1f88d2f531
Fix comment typo.
...
Patch by Rui Paulo!
llvm-svn: 140448
2011-09-24 03:04:03 +00:00
aa347f9392
Removing a bunch of dead returns/breaks after llvm_unreachables.
...
llvm-svn: 140407
2011-09-23 20:26:49 +00:00
ff7da05670
Move immutable map canonization out of the removeDeadBindings loop (via using ImmutableMapRef). Gives ~2% speedup.
...
llvm-svn: 140403
2011-09-23 19:14:09 +00:00
83d382b1ca
Switch assert(0/false) llvm_unreachable.
...
llvm-svn: 140367
2011-09-23 05:06:16 +00:00
9db35a8750
ST->scanReachableSymbols() is creating a SubRegionMap (SRM) on every call since one SRM is created in each ScanReachableSymbols instance. Creating the object just once and calling only scan inside the loop gives ~ 14% speed up of the StaticAnalyzer run (Release+Asserts).
...
Pull out the declaration of the ScanReachableSymbols so that it can be used directly. Document ProgramState::scanReachableSymbols() methods.
llvm-svn: 140323
2011-09-22 18:10:41 +00:00
15ca5e7a21
[analyzer] Fix a bug where PathDiagnosticLocation did not generate a valid range and add asserts to check validity of locations early on. Ignore invalid ranges in PathDiagnosticPiece (they could be added by checker writers).
...
Addresses radar://10124836 and radar://radar10102244.
llvm-svn: 140218
2011-09-21 00:35:58 +00:00
d70da08160
[analyzer] Refactor PathDiagnosticLocation: Remove SourceRange member from PathDiagnosticLocation - FullSourceLoc Loc and PathDiagnosticRange Range are sufficient.
...
llvm-svn: 140206
2011-09-20 23:27:32 +00:00
6800ab437c
[analyzer] Remove dead code. (This code is trying to implement the idea that PathDiagnosticClient could implement DiagnosticClient and has been dead for a while).
...
llvm-svn: 140198
2011-09-20 22:30:48 +00:00
c29bed3989
[analyzer] Refactor PathDiagnosticLocation: Make PathDiagnosticLocation(SourceLocation...) private. Most of the effort here goes to making BugReport refer to a PathDiagnosticLocation instead of FullSourceLocation.
...
(Another step closer to the goal of having Diagnostics which can recover from invalid SourceLocations.)
llvm-svn: 140182
2011-09-20 21:38:35 +00:00
b2dfc2b7be
[analyzer] Refactor PathDiagnosticLocation: Use the pre-computed Range and Location for profile.
...
llvm-svn: 140180
2011-09-20 21:25:00 +00:00
83128bc101
[analyzer] Refactor PathDiagnosticLocation: Use PointerUnion of LocationContext and AnalysisContext to support creation of PathDiagnosticLocations for checkers which no context sensitivity.
...
llvm-svn: 140162
2011-09-20 18:23:52 +00:00
de03d72a7b
[analyzer] Refactor PathDiagnosticLocation: Lazily query LocationContext for a ParentMap as needed.
...
llvm-svn: 140147
2011-09-20 16:37:36 +00:00
22fec1c4d9
[analyzer] Remove LocationContext and a dependency from PathDiagnosticLoaction.
...
llvm-svn: 140146
2011-09-20 16:23:37 +00:00
745486a5da
[analyzer] Refactor PathDiagnosticLocation: Pre-compute Range and Location with gen methods on object creation instead of computing on demand. This would allow to remove dependency on the other members which help with construction and might not even be valid at later stages (to be removed later on).
...
llvm-svn: 140131
2011-09-20 01:51:40 +00:00
de8c5eddb9
[analyzer] Use more create methods in the PathDiagnostic, cleanup.
...
llvm-svn: 140130
2011-09-20 01:38:47 +00:00
6e76384c82
[analyzer] BugReport has a profile method, so reuse it here.
...
llvm-svn: 140100
2011-09-19 23:44:31 +00:00
e6e67deeed
Rename SourceLocation::getFileLocWithOffset -> getLocWithOffset.
...
It already works (and is useful with) macro locs as well.
llvm-svn: 140057
2011-09-19 20:40:19 +00:00
efd182d992
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 5 of ?):
...
- Get rid of PathDiagnosticLocation(SourceRange r,..) constructor by providing a bunch of create methods.
- The PathDiagnosticLocation(SourceLocation L,..), which is used by crate methods, will eventually become private.
- Test difference is in the case when the report starts at the beginning of the function. We used to represent that point as a range of the very first token in the first statement. Now, it's just a single location representing the first character of the first statement.
llvm-svn: 139932
2011-09-16 19:18:30 +00:00
207c68012a
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 4 of ?):
...
- The closing brace is always a single location, not a range.
- The test case previously had a location key 57:1 followed by a range [57:1 - 57:1].
llvm-svn: 139832
2011-09-15 20:06:34 +00:00
921f04924f
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?):
...
- Fix a fixme and move the logic of creating a PathDiagnosticLocation corresponding to a ProgramPoint into a PathDiagnosticLocation constructor.
- Rename PathDiagnosticLocation::create to differentiate from the added constructor.
llvm-svn: 139825
2011-09-15 18:56:07 +00:00
3a769bd996
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?):
...
- Modify all PathDiagnosticLocation constructors that take Stmt to also requre LocationContext.
- Add a constructor which should be used in case there is no valid statement/location (it will grab the location of the enclosing function).
llvm-svn: 139763
2011-09-15 01:08:34 +00:00
615e3a69c3
[analyzer] After CFG has been linearized, we can have a situation where an ExpoledNode has an invalid SourceLocation (which has no correspondence in the source code). This commit is the first step to solve this problem.
...
- It adds LocationContext to the PathDiagnosticLocation object and uses it to lookup the enclosing statement with a valid location.
- So far, the LocationContext is only available when the object is constructed from the ExplodedNode.
- Already found some subtle bugs(in plist-output-alternate.m) where the intermediate diagnostic steps were not previously shown.
llvm-svn: 139703
2011-09-14 17:48:01 +00:00
2c65eea947
[analyzer] Refactor: Make PathDiagnosticLocation responsible for creating a valid object given an ExploadedNode (the same logic can be reused by other checkers).
...
llvm-svn: 139672
2011-09-14 00:25:17 +00:00
79a91418bd
Switch LangOptions over to a .def file that describes header of the
...
language options. Use that .def file to declare the LangOptions class
and initialize all of its members, eliminating a source of annoying
initialization bugs.
AST serialization changes are next up.
llvm-svn: 139605
2011-09-13 17:21:33 +00:00
79301b16f3
[analyzer] Fix a failure encountered while analyzing bind (radar://10105448).
...
llvm-svn: 139509
2011-09-12 18:07:30 +00:00
295208d744
[analyzer] Fix a new failure encountered while building Adium exposed as a result of r138196(radar://10087620). ObjectiveC property of type int has a value of type ObjCPropRef, which is a Loc.
...
llvm-svn: 139507
2011-09-12 17:56:08 +00:00
2d637d2e79
Rename the ARC cast kinds to start with "ARC".
...
llvm-svn: 139466
2011-09-10 06:18:15 +00:00
cd78e805e9
When converting a block pointer to an Objective-C pointer type, extend
...
the lifetime of the block by copying it to the heap, or else we'll get
a dangling reference because the code working with the non-block-typed
object will not know it needs to copy.
There is some danger here, e.g. with assigning a block literal to an
unsafe variable, but, well, it's an unsafe variable.
llvm-svn: 139451
2011-09-10 01:16:55 +00:00
dfbea6b244
[analyzer] -analyze-function for ObjectiveC should check if any of the methods match the name (not only the first one).
