OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity
41,498 Commits 32 Branches 0 Tags 2.2 GiB
Commit Graph

79 Commits

Author SHA1 Message Date
Ted Kremenek 2bdd77696e Added --trim-path-graph to the driver to trim paths from the ExplodedGraph 
that are not related to error nodes.

Fixed bug where we did not detect some NULL dereferences.

Added "ExplodedGraph::Trim" to trim all nodes that cannot transitively reach
a set of provided nodes.

Fixed subtle bug in ExplodedNodeImpl where we could create predecessor
iterators that included the mangled "sink" bit.  The better fix is to integrate
this bit into the void* for the wrapped State, not the NodeGroups representing
a node's predecessors and successors.

llvm-svn: 48036
 2008-03-07 22:58:01 +00:00
Ted Kremenek 6947a79d6b Improved graph visualization of ExplodedGraphs to include source line and column 
information.

llvm-svn: 48031
 2008-03-07 20:57:30 +00:00
Ted Kremenek 910e9de131 Renamed ValueManager to BasicValueFactory. 
llvm-svn: 48025
 2008-03-07 20:13:31 +00:00
Ted Kremenek 40bc74fde7 Refined divide-by-zero checking to distinguish between must and may 
divide-by-zero errors.

llvm-svn: 48013
 2008-03-07 19:04:53 +00:00
Ted Kremenek 4c38955dab Added transfer function support for __builtin_expect. 
llvm-svn: 47971
 2008-03-05 22:59:42 +00:00
Ted Kremenek 9743b3913f Small bug fix when handling CallExprs that generate sink nodes. 
llvm-svn: 47970
 2008-03-05 22:49:16 +00:00
Ted Kremenek 7034236366 Fixed bug that could case unwanted bifurcation of states when evaluating calls. 
llvm-svn: 47964
 2008-03-05 21:15:02 +00:00
Ted Kremenek df4a5b9047 Minor cleanups (mainly indentation). 
llvm-svn: 47955
 2008-03-05 19:08:15 +00:00
Chris Lattner 37e0587839 remove the source location arguments to various target query methods. 
llvm-svn: 47954
 2008-03-05 18:54:05 +00:00
Ted Kremenek d5804b31c4 Plug-in transfer function "EvalCall" now takes as an argument the current 
GRStmtNodeBuilder and is now responsible for adding its own nodes to the graph.

llvm-svn: 47923
 2008-03-05 00:33:14 +00:00
Ted Kremenek a81c9de767 Moved implementation of GRExprEngine::Nodify into GRStmtNodeBuilder. This will 
allow us to pass the builder to plug-in transfer functions and allow those
functions to create intermediate nodes.

llvm-svn: 47919
 2008-03-04 23:39:43 +00:00
Ted Kremenek 9f3f827e65 Added preliminary transfer function support for references. 
llvm-svn: 47912
 2008-03-04 22:16:08 +00:00
Ted Kremenek 7aedc47285 For the transfer function for CallExpr, invalidate all arguments 
passed-by-reference to builtin functions until we have better builtin support.

llvm-svn: 47910
 2008-03-04 22:01:56 +00:00
Ted Kremenek 229f6773bb For the transfer function of DeclStmt, for now initialize the values of 
structs (local variables) to Unknown instead of Undefined.  (added FIXME to initialize *members* of struct to undefined)

llvm-svn: 47901
 2008-03-04 20:40:11 +00:00
Ted Kremenek b9832d3cb4 Add transfer function support for the default initialization of static 
variables that are pointers or integers.

llvm-svn: 47880
 2008-03-04 04:18:04 +00:00
Ted Kremenek 2a30ea6269 Fixed insidious state propagation bug that would sometimes cause the state 
to bifurcate at the wrong places and not propagate at others.

llvm-svn: 47876
 2008-03-04 00:56:45 +00:00
Ted Kremenek b2ce263891 Enhanced pretty-printing of undefined-argument errors. 
llvm-svn: 47873
 2008-03-04 00:42:54 +00:00
Ted Kremenek 8efd6b4ed8 Added FIXME. 
llvm-svn: 47842
 2008-03-03 16:47:31 +00:00
Ted Kremenek 51e87ea210 Added extra check for calls to functions where we pass undefined values 
as arguments.

llvm-svn: 47778
 2008-02-29 23:53:11 +00:00
Ted Kremenek 6f5fca78e4 Add checks for function calls via a function pointer that is NULL, Undefined, 
or otherwise a constant integer value that doesn't evaluate to an address.

llvm-svn: 47774
 2008-02-29 23:14:48 +00:00
Ted Kremenek 17f4dbde36 "Refinement" of hack to bound loop-traversals: visit any block at a maximum of 3 times along a given path. 
llvm-svn: 47766
 2008-02-29 20:27:50 +00:00
Ted Kremenek e0c79380cd Added checking for undefined results of '<<' and '>>' (shifting by too many bits, etc.) 
This current implementation only works when both operands are concrete values; later we will add support for symbolic values.

llvm-svn: 47726
 2008-02-28 20:32:03 +00:00
Ted Kremenek 22c62c1641 Merged ValueState and ValueStateImpl into just ValueState, with GRExprEngine::StateTy just becoming ValueState*. 
llvm-svn: 47714
 2008-02-28 10:21:43 +00:00
Ted Kremenek 93d1fed5ff Renamed "Uninitialized" -> "Undefined" in path-sensitive value tracking engine. 
llvm-svn: 47713
 2008-02-28 09:25:22 +00:00
Ted Kremenek 5668972630 End paths when calling a function marked "noreturn." 
llvm-svn: 47690
 2008-02-27 20:43:44 +00:00
Ted Kremenek fef05fae67 Small tweaks to the transfer function for DeclStmt: do not mark external global 
variables as uninitialized, and only "initialize" static function variables.

