operator. When
the dtor runs on the DiagnosticInfo object (which should happen at the end of
the statement), the diagnostic is actually emitted with all of the accumulated
information. This is a somewhat tricky dance, but it means that the
accumulated DiagnosticInfo is allowed to keep pointers to other expression
temporaries without those pointers getting invalidated.
This is just the minimal change to get this stuff working, but this will allow
us to eliminate the zillions of variant "Diag" methods scattered throughout
(e.g.) sema. For example, instead of calling:
Diag(BuiltinLoc, diag::err_overload_no_match, typeNames,
SourceRange(BuiltinLoc, RParenLoc));
We will soon be able to just do:
Diag(BuiltinLoc, diag::err_overload_no_match)
<< typeNames << SourceRange(BuiltinLoc, RParenLoc));
This scales better to support arbitrary types being passed in (not just
strings) in a type-safe way. Go operator overloading?!
llvm-svn: 59502
2008-11-18 07:04:44 +00:00
3de58149bd
eliminate dependence of strange "Diagnostic::Report" method,
...
delete huge trailing whitespace to fit in 80 cols.
llvm-svn: 59497
2008-11-18 06:07:40 +00:00
16ba91396a
Change the diagnostics interface to take an array of pointers to
...
strings instead of array of strings. This reduces string copying
in some not-very-important cases, but paves the way for future
improvements.
llvm-svn: 59494
2008-11-18 04:56:44 +00:00
53f5d4c1b5
cleanups and simplifications.
...
llvm-svn: 59491
2008-11-18 04:44:58 +00:00
c775712192
Fold assertion into second valid else branch. This removes a compiler warning
...
where the control reaches the end of a non-void function and also allows the
compiler to generate better code. When this assertion is false we can easily
add more else cases.
llvm-svn: 59468
2008-11-17 22:55:12 +00:00
99a96d6ef3
Enhance modularization: return a <state,loc> pair to let GRExprEngine modify the
...
environment.
llvm-svn: 59407
2008-11-16 07:06:26 +00:00
ceca80619f
Enhances SCA to process untyped region to typed region conversion.
...
- RegionView and RegionViewMap is introduced to assist back-mapping from
super region to subregions.
- GDM is used to carry RegionView information.
- AnonTypedRegion is added to represent a typed region introduced by pointer
casting. Later AnonTypedRegion can be used in other similar cases, e.g.,
malloc()'ed region.
- The specific conversion is delegated to store manager.
llvm-svn: 59382
2008-11-16 04:07:26 +00:00
461b4f4276
Use the allocator of ExplodedGraph. The whole static analysis module uses it.
...
llvm-svn: 59359
2008-11-15 08:19:58 +00:00
6a276cf5b7
Improve zero value generation.
...
llvm-svn: 59356
2008-11-15 05:18:50 +00:00
1b2dace792
Reduce permissiveness of assertion.
...
llvm-svn: 59354
2008-11-15 05:00:27 +00:00
4413714946
Reverted part of r59335: http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20081110/009243.html
...
In that patch I added a bogus type promotion for unary '!'.
The real bug was more fallout from edges cases with compound assignments and conjured symbolic values. Now the conjured value has the type of the LHS expression, and we do a promotion to the computation type. We also now correctly do a conversion from the computation type back to the LHS type.
llvm-svn: 59349
2008-11-15 04:01:56 +00:00
ac172fc574
Re-enable an assertion that I mistakenly removed.
...
llvm-svn: 59348
2008-11-15 02:35:08 +00:00
519a223056
Use the correct QualType when creating the '0' constant.
...
llvm-svn: 59343
2008-11-15 00:40:08 +00:00
1ca3346b19
Implement FIXME in GRExprEngine::VisitUnaryOperator() to handle implicit conversions caused by the '!' operator. This required adding some logic to GRSimpleVals to reason about nonloc::LocAsInteger SVals. This code appears to work fine, but it should eventually be cleaned up.
...
llvm-svn: 59335
2008-11-15 00:20:05 +00:00
7eee049eea
Flush llvm::errs() when printing out SVals.
...
llvm-svn: 59334
2008-11-15 00:16:53 +00:00
fc419a035f
Minor tweaks to liveness analysis:
...
- Block-expression for 'ObjCForCollectionStmt' is not alive before it occurs
- Recursively visit 'element' expression for ObjCForCollectionStmt to get liveness for referenced block-level expressions and variables.
llvm-svn: 59316
2008-11-14 21:07:14 +00:00
537f6387a2
Second attempt at implementation transfer function support for ObjCForCollectionStmt. We now assume that the 'element' expression can be any lvalue.
...
llvm-svn: 59313
2008-11-14 19:47:18 +00:00
8959a1a69a
Flow-sensitive uninitialized values analysis: properly handle the 'element' expression of ObjCForCollectionStmt (can be anything).
...
llvm-svn: 59312
2008-11-14 18:21:25 +00:00
993603d80d
Add a new expression node, CXXOperatorCallExpr, which expresses a
...
function call created in response to the use of operator syntax that
resolves to an overloaded operator in C++, e.g., "str1 +
str2" that resolves to std::operator+(str1, str2)". We now build a
CXXOperatorCallExpr in C++ when we pick an overloaded operator. (But
only for binary operators, where we actually implement overloading)
I decided *not* to refactor the current CallExpr to make it abstract
(with FunctionCallExpr and CXXOperatorCallExpr as derived
classes). Doing so would allow us to make CXXOperatorCallExpr a little
bit smaller, at the cost of making the argument and callee accessors
virtual. We won't know if this is going to be a win until we can parse
lots of C++ code to determine how much memory we'll save by making
this change vs. the performance penalty due to the extra virtual
calls.
llvm-svn: 59306
2008-11-14 16:09:21 +00:00
c967d03528
Improve comments.
...
llvm-svn: 59294
2008-11-14 09:23:38 +00:00
99d4ff3c7a
Handle the case where 'element' in ObjCforCollectionstmt is not a DeclStmt or DeclRefExpr.
...
llvm-svn: 59290
2008-11-14 01:58:12 +00:00
a9d3e6c087
Rename header file.
...
Update include files.
llvm-svn: 59284
2008-11-14 01:14:18 +00:00
7d5389e4b3
- Revert r59229 and r59232: AllocRegion should be immutable.
...
- Temporarily disabled test Analysis/array-struct.c for region store.
llvm-svn: 59245
2008-11-13 15:42:31 +00:00
d4e72fca45
Process array base expression of any type.
...
llvm-svn: 59240
2008-11-13 09:48:44 +00:00
189a30796a
Array index might be unsigned. We have to generate a temporary signed value for
...
it to be evaluated by APSInt::operators.
llvm-svn: 59238
2008-11-13 09:15:14 +00:00
29188c2948
Incomplete struct pointer can be used as a function argument.
...
llvm-svn: 59235
2008-11-13 08:41:36 +00:00
0dbeeaa886
Lift the pointer to alloca'ed region to the pointer to its first element.
...
This is required by some operations, e.g., *p = 1; p[0] = 1;.
Also set the AllocaRegion's type during the cast.
llvm-svn: 59232
2008-11-13 07:58:20 +00:00
a70987eb82
Change AllocaRegion to subclass TypedRegion. We need to know ElementRegion's
...
type when assigning to it.
llvm-svn: 59229
2008-11-13 07:30:58 +00:00
16866d6fd8
GRExprEngine/CFRefCount/GRSimpleVals: We don't do any special handling (yet) of vector types. Add explicit checks that when we process integers that they really are scalars.
...
llvm-svn: 59225
2008-11-13 06:10:40 +00:00
75db6d7529
Fix uninitialized variable.
...
llvm-svn: 59222
2008-11-13 05:26:15 +00:00
45698bf05f
GRExprEngine::VisitInitListExpr:
...
- Don't crash on vector types.
- Handle typedefs.
llvm-svn: 59220
2008-11-13 05:05:34 +00:00
65dd30fdea
Update CFGStmtVisitor to recognize that ObjCForCollectionStmts are special block-level "expressions".
...
llvm-svn: 59176
2008-11-12 21:58:46 +00:00
df31792a66
Shore up transfer function for ObjCForCollectionStmt.
...
llvm-svn: 59162
2008-11-12 21:12:46 +00:00
97450fe0a1
Use Stmt* instead of Expr* for block-level expression.
...
llvm-svn: 59161
2008-11-12 21:12:18 +00:00
1781080c34
Add (preliminary) transfer function support for ObjCForCollectionStmt. Still need to flesh out some logic.
...
When processing DeclStmt, use the new interface to StateManager::BindDecl. Conjuring of symbols is now done in VisitDeclStmt.
llvm-svn: 59155
2008-11-12 19:24:17 +00:00
9999d72fe2
Conjured symbols now bind to Stmt* instead of Expr*.
...
llvm-svn: 59154
2008-11-12 19:22:47 +00:00
60d46414f4
Update method names involving GRStateRef. No functionality change.
...
llvm-svn: 59153
2008-11-12 19:22:09 +00:00
b94d72a0e3
GRStateRef:
...
- Rename SetSVal to BindLoc
- Add BindDecl
- Add BindExpr
GRState:
- Environment now binds to Stmt* instead of Expr*. This is needed for processing ObjCForCollectionStmt (essentially the declaration of the the 'element' variable can have an SVal attached to it).
- BindDecl no longer accepts Expr* for the initialization value; use SVal* instead.
llvm-svn: 59152
2008-11-12 19:21:30 +00:00
cd639218e4
StoreManager::BindDecl now takes an SVal* for the initialization value instead of an Expr* (which can be null). Lazy symbolication of conjured symbols is now the sole responsibility of GRExprEngine.
...
llvm-svn: 59151
2008-11-12 19:18:35 +00:00
7a18858bcf
Flow-sensitive uninitialized values analysis:
...
- Added support for ObjCForCollectionStmt
- Fixed bug where expression values would be always set to uninitialized when loops were involved
llvm-svn: 59076
2008-11-11 19:41:42 +00:00
3b4e1d5cc6
Accesses to a collection within a fast enumeration 'for' statement constitute a 'use'.
...
llvm-svn: 59075
2008-11-11 19:40:47 +00:00
6f28289aca
Introduce a single AST node SizeOfAlignOfExpr for all sizeof and alignof expressions, both of values and types.
...
llvm-svn: 59057
2008-11-11 17:56:53 +00:00
fbd2f4006b
Add transfer function support for ObjCForCollectionStmt to LiveVariables.
...
llvm-svn: 59053
2008-11-11 17:42:10 +00:00
deb7cac332
Fix StringLiteral print bug.
...
llvm-svn: 59015
2008-11-11 01:36:32 +00:00
bba5c7c629
Add pretty printing to StringRegion.
...
llvm-svn: 58985
2008-11-10 13:05:26 +00:00
18d6fd45de
Implement RegionStoreManager::RemoveDeadBindings(). This prunes several false warning caused by removal of symbolic constraints. Currently we just mark all symbols live. Further optimization for dead binding removal needed.
...
llvm-svn: 58982
2008-11-10 09:39:04 +00:00
1c31dbe417
Print integer value instead of raw pointer. This is a hack to be fixed by migrating the output in analyzer to llvm::raw_ostream.
...
llvm-svn: 58965
2008-11-10 05:00:06 +00:00
231f7bbdbe
silence a warning from gcc.
...
llvm-svn: 58956
2008-11-10 03:00:37 +00:00
3d43015bc7
Add a boilerplate for out-of-bound array checking. This has no real function currently.
...
llvm-svn: 58886
2008-11-08 03:45:42 +00:00
2c677c34d5
Finish the implementation of VisitCompoundLiteralExpr. As VisitInitListExpr is
...
available, things get much simplified.
One addition is that CompoundLiteralExpr can appear both in rvalue and lvalue
context.
llvm-svn: 58837
2008-11-07 10:38:33 +00:00
e79a4e667b
Make the assertion real.
...
llvm-svn: 58833
2008-11-07 08:57:30 +00:00
ab4782510b
Fix regression with handling of CFMakeCollectable.
...
llvm-svn: 58771
2008-11-05 22:17:20 +00:00
2855a93f07
initXXX methods can return owned objects
...
llvm-svn: 58758
2008-11-05 16:54:44 +00:00
8ea1f53420
Add a new expression class, ObjCSuperExpr, to handle the Objective-C 'super'. Remove ObjCThis from PredefinedExpr
...
llvm-svn: 58698
2008-11-04 14:56:14 +00:00
24b1d9f57e
Handle prefix '_' that may appear in front of the name of 'Release' functions
...
llvm-svn: 58666
2008-11-04 00:36:12 +00:00
c8c71979a6
Add some notes for SCA.
...
llvm-svn: 58597
2008-11-03 06:04:23 +00:00
8ea09cc542
Fix 80-col violations.
...
llvm-svn: 58596
2008-11-03 05:18:34 +00:00
2d330ef8fa
- Remove AnonTypedRegion, which is not to be used.
...
- Prepare AnonPointeeRegioin for later use.
llvm-svn: 58595
2008-11-03 04:12:24 +00:00
2e8e604704
1. When a pointer to struct is used as an argument, GRSimpleVals::EvalCall()
...
sets the whole struct to Unknown. Then we cannot assume the V passed to
BindStruct() is always a CompoundVal. When it is an UnknownVal, we call
BindStructToVal(UnknownVal).
2. Change the signature of InitializeStructToUndefined() to BindStructToVal()
to reuse the code.
llvm-svn: 58564
2008-11-02 12:13:30 +00:00
b9b794d60b
Enhance return-of-stack-address checker to recognize regions created by alloca().
...
llvm-svn: 58553
2008-11-02 00:35:25 +00:00
9bf363979d
Add transfer function logic for alloca().
...
llvm-svn: 58552
2008-11-02 00:35:01 +00:00
16783cfc31
Added AllocaRegion, which represents regions created by calls to alloca().
...
llvm-svn: 58551
2008-11-02 00:34:33 +00:00
59ae7c0fd5
Comment out invalid assertion. I'm leaving it in the code for now as a reminder to produce a test case.
...
llvm-svn: 58510
2008-10-31 15:33:11 +00:00
73f006e800
Simplify interface. We can get canonical type from the base region directly. No need for an extra type argument.
...
llvm-svn: 58507
2008-10-31 11:02:48 +00:00
b393b5080c
Implement struct initialization for SCA.
...
llvm-svn: 58506
2008-10-31 10:53:01 +00:00
98bb1fa69e
Implement array initialization for SCA.
...
llvm-svn: 58504
2008-10-31 10:24:47 +00:00
d79592448b
Made the mechanism of defining preprocessor defs for maxint, ptrdiff_t, wchar
...
etc more generic. For some targets, long may not be equal to pointer size. For
example: PIC16 has int as i16, ptr as i16 but long as i32.