...
llvm-svn: 139439
2011-09-10 00:12:23 +00:00
9320b87cff
Give conversions of block pointers to ObjC pointers a different cast kind
...
than conversions of C pointers to ObjC pointers. In order to ensure that
we've caught every case, add asserts to CastExpr that strictly determine
which cast kind is used for which kind of bit cast.
llvm-svn: 139352
2011-09-09 05:25:32 +00:00
2667afa980
Make helpers static, remove unused variables.
...
llvm-svn: 139078
2011-09-03 03:30:59 +00:00
087611ed81
[analyzer] Remove TransferFuncs.h, then deal with the fallout.
...
And with that, TransferFuncs is gone!
llvm-svn: 139003
2011-09-02 08:02:59 +00:00
75e680eae3
[analyzer] Move RetainReleaseChecker to the Checkers library and rename it to RetainCountChecker...and clean up the file while I'm at it.
...
llvm-svn: 139002
2011-09-02 06:44:22 +00:00
dd7a654b1a
[analyzer] Remove lingering CFRefCount creation, which would have resulted in a leak. There's room for improvement here...
...
llvm-svn: 139000
2011-09-02 06:29:27 +00:00
a87a2775fa
[analyzer] Fix member initialization order. No functionality change.
...
llvm-svn: 138999
2011-09-02 06:21:26 +00:00
c49ec53e29
[analyzer] Move the knowledge of whether or not GC is enabled for the current analysis from CFRefCount to ExprEngine.
...
Remove TransferFuncs from ExprEngine and AnalysisConsumer.
Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly.
llvm-svn: 138998
2011-09-02 05:55:19 +00:00
e8bbc12152
Extend the ASTContext constructor to delay the initialization of
...
builtin types (When requested). This is another step toward making
ASTUnit build the ASTContext as needed when loading an AST file,
rather than doing so after the fact. No actual functionality change (yet).
llvm-svn: 138985
2011-09-02 00:18:52 +00:00
bfb8e2fe6e
If size was equal to 0, either NULL or a pointer suitable to be passed to
...
free() is returned by realloc(). Most code expect NULL.
And we only need to transfer one final ProgramState.
llvm-svn: 138937
2011-09-01 04:53:59 +00:00
973a8886f6
[analyzer] Fix varargs helper to only use POD types even for named arguments. Thanks, Joerg.
...
llvm-svn: 138875
2011-08-31 18:33:45 +00:00
50dd696339
[analyzer] MacOSKeychainAPIChecker: Simplify getSymbolForRegion by using existing API. Thanks Jordy.
...
llvm-svn: 138765
2011-08-29 21:10:00 +00:00
814adf7752
Fix: Bug 10798 - [analyzer] Crash when analyzing ICU. (A slight improvement on the previous commit.)
...
llvm-svn: 138762
2011-08-29 20:43:37 +00:00
cda129eb1c
Fix bug 10797: Crash: "cast<Ty>() argument of incompatible type!" assert when analyzing ICU.
...
Patch by Jean-Daniel Dupas. Thanks for spotting and fixing!
llvm-svn: 138757
2011-08-29 20:05:54 +00:00
58a20d31b7
[analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState.
...
Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging.
This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker.
llvm-svn: 138728
2011-08-28 19:11:56 +00:00
e9ff97b850
[analyzer] Remove the ProgramState argument from ExprEngine::evalBind; we were ignoring it anyway. No functionality change.
...
llvm-svn: 138720
2011-08-28 06:02:28 +00:00
d26e9e7f7c
[analyzer] Eliminate almost all uses of TransferFuncs from ExprEngine.
...
llvm-svn: 138719
2011-08-28 05:54:23 +00:00
d188d66e69
[analyzer] Migrate argument invalidation from CFRefCount to ExprEngine.
...
This is a common path for function and C++ method calls, Objective-C messages and property accesses, and C++ construct-exprs.
As support, add message receiver accessors to ObjCMessage and CallOrObjCMessage.
llvm-svn: 138718
2011-08-28 05:16:28 +00:00
1fad663126
[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.
...
Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.
Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).
llvm-svn: 138716
2011-08-27 22:51:26 +00:00
996bfab499
[analyzer] Rename current PathDiagnosticClient::HandlePathDiagnostic() to HandlePathDiagnosticImpl(), and slot in new HandlePathDiagnostic() for potentially handling concurrent access to PathDiagnosticClients (in the future).
...
llvm-svn: 138713
2011-08-27 21:39:14 +00:00
60120fb1b1
[analyzer] Pull body of loop in AnalysisConsumer::HandleDeclContext() into its own method. No real functionality change.
...
llvm-svn: 138712
2011-08-27 21:28:09 +00:00
256a6dd13b
[analyzer] Remove a couple of unnecessary returns after llvm_unreachables.
...
llvm-svn: 138649
2011-08-26 20:32:01 +00:00
0e9cdbbb06
Handle CXXTempObjectRegion in StackAddrEscapeChecker.
...
Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now
that it doesn't crash, and extract the stack-block test into another file since
it errors, and that prevents the analyzer from running.
llvm-svn: 138613
2011-08-26 00:41:31 +00:00
15484daafe
[analyzer] Move the leak bugs from CFRefCount to RetainReleaseChecker, with a level of indirection to handle GC vs. non-GC.
...
llvm-svn: 138538
2011-08-25 01:14:38 +00:00
5be8a4d104
[analyzer] MacOSKeychainAPIChecker: Cleanup AllocationState structure.
...
llvm-svn: 138535
2011-08-25 00:59:06 +00:00
4ba0ba42e2
[analyzer] Move the easy bug types from CFRefCount to RetainReleaseChecker.
...
(These bug types may have just been leaked before...!)
llvm-svn: 138532
2011-08-25 00:34:03 +00:00
85913db489
[analyzer] MacOSKeychainAPIChecker: Add the custom BugReport visitor(which highlights the allocation site) to all the relevant reports within the checker.
...
llvm-svn: 138531
2011-08-25 00:32:42 +00:00
8b289a2cbd
[analyzer] Move the RetainSummaryManager from CFRefCount to RetainReleaseChecker.
...
Because Checkers live for an entire translation unit, this persists summary caches across multiple code bodies and avoids repeated initialization (but probably at the cost of memory). This removes the last references from RetainReleaseChecker to CFRefCount.
llvm-svn: 138529
2011-08-25 00:10:37 +00:00
a4c41bb875
[analyzer] Better fix for the "missing return" error, from Ted.
...
llvm-svn: 138526
2011-08-24 23:41:46 +00:00
34a83e911f
[analyzer] Silence another incorrect warning ("control reaches end of non-void function")
...
llvm-svn: 138510
2011-08-24 22:58:49 +00:00
763982b82d
[analyzer] Remove experimental FIXME that never actually applied to the code in trunk.
...
llvm-svn: 138508
2011-08-24 22:45:12 +00:00
184bd1430b
[analyzer] CFRefReport and friends no longer depend on CFRefCount.
...
llvm-svn: 138506
2011-08-24 22:39:09 +00:00
f880cff209
[analyzer] Do not use references in std::pair.
...
llvm-svn: 138497
2011-08-24 21:58:55 +00:00
0d67579497
[analyzer] Unbreak the release buildbot.
...
llvm-svn: 138493
2011-08-24 21:40:10 +00:00
be460898bb
[analyzer] MacOSKeychainAPIChecker: Provide reacher diagnostic trace by pointing to the allocation site when reporting a leak.
...
llvm-svn: 138479
2011-08-24 20:52:46 +00:00
9ff0299935
[analyzer] Silence an (incorrect) uninitialized variable warning, caught by Cameron.
...
llvm-svn: 138477
2011-08-24 20:38:42 +00:00
38eea65acd
[analyzer] Copy GC mode setting from CFRefCount to RetainReleaseChecker in preparation for getting rid of CFRefCount.
...
This is a little hacky for now but will get better once we decide the best way to handle this.
llvm-svn: 138476
2011-08-24 20:33:55 +00:00
45aa208554
[analyzer] Allow checker writes to specify that no region should be accosiated with the report. (Useful when we report an error on endOfPath or deadSymbols, when the range of the last expression might have nothing to do with the error.)