llvm-svn: 47683
 2008-02-27 19:21:33 +00:00
Ted Kremenek cbb21b61c8 Small fix to VisitLVal: this method can be called on Block-Level expressions. 
In such cases, handle them just like Visit().

llvm-svn: 47665
 2008-02-27 07:04:16 +00:00
Ted Kremenek 1c64daba5b When analyzing a function, eagerly create symbolic values for all 
globals/parameters at the beginning of the analysis.

llvm-svn: 47664
 2008-02-27 06:47:26 +00:00
Ted Kremenek c025841dd4 Header file cleanups: reduce number of includes; move ValueState.h into include directory tree. 
llvm-svn: 47661
 2008-02-27 06:07:00 +00:00
Ted Kremenek 947528f000 Similar bug fix to r47650; when processing CallExprs if we did not generate an 
ExplodedNode for the Callee subexpression we would not evaluate the CallExpr
transfer function.

llvm-svn: 47651
 2008-02-27 00:46:25 +00:00
Ted Kremenek 76a2e985c3 Fixed bug in the core transfer function logic for CallExprs where we would 
sometimes skip evaluating all the arguments when some arguments would not
create new ExplodedNodes.

llvm-svn: 47650
 2008-02-27 00:44:11 +00:00
Ted Kremenek 6217dffec3 Fix bug when processing '?' operator: invalidate the old "Uninitialized" value of the block-level expression for ?. 
llvm-svn: 47645
 2008-02-26 23:37:01 +00:00
Ted Kremenek dea8c07899 Don't emit divide-by-zero errors when we divide by an unknown (not 
uninitialized) value. At this point we're just too imprecise.

llvm-svn: 47636
 2008-02-26 22:27:51 +00:00
Ted Kremenek e9f30d3288 Removed static analysis-specific diagnostics from DiagnosticKinds.def. 
Use custom diagnostics for static analysis checkers.  Added warnings
for dereferencing uninitialized values and divide-by-zeroes.

llvm-svn: 47626
 2008-02-26 21:31:18 +00:00
Ted Kremenek bc54390803 Small fixes to shore up overhauling of transfer function logic for '&&' and '||. 
llvm-svn: 47620
 2008-02-26 19:40:44 +00:00
Ted Kremenek 9b69ed398b optimization: no longer create ExplodedNodes for IntegerLiteral and 
CharacterLiteral expressions.

llvm-svn: 47617
 2008-02-26 19:17:09 +00:00
Ted Kremenek f3a4b9617e Major cleanup of the transfer function logic for '&&', '||', and '?'. We 
now store in the state essentially which branch we took.  This removes
a bunch of bogus assumptions (and likely bugs), reduces the complexity of
the implementation, and facilitates more optimizations.

llvm-svn: 47613
 2008-02-26 19:05:15 +00:00
Ted Kremenek ce3563445c Fixed inverted condition. 
llvm-svn: 47590
 2008-02-26 03:44:25 +00:00
Ted Kremenek 06b671097d Added lazy "symbolication" of parameter variables and global variables. 
Added recording of divide-by-zero and divide-by-uninitialized nodes.

llvm-svn: 47586
 2008-02-26 02:15:56 +00:00
Ted Kremenek 733f810600 Added FIXME. 
llvm-svn: 47578
 2008-02-26 00:20:52 +00:00
Ted Kremenek 3a6fd9c177 Better handling of calls to functions via function pointers. 
llvm-svn: 47562
 2008-02-25 21:16:03 +00:00
Ted Kremenek 3866746569 Expanded transfer function support for divide-by-zero checking to include 
"remainder-by-zero" checking (operator '%').

llvm-svn: 47549
 2008-02-25 18:42:54 +00:00
Ted Kremenek 6f92e2294a Added transfer function support for checking for divide-by-zero errors. 
llvm-svn: 47547
 2008-02-25 17:51:31 +00:00
Ted Kremenek cb507025d4 Added "assumption" logic for lval::FuncVal and lval::GotoLabel, and simplified 
assumption logic for lval::DeclVal.

llvm-svn: 47466
 2008-02-22 00:54:56 +00:00
Ted Kremenek 51017b5432 Bug fix: For transfer function for unary "!", compare the subexpression value 
against '0' of the same bit-width.

llvm-svn: 47465
 2008-02-22 00:42:36 +00:00
Ted Kremenek 9f1ed12bc4 Added transfer function support for dispatching to functions we don't know 
about.  The default logic is to invalidate the values of all values
passed-by-reference.

llvm-svn: 47456
 2008-02-21 19:46:04 +00:00
Ted Kremenek 7328fa6ec8 Regression fix: Handle pointer arithmetic in unary ++/--. 
llvm-svn: 47449
 2008-02-21 19:29:23 +00:00
Ted Kremenek 7f8ebb73af Removed bogus assertions regard LValues binding to UnknownVal; they can 
do so implicitly.

llvm-svn: 47447
 2008-02-21 19:15:37 +00:00
Ted Kremenek b1e3218125 FIX: Promote the correct operand. 
llvm-svn: 47445
 2008-02-21 18:46:24 +00:00
Ted Kremenek 7e4861b3c1 Simplified and generalized transfer function logic for casts, allowing 
the transfer function to be invoked without an Expr* for the Cast operation.

Added implicit promotions to the transfer function logic for compound
assignments.

llvm-svn: 47444
 2008-02-21 18:43:30 +00:00