Also fixed a few build warnings in assert() functions in CFRefCount.cpp,
CGDecl.cpp, SemaDeclCXX.cpp and ParseDeclCXX.cpp.
llvm-svn: 58501
2008-10-31 09:52:39 +00:00
ce71638c0d
Implement BindStruct and fix a bug in RetriveStruct.
...
llvm-svn: 58496
2008-10-31 08:10:01 +00:00
4de1c851d3
Fix 80-col violations.
...
llvm-svn: 58495
2008-10-31 07:26:14 +00:00
6c0d588942
Implement load from struct region. Instead of returning an UnknownVal(), we create a CompoundVal by loading from each field of the struct.
...
llvm-svn: 58494
2008-10-31 07:16:08 +00:00
2caf586d2f
Add a tentative assertion.
...
llvm-svn: 58492
2008-10-31 06:05:32 +00:00
121a53a176
Fix a comment.
...
llvm-svn: 58487
2008-10-31 03:01:26 +00:00
289c37ad8d
Use llvm::raw_string_ostream instead of std::ostringstream.
...
llvm-svn: 58479
2008-10-31 00:18:30 +00:00
83214f9f9a
Enhance path-sensitive return-of-stack-address check to print out the line number of a compound literal (whose address is being returned) instead of printing out the hex representation of the pointer address of the CompoundLiteralExpr.
...
llvm-svn: 58478
2008-10-31 00:13:20 +00:00
4c276c736c
Extend "followsFundamentalRule" to ignore prefix '_' characters.
...
llvm-svn: 58469
2008-10-30 23:14:58 +00:00
828e6dff9b
Handle the case in VisitInitListExprs where there are no initializers in the compound literal.
...
llvm-svn: 58468
2008-10-30 23:14:36 +00:00
6955463c24
Distinguish between self.X = ... where self.X is a property reference and self.X is an implicit call to setX.
...
llvm-svn: 58462
2008-10-30 22:28:48 +00:00
0f0adc97c5
Use the correct predecessor node.
...
llvm-svn: 58446
2008-10-30 18:37:08 +00:00
e40b698953
Pretty-printing for SVals now mainly uses llvm::raw_ostream. We have an adapter for std::ostream, but this will be removed in the future.
...
llvm-svn: 58445
2008-10-30 18:35:10 +00:00
28f41ba829
Add missing return statement.
...
llvm-svn: 58444
2008-10-30 18:34:31 +00:00
cbdce2e53a
Added iterators to nonloc::CompoundSVal.
...
Added pretty-printing for nonloc::CompoundSVal.
llvm-svn: 58442
2008-10-30 18:01:28 +00:00
0e19c03382
80 col violation.
...
llvm-svn: 58441
2008-10-30 17:53:23 +00:00
f68bf63611
Use a worklist in GRExprEngine::VisitInitListExpr to process subexpressions.
...
llvm-svn: 58440
2008-10-30 17:47:32 +00:00
ec9a252a9b
CompoundVal now uses an ImmutableList<SVal> to store its set of SVals. This change was motivated by the need to allow state-splitting in GRExprEngine::VisitInitListExpr. As a side-benefit, we no longer need to perform any copies of SVals when creating a CompoundSVal, and the profiling of CompoundSVal is now constant time.
...
llvm-svn: 58437
2008-10-30 17:44:46 +00:00
689ec0eb32
Patch by Nikita Zhuk:
...
Fix PR 2978 false positive for missing release in -dealloc of an ivar retained via a property and then released by assigning nil to that property:
http://llvm.org/bugs/show_bug.cgi?id=2978
llvm-svn: 58431
2008-10-30 15:13:43 +00:00
610634fe39
Merge the array and struct case. They are essentially the same.
...
llvm-svn: 58422
2008-10-30 05:35:59 +00:00
a15cfd4db9
Rename:
...
- SetSVal(GRState*, Loc, SVal) => BindLoc
- SetSVal(GRState*, Expr*, SVal) => BindExpr
llvm-svn: 58421
2008-10-30 05:33:54 +00:00
b281cdda87
Implement VisitInitListExpr(). InitListExpr will have a nonloc::CompoundVal value.
...
llvm-svn: 58419
2008-10-30 05:02:23 +00:00
ef5f25a05f
Add CompoundVal and CompoundValData for representing the value of InitListExpr.
...
llvm-svn: 58418
2008-10-30 04:58:00 +00:00
51ac923ca3
Fix 80-col.
...
llvm-svn: 58417
2008-10-30 04:53:23 +00:00
204ae1f0d9
Mark yy_fatal_error as a panic function.
...
llvm-svn: 58410
2008-10-30 00:00:57 +00:00
9c15820ea6
Add notes for SCA.
...
llvm-svn: 58373
2008-10-29 07:05:10 +00:00
3f04949b2a
Patch by Nikita Zhuk:
...
The attached patch adds additional checks to -warn-objc-missing-dealloc. It checks that all ivars which are used in implementation of synthesized properties are either
a) released in dealloc if the property has retain" or "copy" attribute OR
b) not released in dealloc if the property has "assign" attribute
llvm-svn: 58363
2008-10-29 04:30:28 +00:00
3700b762ff
IOServiceGetMatchingServices is a release function.
...
llvm-svn: 58362
2008-10-29 04:07:07 +00:00
628ae879ea
Rename: AddDecl => BindDecl
...
BindDecl better describes what the function does:
- Bind the VarDecl to its memory region
- Bind the memory region to some initial value.
llvm-svn: 58359
2008-10-29 02:34:02 +00:00
f19b2319c9
Rename ExplicitCCastExpr to CStyleCastExpr
...
llvm-svn: 58331
2008-10-28 15:36:24 +00:00
c3c104ec9c
Add newline.
...
llvm-svn: 58322
2008-10-28 09:32:08 +00:00
c94dce9f95
Update random notes.
...
llvm-svn: 58321
2008-10-28 09:09:48 +00:00
6b75484ba6
Improve our handling of (C++) references within Clang. Specifically:
...
- Do not allow expressions to ever have reference type
- Extend Expr::isLvalue to handle more cases where having written a
reference into the source implies that the expression is an lvalue
(e.g., function calls, C++ casts).
- Make GRExprEngine::VisitCall treat the call arguments as lvalues when
they are being bound to a reference parameter.
llvm-svn: 58306
2008-10-28 00:22:11 +00:00
1a658a991e
- Fix type-punning warning in SVals.cpp by using a real iterator class for symbol_iterator.
...
- Add symbol_iterator support for SymbolicRegions.
llvm-svn: 58300
2008-10-27 23:39:39 +00:00
54d399ac5d
Remove type-punning warning in GRExprEngine. No functionality change.
...
llvm-svn: 58292
2008-10-27 23:02:39 +00:00
bf26368255
Added preliminary support for CompoundLiterals in the static analyzer:
...
- GRExprEngine::VisitCompoundLiteral...
(1) visits the initializer list (generating ExplodedNodes)
(2) creates a CompoundMemRegion for the literal
(3) creates a new state with the bound literal values using
GRStateManager::BindCompoundLiteral
- GRStateManager::BindCompoundLiteral simply calls
StoreManager::BindCompoundLiteral to get a new store and returns a persistent
GRState with that store.
- BasicStore::BindCompoundLiteral simply returns the same store, as it
doesn't handle field sensitivity
- RegionStore::BindCompoundLiteral currently fires an assert (pending discussion
of how to best implement mappings for CompoundLiteralRegion).
llvm-svn: 58277
2008-10-27 21:54:31 +00:00
eaf5e24cbb
Pull determination of the super region for a VarRegion into a single getVarRegion() method. This provides a common clean API for clients.
...
llvm-svn: 58272
2008-10-27 21:01:26 +00:00
bc48caf383
Added CompoundLiteralRegion to represent the (temporary) memory allocated for a compound literal.
...
llvm-svn: 58270
2008-10-27 20:57:58 +00:00
e200adc503
Refactor the expression class hierarchy for casts. Most importantly:
...
- CastExpr is the root of all casts
- ImplicitCastExpr is (still) used for all explicit casts
- ExplicitCastExpr is now the root of all *explicit* casts
- ExplicitCCastExpr (new name needed!?) is a C-style cast in C or C++
- CXXFunctionalCastExpr inherits from ExplicitCastExpr
- CXXNamedCastExpr inherits from ExplicitCastExpr and is the root of all
of the C++ named cast expression types (static_cast, dynamic_cast, etc.)
- Added classes CXXStaticCastExpr, CXXDynamicCastExpr,
CXXReinterpretCastExpr, and CXXConstCastExpr to
Also, fixed returned-stack-addr.cpp, which broke once when we fixed
reinterpret_cast to diagnose double->int* conversions and again when
we eliminated implicit conversions to reference types. The fix is in
both testcase and SemaChecking.cpp.
Most of this patch is simply support for the renaming. There's very
little actual change in semantics.
llvm-svn: 58264
2008-10-27 19:41:14 +00:00
144d7554c4
Use ASTContext::getCanonicalType() to get TypedRegion's type.
...
llvm-svn: 58247
2008-10-27 13:35:03 +00:00
7b700575dd
An ElementRegion is really a typed region. Its super region's type has to be ArrayType.
...
llvm-svn: 58245
2008-10-27 13:17:02 +00:00
36d4ade4be
We cannot get precise lvalue for symbolic base array region.
...
llvm-svn: 58243
2008-10-27 12:23:17 +00:00
bb18b57f53
Get the canonical type for struct initialization. The original code would crash on TypedefType.
...
llvm-svn: 58236
2008-10-27 09:24:07 +00:00
d7c44059d4
Only loc::MemRegionVal can be modified. This avoids crashing in RegionStore when a function pointer is used as an argument.
...
llvm-svn: 58233
2008-10-27 09:00:08 +00:00
60de6c6c63
Remove loc::StringLiteralVal. Now we allocate regions for string literals in the Store.
...
llvm-svn: 58182
2008-10-26 02:27:21 +00:00
bf47dc85fe
Simplify ArrayToPointer conversion. Actually the only thing we need to do is to get the first element region. It is not necessary to care about the kind of the base array region.
...
llvm-svn: 58181
2008-10-26 02:23:57 +00:00
07d9f9a6ec
CMake: Builds and installs clang binary and libs (no docs yet). It
...
must be under the `tools' subdirectory of the LLVM *source* tree.
llvm-svn: 58180
2008-10-26 00:56:18 +00:00
e69a1fa342
Do not crash when performing VisitLValue on union types.
...
This fixes PR 2948.
llvm-svn: 58148
2008-10-25 20:09:21 +00:00
195839dd53
Add a note file for SCA module. Is it the right place?
...
llvm-svn: 58140
2008-10-25 14:56:36 +00:00
0d2706f6b8
Add code for get the lvalue for string literals. Now we return a StringRegion
...
for StringLiteral lvalue evaluation, instead of directly returning a
loc::StringLiteralVal by the Environment.
llvm-svn: 58138
2008-10-25 14:18:57 +00:00
d1aac353e5
Add StringRegion to MemRegions.
...
llvm-svn: 58137
2008-10-25 14:13:41 +00:00
ad20b671fc
Now we can handle arrays.
...
llvm-svn: 58135
2008-10-25 10:26:46 +00:00
920406b5ca
Use "followsFundamentalRule" to determine if an instance method allocates memory.
...
llvm-svn: 58114
2008-10-24 21:22:44 +00:00
01acb6284e
followsFundamentalRule() returns true if "alloc" or "new" appear at the beginning of the string, not anywhere within it.
...
llvm-svn: 58112
2008-10-24 21:18:08 +00:00
6e09d8f632
Implicit conversions from arrays can also be conversions to references (will add a test case shortly).
...
llvm-svn: 58110
2008-10-24 21:10:49 +00:00
03466c2273
Issue warnings about owned objects returned from a method that does not match the established Cocoa naming conventions.
...
llvm-svn: 58108
2008-10-24 20:32:50 +00:00
f3be44f191
Added method "getSelfRegion" to Store. This method returns the region associated with the "this" or "self" object (C++ and Objective-C respectively).
...
llvm-svn: 58107
2008-10-24 20:32:16 +00:00
8921d930d4
Added region ObjCObjectRegion that represents an instance of an Objective-C object.
...
llvm-svn: 58106
2008-10-24 20:30:08 +00:00
e834fc1249
The Decl of an array region can be VarDecl or FieldDecl. Handle this in RegionStoreManager::ArrayToPointer().
...
llvm-svn: 58086
2008-10-24 09:06:51 +00:00
729518be3a
Implement struct initialization. Make it into a recursive function. Also make
...
the array initialization code into a function.
llvm-svn: 58083
2008-10-24 08:42:28 +00:00
a14262862f
Add printing method to ElementRegion.
...
llvm-svn: 58077
2008-10-24 06:30:07 +00:00
1359e00f9c
Add printing method to RegionStoreManager.
...
llvm-svn: 58074
2008-10-24 06:01:33 +00:00
509bd9e30a
Add printing with llvm::raw_ostream methods to SVals.
...
llvm-svn: 58073
2008-10-24 06:00:12 +00:00
c7796d347d
Fix 80-col violation.
...
llvm-svn: 58070
2008-10-24 04:33:15 +00:00
cebb741f68
Add a bunch of dummy methods to make RegionStoreManager non-virtual.
...
llvm-svn: 58061
2008-10-24 01:38:55 +00:00
a8d2cbe47f
Added getLValueElement() to RegionStore. Only handle constant array for now.
...
llvm-svn: 58058
2008-10-24 01:09:32 +00:00
6779f893b9
Make the analyzer store (memory model) a command line option.
...
llvm-svn: 58056
2008-10-24 01:04:59 +00:00
9c4bc9dd33
Add an assertion to make our intention more clear.
...
llvm-svn: 58030
2008-10-23 04:19:25 +00:00
b0a4875b42
Let StoreManager do different cast on arrays. BasicStore will just keep it intact.
...
llvm-svn: 58028
2008-10-23 03:10:39 +00:00
cc3d18877a
Disable warning about potential leaks of returned values until we test it a little more (lots of noise).
...
llvm-svn: 58021
2008-10-23 01:56:15 +00:00
631ff239fc
Warn about potentially leaked objects that are returned from methods whose names do not follow the Cocoa Memory Management guidelines.
...
llvm-svn: 58012
2008-10-22 23:56:21 +00:00
9a96bf22ec
Enhance reference-count checker to correctly identify CG "release" functions. This fixes <rdar://problem/6303488>.
...
llvm-svn: 57997
2008-10-22 20:54:52 +00:00
2fbc35443d
Add a bunch of getLValue* methods to RegionStore.