...
llvm-svn: 138474
2011-08-24 20:31:06 +00:00
e8743a7499
[analyzer] Remove unused DoNothingByRef and the special case for CFDictionaryCreate.
...
This is a very small regression (actually introduced in r138309) because it won't catch leaks of objects passed by reference to CFDictionaryCreate (they're considered to have escaped and are ignored). If this is important we can put in a specific eval::Call to restore the functionality.
llvm-svn: 138464
2011-08-24 19:10:50 +00:00
5df640dc33
[analyzer] Slightly clean up the fix in 138432, so that it doesn't depend on the relative ordering of path-sensitive and path-insensitive checks. Still not ideal, but I think a real fix would require infrastructure that doesn't exist yet.
...
llvm-svn: 138462
2011-08-24 18:56:32 +00:00
95589f13ff
[analyzer] Fix a Heisenbug concerning object lifetimes with a hack. Hopefully a better fix coming soon. See comment for more details.
...
llvm-svn: 138432
2011-08-24 09:27:24 +00:00
58428b914d
[analyzer] Reapply 138390 "Clean up unused bits of CFRefCount", reverted in 138405. Ended up unrelated to any problems.
...
llvm-svn: 138431
2011-08-24 09:22:31 +00:00
14de7c5a88
[analyzer] Fix potential crasher with RAII. No functionality change. (No test because this particular circumstance requires an impossible series of events, but this is future-proofing.)
...
llvm-svn: 138430
2011-08-24 09:02:37 +00:00
7a53498f20
[analyzer] Reapply 138382 and 138388 (reverted in 138419 and 138420). The issue seems to have been with the uninitialized variable fixed in 138424; a fix for another Heisencrasher coming soon.
...
llvm-svn: 138426
2011-08-24 05:47:39 +00:00
03a8f9e578
[analyzer] Correctly initialize a variable and hopefully fix crashes.
...
llvm-svn: 138424
2011-08-24 04:48:19 +00:00
aa8b6a5cf4
Revert "[analyzer] Cleanup: Move temporary declarations of CFRefCount variables closer to their uses. No functionality change."
...
This reverts commit d02b4af7bd6ca4a743c7074d64e205d718aa221d.
llvm-svn: 138420
2011-08-24 00:39:51 +00:00
1825e7a260
Revert "[analyzer] Make CFRefBug and CFRefReportVisitor not dependent on CFRefCount. Unfortunately, CFRefReport still is. No functionality change."
...
This reverts commit e3fb7e428b7ba0d5d902dfe3f165d70e09b03a15.
llvm-svn: 138419
2011-08-24 00:39:48 +00:00
0897a23517
[analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.
...
llvm-svn: 138417
2011-08-24 00:06:27 +00:00
f9e9c4e9bc
[analyzer] MacOSKeychainAPIChecker: Retrieve the memory region which we are tracking even when it's no longer a SymbolicRegion, for example, when it is cast to char*.
...
llvm-svn: 138415
2011-08-23 23:56:12 +00:00
bb167011e3
Move creation of the deallocation mismatch report into a separate function for future reuse.
...
llvm-svn: 138414
2011-08-23 23:47:36 +00:00
adfb445466
Constify the result of CFGStmt::getStmt().
...
llvm-svn: 138408
2011-08-23 23:05:04 +00:00
fba570c9d8
Revert "[analyzer] Clean up unused bits of CFRefCount."
...
This reverts commit 6886a92640f5bffc972f67c0a1f302d6c6e7c322.
llvm-svn: 138405
2011-08-23 22:38:04 +00:00
5aa9b1dd3f
[analyzer] Clean up unused bits of CFRefCount.
...
llvm-svn: 138390
2011-08-23 21:51:36 +00:00
908426aae4
[analyzer] Make CFRefBug and CFRefReportVisitor not dependent on CFRefCount. Unfortunately, CFRefReport still is. No functionality change.
...
llvm-svn: 138388
2011-08-23 21:47:17 +00:00
fd13f6f56a
[analyzer] Cleanup: Move temporary declarations of CFRefCount variables closer to their uses. No functionality change.
...
llvm-svn: 138382
2011-08-23 21:06:32 +00:00
20d4e68195
[analyzer] Move function retain-count effect summary log from CFRefCount to RetainReleaseChecker, and then explicitly provide the summary log when creating CFRefReports. No functionality change.
...
llvm-svn: 138374
2011-08-23 20:55:48 +00:00
ee9848e20d
Fix regression in -Wuninitialized involving VLAs. It turns out that we were modeling sizeof(VLAs)
...
incorrectly in the CFG, and also the static analyzer. This patch regresses the analyzer a bit, but
that needs to be followed up with a better solution.
Fixes <rdar://problem/10008112>.
llvm-svn: 138372
2011-08-23 20:30:50 +00:00
bf77e51fa1
[analyzer] Move helper method Update from CFRefCount to RetainReleaseChecker. No functionality change.
...
llvm-svn: 138370
2011-08-23 20:27:16 +00:00
6763e38736
[analyzer] Move helper method handleAutoreleaseCounts from CFRefCount to RetainReleaseChecker. No functionality change.
...
llvm-svn: 138365
2011-08-23 20:07:14 +00:00
298cc4d907
[analyzer] Move ReturnStmt retain-count analysis from CFRefCount to RetainReleaseChecker. Tweak CFRefReport to reflect that fact that ReturnStmt checks are pre-statement, not post-statement. No intended functionality change.
...
llvm-svn: 138358
2011-08-23 19:43:16 +00:00
7861276f47
[analyzer] Move symbol death leak analysis from CFRefCount to RetainReleaseChecker.
...
llvm-svn: 138353
2011-08-23 19:01:07 +00:00
212e459164
[analyzer] Only allocate retain summaries for interesting functions/messages. This is a minor saving of memory but doesn't seem to cost any performance.
...
llvm-svn: 138320
2011-08-23 04:27:15 +00:00
f5b0234992
[analyzer] Rename CFRefCount's evalSummary method to evalCallOrMessage, since it no longer, uh, evaluates call summaries.
...
llvm-svn: 138313
2011-08-23 00:03:01 +00:00
5b31d7acf7
[analyzer] Migrate the handling of retain-count-related RetEffects and ArgEffects from CFRefCount to RetainReleaseChecker. No intended functionality change.
...
llvm-svn: 138309
2011-08-22 23:48:23 +00:00
bd7972b49e
[analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.
...
llvm-svn: 138296
2011-08-22 23:18:12 +00:00
76c3fb6a51
Static Analyzer Diagnostics: Allow checkers to add ExtraDescriptiveText, now renamed into ExtraText, to the diagnostic without subclassing BugReport.
...
llvm-svn: 138272
2011-08-22 20:31:28 +00:00
752de1443f
Clean up the CFRefBugReport - remove the members, which got moved to the CFRefReportVisitors.
...
llvm-svn: 138259
2011-08-22 18:54:07 +00:00
898a148d28
[analyzer] Migrate the aliasing effects of CFRetain and CFMakeCollectable from CFRefCount to RetainReleaseChecker. No intended functionality change.
...
llvm-svn: 138223
2011-08-21 21:58:18 +00:00
6582dde545
[analyzer] Remove FIXME; Ted reminded me that -init is not guaranteed to return its receiver and pretending that it does won't actually buy us anything. (Comment change only.)
...
llvm-svn: 138221
2011-08-21 21:04:38 +00:00
3f7f7568f2
[analyzer] Migrate return value handling from CFRefCount to ExprEngine. This seems to result in a minor performance hit, but I think that will go away again once we eliminate TransferFuncs from function calls entirely.
...
llvm-svn: 138220
2011-08-21 19:41:36 +00:00
82c673de33
[analyzer] Replace calls to getNameAsString() with StringRef equivalents.
...
llvm-svn: 138215
2011-08-21 05:25:15 +00:00
3cca223a2a
Fix compile on platforms that don't implicitly include stdarg.h here.