...
llvm-svn: 57977
2008-10-22 13:44:38 +00:00
c5382eae80
Adjust parameter order to more natural one.
...
llvm-svn: 57964
2008-10-22 09:00:19 +00:00
c272152919
Exprs of function type is another special case for ImplicitCast.
...
llvm-svn: 57963
2008-10-22 08:02:16 +00:00
677fba12a5
When conjuring symbols for compound assignments, use the promoted type to determine if the symbolic value as a "loc::" or "nonloc::" value.
...
llvm-svn: 57917
2008-10-21 19:49:01 +00:00
209ad9dc70
Cosmetic patch from João Paulo Rechi Vita
...
llvm-svn: 57910
2008-10-21 16:14:35 +00:00
5251f1b283
Preliminary support for function overloading
...
llvm-svn: 57909
2008-10-21 16:13:35 +00:00
0747e7e025
Handle [NSAutoreleasePool addObject:] (an alternative way to add objects to the current autorelease pool).
...
Added initial code for tracking stack of autorelease pools.
llvm-svn: 57908
2008-10-21 15:53:15 +00:00
dab76fd822
Localize the special processing of array variable inside
...
GRExprEngine::VisitCast() so that other parts of the analyzer can be ignorant.
When we cast "array of type T" to "pointer to T", we get the loc::MemRegionVal
corresponding to the array variable. This is sufficient for BasicStore, but not
for RegionStore. RegionStore should get the element region for the first array
element in the cast. So next comes to the revamping of transfer functions for
different store model.
llvm-svn: 57897
2008-10-21 06:54:23 +00:00
8f6855e642
Modify Store interface: GetSVal/SetSVal => Retrieve/Bind.
...
llvm-svn: 57896
2008-10-21 06:27:32 +00:00
7ff32d0955
Rename:
...
RValues.h/cpp => SVals.h/cpp
llvm-svn: 57893
2008-10-21 05:41:03 +00:00
83aff7079f
Process decls in RegionStore. Individual elements of fixed size arrays are
...
initialized to UndefinedVal.
llvm-svn: 57892
2008-10-21 05:29:26 +00:00
d8fe46b496
Add ElementRegion to represent memory chunks for array elements.
...
llvm-svn: 57891
2008-10-21 05:27:10 +00:00
c32ec3a0c4
Further improve path-sensitivity with divide-by-zero checking by assuming that a denominator cannot be zero even when the result of an '/' or '%' expression is unknown.
...
llvm-svn: 57855
2008-10-20 23:40:25 +00:00
7f8a87f4a9
Used conjured symbols to recover path-sensitivity when the result of a compound assignment is UnknownVal().
...
llvm-svn: 57851
2008-10-20 23:13:25 +00:00
f8d65a30d6
Add support in GRExprEngine for UnaryOperator::AlignOf. This fixes one crash report in PR 2796.
...
llvm-svn: 57777
2008-10-18 22:20:20 +00:00
850422e5d2
Generalize VisitLValue: not only can CallExprs and ObjCMessageExprs return aggregate temporaries, so can many other expressions.
...
llvm-svn: 57761
2008-10-18 04:15:35 +00:00
8f5dc295ce
Function calls and ObjC message expressions can be used in a lvalue context if they return a structure. E.g foo().x == 1. We don't really support, however, such temporaries yet in the environment or the store.
...
llvm-svn: 57760
2008-10-18 04:08:49 +00:00
e86755e14f
retain/release checker: Check if a tracked value escapes if we also try binding it to the store and the store doesn't support that binding (i.e., it cannot track it). This has the nice feature that the checker will automatically get more powerful if we use a more powerful store model.
...
llvm-svn: 57755
2008-10-18 03:49:51 +00:00
fef1f30ea2
Use "VisitLValue" when processing the base for "x.f" field accesses, and "Visit" when processing the base for "x->f" field accesses.
...
llvm-svn: 57754
2008-10-18 03:28:48 +00:00
db5ae0aa1c
Hack: have BasicStore::getLValueElement return the "Base" lvalue. This restores null dereference checking with array accesses.
...
BasicStore::RemoveDeadBindings: handle regions besides VarRegions (we now have FieldRegions).
llvm-svn: 57741
2008-10-17 22:52:40 +00:00
213873232d
When conjuring symbols to recover path-sensitivity, don't conjure symbols that represent an entire struct. We need to implement struct temporaries as an actual "region", and then bind symbols to the FieldRegion of those temporaries.
...
llvm-svn: 57739
2008-10-17 22:23:12 +00:00
1416a521b5
Enhance "Assumption" logic in BasicConstraintManager when reasoning about regions and symbolic regions. When assuming whether or not a location is non-null, walk up the region hierarchy until we hit a symbolic region (and test it for null). This may not be the end all solution, as the notion of what a "symbolic region" is really belongs in the specific subclass of StoreManager.
...
llvm-svn: 57730
2008-10-17 21:22:20 +00:00
fe15bedff4
Add pretty-printing support for FieldRegions.
...
llvm-svn: 57724
2008-10-17 21:05:44 +00:00
a196618ad0
Fixed an elusive caching bug in ExplodedGraph construction when a PostStmtKind was used instead of a PostStoreKind.
...
llvm-svn: 57719
2008-10-17 20:49:23 +00:00
8b103c65c6
- constify some uses of MemRegion* (MemRegion should be immutable).
...
- Added new region "SymbolicRegion", which maps symbol values to the region domain.
- Enhanced BasicStore::getFieldLValue() to return a FieldRegion (using SymbolicRegion)
- Added some utility methods to GRState for fetch svals from the store.
- Fixed regression in CheckNSError (we weren't getting the value bound to the parameter)
llvm-svn: 57717
2008-10-17 20:28:54 +00:00
5870046c43
"Implement" GRExprEngine::VisitLValue for ObjCPropertyRefExpr. This is only a bandid; we need to properly handle properties by using locv/nonloc objects and specially handling property assignments in the transfer function for BinaryOperator.
...
llvm-svn: 57693
2008-10-17 17:24:14 +00:00
27f174214d
This patch did the following renaming. There should be no functional changes.
...
RVal => SVal
LVal => Loc
NonLVal => NonLoc
lval => loc
nonlval => nonloc
llvm-svn: 57671
2008-10-17 05:57:07 +00:00
252fe5c9f1
Get array's lvalue through standard interface.
...
llvm-svn: 57666
2008-10-17 02:20:14 +00:00
9fe408057a
Return the corresponding MemRegionVal for both rvalue and lvalue of array of
...
type T.
llvm-svn: 57665
2008-10-17 02:14:42 +00:00
4e500455c9
Array and struct variables do have lvalue. For example,
...
struct s {};
void f() {
int a[10];
int (*p)[10];
p = &a;
(*p)[3] =1;
struct s d;
struct s *q;
q = &d;
}
We return the corresponding MemRegionVal for them.
llvm-svn: 57664
2008-10-17 01:51:27 +00:00
357c63ab37
Remove an untrue assertion: lval::FuncVals can be returned in both rvalue and lvalue contexts.
...
llvm-svn: 57659
2008-10-17 00:55:33 +00:00
3ad391d800
Remove lval::FieldOffset, lval::ArrayOffset. These will be replaced with regions.
...
Remove GRExprEngine::getLVal and RValues::MakeVal.
Enhance StoreManager "GetLValue" methods to dispatch for specific kinds of lvalue queries, as opposed to interogating the expression tree (GRExprEngine already does this).
Added FIXMEs. In particular, we no longer "assume" that a base pointer in a field/array access is null (this logic was removed). Perhaps we should do this when fetching the lvalue for fields and array elements?
llvm-svn: 57657
2008-10-17 00:51:01 +00:00
12dd55b23d
Add transfer function support for ObjCIvarRefExpr.
...
llvm-svn: 57654
2008-10-17 00:03:18 +00:00
232c7929a2
This is the first step to build a better evaluation model for GRExprEngine. A
...
new VisitLValue method is added to replace the old VisitLVal. The semantics
model becomes more explicit to separate rvalue evaluation from lvalue
evaluation.
llvm-svn: 57627
2008-10-16 06:09:51 +00:00
bb7818b666
Enhance dead store checker to not flag preincrements to dead variables where the preincrement is a subexpression, e.g. foo(++x); This can cause false negatives, but will remove a whole class of false positives.
...
llvm-svn: 57554
2008-10-15 05:23:41 +00:00
cc06b463f5
Check some cases for previous patch. Make the code more robust.
...
llvm-svn: 57317
2008-10-09 03:19:06 +00:00
d9959aee34
This is the first step to implement a field-sensitive store model. Other things are simplified: no heap shape assumption, no parameter alias assumption, etc.
...
llvm-svn: 57285
2008-10-08 02:50:44 +00:00
de7509f01a
Added a function call case that generates sink nodes.
...
llvm-svn: 57240
2008-10-07 10:06:03 +00:00
f5e7c90c46
Migrate MemRegionManager from StateManager to StoreManager.
...
llvm-svn: 57225
2008-10-07 01:31:04 +00:00
4db44b62ad
Don't use DeclStmt::getDecl(); this will eventually disappear. Just fetch the first decl using the DeclStmt::decl_iterator.
...
llvm-svn: 57194
2008-10-06 18:43:53 +00:00
fae8cb0736
Use DeclStmt::decl_iterator instead of using Decl::getDecl(). Soon DeclStmts will wrap group of Decls.
...
Added FIXME.
llvm-svn: 57189
2008-10-06 18:37:46 +00:00
a4bbcd302e
Fix typos.
...
llvm-svn: 57146
2008-10-06 03:03:33 +00:00
8c9771bdf0
Remove redundant parameter and rename StMgr to StateMgr.
...
llvm-svn: 57107
2008-10-05 12:12:48 +00:00
5ca90a244f
This is a big patch, but the functionality change is small and the rest of the patch consists of deltas due to API changes.
...
This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h. This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses. This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.
The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls. In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal. Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.
There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.
The memory region abstraction also allows type-information to literally be affixed to a memory region. This will allow the some now redundant logic to be removed from the retain/release checker.
llvm-svn: 57042
2008-10-04 05:50:14 +00:00
3aa89a971d
Enhance NSError** checking with analogous checking for CFErrorRef*.
...
Expand checking to include functions, not just methods.
llvm-svn: 56938
2008-10-01 23:24:09 +00:00
8dcd40768e
Use LVal::IsLValType(T) instead of checking to see if the type is an "lvalue" type directly.
...
llvm-svn: 56912
2008-10-01 05:02:13 +00:00
d331d09e2f
Add a QualType to ConjuredSymbol to represent the type and size of the symbol.
...
Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.
llvm-svn: 56894
2008-10-01 00:21:14 +00:00
f1b299952a
Revert last patch, but add a fixme
...
llvm-svn: 56832
2008-09-30 05:35:42 +00:00
76bccf6221
Within the transfer function of UnaryOperatorExpr, handle implicit promotions
...
from the subexpression type to the expression type.
llvm-svn: 56831
2008-09-30 05:32:44 +00:00
21c24f1785
Revert 56735. The old bug categories were more informative.
...
llvm-svn: 56755
2008-09-27 22:02:42 +00:00
16a59fabec
Change "leaks" to have the category "Performance".
...
llvm-svn: 56735
2008-09-27 00:45:27 +00:00
61a625ff70
Move VLA processing logic from LiveVariables to CFG construction. This way all dataflow analyses "see" the VLA size expressions.
...
llvm-svn: 56655
2008-09-26 16:26:36 +00:00
2ece64bbc4
Examine VLA size expressions when computing liveness information.
...
Fixes <rdar://problem/6248086>
llvm-svn: 56645
2008-09-26 05:52:45 +00:00
76f79ba890
Change casing of bug type.
...
llvm-svn: 56405
2008-09-21 19:08:31 +00:00
638e280c32
The checks in BasicObjCFoundationChecks now have a category: "API Misuse (Apple)"
...
llvm-svn: 56403
2008-09-21 19:01:39 +00:00
ba9781dcfc
The "unused ivar" check now has a category: "Optimization"
...
llvm-svn: 56402
2008-09-21 18:58:22 +00:00
1b6997ed5e
Built-in checks now have a category: "Logic Errors"
...
llvm-svn: 56401
2008-09-21 18:57:28 +00:00
33663885c3
Add a bug category for NSError** checks.
...
llvm-svn: 56394
2008-09-21 06:57:40 +00:00
de195e2100
Add "category" to BugTypes, allowing bugs to be grouped.
...
Changed casing of many bug names. The convention will be to have bug names (mostly) lower cased, and categories use some capitalization.
llvm-svn: 56385
2008-09-20 04:23:38 +00:00
bc15d8539d
Add PostStore, a new ProgramPoint to distinguish between 'stores' and other PostStmts.
...
GRExprEngine:
Use PostStore in EvalStore.
Use a second version of EvalStore in EvalBinaryOperator to associate the store with the expression on the LHS.
llvm-svn: 56383
2008-09-20 01:50:34 +00:00
31a15f8ba2
Bug fix: for the base transfer function logic for casts, handle const casts as just propagating the value.
...
llvm-svn: 56368
2008-09-19 20:51:22 +00:00
34bfd8a490
Fixed logic error in BasicConstraintManager pointed out by Zhongxing Xu.
...
For checking if a symbol >= value, we need to check if symbol == value || symbol
> value. When checking symbol > value and we know that symbol != value, the path
is infeasible only if value == maximum integer.
For checking if a symbol <= value, we need to check if symbol == value || symbol
< value. When checking symbol < value and we know that symbol != value, the path
is infeasible only if value == minimum integer.
Updated test case exercising this logic: we only prune paths if the values are
unsigned.
llvm-svn: 56354
2008-09-19 18:00:36 +00:00
a5bf9cb4be
When we have a binary expression 'int operator symbol', properly rewrite this as
...
'symbol operator-reverse int'. This patch is a combination of code from
Zhongxing Xu and myself (Zhongxing noticed this bug for the cases of
relational operators).
llvm-svn: 56351
2008-09-19 17:31:13 +00:00
a8e88ecda6
Add an omitted case for AssumeSymInt.
...
llvm-svn: 56334
2008-09-19 06:07:59 +00:00
a417c0e80a
Add panic function "__assert_fail".
...
llvm-svn: 56327
2008-09-19 02:30:47 +00:00
6a1a334b6c
Register the implicit null-dereferenced object as a notable symbol.
...
llvm-svn: 56319
2008-09-18 23:23:19 +00:00
b42f482c91
Implement second part of PR 2600: NSError** parameter may be null, and should be checked before being dereferenced.
...
llvm-svn: 56318
2008-09-18 23:09:54 +00:00
f0673e4eb6
Change implementation of NSError** coding-style check to be invoked at the end of the retain/release analysis.