...
llvm-svn: 138214
2011-08-20 21:50:41 +00:00
a8f99ba749
[analyzer] RetainReleaseChecker always wants region change updates. There's no need for a flag, at least not right now.
...
llvm-svn: 138212
2011-08-20 21:17:59 +00:00
5c252ef7b1
Fix indentation.
...
llvm-svn: 138211
2011-08-20 21:16:58 +00:00
5a3c9ff3a3
[analyzer] Move handling of hardcoded noreturn ("panic") methods from CFRefCount to NoReturnFunctionChecker. No functionality change intended.
...
llvm-svn: 138210
2011-08-20 20:55:40 +00:00
60d2ec5765
[analyzer] Handle reads of ObjCPropertyRefExprs implicitly in Environment. No need to bind an explicit value and create a new node.
...
llvm-svn: 138196
2011-08-20 06:23:25 +00:00
876e34b7b5
[analyzer] Simplify ExprEngine::VisitBinaryOperator() by removing recursive visit to subexpressions (which is no longer needed).
...
llvm-svn: 138195
2011-08-20 06:16:31 +00:00
a9ce612fa2
Start partitioning ExprEngine.cpp into separate .cpp files that handle different parts
...
of the analysis (e.g., analysis of C expressions, analysis of Objective-C expressions, and so on).
llvm-svn: 138194
2011-08-20 06:00:03 +00:00
10e2503177
Rename CXXExprEngine.cpp to ExprEngineCXX.cpp.
...
llvm-svn: 138193
2011-08-20 05:59:58 +00:00
88255cc533
Static Analyzer Diagnostics: Move the responsibility for generating the endOfPath diagnostic piece from BugReport to BugReporterVisitor. Switch CFRefCount to use visitors in order to generate the endOfPath piece.
...
llvm-svn: 138184
2011-08-20 01:27:22 +00:00
417d566775
Remove dead code.
...
llvm-svn: 138183
2011-08-20 01:15:28 +00:00
071a89c39f
Static Analyzer Diagnostics: Switch CFRefCount to using the new visitor API. BugReport no longer needs to inherit from BugReporterVisitor.
...
llvm-svn: 138142
2011-08-19 23:21:56 +00:00
f86615ca5c
Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) API in favor of addVisitor(BugReporterVisitor*).
...
1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well.
2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor.
3) Modify all the checkers to use the new API.
llvm-svn: 138126
2011-08-19 22:33:38 +00:00
be28d6c66d
Fix a memory leak in the analyzer - BugReports didn't get freed. Plus, remove invalid assert from the destructor which wasn't called previously due to the leak.
...
llvm-svn: 138027
2011-08-19 01:57:09 +00:00
f4dd4ae7cc
Static Analyzer Diagnostics: Move custom diagnostic visitors from BugReporterContext to BugReport.
...
One API change: I added BugReporter as an additional parameter to the BugReporterVisitor::VisitNode() method to allow visitors register other visitors with the report on the fly (while processing a node). This functionality is used by NilReceiverVisitor, which registers TrackNullOrUndefValue when the receiver is null.
llvm-svn: 138001
2011-08-18 22:37:56 +00:00
525cfe7d28
Remove DiagBugReport by pulling it into its parent BugReport.
...
llvm-svn: 137899
2011-08-17 23:21:23 +00:00
3a6bdf8f82
Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.
...
llvm-svn: 137894
2011-08-17 23:00:25 +00:00
217eb9043f
[analyzer] Migrate assumption and binding handling from CFRefCount to RetainReleaseChecker. This is mostly a textual move and required no supporting changes. No functionality change intended.
...
llvm-svn: 137874
2011-08-17 21:27:39 +00:00
c14efa7122
Fix a handful of dead stores found by Clang's static analyzer. There's a bunch of others I haven't touched.
...
llvm-svn: 137867
2011-08-17 21:04:19 +00:00
9c09ce48b4
Fix typo.
...
llvm-svn: 137814
2011-08-17 05:00:56 +00:00
075d73bcce
[analyzer] Add a warning for an incompatible plugin version.
...
llvm-svn: 137813
2011-08-17 04:56:03 +00:00
8b3929d956
Silence compiler warnings by casting object pointers to function pointers via intptr_t.
...
This is ugly but ISO C++ doesn't allow direct casts.
llvm-svn: 137812
2011-08-17 04:22:25 +00:00
93b86e494d
[analyzer] Add basic support for pluggable checkers.
...
llvm-svn: 137802
2011-08-17 01:30:59 +00:00
e1962328f5
[analyzer] teach ExprEngine about loads from static C++ class fields. Fixes <rdar://problem/9948787>.
...
llvm-svn: 137760
2011-08-16 21:37:52 +00:00
59cce71af6
[analyzer] Overhaul of checker registration in preparation for basic plugin support. Removes support for checker groups (we can add them back in later if we decide they are still useful), and -analyzer-checker-help output is a little worse for the time being (no packages).
...
llvm-svn: 137758
2011-08-16 21:24:21 +00:00
a06421a02c
MacOSKeychainAPIChecker: Turn it on by default.
...
llvm-svn: 137740
2011-08-16 20:02:05 +00:00
01ae1e1197
MacOSKeychainAPIChecker: Do not report double allocation if first allocation returned an error.
...
llvm-svn: 137720
2011-08-16 16:30:24 +00:00
31fdb61618
[analyzer] Enhance ConditionVisitor to handle arbitrary ValueDecls in binary expressions, and also handle inverting the order of comparison when the named decl appears on the RHS.
...
llvm-svn: 137714
2011-08-16 10:57:37 +00:00
01401a54f8
[analyzer] fix operation inversion calculation in ConditionVisitor.
...
llvm-svn: 137708
2011-08-16 03:44:38 +00:00
667417ef9c
[analyzer] Enhance ConditionVisitor to understand eagerly evaluated (simple) binary conditions, and teach it to only focus on constraint changes.
...
llvm-svn: 137705
2011-08-16 01:53:41 +00:00
b1bf2680f5
[analyzer] add ExprEngine::getEagerlyAssumedTags() to allow externally querying of "eagerly assumed" expressions.
...
llvm-svn: 137704
2011-08-16 01:53:39 +00:00
9815709cd2
[analyzer] Remove PostStmtCustom ProgramPoint. It can be represented using tagged PostStmts.
...
llvm-svn: 137697
2011-08-16 00:49:19 +00:00
5443a6497b
MacOSKeychainAPIChecker: The security API/memory leak checker should always generate regular nodes instead of sink nodes.
...
llvm-svn: 137681
2011-08-15 23:23:15 +00:00
32b9e234fe
Add ProgramState.cpp.
...
llvm-svn: 137677
2011-08-15 23:05:22 +00:00
001fd5b498
Rename GRState to ProgramState, and cleanup some code formatting along the way.
...
llvm-svn: 137665
2011-08-15 22:09:50 +00:00
29f9b7adc3
MacOSKeychainAPIChecker: Use llvm::SmallString instead of std::string (as per code review for r137523).
...
llvm-svn: 137633
2011-08-15 18:42:00 +00:00
5ef32dbf2a
Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
...
llvm-svn: 137537
2011-08-12 23:37:29 +00:00
e8f7316fee
[analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*.
...
Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner.
llvm-svn: 137529
2011-08-12 23:04:46 +00:00
59d741fec6
MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.
...
llvm-svn: 137526
2011-08-12 22:47:22 +00:00
fdd0aca0a5
MacOSKeychainAPIChecker:
...
Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope.
Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.
llvm-svn: 137523
2011-08-12 21:56:43 +00:00
add45b78dd
[analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't in
...
time. One is cleanup, the other is me being OCD about enum group nesting.
llvm-svn: 137517
2011-08-12 21:41:07 +00:00
c94894fbc2
MacOSKeychainAPIChecker: There is no need to use SymbolMetadata to represent the allocated data symbol, we can just use the symbol corresponding to the SymbolicRegion. This simplifies tracking of the symbol, for example, SymbolMetadata needs to go through extra hoops to stay alive.
...
Make AllocationState internal to the MacOSKeychainAPIChecker class.
llvm-svn: 137514
2011-08-12 21:14:26 +00:00
8df44b2632
[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't.
...
Patch by Olaf Krzikalla!
llvm-svn: 137498
2011-08-12 20:02:48 +00:00
9b25cee36f
Optimizations for Dependent Symbol tracking (as per Ted's code review for r137309):
...
1) Change SymbolDependTy map to keep pointers as data. And other small tweaks like making the DenseMap smaller 64->16 elements; remove removeSymbolDependencies() as it will probably not be used.
2) Do not mark dependents live more then once.
llvm-svn: 137401
2011-08-12 00:34:56 +00:00
22a9d0f316
Analyzer Core: Adding support for user-defined symbol dependencies. (For example, the allocated resource symbol only needs to be freed if no error has been returned by the allocator, so a checker might want to make the lifespan of the error code symbol depend on the allocated resource symbol.) Note, by default, the map that holds the dependencies will get destroyed along with the SymbolManager at the end of function exploration.
...
llvm-svn: 137309
2011-08-11 16:43:28 +00:00
173864b36c
Cleanup: remove CleanedSate member and GetState() wrapper from StmtNodeBuilder, not needed as of r137273.
...
llvm-svn: 137284
2011-08-11 00:11:21 +00:00
e309e05603
Cleanup: remove GetState() wrapper from ExprEngine, not needed as of r137273.
...
llvm-svn: 137279
2011-08-10 23:34:53 +00:00
5a56a6653f
Analyzer Core: In checkDeadSymbols checker callback, provide the state in which the symbols are not yet deleted so that checkers could inspect them. Since we are now always creating a transition in ProcessStmt(), remove the logic for adding a transition when none was generated. TODO: the extra transitions will have to be removed; more cleanups; a checker that tests teh new fucntionality.
...
llvm-svn: 137273
2011-08-10 23:14:54 +00:00
54d456758e
[analyzer] Start sketching out a new BugReporterVisitor that inspects branches and other expressions to generate interesting path events in diagnostics.
...
llvm-svn: 137012
2011-08-06 06:54:45 +00:00
84a1ca5280
[analyzer] Simplify logic for ExprEngine::VisitUnaryExprOrTypeTraitExpr to avoid recursion to subexpression.
...
This exposed bugs in the live variables analysis, and a latent analyzer bug in the SymbolReaper.
llvm-svn: 137006
2011-08-06 00:30:00 +00:00
c91ca30b4c
[analyzer] Change SymbolReaper to store region roots implied by the Environment, allowing it be queried when
...
determining if symbols derived from regions are still live.
llvm-svn: 137005
2011-08-06 00:29:57 +00:00
177ecfac21
KeychainAPI checker: Track SymbolMetadata instead of MemRegion in checker state so that we could clear the state on evalDeadSymbols; also track the return value.
...
llvm-svn: 137003
2011-08-05 23:52:45 +00:00
c52bed1814
KeychainAPI checker: Generate an error on double allocation. Pull out getAsPointeeMemoryRegion so that it could be reused.
...
llvm-svn: 136952
2011-08-05 00:37:00 +00:00
c686177555
KeychainAPI checker: Track additional pair of SecKeychain APIs. Also, keep exploring the transition on which a call to allocator function failed (to be able to find errors in examples like ErrorCodesFromDifferentAPISDoNotInterfere).
...
llvm-svn: 136930
2011-08-04 21:53:01 +00:00
08be9b99e3
KeychainAPI checker: Refactor to make it easier to add more allocator/deallocator API pairs. Add the allocator function ID to the checker state. Better comments.
...
llvm-svn: 136889
2011-08-04 17:28:06 +00:00
4aa34a5325
KeychainAPI checker: refactor to use early exit.
...
llvm-svn: 136852
2011-08-04 00:31:38 +00:00
388c18ec7f
KeychainAPI checker: Add basic diagnostics. Track MemoryRegion istead of SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.
...
llvm-svn: 136851
2011-08-04 00:26:57 +00:00
907377e303
[analyzer] Remove 'all-experimental' checker group.
...
llvm-svn: 136849
2011-08-04 00:25:50 +00:00
3f955e6d89
[analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
...
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
1c2fb270ce
[analyzer] Introduce MallocOverflowSecurityChecker, a simple flow-sensitive checker that may be useful for security auditing. This checker is currently too noisy to be on by default.
...
llvm-svn: 136804
2011-08-03 20:17:43 +00:00
59546b8f79
Static Analyzer diagnostics visualization: when the last location on a path is end of the function, the arrow should point to the closing brace, not the statement before it. Patch by Ted Kremenek.
...
llvm-svn: 136761
2011-08-03 01:57:49 +00:00
9a2001a817
[analyzer] Drastically simplify ExprEngine::VisitInitListExpr() by assuming all initializer expressions have already been evaluated.
...
llvm-svn: 136706
2011-08-02 18:27:05 +00:00
9ab728bb05
KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)
...
llvm-svn: 136694
2011-08-02 17:11:03 +00:00
15f496c118
Add a skeleton for the Keychain Services API Checker. Register it as OSX experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting..
...
llvm-svn: 136659
2011-08-01 22:40:01 +00:00
558e37858b
Remove dead code flagged by GCC's -Wunused-but-set-variable.
...
llvm-svn: 136581
2011-07-31 01:06:41 +00:00
67d7136f26
[analyzer] Remove recursive visitation in ExprEngine::VisitDeclStmt because it isn't needed anymore.
...
llvm-svn: 136522
2011-07-29 21:18:41 +00:00
e905c68cbd
[analyzer] Remove recursive visitation in ExprEngine::VisitCompoundLiteralExpr because it isn't needed anymore.
...
llvm-svn: 136521
2011-07-29 21:18:39 +00:00
dc492c29f7
[analyzer] Remove recursive visitation in ExprEngine::VisitCastExpr because it isn't needed anymore.
...
llvm-svn: 136520
2011-07-29 21:18:37 +00:00
cf36b0c64d
[analyzer] Remove recursive visitation in ExprEngine::VisitObjCForCollectionStmt because it isn't needed anymore.
...
llvm-svn: 136519
2011-07-29 21:18:35 +00:00
65eefed6c6
[analyzer] Remove explicit argument processing from ExprEngine::VisitObjCMessage() since it is no longer needed.
...
llvm-svn: 136518
2011-07-29 21:18:31 +00:00
4e577fae2c
[analyzer] Remove recursive visitation in ExprEngine::VisitLValObjCIvarRefExpr because it isn't needed anymore.
...
llvm-svn: 136517
2011-07-29 21:18:28 +00:00
003ec6ff83
[analyzer] tighten up ExprEngine::VisitObjCAtSynchronizationStmt().
...
llvm-svn: 136516
2011-07-29 21:18:26 +00:00
f8c0bcf101
[analyzer] Remove recursive visitation in ExprEngine::VisitObjCPropertyRefExpr because it isn't needed anymore.
...
llvm-svn: 136515
2011-07-29 21:18:24 +00:00
298e5cc7f4
[analyzer] Remove recursive visitation in ExprEngine::VisitCallExpr because it isn't needed anymore.
...
llvm-svn: 136514
2011-07-29 21:18:22 +00:00
22a1e65532
[analyzer] Remove recursive visitation in ExprEngine::VisitMemberExpr because it isn't needed anymore.
...
llvm-svn: 136513
2011-07-29 21:18:19 +00:00
db835cc213
[analyzer] Remove recursive visitation in ExprEngine::VisitLvalArraySubscriptExpr() because it is no longer needed.