...
llvm-svn: 56312
2008-09-18 21:25:13 +00:00
fc3abeb1e5
Implemented one of the checks requested in PR 2600:
...
"Method accepting NSError** argument should have non-void return value to indicate that an error occurred."
Test case written, but the header needs to be delta-debugged reduced. Will commit shortly.
llvm-svn: 56297
2008-09-18 06:33:41 +00:00
8782716c4a
Minor pass-sensitivity improvement:
...
if we know that 'len != 0' and know that 'i == 0' then we know that
'i < len' must evaluate to true and cannot evaluate to false
llvm-svn: 56260
2008-09-16 23:24:45 +00:00
0ecb53a421
ProgramPoint now takes the space of two pointers instead of one. This change was
...
motivated because it became clear that the number of subclasses of ProgramPoint
would expand and we ran out of bits to represent a pointer variant. As a plus of
this change, BlockEdge program points can now be represented explicitly without
using a cache of CFGBlock* pairs in CFG.
llvm-svn: 56245
2008-09-16 18:44:52 +00:00
2d470fc0ba
Patch by Csaba Hruska!
...
"Here is a patch what replaces std::ostream with llvm::raw_ostream. This patch
covers the AST library, but ignores Analysis lib."
llvm-svn: 56185
2008-09-13 05:16:45 +00:00
ef2b3a71bb
Add missing spaces in path diagnostics.
...
llvm-svn: 56166
2008-09-12 18:17:46 +00:00
1b9e10390b
Store: (static analyzer)
...
- Change definition of store::Region and store::Binding (once again) to make
them real classes that just wrap pointers. This makes them more strictly
typed, and allows specific implementations of Regions/Bindings to just
subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments
StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'
BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager
llvm-svn: 55688
2008-09-03 03:06:11 +00:00
c62cf79290
Add newline at end of file.
...
llvm-svn: 55559
2008-08-30 02:06:22 +00:00
4c23963de8
Added LLVM comment header.
...
llvm-svn: 55537
2008-08-29 15:09:12 +00:00
c1bd3a5f8b
Migrate the rest symbolic analysis stuff to BasicConstraintManager.
...
llvm-svn: 55536
2008-08-29 14:52:36 +00:00
5043680da4
Remove dead method.
...
llvm-svn: 55526
2008-08-29 03:55:31 +00:00
c83e755d78
Added "getBindings" and "BindingAsString" to GRStateManager and StoreManager.
...
Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).
llvm-svn: 55522
2008-08-29 00:47:32 +00:00
5909059524
Remove BasicStore.h (migrated function prototype for CreateBasicStore() to Store.h)
...
llvm-svn: 55519
2008-08-28 23:39:42 +00:00
75d2ac956f
Remove Regions.h and Regions.cpp, since we are now using an even more abstract representation of "memory regions" in the static analyzer.
...
llvm-svn: 55515
2008-08-28 23:32:43 +00:00
e91874f71f
Make store "Regions" and "Bindings" more abstract instead of concrete variants.
...
Their precise semantics will be implemented by a specific StoreManager.
Use function pointer to create the StoreManager in GRStateManager. This matches how we create ConstraintsManager.
llvm-svn: 55514
2008-08-28 23:31:31 +00:00
f1b9209a34
Fixed analyzer caching bug involving the transfer function for loads.
...
llvm-svn: 55494
2008-08-28 18:43:46 +00:00
b45e6b91c6
Fixed analyzer caching bug in DeclStmt.
...
llvm-svn: 55487
2008-08-28 18:34:26 +00:00
b5ef37f28e
Make the destructor of ConstraintManager virtual.
...
llvm-svn: 55448
2008-08-27 23:13:01 +00:00
f71b5f39bb
Refactor Assume logic into a separate class ConstraintManager.
...
llvm-svn: 55412
2008-08-27 14:03:33 +00:00
912c28444f
Added "Auditor" interface for auditing the construction of ExplodedGraphs.
...
llvm-svn: 55403
2008-08-27 01:56:11 +00:00
6f7c419308
Make implementation of ExplodedNodeImpl::addPredecessor out-of-line.
...
llvm-svn: 55402
2008-08-27 01:27:52 +00:00
af665820e4
Remove default value for 'Pred' argument to GRCoreEngineImpl::GenerateNode().
...
llvm-svn: 55392
2008-08-26 22:34:23 +00:00
2a2c875b9c
Added 'extents' for Regions.
...
Added 'getExtent()' to StoreManager.
Implemented 'getExtent()' for BasicStoreManager.
llvm-svn: 55321
2008-08-25 19:33:03 +00:00
a2e25e5e72
adjust to changes in various APIs from LLVM. We can't print
...
an APInt directly to an ostream now, so add some hacks. It would
be better to switch all of the bugreport (and friends) stuff over
to raw_ostream.
llvm-svn: 55264
2008-08-23 22:23:37 +00:00
4e7713c04d
Simplify interface to Store::AddDecl
...
llvm-svn: 55213
2008-08-23 00:50:55 +00:00
614f6a060d
Modify comments.
...
llvm-svn: 55150
2008-08-21 23:00:21 +00:00
d95495f601
Move the handling of DeclStmt from GRExprEngine to BasicStoreManager.
...
llvm-svn: 55144
2008-08-21 22:34:01 +00:00
e5edbdd4ee
Patch by Zhongxing Xu:
...
This patch moves some code in GRStateManager::RemoveDeadBindings() to EnvironmentManager::RemoveDeadBindings().
llvm-svn: 55064
2008-08-20 17:08:29 +00:00
eb38fde5e5
Patch by Zhongxing Xu: We should set back the modified ConstEq map.
...
llvm-svn: 55060
2008-08-20 16:59:15 +00:00
19edd216f2
Move store pretty-printing logic inside of StoreManager (previously in GRState).
...
llvm-svn: 55013
2008-08-19 22:24:03 +00:00
67102b281e
Patch by Zhongxing Xu!
...
This patch extends BasicStoreManager::getInitialStore() to include code that symbolicates input variables.
It also removes redundant handling of ImplicitParamDecl, since it is a subclass of VarDecl.
llvm-svn: 54993
2008-08-19 16:51:45 +00:00
3bab3d21f9
Add ExplicitCastExpr to replace the current CastExpr, and have ImplicitCastExpr and ExplicitCastExpr derive from a common base class (CastExpr):
...
Expr
-> CastExpr
-> ExplicitCastExpr
-> ImplicitCastExpr
llvm-svn: 54955
2008-08-18 23:01:59 +00:00
5d1cfa1229
various updates to match r54873 on mainline.
...
llvm-svn: 54874
2008-08-17 07:19:51 +00:00
87aab6c771
Migrate the retain/release checker to not manage the RefBindings::Factory object
...
directly, but instead have GRStateManager manage it.
llvm-svn: 54862
2008-08-17 03:20:02 +00:00
90d488f724
Migrate GRState::ConstEqTy (map used from tracking constants for symbols) to use the generic data map instead.
...
llvm-svn: 54860
2008-08-17 03:10:22 +00:00
edd9a18050
Added GRStateTrait.h, which includes boilerplate code for creating specializations of GRStateTrait<>.
...
Modified GRStateTrait<ConstNotEq> in GRState to use the boilerplate in GRStateTrait<> for ImmutableMaps.
llvm-svn: 54859
2008-08-17 02:59:30 +00:00
0fb45f60d5
It's spelt "uninitialized".
...
llvm-svn: 54848
2008-08-16 17:46:53 +00:00
ceba6ead45
GRState:
...
- Remove ConstNotEq from GRState/GRStateManager (!= tracking uses GDM instead).
- GRStateManager now can book-keep "contexts" (e.g., factory objects) for uses
with data elements stored into the GDM.
- Refactor pretty-printing of states to use GRState::Printer objects
exclusively. This removed a huge amount of pretty-printing logic from
GRExprEngine.
CFRefCount
- Simplified some API calls based on refinements to the GDM api.
llvm-svn: 54835
2008-08-16 00:49:49 +00:00
c7138bb0a7
Default initialize only pointers and integer types (for now).
...
llvm-svn: 54798
2008-08-14 22:11:13 +00:00
db7dd9cd15
Migrated retain/release checker to use the Generic Data Map in GRState (instead
...
of using CheckerState).
Removed CheckerState from GRState.
Added class GRStateRef which wraps GRState* and GRStateManager*. This is handy
for generating new states with a single handle.
Added member template set/get functions to GRStateRef/GRState/GRStateManager for
accessing the Generic Data Map.
llvm-svn: 54788
2008-08-14 21:16:54 +00:00
16306107cf
Renamed GRState::CheckerStatePrinter to GRState::Printer.
...
Updated checker state printer interface to allow transfer functions to return an arbitrary number of GRState::Printers.
llvm-svn: 54762
2008-08-13 21:24:49 +00:00
0e7d96c370
Rename ValueState.h -> GRState.h
...
Rename ValueState.cpp -> GRState.cpp
llvm-svn: 54722
2008-08-13 04:28:02 +00:00
5ab5a1b578
Rename ValueState -> GRState.
...
Rename ValueStateManager -> GRStateManager.
llvm-svn: 54721
2008-08-13 04:27:00 +00:00
dccd9883c4
Initialize tracked local variables to undefined.
...
llvm-svn: 54716
2008-08-13 03:28:04 +00:00
3f91f037a7
Fix memory leak found by Sam Bishop: delete WList in the dstor of GRCoreEngineImpl.
...
llvm-svn: 54714
2008-08-13 03:10:52 +00:00
27fb019038
Added GenericDataMap as a component of ValueState.
...
llvm-svn: 54704
2008-08-12 21:49:24 +00:00
9551ab6c8c
More cleanups. Add missing #include.
...
llvm-svn: 54699
2008-08-12 20:41:56 +00:00
3f13f598ce
More summary generation refactoring.
...
llvm-svn: 54696
2008-08-12 18:48:50 +00:00
050b91cd28
Add variadic addInstMethSummary() and refactored addPanicSummary() to use this method. (code reduction).
...
Misc. cleanups.
llvm-svn: 54694
2008-08-12 18:30:56 +00:00
6e8aa537f8
More #include cleaning
...
- Drop {Decl.h,DeclObjC.h,IdentifierTable.h} from Expr.h
- Moved Sema::getCurMethodDecl() out of line (dependent on
ObjCMethodDecl via dyn_cast).
llvm-svn: 54629
2008-08-11 05:35:13 +00:00
4c3116437c
* Remove isInSystemHeader() from DiagClient, move it to SourceManager
...
* Move FormatError() from TextDiagnostic up to DiagClient, remove now
empty class TextDiagnostic
* Make DiagClient optional for Diagnostic
This fixes the following problems:
* -html-diags (and probably others) does now output the same set of
warnings as console clang does
* nothing crashes if one forgets to call setHeaderSearch() on
TextDiagnostic
* some code duplication is removed
llvm-svn: 54620
2008-08-10 19:59:06 +00:00
6307f19726
rename PreDefinedExpr -> PredefinedExpr
...
llvm-svn: 54605
2008-08-10 01:53:14 +00:00
4455a9d378
Added FIXME.
...
llvm-svn: 54568
2008-08-09 00:41:45 +00:00
0216b83d94
Don't use Expr::isIntegerConstantExpr just to check if a pointer value is initialize to NULL.
...
llvm-svn: 54563
2008-08-09 00:05:14 +00:00
4b1327960d
Added AssumeSymGT, AssumeSymGE, AssumeSymLT, AssumeSymLE to add some minor improvements to path-sensitivity. Right now we basically treat 'x > y' and 'x < y' as implying 'x != y', but this restriction will only inevitably apply to our must rudimentary value tracking component (we'll implement more advanced value reasoning later).
...
llvm-svn: 54493
2008-08-07 22:30:22 +00:00
18391f432b
Don't flag any dead stores for variables marked unused.
...
llvm-svn: 54492
2008-08-07 22:28:30 +00:00
4f8792b616
Added decl_iterator to DeclStmt to provide an abstract interface to iterate over the ScopedDecls of a DeclStmt.
...
Updated a few clients of DeclStmt::getNextDeclarator() to use decl_iterator instead. Will update other clients after additional testing.
llvm-svn: 54368
2008-08-05 20:46:55 +00:00
9512c122fa
Change 'dead store (++/--)' to 'dead increment'
...
llvm-svn: 54268
2008-08-02 18:19:48 +00:00
a7045d663d
Enhanced path-sensitive return-of-stack-address check to print out the name of the variable whose address was returned.
...
llvm-svn: 54253
2008-07-31 20:31:27 +00:00
a8b8ce499a
Add range highlighting for path-sensitive return-of-stack-address check.
...
llvm-svn: 54219
2008-07-30 17:49:12 +00:00
3f6cd0bc76
remove some unneeded calls to getCanonicalType
...
llvm-svn: 54106
2008-07-26 22:36:27 +00:00
574dee6cac
change more instances of QualType::getCanonicalType to call
...
ASTContext::getCanonicalType instead (PR2189)
llvm-svn: 54105
2008-07-26 22:17:49 +00:00
d074ce47b6
Have the UnusedIvar check skip ivars with setters/getters created by @synthesize.
...
llvm-svn: 54050
2008-07-25 20:28:02 +00:00
83ec24501e
Remove call to isSEL and isSEL itself since the call is dead (isObjCObjectPointerType() will never return true for selectors).
...
llvm-svn: 54034
2008-07-25 18:17:35 +00:00
2483730e3f
Only warn about missing/incomplete -dealloc implementations when a class contains a non-SEL, non-IBOutlet ivar that references an ObjC object.
...
llvm-svn: 54024
2008-07-25 17:04:49 +00:00
092ec76923
Don't emit 'dead initialization' warnings for variables marked 'unused'.
...
This fixes PR 2573: http://llvm.org/bugs/show_bug.cgi?id=2573
llvm-svn: 54009
2008-07-25 04:47:34 +00:00
5eb536b74c
Use ASTContext::isObjCObjectPointerType() to check if an ivar is a reference to an Objective-C object.
...
llvm-svn: 53999
2008-07-24 23:59:07 +00:00
9e9afb552c
Correctly handle NSAssertionHandle -handleFailureInMethod:object:file:lineNumber:description:
...
This fixes: http://llvm.org/bugs/show_bug.cgi?id=2593
llvm-svn: 53993
2008-07-24 18:47:16 +00:00
0e60b7588a
Don't issue a missing +dealloc warning for classes that just contain SEL ivars.
...
This fixes PR 2592: http://llvm.org/bugs/show_bug.cgi?id=2592
llvm-svn: 53987
2008-07-24 17:45:56 +00:00
87b16f4258
Issue dead store warnings for preincrements involved in a subexpression.