...
llvm-svn: 136512
2011-07-29 21:18:17 +00:00
605415923f
Remove an unused function (found by Clang's -Wunused-function)
...
llvm-svn: 136434
2011-07-29 00:15:44 +00:00
73665188fc
Really remove FlatStoreManager and BasicStoreManager, this time from the driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
...
llvm-svn: 136422
2011-07-28 23:08:16 +00:00
e2e37b9afc
Remove FlatStoreManager and BasicStoreManager. The latter has long been obsolete and the former has no had development in a long time.
...
llvm-svn: 136420
2011-07-28 23:08:02 +00:00
e9fda1e48a
[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
...
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.
Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.
llvm-svn: 136419
2011-07-28 23:07:59 +00:00
e227f49302
[analyzer] fix bug in malloc checker where the tracked symbol would not properly be removed from the state.
...
llvm-svn: 136418
2011-07-28 23:07:51 +00:00
ae16d1cc67
[analyzer] Add StoreManager::includedInBindings() to to query whether a region is used in any bindings.
...
llvm-svn: 136416
2011-07-28 23:07:46 +00:00
6b1a761f3e
[analyzer] Add safety checking in RegionStoreManager for string literal underruns.
...
llvm-svn: 136415
2011-07-28 23:07:43 +00:00
47fc816b96
[analyzer] Teach Environment to not look through MaterializeTemporaryExprs.
...
llvm-svn: 136414
2011-07-28 23:07:41 +00:00
3b446215d1
[analyzer] Fix bug in ObjCMessage where casts were being incorrectly ignored.
...
llvm-svn: 136413
2011-07-28 23:07:38 +00:00
a644668193
[analyzer] fix handling of MaterializeTemporaryExpr by binding the result value to
...
the proper expression.
llvm-svn: 136412
2011-07-28 23:07:36 +00:00
d48db2115a
Rename getInstantiationLineNumber to getExpansionLineNumber in both
...
SourceManager and FullSourceLoc.
llvm-svn: 135969
2011-07-25 21:09:52 +00:00
42f35f9cd2
Rename getInstantiationColumnNumber to getExpansionColumnNumber in both
...
SourceManager and FullSourceLoc.
llvm-svn: 135965
2011-07-25 20:57:57 +00:00
c7ca5218b6
Rename getDecomposedInstantiationLoc to getDecomposedExpansionLoc.
...
llvm-svn: 135962
2011-07-25 20:52:32 +00:00
35f5320d8e
Mechanically rename SourceManager::getInstantiationLoc and
...
FullSourceLoc::getInstantiationLoc to ...::getExpansionLoc. This is part
of the API and documentation update from 'instantiation' as the term for
macros to 'expansion'.
llvm-svn: 135914
2011-07-25 16:49:02 +00:00
0e62c1cc0b
remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
...
them into the clang namespace.
llvm-svn: 135852
2011-07-23 10:55:15 +00:00
d2930c2100
In Objective-C, pull arbitrary attributes from overridden
...
methods, including indirectly overridden methods like those
declared in protocols and categories. There are mismatches
that we would like to diagnose but aren't yet, but this
is fine for now.
I looked at approaches that avoided doing this lookup
unless we needed it, but the infer-related-result-type
checks were doing it anyway, so I left it with the same
fast-path check for no previous declartions of that
selector.
llvm-svn: 135743
2011-07-22 02:45:48 +00:00
86070b9c0f
Move AnalysisManager constructor out of line. No functionality change (yet).
...
llvm-svn: 135667
2011-07-21 05:22:52 +00:00
189ecec4db
Simplify passing of CFGBuildOptions around for AnalysisContext. No functionality change.
...
llvm-svn: 135666
2011-07-21 05:22:47 +00:00
a39e10fd7c
[analyzer] Very minor cleanup in PthreadLockChecker. No functionality change.
...
llvm-svn: 135518
2011-07-19 20:31:42 +00:00
d9c522100e
[analysis] Add checks for double-locking and lock order reversal bugs for
...
pthread and XNU locks. Patch by Rui Paulo!
llvm-svn: 135515
2011-07-19 20:21:41 +00:00
c85964ed90
[analyzer] Place checking for Core Foundation "Create" rule into a proper API. No functionality change.
...
llvm-svn: 135349
2011-07-16 19:50:32 +00:00
43426f8fcb
Add tests for CFRefReport's path notes, and fix a few typos and non-standard terminology ('+0 retain counts') caught by the tests.
...
llvm-svn: 135310
2011-07-15 22:17:54 +00:00
b72bd53f7d
[analyzer] GNU __null is a pointer-sized integer, not a pointer. Fixes PR10372.
...
llvm-svn: 135294
2011-07-15 20:29:02 +00:00
f3dd00a26c
Clean up UnixAPIChecker, including switching its array of BugTypes to llvm::OwningPtr<BugType> vars (the new convention). No functionality change.
...
llvm-svn: 135255
2011-07-15 06:28:59 +00:00
ede26958bf
Clean up MacOSXAPIChecker, including switching its array of BugTypes to a single llvm::OwningPtr<BugType> (the new convention). No functionality change.
...
llvm-svn: 135250
2011-07-15 06:02:19 +00:00
7c454bb8ce
Create a new expression node, SubstNonTypeTemplateParmExpr,
...
to represent a fully-substituted non-type template parameter.
This should improve source fidelity, as well as being generically
useful for diagnostics and such.
llvm-svn: 135243
2011-07-15 05:09:51 +00:00
4db5c3c83a
In ARC, reclaim all return values of retainable type, not just those
...
where we have an immediate need of a retained value.
As an exception, don't do this when the call is made as the immediate
operand of a __bridge retain. This is more in the way of a workaround
than an actual guarantee, so it's acceptable to be brittle here.
rdar://problem/9504800
llvm-svn: 134605
2011-07-07 06:58:02 +00:00
5c70b06feb
Teach the static analyzer's interpretation of Cocoa conventions to
...
obey the objc_method_family attribute when provided. Fixes
<rdar://problem/9726279>.
llvm-svn: 134493
2011-07-06 16:00:34 +00:00
bf15d2b311
Update for llvm commit r134291.
...
Fixes rdar://9714064
llvm-svn: 134292
2011-07-02 00:20:22 +00:00
4d3c1511ac
[analyzer] Use UnknownVal when default-initializing arrays whose element types we don't model, to distinguish them from uninitialized arrays (PR10163).
...
llvm-svn: 133937
2011-06-27 20:36:38 +00:00
fe31481f68
Introduce a new AST node describing reference binding to temporaries.
...
MaterializeTemporaryExpr captures a reference binding to a temporary
value, making explicit that the temporary value (a prvalue) needs to
be materialized into memory so that its address can be used. The
intended AST invariant here is that a reference will always bind to a
glvalue, and MaterializeTemporaryExpr will be used to convert prvalues
into glvalues for that binding to happen. For example, given
const int& r = 1.0;
The initializer of "r" will be a MaterializeTemporaryExpr whose
subexpression is an implicit conversion from the double literal "1.0"
to an integer value.
IR generation benefits most from this new node, since it was
previously guessing (badly) when to materialize temporaries for the
purposes of reference binding. There are likely more refactoring and
cleanups we could perform there, but the introduction of
MaterializeTemporaryExpr fixes PR9565, a case where IR generation
would effectively bind a const reference directly to a bitfield in a
struct. Addresses <rdar://problem/9552231>.
llvm-svn: 133521
2011-06-21 17:03:29 +00:00
b41f7c55f5
[analyzer] Finish size argument checking for strncat (and strncpy).
...
llvm-svn: 133472
2011-06-20 21:55:40 +00:00
789adbb3ed
[analyzer] Replace stream-built error message with constant string. No functionality change.
...
llvm-svn: 133410
2011-06-20 03:51:53 +00:00
328deeed7f
[analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
...
llvm-svn: 133408
2011-06-20 03:49:16 +00:00
dceb0cf3f3
[analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
...
llvm-svn: 133406
2011-06-20 02:06:40 +00:00
640767fff6
Initialize a couple of variables to shut GCC up.
...
llvm-svn: 133246
2011-06-17 06:50:50 +00:00
c026370858
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
...
llvm-svn: 133154
2011-06-16 07:13:34 +00:00
0585a61821
[analyzer] Fix trivial errors in previous commit.
...
I will not commit without building first.
I will not commit without building first.
I will not commit without building first...
llvm-svn: 133150
2011-06-16 05:56:50 +00:00
455bd58d4e
[analyzer] Cleanup: mainly 80-char violations and preferring SValBuilder::getComparisonType() to just referencing IntTy.
...
llvm-svn: 133149
2011-06-16 05:51:02 +00:00
31168b077c
Automatic Reference Counting.
...
Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.
Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.
llvm-svn: 133103
2011-06-15 23:02:42 +00:00
634c12d23f
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
...
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
llvm-svn: 133046
2011-06-15 05:52:56 +00:00
0e9fb28e95
[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
...
llvm-svn: 133044
2011-06-15 05:14:03 +00:00
b891bd8a3c
[analyzer] When performing a binary operation on symbolic operands, we convert the symbol values to a common type. But in a relational operation, the result is an 'int' or 'bool', which may not be the appropriate type to convert the operands to. In these cases, use the left-hand operand's type as the conversion type.
...
There's no associated test for this because fully-constrained symbolic values are evaluated ahead of time in normal expressions. This can only come up in checker-constructed expressions (like the ones in an upcoming patch to CStringChecker).
llvm-svn: 133041
2011-06-15 04:55:49 +00:00
bc7483f505
[analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.
...
llvm-svn: 132958
2011-06-14 01:40:43 +00:00
45d8c12b68
[analyzer] Change large if body to early return. No functionality change.
...
llvm-svn: 132956
2011-06-14 01:26:48 +00:00
d359289669
[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.
...
llvm-svn: 132955
2011-06-14 01:15:31 +00:00
1734737d9f
[analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary.
...
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.
llvm-svn: 132840
2011-06-10 08:49:37 +00:00
ab8a668849
[analyzer] Look through __extension__ expressions in a GRState's Environment. Fixes PR8962.
...
llvm-svn: 132762
2011-06-08 22:47:39 +00:00
fb5e8c2814
[analyzer] Change an indent-if to an early return. No functionality change.
...
llvm-svn: 132618
2011-06-04 01:50:25 +00:00
097c5397a8
[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
...
llvm-svn: 132617
2011-06-04 01:47:27 +00:00
64ae92e5c5
[analyzer] Remove extra assignment that actually lost a few of the assumptions.
...
llvm-svn: 132614
2011-06-04 01:22:21 +00:00
55808c1026
Add support for builtin astype:
...
__builtin_astype(): Used to reinterpreted as another data type of the same size using for both scalar and vector data types.
Added test case.
llvm-svn: 132612
2011-06-04 00:47:47 +00:00
4451cd4511
[analyzer] Fix comment for (still-disabled) evalStrncpy
...
llvm-svn: 132608
2011-06-04 00:05:23 +00:00
63b84be6cb
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
...
llvm-svn: 132607
2011-06-04 00:04:22 +00:00
aee7fb9e64
[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)
...
llvm-svn: 132605
2011-06-03 23:42:56 +00:00
f230198f15
Tighen analyzer diagnostics w.r.t ObjC/CF leaks.
...
llvm-svn: 132130
2011-05-26 18:45:44 +00:00
4c5d2888f4
static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen.
...
llvm-svn: 132100
2011-05-25 23:57:29 +00:00
86d49ce20c
Teach analyzer about cf_returns_not_retained for C functions.
...
llvm-svn: 132049
2011-05-25 06:29:39 +00:00
8e2c9b0180
Enhance retain/release checker to flag warnings when functions returning CG types do not follow the Core Foundation naming conventions.
...
llvm-svn: 132048
2011-05-25 06:19:45 +00:00
61b6e49ee1
A few more is(Un)signedIntegerType/is(Un)signedOrEnumerationType cleanups.
...
llvm-svn: 131793
2011-05-21 16:28:01 +00:00
109b127e02
Fix regression in static analyzer's handling of prefix '--' operator. It was being treated as postfix '--' in C mode.
...
llvm-svn: 131770
2011-05-20 23:40:06 +00:00
6ab2fa8f78
Introduce Type::isSignedIntegerOrEnumerationType() and
...
Type::isUnsignedIntegerOrEnumerationType(), which are like
Type::isSignedIntegerType() and Type::isUnsignedIntegerType() but also
consider the underlying type of a C++0x scoped enumeration type.
Audited all callers to the existing functions, switching those that
need to also handle scoped enumeration types (e.g., those that deal
with constant values) over to the new functions. Fixes PR9923 /
<rdar://problem/9447851>.
llvm-svn: 131735
2011-05-20 16:38:50 +00:00
f377cb82f9
Teach RegionStore not to symbolic array values whose indices it cannot reason about.
...
llvm-svn: 131702
2011-05-19 23:37:58 +00:00
5f06955aa0
Teach static analyzer to analyze Objective-C methods in category implementations.
...
llvm-svn: 131614
2011-05-19 00:56:53 +00:00
4a8ea1092a
Modify some deleted function methods to better reflect reality:
...
- New isDefined() function checks for deletedness
- isThisDeclarationADefinition checks for deletedness
- New doesThisDeclarationHaveABody() does what
isThisDeclarationADefinition() used to do
- The IsDeleted bit is not propagated across redeclarations
- isDeleted() now checks the canoncial declaration
- New isDeletedAsWritten() does what it says on the tin.
- isUserProvided() now correct (thanks Richard!)
This fixes the bug that we weren't catching
void foo() = delete;
void foo() {}
as being a redefinition.
llvm-svn: 131013
2011-05-06 20:44:56 +00:00
e69ab05f6e
Add Checker callback for running a checker at the end of processing an entire TranslationUnit. Patch by Lei Zhang.
...
llvm-svn: 130913
2011-05-05 03:41:17 +00:00
5066858bcd
Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
...
llvm-svn: 130758
2011-05-03 16:34:26 +00:00
e9f364f658
Tweak the retain/release checker to not stop tracking retained objects when calling C++ methods. This is a temporary solution to prune false positives until we have a general story using annotations.
...
llvm-svn: 130726
2011-05-02 21:21:42 +00:00
aa181174e7
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.
...
llvm-svn: 130711
2011-05-02 19:42:42 +00:00
0b510279c6
Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
...
llvm-svn: 130708
2011-05-02 19:05:49 +00:00
8067746554
Move the SelfInit checker to the 'cocoa.experimental' package.
...
llvm-svn: 130598
2011-04-30 06:46:45 +00:00
18470e3287
Use StringRef::substr() and unbounded StringRef::compare() instead of bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed.
...
llvm-svn: 130425
2011-04-28 19:31:12 +00:00
ed2cc6ccbb
Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.
...
This fixes Bugzilla #9806 .
llvm-svn: 130422
2011-04-28 18:59:43 +00:00
4af23c8159
Implements strcasecmp() checker in Static Analyzer.
...
llvm-svn: 130398
2011-04-28 15:09:11 +00:00
1c0675e155
Parsing/AST support for Structured Exception Handling
...
Patch authored by Sohail Somani.
Provide parsing and AST support for Windows structured exception handling.
llvm-svn: 130366
2011-04-28 01:08:34 +00:00
6242b6a688
Implementation of Embarcadero array type traits
...
Patch authored by John Wiegley.
These are array type traits used for parsing code that employs certain
features of the Embarcadero C++ compiler: __array_rank(T) and
__array_extent(T, Dim).
llvm-svn: 130351
2011-04-28 00:16:57 +00:00
005b5c1aee
More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.
...