...
llvm-svn: 53983
2008-07-24 17:01:17 +00:00
9572cae92b
Don't flag dead stores when the result of a preincrement/predecrement is used in an enclosing expression.
...
llvm-svn: 53964
2008-07-23 22:19:56 +00:00
ecc851bb6e
Further refine dead store checking to distinguish between dead stores and dead increments.
...
llvm-svn: 53960
2008-07-23 21:16:38 +00:00
46abc7db6b
Properly skip IBOutlets when checking for unused ivars.
...
Refine the error message of unused ivars.
Added test case.
llvm-svn: 53957
2008-07-23 18:21:36 +00:00
6b6a4b6446
Ivar access mode ObjCIvarDecl::None == ObjCIvarDecl::Protected, not private.
...
llvm-svn: 53953
2008-07-23 17:14:39 +00:00
3b28f4911c
Add prototype implementation of unused ivar check.
...
llvm-svn: 53942
2008-07-23 00:45:26 +00:00
1f352db96a
Moved registration of basic path-sensitive checks from GRSimpleVals.cpp to GRExprEngineInternalChecks.cpp.
...
llvm-svn: 53909
2008-07-22 16:21:24 +00:00
6bb53303e1
Rename file.
...
llvm-svn: 53906
2008-07-22 14:41:47 +00:00
98f6e582f2
Added path-sensitive checking for null pointer values passed to function arguments marked nonnull.
...
This implements <rdar://problem/6069935>
llvm-svn: 53891
2008-07-22 00:46:16 +00:00
f41b1c45fa
"currentHandler" is a nullary selector
...
llvm-svn: 53763
2008-07-18 18:14:26 +00:00
f7faa42c6c
Fix caching bug.
...
llvm-svn: 53759
2008-07-18 17:39:56 +00:00
3b2294c7e6
Add panic support for NSAssertionHandler.
...
llvm-svn: 53758
2008-07-18 17:24:20 +00:00
d785465167
Add panic function.
...
llvm-svn: 53755
2008-07-18 16:28:33 +00:00
36f6b04295
Fix 80 col violation
...
llvm-svn: 53754
2008-07-18 15:59:33 +00:00
b1c91bfc45
Fix regression by explicitly checking if we are negating a SymIntConstantVal.
...
llvm-svn: 53753
2008-07-18 15:54:51 +00:00
6a62d908c3
Improve path-sensitivity when using the logical not operator.
...
llvm-svn: 53752
2008-07-18 15:46:06 +00:00
91614e6fe6
Renamed deterministic EvalBinOp to DetermEvalBinOpNN. This name mangling is unfortunately needed because virtual methods with the same name can be hidden by subclasses.
...
llvm-svn: 53751
2008-07-18 15:27:58 +00:00
8d6b42e096
Created ValueStateSet class to manage the creation of multiple states by a method.
...
Modified the new EvalBinOpNN to generate states instead of nodes. This is a much simpler interface and is what clients will want to do.
llvm-svn: 53750
2008-07-18 05:53:58 +00:00
e330aacbed
Update signature of EvalAssume.
...
llvm-svn: 53745
2008-07-17 23:33:10 +00:00
9c32a1ecf5
Move GRTransferFunc* into ValueStateManager, and move the assumption logic there as well.
...
llvm-svn: 53743
2008-07-17 23:15:45 +00:00
a79d9a9c79
Remove redundant logic.
...
llvm-svn: 53740
2008-07-17 21:36:43 +00:00
bc9118b165
Begin major changes to EvalXXX methods in GRTransferFuncs. Currently some of the methods only return an RVal; we want them to be able to create an arbitrary number of states.
...
llvm-svn: 53739
2008-07-17 21:27:31 +00:00
88a6b7fa80
Moved RemoveDeadBindings logic for the contents of 'Store' to a virtual RemoveDeadBindings method in StoreManager.
...
llvm-svn: 53726
2008-07-17 18:38:48 +00:00
ae543148bc
Fix regression introduced by http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20080714/006514.html .
...
The regression was the casts from integers to pointers where not being handled: they would just return UnknownVal. This would greatly decrease path-sensitivity.
llvm-svn: 53659
2008-07-16 00:23:49 +00:00
f46dddac5b
Fix transfer function logic in GRSimpleVals for integer casts: only support casts from integers to integers.
...
This fixes a crash reported by Anders Carlsson!
llvm-svn: 53649
2008-07-15 23:17:54 +00:00
ed1f72b67c
For the MissingDealloc check, don't treat IBOutlet ivars as being needed to be released
...
llvm-svn: 53647
2008-07-15 23:04:27 +00:00
81bfc074c9
Distinguish between dead stores and dead initializations.
...
llvm-svn: 53628
2008-07-15 18:06:32 +00:00
176e2c519d
isRetain() and isRelease() now only returns true if "Retain"/"Release" appears in the suffix of a function's name.
...
llvm-svn: 53621
2008-07-15 17:43:41 +00:00
fa89e2f09c
Support retain/release tracking for CoreGraphics (CGxxxRef) objects.
...
llvm-svn: 53617
2008-07-15 16:50:12 +00:00
c18255d80f
Refactor Dead Stores error reporting to use the simplified BugReporter::EmitBasicReport interface.
...
llvm-svn: 53573
2008-07-14 20:56:04 +00:00
0255531dd3
Added method "EmitBasicReport" to BugReporter to simplify the emission of simple bug diagnostics.
...
Refactored error reporting in CheckObjCDealloc and CheckObjCInstMethSignature to use this new bug reporting interface (major code simplification).
llvm-svn: 53560
2008-07-14 17:40:50 +00:00
e5b5953672
Tidy up error message.
...
llvm-svn: 53493
2008-07-11 23:17:01 +00:00
3bfb314c25
Add new check: -check-objc-methodsigs. This check scans methods in
...
ObjCImplementationDecls and sees if a ancestor class defines a method with the
same selector but with a different type signature. Right now it just compares
return types, and mainly looks at differences in primitive values. The checking
will be expanded in the future.
llvm-svn: 53482
2008-07-11 22:40:47 +00:00
aced3ad4b8
Fix comment.
...
llvm-svn: 53473
2008-07-11 20:53:14 +00:00
c50e1a196e
Refactored auditor interface within GRExprEngine and GRCoreEngine to use a "batch auditor" to dispatch to specialized auditors instead of having a separate vector for each audited Expr*. This not only provides a much cleaner implementation, but also allows us to install auditors for any expression.
...
llvm-svn: 53464
2008-07-11 18:37:32 +00:00
a7b8ffb05b
Refactored most of the "Store" piece of ValueState into a Store type. The
...
current store implementation is now encapsulated by BasicStore.
These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.
llvm-svn: 53423
2008-07-10 22:03:41 +00:00
976d1e0ea8
Remove unused class AnnotatedPath.
...
llvm-svn: 53413
2008-07-10 17:25:03 +00:00
ad4a7e4a69
Move some environment methods from ValueState/ValueStateManager to Environment/EnvironmentManager.
...
llvm-svn: 53412
2008-07-10 17:19:18 +00:00
5f996d5a06
Remove getParentMap() from GRExprEngine.
...
llvm-svn: 53343
2008-07-09 19:46:42 +00:00
ae529271e8
Fix PR2519: correctly handle CFDictionaryCreate.
...
llvm-svn: 53334
2008-07-09 18:11:16 +00:00
852ed373aa
Initial work on splitting the ValueState into an Environment, Store, and
...
Constraints. These concepts are already present in the current ValueState, but
the implementation is monolothic. Making ValueState more modular opens up new
design choices for customizing the analysis engine.
In the context of the analysis engine, the "Environment" is the binding between
Expr* (expressions) and intermediate symbolic values (RValues).
llvm-svn: 53252
2008-07-08 21:46:56 +00:00
4963d1144f
Updated clients of ImmutableMap::SlimFind to use ImmutableMap::lookup instead.
...
llvm-svn: 53172
2008-07-07 16:21:19 +00:00
37a2c0d5d1
Do not emit a "missing -dealloc" warning if a class contains no ivars that are pointers.
...
This patch aims to address some of the concerns of PR 2517: http://llvm.org/bugs/show_bug.cgi?id=2517
llvm-svn: 53168
2008-07-07 06:36:08 +00:00
4d85146e6d
Use conjured symbols for variables whose values are invalidated when
...
passed-by-reference to a function. This allows us to build up constraints for
their new values and restore some lost path-sensitivity. This addresses a few
false positives since in Adium.
llvm-svn: 53125
2008-07-03 23:26:32 +00:00
8044046efb
Fix a bug in the dead stores checker reported in the following email:
...
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-July/002157.html
Essentially the observer mechanism in LiveVariables was observing block-level
expressions multiple times, leading to a case where the dead store checker could
see a value as dead when it was really live.
llvm-svn: 53115
2008-07-03 22:25:27 +00:00
68b117fca4
Skip the "-dealloc" check if a ObjC class contains no ivars.
...
llvm-svn: 53100
2008-07-03 15:37:02 +00:00
e66ca6f35a
For the -dealloc checker, check the LangOptions to determine whether or not the code is compiled with GC.
...
llvm-svn: 53098
2008-07-03 14:35:01 +00:00
1d3c797c90
Have BugReporter::getCFG and BugReporter::getLiveVariables returns pointers instead of references, because they can both fail
...
on functions we cannot construct full CFGs for yet.
llvm-svn: 53081
2008-07-03 05:26:14 +00:00
0e7d25233e
Added static analysis check to see if a subclass of NSObject implements -dealloc, and whether or not that implementation calls [super dealloc].
...
llvm-svn: 53075
2008-07-03 04:29:21 +00:00
c7efb536d5
Unify the code path for the Dead Stores checker to always use the BugReporter interface.
...
llvm-svn: 53054
2008-07-02 23:16:33 +00:00
b1d0118a1a
Refactored some of the BugReporter interface so that data such as the ASTContext&, PathDiagnosticClient*, can be provided by an external source.
...
Split BugReporter into BugReporter and GRBugReporter so checkers not based on GRExprEngine can still use the BugReporter mechanism.
llvm-svn: 53048
2008-07-02 21:24:01 +00:00
125d4a3b2d
GRExprEngine now expects the LiveVariables information to be provided by its creator.
...
This allows an optimization in AnalysisConsumer where the same LiveVariables information is used between multiple analyses.
llvm-svn: 53046
2008-07-02 20:13:38 +00:00
d8ca1f6dd9
Added version of CheckDeadStores that accepts a client-provided LiveVariables object.
...
Modified the DeadStores logic in AnalysisConsumer.cpp to use the LiveVariables object created by the AnalysisManager.
llvm-svn: 53043
2008-07-02 18:39:20 +00:00
ab54e51b38
Unlike NSWindow objects, NSPanel objects initially do not have self-ownership.
...
llvm-svn: 52963
2008-07-01 17:21:27 +00:00
bc6d850088
Temporarily treat "Autorelease" as "StopTracking". This is the original behavior.
...
llvm-svn: 52940
2008-07-01 00:01:02 +00:00
a0e071c861
Added "Autorelease" ArgEffect to better simulate "autorelease" messages. Right
...
now this does the same thing as "MayEscape", but more functionality will go in
here shortly.
llvm-svn: 52904
2008-06-30 16:57:41 +00:00
cf1ab19086
Added a simple static analysis check to look for improper uses of CFCreateNumber.
...
llvm-svn: 52799
2008-06-26 23:59:48 +00:00
3185c9c9cd
CF ref checker:
...
Tracked objects now have their type information tracked with them.
Enhanced summaries for ObjC methods to include the type information of the receiver.
Used the enhanced summaries to support the idiom that NSWindow owns itself (it sends a release message to itself upon close).
Added some comments.
Did some cleanups with the checker logic using operator overloading (reduced redundant code which I was concerned about being the source of bugs).
llvm-svn: 52741
2008-06-25 21:21:56 +00:00
f890bfe0ff
Remove unneeded method arguments.
...
llvm-svn: 52668
2008-06-24 03:56:45 +00:00
b1d1329ac7
Cache ObjC summaries by IdentifierInfo*, not by ObjCInterfaceDecl.
...
llvm-svn: 52667
2008-06-24 03:49:48 +00:00
0cfc16100b
Added ObjCSummaryCache, a new summary cache object to cache summaries for Objective-C methods. Instead of mapping from Selectors -> Summaries, we will now map from (ObjCInterfaceDecl*,Selectors) -> Summaries. This will allow more nuanced summary generation. This patch just swaps in the new data structure; the rest of the code works as before by allowing the ObjCInterfaceDecl* to be null.
...
llvm-svn: 52653
2008-06-23 23:30:29 +00:00
ea736c5d02
Rename summary methods for "instance methods" to "class methods" (the names got screwed up). No functionality change.
...
llvm-svn: 52650
2008-06-23 22:21:20 +00:00
ab4a8b5213
The CF retain/release checker now assumes that allocations do not fail. Eventually we will add a flag to the driver to enable allocation failures (documented as a FIXME).
...
llvm-svn: 52632
2008-06-23 18:02:52 +00:00
c9cea053ba
When using the dead-stores checker with the BugReporter class, properly capture the diagnostic associated with a specific warning and emit it.
...
llvm-svn: 52565
2008-06-20 23:13:39 +00:00
34a691734e
Modified the dead stores checker to...
...
1) Check if a dead store appears as a subexpression. For such cases, we emit
a verbose diagnostic so that users aren't confused. This addresses:
<rdar://problem/5968508> checker gives misleading report for dead store in loop
2) Don't emit a dead store warning when assigning a null value to a pointer.
This is a common form of defensive programming. We may wish to make
this an option to the the checker one day.
This addresses the feature request in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html
llvm-svn: 52555
2008-06-20 21:45:25 +00:00
46c82ab994
Introduce initial transfer function support for __imag__ and __real__. We don't
...
have complex RValues yet, so this logic is only fully implemented when __imag__
and __real__ are used on non-complex types.
llvm-svn: 52501
2008-06-19 17:55:38 +00:00
9a935fbdeb
Added a new ProgramPoint: PostPurgeDeadSymbols. This new program point distinguishes between the cases when we just evaluated the transfer function of a Stmt* (PostStmt) or performed a load (PostLoad). This solves a caching bug observed in a recent bug report.
...
llvm-svn: 52443
2008-06-18 05:34:07 +00:00
3802fedfe4
Fix non-termination bug reported by Thomas Clement!
...
llvm-svn: 52426
2008-06-17 19:14:06 +00:00
5696e7badf
Change self/_cmd to be instances of ImplicitParamDecl instead of ParmVarDecl.
...
Patch by David Chisnall!
llvm-svn: 52422
2008-06-17 18:05:57 +00:00
08e171183f
This patch is motivated by numerous strict-aliasing warnings when compiling
...
clang as a Release build.
The big change is that all AST nodes (subclasses of Stmt) whose children are
Expr* store their children as Stmt* or arrays of Stmt*. This is to remove
strict-aliasing warnings when using StmtIterator. None of the interfaces of any
of the classes have changed (except those with arg_iterators, see below), as the
accessor methods introduce the needed casts (via cast<>). While this extra
casting may seem cumbersome, it actually adds some important sanity checks
throughout the codebase, as clients using StmtIterator can potentially overwrite
children that are expected to be Expr* with Stmt* (that aren't Expr*). The casts
provide extra sanity checks that are operational in debug builds to catch
invariant violations such as these.
For classes that have arg_iterators (e.g., CallExpr), the definition of
arg_iterator has been replaced. Instead of it being Expr**, it is an actual
class (called ExprIterator) that wraps a Stmt**, and provides the necessary
operators for iteration. The nice thing about this class is that it also uses
cast<> to type-checking, which introduces extra sanity checks throughout the
codebase that are useful for debugging.
A few of the CodeGen functions that use arg_iterator (especially from
OverloadExpr) have been modified to take begin and end iterators instead of a
base Expr** and the number of arguments. This matches more with the abstraction
of iteration. This still needs to be cleaned up a little bit, as clients expect
that ExprIterator is a RandomAccessIterator (which we may or may not wish to
allow for efficiency of representation).
This is a fairly large patch. It passes the tests (except CodeGen/bitfield.c,
which was already broken) on both a Debug and Release build, but it should
obviously be reviewed.
llvm-svn: 52378
2008-06-17 02:43:46 +00:00
0b6b0e7157
Teach the CF retain checker about "_init" methods. Fixes: <rdar://problem/5956379>
...
llvm-svn: 51872
2008-06-02 17:14:13 +00:00
021ca18bb5
- Move ObjC Expresssion AST's from Expr.h => ExprObjC.h
...
- #include ExprObjC.h in many places
llvm-svn: 51703
2008-05-29 21:12:08 +00:00
b91ef1b62b
Prototyped support in the BugReporter to emit diagnostics of the form "p now aliases q".
...
llvm-svn: 51453
2008-05-22 23:45:19 +00:00
1df2f3a1f5
Expand retain/release checker to consider methods/function calls that cause a
...
tracked object to "escape": it's reference count might be incremented by the
called function, thus causing an object's lifetime to extend beyond when the
local reference count is decremented to 0.
This addresses: <rdar://problem/5933215>
llvm-svn: 51433
2008-05-22 17:31:13 +00:00
a4010c698c
Don't use ostringstream (pulling in <sstream>) when creating the dead store diagnostic (simply not needed).
...
llvm-svn: 51432
2008-05-22 16:28:24 +00:00
91f035cda7
Improve dead stores diagnostics to include the variable name.
...
llvm-svn: 51395
2008-05-21 22:59:16 +00:00
b120ff1b95
Fixed bug in the transfer function for dereferences: the loaded value from EvalLoad should bind to the UnaryOperator*, not its subexpression.
...
Added test case to exercise this fix when checking for uses of uninitialized values.
Patch by Zhongxing Xu!
llvm-svn: 51377
2008-05-21 15:48:33 +00:00
652eaab03c
fix warning with gcc 4.1 (ptr to bool convertion)
...
llvm-svn: 51324
2008-05-20 17:33:56 +00:00
d727220d1a
Micro-optimization when checking for panic functions.
...
llvm-svn: 51214
2008-05-17 00:42:01 +00:00
c8081b4e16
Fix 80 col violation.
...
llvm-svn: 51213
2008-05-17 00:40:45 +00:00
0e76583574
Added panic function _XCAssertionFailureHandler.
...
llvm-svn: 51212
2008-05-17 00:33:23 +00:00
c812b23ce8
Cache leaks by the allocation site, not the leak location.
...
llvm-svn: 51198
2008-05-16 18:33:44 +00:00
590abd363e
Partitioned BugTypeCachedLocation::isCached() into two methods: one that accepts and ExplodedNode, and the other that accepts a ProgramPoint. The default behavior is to cache bug reports by the
...
location they occur (the end node). Subclasses can override this behavior by providing a different ProgramPoint.
llvm-svn: 51197
2008-05-16 18:33:14 +00:00
a0055a8ef5
Support StringLiteralVal when comparing LVal types.
...
llvm-svn: 50979
2008-05-12 17:41:30 +00:00
acdde6f099
Rename IsPointerType to LVal::IsLValType, and update CFRefCount::EvalSummary to use IsLValType when conjuring symbols for return values (this fixes a bug with an assertion firing in the analyzer when two qualified objective-c types were compared).
...
llvm-svn: 50924
2008-05-09 23:45:33 +00:00
bcdb46830b
Added support for "drain".
...
llvm-svn: 50831
2008-05-07 21:17:39 +00:00
f958ec50c0
Expand the CF retain checker to allow the Create/Get rule to apply to any
...
function that returns a CFxxxRef, not just functions whose name begins with
CF. This implements <rdar://problem/5917879>.
Added test case for this feature.
Updated calls to CStrInCStrNoCase to swap their arguments, per compatibility
with strcasestr.
llvm-svn: 50829
2008-05-07 20:06:41 +00:00
fcf060fd2f
Flip order of arguments to CStrInStrNoCase.
...
llvm-svn: 50824
2008-05-07 18:57:30 +00:00
b6cbf28d82
Use llvm::CStrInCStrNoCase instead of strcasestr, since the latter is not portable.
...
Correctly check if the result of CStrInCStrNoCase is NULL to generate summaries; before we were inverting the condition.
llvm-svn: 50822
2008-05-07 18:36:45 +00:00
89bd0fc27d
copy-paste: NS types are not typedefs.
...
llvm-svn: 50817
2008-05-07 17:35:41 +00:00
7bf9dc773c
Do not treat **instance** methods "copyWithZone:" and "mutableCopyWithZone:" from NSObject as allocators.
...
llvm-svn: 50802
2008-05-07 05:34:45 +00:00
9930bd8c4f
Be less promiscuous with generating summaries for "new", "copy", "create".
...
llvm-svn: 50798
2008-05-07 04:25:59 +00:00
08eb30f193
Added auto-summary generation for createXXX, copyXXX, newXXX methods.
...
llvm-svn: 50795
2008-05-07 03:45:05 +00:00
aec1811c6c
Don't report leaks for autoreleased objects.
...
llvm-svn: 50777
2008-05-06 23:07:13 +00:00
767d0742c7
More comments.
...
"#if 0" out some assumptions when auto-generating method summaries.
llvm-svn: 50772
2008-05-06 21:26:51 +00:00
10427bdbb9
Experiment with not converting bug names to lower case.
...
llvm-svn: 50753
2008-05-06 18:11:36 +00:00
8bcc1bd3d5
More refactorings in GeneratePathDiagnostic: use ExecutionContinues to display
...
"Execution continues..." message, which does a better job at handling corner cases.
llvm-svn: 50751
2008-05-06 18:11:09 +00:00
cb2e636606
Generate "stop" summaries for selectors involving receivers whose type is not NSxxxx.
...
llvm-svn: 50721
2008-05-06 15:44:25 +00:00
68f463b88e
Use strncmp correctly.
...
llvm-svn: 50715
2008-05-06 06:17:42 +00:00
5f478e9a0a
Make string comparison legible and remove buffer overrun introduced by typo.
...
llvm-svn: 50714
2008-05-06 06:09:09 +00:00
2f08fedec1
String comparison cleanups.
...
Added test case.
llvm-svn: 50711
2008-05-06 04:28:05 +00:00
041d02201f
Fix logic error in string processing.
...
llvm-svn: 50710
2008-05-06 04:21:38 +00:00
c9f4948bba
Remove assertion.
...
llvm-svn: 50709
2008-05-06 04:21:10 +00:00
015c3561ad
Use EvalSummary to process message expressions, thereby unifying the checker
...
logic for function calls and message expressions.
Use the following heuristic to infer "allocating" instance methods:
[ClassName classWithXXX] allocates an object
Update testcase to reflect this heuristic.
llvm-svn: 50708
2008-05-06 04:20:12 +00:00
821537ecdb
Added receiver effects to EvalSummary.
...
llvm-svn: 50700
2008-05-06 02:41:27 +00:00
b0862dca6c
Expand summaries to include "Receiver" effects.
...
llvm-svn: 50697
2008-05-06 02:26:56 +00:00
be7c56ed78
Added initialization code to generate initial set of ObjC method summaries (non-instance methods).
...
llvm-svn: 50690
2008-05-06 00:38:54 +00:00
0806f910d4
Added code to generate initial set of summaries for instance methods.
...
llvm-svn: 50689
2008-05-06 00:30:21 +00:00
3d1e972275
Add summary generation for "initXXX" methods.
...
llvm-svn: 50684
2008-05-05 23:55:01 +00:00
046845e842
Make CF retain diagnostics more succinct.
...
In a leak's "name", indicate GC or non-GC bugs.
llvm-svn: 50680
2008-05-05 23:16:31 +00:00
f15cd14a3d
Emit dead store warnings for ++ and -- operators.
...
llvm-svn: 50679
2008-05-05 23:12:21 +00:00
00daccdd2a
Initial work on refactoring the CFRefCount checker so that it is more
...
generic and handles reference counts for NSObjects.
llvm-svn: 50674
2008-05-05 22:11:16 +00:00
627c3074dd
Improve leak diagnostics to not report a leak on the same line where
...
the object was last used. This can be confusing to users.
For example:
// 'y' is leaked
x = foo(y);
instead:
x = foo(y);
// 'y' is leaked
llvm-svn: 50661
2008-05-05 18:50:19 +00:00
3917b82e85
Improved leak diagnostics.
...
llvm-svn: 50657
2008-05-05 17:53:17 +00:00
875db81301
Minor refactorings/cleanups in CF retain checker and added support for NSMakeCollectable.
...
Added test case for NSMakeCollectable.
llvm-svn: 50653
2008-05-05 16:51:50 +00:00
db04a9e967
When reporting branch conditions that evaluate to an uninitialized value,
...
highlight the most nested subexpression that appears most responsible (giving
the user better diagnostic feedback).
Updated test cases to illustrate this feature.
Implements: <rdar://problem/5880443>
llvm-svn: 50647
2008-05-05 15:56:53 +00:00
a5e2df015a
Rename member variable.
...
llvm-svn: 50597
2008-05-02 23:21:21 +00:00
983be7cee6
Improved diagnostics for leaks: now we report which variable was leaked.
...
llvm-svn: 50588
2008-05-02 20:53:50 +00:00
789942cfda
When running the reference count checker twice (GC and non-GC mode), only emit
...
basic warnings (dead stores, null dereferences) on the first pass.
llvm-svn: 50584
2008-05-02 18:01:49 +00:00
bb7386aff5
Really noreturn on exceptions.
...
llvm-svn: 50579
2008-05-02 17:12:56 +00:00
63d76df236
Fix copy-paste bug.
...
llvm-svn: 50557
2008-05-01 23:38:35 +00:00
2722f36465
Remove no longer valid assertion.
...
llvm-svn: 50556
2008-05-01 23:28:56 +00:00
1097b4c61f
Added line number diagnostics to indicate the allocation site of the leaked object.
...
llvm-svn: 50553
2008-05-01 23:13:35 +00:00
fabfb4677d
Do not highlight bogus ranges for leaks.
...
llvm-svn: 50549
2008-05-01 22:50:36 +00:00
8a56b06b5c
Correctly invalidate reference count state when passing objects by reference in message expressions we don't understand.
...
llvm-svn: 50541
2008-05-01 21:31:50 +00:00
7f824734e0
Added temporary fix for Obj-C exception handling in the static analyzer: treat these as panic functions.
...
llvm-svn: 50535
2008-05-01 18:33:28 +00:00
f0b0f2edfe
Renamed static method.
...
llvm-svn: 50533
2008-05-01 18:31:44 +00:00
b99d01269a
Added __assert_rtn to list of panic functions.
...
llvm-svn: 50530
2008-05-01 17:52:49 +00:00
ed36e4b9a4
Added ziperr as a panic function. Eventually inter-procedural analysis
...
should catch this one easily.
llvm-svn: 50526
2008-05-01 15:55:59 +00:00
9f696852c4
When processing "release", "retain", and "autorelease" messages return the
...
lval passed as an argument.
Fix: Inverted diagnostic messages.
llvm-svn: 50513
2008-05-01 04:02:04 +00:00
4828aa3152
Added support for "autorelease" message in CF ref. count checker.
...
llvm-svn: 50512
2008-05-01 02:18:37 +00:00
b0f87c48cb
added preliminary diagnostics in scan-build results to denote whether
...
a CF memory leak occurred with GC enabled, etc.
llvm-svn: 50507
2008-04-30 23:47:44 +00:00
f20e2285c9
More cleanups with ObjCQualifiedIdType in the static analyzer.
...
llvm-svn: 50503
2008-04-30 22:48:21 +00:00
a16dacb6aa
Add placeholder code in the static analyzer for MemberExprs involving struct temporaries.
...
llvm-svn: 50502
2008-04-30 22:17:15 +00:00
ca67cab1e8
Add workaround for __builtin_offsetof in the static analyzer.
...
llvm-svn: 50500
2008-04-30 21:45:55 +00:00
99057462aa
Provide SizeOfAlignTypeExpr workaround in the static analyzer for taking the sizeof of a ObjCInterfaceType.
...
llvm-svn: 50499
2008-04-30 21:31:12 +00:00
e0e8b535cf
Support implicit casts from pointers to references.
...
llvm-svn: 50498
2008-04-30 21:10:19 +00:00
84dea154fc
When creating LVals for array entries, canonicalize entries with a 0 index.
...
llvm-svn: 50497
2008-04-30 21:05:35 +00:00
20d8006e93
Teach more of the static analyzer about ObjCQualifiedIdType.
...
llvm-svn: 50494
2008-04-30 20:17:27 +00:00
0940b99e3b
Teach the static analysis engine about ObjCQualifiedIdType.
...
llvm-svn: 50493
2008-04-30 20:01:29 +00:00
5ce35cc514
Add conjured symbols for decl initializations.
...
Add db_error as panic function.
llvm-svn: 50489
2008-04-30 17:54:04 +00:00
39a736f723
Handle lval::ArrayOffset and lval::FieldOffset in EvalNE and EvalEQ.
...
llvm-svn: 50486
2008-04-30 16:07:22 +00:00
5cc9e60a5f
Invalidate old subexpression bindings when binding UnknownVal.
...
llvm-svn: 50466
2008-04-30 04:23:07 +00:00
9700bd42f0
Simplify RemoveDeadBindings.
...
llvm-svn: 50458
2008-04-29 23:58:03 +00:00
10246e8bfa
Add lval::ArrayOffset, which represent the locations of entries in an array.
...
llvm-svn: 50453
2008-04-29 23:24:44 +00:00
0d2ccffa83
Added lval::FieldOffset, which represents symbolic lvalues for field offsets from other Lvalues.
...
This removes the failure in null-deref-ps.c (test suite).
llvm-svn: 50449
2008-04-29 22:17:41 +00:00
fa5a3d0fe7
Major rewrite/refactoring of static analysis engine. We now use
...
EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us
to do checks for null dereferences, etc., at any arbitrary load/store (these
were missed checks before). This also resulted in some major cleanups, some
conceptual, and others just in the structure of the code.
This temporarily introduces a regression in the test suite (null-deref-ps.c)
before I add a new LVal type for structure fields.
llvm-svn: 50443
2008-04-29 21:04:26 +00:00
a374ea9a35
Update typestate logic to support GC-mode.
...
llvm-svn: 50396
2008-04-29 05:44:10 +00:00
4b7ca776cf
Implement semantics of CFMakeCollectable for the CF-reference count checker.
...
llvm-svn: 50395
2008-04-29 05:33:51 +00:00
4d1f422c6f
Provide the option to run the CF-retain checker in GC enabled mode.
...
The transfer functions for the checker don't do anything special yet in GC mode.
llvm-svn: 50394
2008-04-29 05:13:59 +00:00
fa2d2f2886
Make assertions for all addresses passed to ProgramPoint that they have at least an 8-byte alignment.
...
llvm-svn: 50310
2008-04-26 15:19:51 +00:00
dd38e0bd0d
Fix bug in BugReporter where we didn't handle emitting diagnostics for
...
empty CFGBlocks that only contained a terminator.
Added improved diagnostics for break and continue statements and default branches in switch statements.
This fixes <rdar://problem/5889244>.
llvm-svn: 50286
2008-04-25 19:01:27 +00:00
99131c9f5a
Handle dereferences of function pointers (which return a handle to the function).
...
llvm-svn: 50246
2008-04-25 01:56:50 +00:00
2e5092320e
Don't abort on GetRVal when the LVal is a StringLiteralVal.
...
llvm-svn: 50245
2008-04-25 01:45:38 +00:00
4dd412e022
Don't emit empty strings for path diagnostics when taking the default branch of a switch statement that has no label.
...
llvm-svn: 50242
2008-04-25 01:29:56 +00:00
ecbdf75049
Do a better job at computing dead symbols.
...
Implemented support for better localized leaks in the CF reference count checker.
Now leaks should be flagged close to where they occur.
This should implement the desired functionality in <rdar://problem/5879592>, although the diagnostics still need to be improved.
llvm-svn: 50241
2008-04-25 01:25:15 +00:00
b0daf2f6f5
Add preliminary support for flagging leaks around when they happen (doesn't work yet).
...
llvm-svn: 50237
2008-04-24 23:57:27 +00:00
ae8014cb7e
More boilerplate for handling specialized-transfer function logic for dead symbols.
...
llvm-svn: 50233
2008-04-24 23:35:58 +00:00
3812b7676c
Added initial boilerplate in GRExprEngine to allow checker-specific transfer
...
function logic to act when symbols become dead.
llvm-svn: 50221
2008-04-24 18:31:42 +00:00
f7141597e8
CF reference count checker: handle variadic functions that allocate CF objects.
...
This fixes <rdar://problem/5886141>.
Part of this change resulted in creating sparser summaries. I also added
some more comments and did some minor code cleanups.
llvm-svn: 50214
2008-04-24 17:22:33 +00:00
21bf6006b0
For case statements involving enums, BugReporter now generates PathDiagnostics
...
that say that we are jumping to "case a" instead of "case 0".
This is a feature implementation for <rdar://problem/5880430>.
llvm-svn: 50197
2008-04-23 23:35:07 +00:00
05e6267466
Fix minor regression in bug report generation.
...
llvm-svn: 50195
2008-04-23 23:04:32 +00:00
f26bc55b9a
When building PathDiagnostics for bug reports, generate a trimmed ExplodedGraph with a single path that BugReport objects can safely walk and introspect.
...
llvm-svn: 50194
2008-04-23 23:02:12 +00:00
dd43aeee54
Fixed: <rdar://problem/5881148>
...
Problem:
In the recently refactored VisitDeref (which processes dereferences), we
were incorrectly skipping the node just generated for the subexpression
of the dereference. This was a horrible regression.
llvm-svn: 50176
2008-04-23 20:12:28 +00:00
d2419a0730
Remove false path where the default branch in a switch statement would
...
always be taken even if it was not feasible.
llvm-svn: 50132
2008-04-23 05:03:18 +00:00
ef9af73887
Added panic function "assfail".
...
llvm-svn: 50119
2008-04-23 00:41:25 +00:00
0224ac57e0
For default branches in switch statements with no default label, print out
...
the line we are going to.
llvm-svn: 50113
2008-04-22 22:29:46 +00:00
3b42715930
Rewrote VisitDeclStmt to properly handle initializers that can do anything.
...
llvm-svn: 50112
2008-04-22 22:25:27 +00:00
c79c0591d6
Added lval type (and tracking) for StringLiterals.
...
llvm-svn: 50109
2008-04-22 21:39:21 +00:00
eccf3e5821
Added "nonlval::LValAsInteger" to represent abstract LVals casted to integers, allowing us to track lvals when they are casted back to pointers.
...
llvm-svn: 50108
2008-04-22 21:10:18 +00:00
9718c9e8ee
PathDiagnosticClients now retain ownership of passed PathDiagnostics, requiring
...
them to not be stack-allocated.
HTMLDiagnostics now batches PathDiagnostics before emitting HTML in its dtor.
This is a workaround for a problem when we trampled the Preprocessor state
when highlighting macros (sometimes resulting in an assertion failure).
llvm-svn: 50102
2008-04-22 16:15:03 +00:00
901a4e406b
Use back() instead of end()-1
...
llvm-svn: 50098
2008-04-22 07:37:18 +00:00
80f2c111bd
Added panic function "dtrace_assfail".
...
llvm-svn: 50091
2008-04-22 06:09:33 +00:00
a2cca7dbdf
Hardcode "Assert" as a no-return function (panic).
...
llvm-svn: 50089
2008-04-22 05:37:33 +00:00
da5cdda248
Added null-dereference check for ArraySubscriptExpr.
...
llvm-svn: 50083
2008-04-22 04:56:29 +00:00
38213f9573
Added support for detected bad dereferences involving MemberExprs, e.g. x->f where "x" is NULL.
...
llvm-svn: 50071
2008-04-21 23:43:38 +00:00
5fa90e49a9
Fix improper dereference of end() iterator. Patch by Argiris Kirtzidis!
...
llvm-svn: 50012
2008-04-20 23:54:24 +00:00
575f24ef73
Gracefully handle when the receiver of a message expression is not a pointer type.
...
llvm-svn: 49959
2008-04-19 19:12:50 +00:00
423edc2384
Another bug fix in emitting warnings without a path: construct a unit PathDiagnostic as we did
...
before. This allows the HTMLDiagnostic object to retrieve the bug type, bug description, etc.
llvm-svn: 49939
2008-04-18 22:56:53 +00:00
bf27dc9659
Reenable using the PathDiagnosticClient for BugReports without paths.
...
llvm-svn: 49934
2008-04-18 22:11:59 +00:00
31484b2477
Generalize caching mechanism for bugs reports. Now individual BugTypes
...
can decide the policy on how to cache related bugs. This allows us to
properly to handle warning about multiple leaks in the same location in the
ref count checker (not yet done).
llvm-svn: 49918
2008-04-18 20:54:29 +00:00
c072b820cf
Fixed more caching bugs related to the one fixed in r49914. Silence
...
compiler warning introduced by a recent patch of mine.
llvm-svn: 49917
2008-04-18 20:35:30 +00:00
acefba896c
Fixed elusive caching bug that led to false positives.
...
llvm-svn: 49914
2008-04-18 19:34:16 +00:00
4d83728a57
Added "GetErrorNodes()" to BugType so that -trim-egraph can recognize errors
...
from registered BugTypes. This helps with debugging.
Add detection of NULL values in ref count checker; this suppresses false positives.
llvm-svn: 49912
2008-04-18 19:23:43 +00:00
3388381993
Added "EvalAssume" virtual method to GRTransferFuncs; this is for evaluating
...
the checker-specific logic of symbolic assumptions.
llvm-svn: 49910
2008-04-18 17:20:23 +00:00
d004c418b6
Fixed bug in GREndPathNodeBuilder: only return a node if it wasn't in the node cache.
...
llvm-svn: 49907
2008-04-18 16:30:14 +00:00
f03e07c34d
More grammar fixes.
...
llvm-svn: 49895
2008-04-18 05:32:44 +00:00
ca8892b456
Fix plurality debacle.
...
llvm-svn: 49894
2008-04-18 05:13:26 +00:00
40d601f958
Added path diagnostics for reference counts.
...
llvm-svn: 49892
2008-04-18 04:55:01 +00:00
396f43620f
BugReport::VisitNode now takes BugReporter& instead of ASTContext&.
...
Shuffled around code in CFRefCount to better pair classes with implementation,
and started adding subclasses of RangedBugReport to handle better diagnostics
for reference count bugs.
llvm-svn: 49889
2008-04-18 03:39:05 +00:00
89e6a9b98c
Added null check.
...
llvm-svn: 49887
2008-04-18 02:24:50 +00:00
cffe635699
Simplified internal logic of BugReporter, consolidating EmitWarning and
...
EmitPathWarning into one method. We now properly handle emitting warnings
without a PathDiagnosticClient when the warning does not involve a particular
statement.
llvm-svn: 49884
2008-04-18 01:56:37 +00:00
69049c272f
Modified BugReport::getEndPath() to handle the case where end path is at
...
the exit block of the CFG.
llvm-svn: 49880
2008-04-17 23:44:37 +00:00
cc0951bde1
Hook up reporting reference count memory leaks to the BugReporter mechanism.
...
llvm-svn: 49879
2008-04-17 23:43:50 +00:00
a506fec90a
Added transfer function support for ReturnStmt to support detecting leaks
...
involving objects that are returned but have an excessive reference count.
llvm-svn: 49861
2008-04-17 18:12:53 +00:00
fc2f058230
Fix MSVC compiler error: "initialization of 'VD' is skipped by 'case' label"
...
llvm-svn: 49853
2008-04-17 13:52:22 +00:00
9c375158a0
Handle ReturnStmts by dispatching to "EvalReturn" in the transfer function object.
...
llvm-svn: 49826
2008-04-16 23:05:51 +00:00
cbf4c6134e
CF ref. count checker: Register memory leaks at the end of a path.
...
llvm-svn: 49824
2008-04-16 22:32:20 +00:00
86051690ea
Bug fix in GREndPathNodeBuilderImpl: Use the specified state to construct
...
a node, not the state of the predecessor.
llvm-svn: 49823
2008-04-16 22:30:40 +00:00
c1f9a28e4d
Added CFGBlock::getTerminatorCondition() to get the Expr* of the condition a block's terminator.
...
Refactored LiveVariables to use getTerminatorCondition() in VisitTerminator().
Bug fix: CFG now computes Block-level expression numbers using information
from block terminators. This fixes <rdar://problem/5868189>.
llvm-svn: 49818
2008-04-16 21:10:48 +00:00
7145489c37
Small tweaks to EvalStore: pass an "RVal" instead of "LVal" for the TargetLV to
...
represent possible stores to "Unknown."
llvm-svn: 49811
2008-04-16 20:40:59 +00:00
673b5c1e42
Add missing file.
...
llvm-svn: 49805
2008-04-16 18:39:25 +00:00
90c7cb6810
Hook up "EvalStore" from GRTransferFuncs to GRExprEngine.
...
llvm-svn: 49804
2008-04-16 18:39:06 +00:00
2044a5183d
Take first step to migrating handling of "stores" to values from GRExprEngine
...
to the plug-in GRTransferFuncs object.
llvm-svn: 49801
2008-04-16 18:21:25 +00:00
ed30e8da56
LiveVariables now updates the liveness state of block-level expressions that
...
are referenced by CFGBlock terminators.
llvm-svn: 49798
2008-04-16 17:07:59 +00:00
08e562d3c8
In ExplodedGraphImpl::Trim, prioritize for paths that don't span loops by using
...
two worklists: for nodes whose locations are block edges with loop terminators
and another for nodes with all other locations. We only dequeue from the loop
worklist when the other is empty. Exploration of the graph is still in
reverse-BFS.
llvm-svn: 49791
2008-04-16 15:51:26 +00:00
8cb96e92a1
Implemented toll-free bridging support for CF Reference count checker.
...
llvm-svn: 49771
2008-04-16 04:28:53 +00:00
e556f9e39c
Simplify some code.
...
llvm-svn: 49763
2008-04-16 02:59:55 +00:00
748c7ce4ba
Added initial boilerplate to support toll-free bridging in the ref-count checker.
...
llvm-svn: 49756
2008-04-15 23:44:31 +00:00
667cacb2ff
Added some comments to GRExprEngine. Reorder some of the method definitions
...
to start logically organizing them.
Added initial plug-in transfer function support for Objective-C message expressions.
llvm-svn: 49752
2008-04-15 23:06:53 +00:00
6204498aad
Change "VisitBlockVarDecl" to "VisitVarDecl". UninitializedValues now works
...
as before r49748 (where BlockVarDecl was removed).
llvm-svn: 49749
2008-04-15 23:02:18 +00:00
08899ff85d
Remove FileVarDecl and BlockVarDecl. They are replaced by VarDecl::isBlockVarDecl() and VarDecl::isFileVarDecl().
...
This is a fairly mechanical/large change. As a result, I avoided making any changes/simplifications that weren't directly related. I did break two Analysis tests. I also have a couple FIXME's in UninitializedValues.cpp. Ted, can you take a look? If the bug isn't obvious, I am happy to dig in and fix it (since I broke it).
llvm-svn: 49748
2008-04-15 22:42:06 +00:00
82ff6d65bc
Fix bug in terminator processing for uninitialized-values: simply ignore the terminator, don't reprocess it.
...
LiveVariables analysis now does a flow-insensitive analysis to determine what variables have their address taken; these variables are now always treated as being live.
The DataflowSolver now uses "SetTopValue()" when getting the initial value for the entry/exit block.
llvm-svn: 49734
2008-04-15 18:35:30 +00:00
45887902b6
Fix a compiler error on MSVC (variable name 'E' clash).
...
llvm-svn: 49727
2008-04-15 16:30:10 +00:00
6d41b82ea4
Improve dead store diagnostic.
...
llvm-svn: 49711
2008-04-15 05:31:00 +00:00
8adeebb274
Added initial support into the flow-sensitive dataflow solver to visit the Block-level expression
...
in a block's terminator. This expression is visited within a block, but it is accessed by the
terminator. This is important to observe because for live-variables analysis the block-level
expression is live between the terminator and where the expression occurs in the block. So far
this hasn't been an issue to not observe this because the block-level expression used in the
terminator is always the last one in the block, and we have never queried the liveness information
about this point (but before the terminator).
llvm-svn: 49709
2008-04-15 04:39:08 +00:00
66279073f7
Bug fix in dead stores: don't always check the liveness of the first decl
...
in a DeclStmt.
llvm-svn: 49708
2008-04-15 04:11:48 +00:00
cd76f95dd0
++/-- makes a variable live since it is used; thus the liveness state is
...
"Alive" as opposed to staying the same.
llvm-svn: 49707
2008-04-15 04:08:54 +00:00
f4212bdbc3
Bug fix in LiveVariables: Operators ++/-- may kill a value, but the variable
...
is still live.
llvm-svn: 49705
2008-04-15 03:47:30 +00:00
87bfc03f4a
Don't flag dead stores that occur in macros.
...
llvm-svn: 49672
2008-04-14 18:28:25 +00:00
bae225d57a
Have BugReporter::EmitWarning use the PathDiagnosticClient if it is available.
...
llvm-svn: 49668
2008-04-14 18:06:42 +00:00
75ff623e2e
Bug fix in dead-store checker when walking the Decls in a DeclStmt: don't
...
assume that DeclStmts only have VarDecls; they can have TypedefDecls.
llvm-svn: 49662
2008-04-14 17:52:13 +00:00
12e721a728
Treat calls to unresolved functions in the CF-ref count checker as calls
...
to functions with NULL summaries.
llvm-svn: 49660
2008-04-14 17:45:13 +00:00
7e15130dc9
Hooked up the dead-store checker to the BugReporter interface. Now dead-store
...
warnings are emitted as part of the warnings registered by GRSimpleVals.
llvm-svn: 49658
2008-04-14 17:39:48 +00:00
8784a7c006
Add some boilerplate to report memory leaks at the end of an analyzed function.
...
Still need some boilerplate in BugReporter to report bugs at the end
of a function (not associated with a particular statement).
llvm-svn: 49564
2008-04-11 22:25:11 +00:00
811c2b4edb
Added "GREndPathNodeBuilder", a new node builder that will be used for
...
evaluating transfer functions at the end-of-path.
llvm-svn: 49561
2008-04-11 22:03:04 +00:00
0a86fdb1ff
Added FIXME
...
llvm-svn: 49558
2008-04-11 20:51:02 +00:00
831f327568
Fix regression introduced by my last commit.
...
llvm-svn: 49556
2008-04-11 20:23:24 +00:00
a7c44113bc
Changed behavior of how we handle "NULL" summaries: just call
...
GRSimpleVals::EvalCal(), and don't change reference counts.
Remove "getDoNothingSummary()", as a NULL summary does the same thing.
Added temporary hack for the "Get" rule for objects that return a pointer type:
treat them as non-owned CF objects.
Added test case to detect the release of a non-owned object.
llvm-svn: 49555
2008-04-11 20:11:19 +00:00
988990f842
Use RangedBugReport to report better ranges for reference count errors.
...
llvm-svn: 49552
2008-04-11 18:40:51 +00:00
6e38ffa517
Added "RangedBugReport".
...
llvm-svn: 49551
2008-04-11 18:40:29 +00:00
4b77209694
Fixed some logic errors in the CF ref count checker; we now can detect simple
...
use-after-release errors. Added test case.
llvm-svn: 49509
2008-04-10 23:44:06 +00:00
3c03d52d6e
Simplify CF ref. count checker state machine.
...
llvm-svn: 49505
2008-04-10 23:09:18 +00:00
22bd628056
Fix some bonehead bugs in summary generation in CFRefCount.
...
llvm-svn: 49503
2008-04-10 22:58:08 +00:00
4a78c3ae11
Refactored all logic to run the GRSimpleVals and CFRef checker into a common
...
code path in the clang driver.
Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.
llvm-svn: 49500
2008-04-10 22:16:52 +00:00
ea1bc3bec6
CFRefCount analysis now properly calls "EmitWarnings" after analyzing a function.
...
llvm-svn: 49488
2008-04-10 16:21:09 +00:00
42d9db75f0
When not emitting path diagnostics in BugReporter::EmitWarning(), use the
...
BugReport-specific SourceRanges (when available).
llvm-svn: 49486
2008-04-10 16:12:38 +00:00
83744ddbd9
Fixed regressions in error reporting due to copy-paste errors (using the "begin"
...
iterator instead of "end") and not implementing "getDescription()" for Nil
argument checks.
llvm-svn: 49485
2008-04-10 16:05:13 +00:00
c8bef6a076
Hooked up initial reference-count checks to the BugReporter interface.
...
llvm-svn: 49455
2008-04-09 23:49:11 +00:00
7acc3a36ef
Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter.
...
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.
GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.
ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.
llvm-svn: 49453
2008-04-09 21:41:14 +00:00
ce8e881dc3
Added some boilerplate for emitting warnings from the CF-reference count checker.
...
llvm-svn: 49414
2008-04-09 01:10:13 +00:00
3cef454e2e
Added new "BugReporterHelper" class which is used by BugReporter to emit
...
checker-specific diagnostics.
llvm-svn: 49412
2008-04-09 00:20:43 +00:00
e73006ee45
Improve BugReport diagnostics for loops and ? operator.
...
llvm-svn: 49356
2008-04-07 23:35:17 +00:00
1e830c07a2
templates can't be static.
...
llvm-svn: 49258
2008-04-06 04:22:39 +00:00
d1a2efadba
Added investigate patch for an occasionally failing assertion (heisenbug?)
...
llvm-svn: 49193
2008-04-03 21:44:24 +00:00
10569cdd87
Better range highlight for undefined-argument checks.
...
llvm-svn: 49184
2008-04-03 18:52:25 +00:00
5f5592062b
When reporting "bad receiver" warnings, highlight the receiver.
...
llvm-svn: 49183
2008-04-03 18:46:16 +00:00
89575b7bcb
Use "getRanges" in default implementation of "getEndPath" to determine
...
the ranges of highlighted elements in the source code.
llvm-svn: 49181
2008-04-03 18:00:37 +00:00
cb2dc8eca5
Hooked up GRSimpleAPICheck and the simple Objective-C Foundation checks to use
...
the new BugReporter interface.
llvm-svn: 49180
2008-04-03 17:57:38 +00:00
ca40664275
Handle the case when getEndPath() returns NULL.
...
llvm-svn: 49155
2008-04-03 07:33:55 +00:00
e4c029e7aa
Add back bug name to PathDiagnostic.
...
llvm-svn: 49139
2008-04-03 05:23:19 +00:00
4e9cc3f272
When creating PathDiagnostics, created a trimmed graph first and report the
...
BFS path to the root. This also avoids problems with loops in the ExplodedGraph.
llvm-svn: 49133
2008-04-03 04:59:14 +00:00
505a36afc6
Created new path-sensitive bug-reporting scheme based on the classes
...
"BugReporter" and "BugDescription". BugDescription is used to describe
a bug and provide pieces of the PathDiagnostic, and BugReporter creates
the actual PathDiagnostic by crawling through the ExplodedGraph.
Migrated checks done by GRSimpleVals to be reported using the new BugReporter
mechanism.
llvm-svn: 49127
2008-04-03 04:42:52 +00:00
33d03a52f0
80 col violation
...
llvm-svn: 49120
2008-04-02 22:08:09 +00:00
744fb6d9e7
Added more PathDiagnostic rendering for terminators: switch, goto, loops.
...
llvm-svn: 49119
2008-04-02 22:03:53 +00:00
383bfd27d0
Shorted bug-description.
...
llvm-svn: 49102
2008-04-02 18:02:54 +00:00
182f660d8d
simplify some code by using PointerLikeType.
...
llvm-svn: 49101
2008-04-02 17:45:06 +00:00
d12d21c000
Beginning of some cleanups; start generating path diagnostics using objects
...
that describe a bug.
llvm-svn: 49086
2008-04-02 07:05:46 +00:00
2c71d51513
Added initial hacked support for display path diagnostics with
...
GRSimpleVals warnings. Cleaning up, but now we get multiple bubbles (branches are annotated).
llvm-svn: 49077
2008-04-02 05:15:22 +00:00
94896e17bb
Patch by Argiris Kirtzidis: Fix a dangling pointer error!
...
llvm-svn: 49057
2008-04-01 22:35:58 +00:00
e9f2a90d1f
Do not prepend the keyword "[CHECKER]" to checker messages when using
...
a PathDiagnosticClient.
llvm-svn: 48996
2008-03-31 20:42:43 +00:00
bb7f03f926
Include ranges in GRSimpleVals diagnostics.
...
llvm-svn: 48990
2008-03-31 18:44:32 +00:00
c27815ca82
Inlined clang/Analysis/Analyses/GRSimpleVals.h into LocalCheckers.h and removed
...
GRSimpleVals.h
Added a PathDiagnosticClient option to the driver functions for the
CFRefCountChecker and the GRSimpleVals analysis. Both analyses now accept a "-o"
argument from the driver that specifies where HTML reports should be dumped.
llvm-svn: 48989
2008-03-31 18:26:32 +00:00
f646774f32
Added path-sensitive check for return statements that return the address
...
of a stack variable. This is the path-sensitive version of a check that
is already done during semantic analysis.
llvm-svn: 48980
2008-03-31 15:02:58 +00:00
c719424caa
Added skeleton checking for NSString's method initWithFormat: (do not pass nil). This won't be useful in most cases right now
...
because the analyzer isn't tracking expected types for an object, and [NSString alloc] just runs "id".
llvm-svn: 48917
2008-03-28 16:09:38 +00:00
276278e5d2
Expanded NSString checking to check for nil for a few more methods.
...
llvm-svn: 48898
2008-03-27 22:05:32 +00:00
2e4e7ccb22
Add line SourceLocation to NSString checks.
...
Added test case to test warning about passing 'nil' to NSString's compare: method.
llvm-svn: 48896
2008-03-27 21:23:57 +00:00
27156c8c9f
Hooked up initial NSString interface checking to GRSimpleVals.
...
llvm-svn: 48895
2008-03-27 21:15:17 +00:00
a4d60b6de3
Add creation of BasicObjCFoundationChecks when running GRSimpleVals from the driver.
...
llvm-svn: 48886
2008-03-27 17:17:22 +00:00
c04149299c
Added "GRAuditor" and "GRSimpleAPICheck" interface to allow simple stateless checkers to be injected into the analyzer.
...
Added "AnnotatedPath" class to record an annotated path that will be useful for inspecting paths.
Added some boilerplate code for simple checks of Apple's Foundation API.
llvm-svn: 48867
2008-03-27 07:25:52 +00:00
710714c365
PathDiagnosticPiece no longer contains a vector of strings; just one string.
...
PathDiagnostic no longer contains a diagnostic ID or diagnostic level.
llvm-svn: 48864
2008-03-27 06:16:40 +00:00
4fa20c9bba
Added classes "PathDiagnosticPiece", "PathDiagnostic", and "PathDiagnosticClient", which encapsulate diagnostic reporting for paths.
...
llvm-svn: 48861
2008-03-27 03:49:32 +00:00
ea128437b3
Bug fix: use GetRVal instead of GetLVal (were getting the value of a DeclRefExpr, not it's address).
...
llvm-svn: 48846
2008-03-26 22:21:58 +00:00
cb047289a8
Bug fix in transfer function for ObjCMessageExpr: Visit the receiver expression as an ordinary expression, not using VisitLVal.
...
llvm-svn: 48842
2008-03-26 21:36:08 +00:00
4b55badc39
GRSimple analysis now outputs additional diagnostic warnings about
...
passing an uninitialized value to a message expresion.
llvm-svn: 48776
2008-03-25 16:40:05 +00:00
3335120f69
Tweak to transfer function for ObjCMessageExpr: handle both instance methods
...
and message expressions with a specified receiver.
llvm-svn: 48773
2008-03-25 16:07:41 +00:00
945a246ad8
Added logic to check for uninitialized values as the receivers for message expressions
...
and uninitialized values passed-by-value as arguments to message expressions.
llvm-svn: 48760
2008-03-25 02:10:28 +00:00
64100da427
Added initial transfer function support for ObjCMessageExpr.
...
llvm-svn: 48757
2008-03-25 00:34:37 +00:00
fb475ec504
Changed merge operation for uninitialized values analysis to "intersect" (previous union).
...
The effect is that if a variable is uninitialized along a branch (but initialized along another), at merge points it is considered uninitialized. Previously we had the opposite behavior. The new behavior is more conservative, and more in line with gcc's behavior.
llvm-svn: 48689
2008-03-22 20:11:00 +00:00
181f72369f
Rename "Nodify" to "MakeNode"
...
llvm-svn: 48659
2008-03-21 21:30:14 +00:00
b7151c7ca8
LiveVariables analysis now uses intersect for the merge of block-level expression liveness information.
...
The rationale is that a block-level expression cannot be live in a parent block unless it is live in all of the successor blocks.
llvm-svn: 48618
2008-03-20 21:46:49 +00:00
a9b30c0651
Fix assertion.
...
llvm-svn: 48470
2008-03-17 22:18:22 +00:00
9eae403cde
Fix integer overflow bug when processing switch statements.
...
llvm-svn: 48469
2008-03-17 22:17:56 +00:00
58021a617b
Properly hook up inline asm transfer function logic to the main GRExprEngine logic.
...
llvm-svn: 48468
2008-03-17 21:31:48 +00:00
7c7a331f74
Added initial transfer function support for inline asm.
...
llvm-svn: 48466
2008-03-17 21:11:24 +00:00
7a51313d8a
Make a major restructuring of the clang tree: introduce a top-level
...
lib dir and move all the libraries into it. This follows the main
llvm tree, and allows the libraries to be built in parallel. The
top level now enforces that all the libs are built before Driver,
but we don't care what order the libs are built in. This speeds
up parallel builds, particularly incremental ones.
llvm-svn: 48402
2008-03-15 23:59:48 +00:00
Chris Lattner