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!
llvm-svn: 130303
2011-04-27 14:49:29 +00:00
08b434f450
Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without
...
resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.
llvm-svn: 130292
2011-04-27 05:34:09 +00:00
e553e40467
Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
...
llvm-svn: 130161
2011-04-25 22:21:00 +00:00
f9f6584e95
t/clang/expr-traits
...
Patch authored by David Abrahams.
These two expression traits (__is_lvalue_expr, __is_rvalue_expr) are used for
parsing code that employs certain features of the Embarcadero C++ compiler.
llvm-svn: 130122
2011-04-25 06:54:41 +00:00
1a180156b6
Remove unused STL header includes.
...
llvm-svn: 130068
2011-04-23 19:53:52 +00:00
11e5c8b31a
Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.
...
llvm-svn: 130003
2011-04-22 18:01:30 +00:00
d1f65f61ee
Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746.
...
llvm-svn: 129741
2011-04-19 01:16:46 +00:00
dda56e4b4a
Support for C++11 (non-template) alias declarations.
...
llvm-svn: 129567
2011-04-15 14:24:37 +00:00
57540c5be0
fix a bunch of comment typos found by codespell. Patch by
...
Luis Felipe Strano Moraes!
llvm-svn: 129559
2011-04-15 05:22:18 +00:00
9114759641
C1X: implement generic selections
...
As an extension, generic selection support has been added for all
supported languages. The syntax is the same as for C1X.
llvm-svn: 129554
2011-04-15 00:35:48 +00:00
02e85f3bc5
Add support for C++0x's range-based for loops, as specified by the C++11 draft standard (N3291).
...
llvm-svn: 129541
2011-04-14 22:09:26 +00:00
ced5feaec9
Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols.
...
llvm-svn: 129395
2011-04-12 21:47:05 +00:00
905a602e0c
Fix another IdempotentOperationsChecker corner case when determining if an active block on the worklist
...
impacts the results of the check.
llvm-svn: 129394
2011-04-12 21:47:02 +00:00
8a4c760c20
ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset.
...
llvm-svn: 129366
2011-04-12 17:21:33 +00:00
f3539ad5c7
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
...
llvm-svn: 129364
2011-04-12 17:08:43 +00:00
f52718899f
static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression.
...
llvm-svn: 129349
2011-04-12 05:12:39 +00:00
57a4a152b2
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic.
...
llvm-svn: 129348
2011-04-12 03:49:37 +00:00
4f939da02d
RegionStoreManager::invalidateRegions: treat classes the same as structs.
...
llvm-svn: 129333
2011-04-12 00:44:31 +00:00
2979fe01da
After some discussion with Doug, we decided that it made a lot more sense
...
for __unknown_anytype resolution to destructively modify the AST. So that's
what it does now, which significantly simplifies some of the implementation.
Normal member calls work pretty cleanly now, and I added support for
propagating unknown-ness through &.
llvm-svn: 129331
2011-04-12 00:42:48 +00:00
8ef59e5c03
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls.
...
llvm-svn: 129308
2011-04-11 22:22:05 +00:00
2d2e870745
More __unknown_anytype work.
...
llvm-svn: 129269
2011-04-11 07:02:50 +00:00
8a01a751c9
Remove CK_DynamicToNull.
...
llvm-svn: 129265
2011-04-11 02:03:26 +00:00
c602006638
As a first step towards fixing PR9641, add a CK_DynamicToNull cast kind which
...
represents a dynamic cast where we know that the result is always null.
For example:
struct A {
virtual ~A();
};
struct B final : A { };
struct C { };
bool f(B* b) {
return dynamic_cast<C*>(b);
}
llvm-svn: 129256
2011-04-10 20:33:22 +00:00
467dbd5f13
strcat() and strncat() model additions to CStringChecker.
...
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
llvm-svn: 129215
2011-04-09 15:12:58 +00:00
f603f3afbd
Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs
...
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
llvm-svn: 129166
2011-04-08 22:42:35 +00:00
319963434c
Basic, untested implementation for an "unknown any" type requested by LLDB.
...
The idea is that you can create a VarDecl with an unknown type, or a
FunctionDecl with an unknown return type, and it will still be valid to
access that object as long as you explicitly cast it at every use. I'm
still going back and forth about how I want to test this effectively, but
I wanted to go ahead and provide a skeletal implementation for the LLDB
folks' benefit and because it also improves some diagnostic goodness for
placeholder expressions.
llvm-svn: 129065
2011-04-07 08:22:57 +00:00
3337ca5f95
When updating the retain summary based on {cf,ns}_consumed attributes,
...
be sure to consume the argument index that actually had the attribute
rather than always the first. rdar://problem/9234108
llvm-svn: 128998
2011-04-06 09:02:12 +00:00
de909e4946
Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
...
Also, brings the security syntax checker more inline with coding standards.
llvm-svn: 128916
2011-04-05 20:18:46 +00:00
378819342e
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
...
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
llvm-svn: 128858
2011-04-04 23:29:12 +00:00
fca2e9618a
Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.
...
llvm-svn: 128785
2011-04-03 05:07:11 +00:00
a95594416e
static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge.
...
Patch by Lei Zhang!
llvm-svn: 128784
2011-04-03 04:34:49 +00:00
850d35be16
Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.
...
llvm-svn: 128783
2011-04-03 04:09:15 +00:00
af2371e368
Remove a redundant method. We have a const version.
...
llvm-svn: 128762
2011-04-02 03:20:45 +00:00
8f89f7c893
Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.
...
llvm-svn: 128761
2011-04-02 02:56:23 +00:00
c703a666f7
static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times.
...
llvm-svn: 128760
2011-04-02 02:56:17 +00:00
6ffe738f24
Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
...
llvm-svn: 128679
2011-03-31 22:09:14 +00:00
79d74141b1
Adding Static Analyzer checker for mempcpy().
...
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
llvm-svn: 128677
2011-03-31 21:36:53 +00:00
70568c2be7
Fix spelling in a comment. (test commit)
...
llvm-svn: 128670
2011-03-31 21:26:55 +00:00
40d16c0e75
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
...
recover some path-sensitivity by conjuring a symbol.
llvm-svn: 128612
2011-03-31 04:46:53 +00:00
61a4f6682a
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
...
llvm-svn: 128611
2011-03-31 04:04:48 +00:00
98a24e37c5
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
...
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
llvm-svn: 128557
2011-03-30 17:41:19 +00:00
84d7907797
[analyzer] Allow all checkers of a group to be enabled.
...
llvm-svn: 128512
2011-03-29 23:57:41 +00:00
437758cbe6
[analyzer] For -analyzer-checker-help show all the info about groups, packages, and which packages/checkers are hidden.
...
llvm-svn: 128511
2011-03-29 23:57:38 +00:00
4ee039647a
[analyzer] Checker Packages can now belong to a group. This requires llvm commit r128474.
...
llvm-svn: 128475
2011-03-29 18:54:02 +00:00
642b03413f
Don't add a symbolic region for 'this' if the member function is static.
...
llvm-svn: 128340
2011-03-26 14:30:44 +00:00
104f6dfd1f
Tweak grammar in checker description.
...
llvm-svn: 128310
2011-03-26 00:25:42 +00:00
49c79790de
Rework checker "packages" and groups to be more hierarchical.
...
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
ddc06d0bd0
Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.
...
This rename serves two purposes:
- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.
llvm-svn: 127930
2011-03-19 01:00:33 +00:00
70727343cf
Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.
...
llvm-svn: 127798
2011-03-17 04:10:25 +00:00
6fa1daede5
Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.
...
llvm-svn: 127797
2011-03-17 04:01:35 +00:00
3e5ad5932e
Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without
...
invalidating the entire binding. Fixes PR 9455.
llvm-svn: 127796
2011-03-17 03:51:51 +00:00
4ceebbf54d
VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.
...
llvm-svn: 127719
2011-03-16 00:22:51 +00:00
cdb2ae587a
Remove bogus assertion in IdempotentOperationsChecker.
...
llvm-svn: 127687
2011-03-15 19:27:57 +00:00
161f9a3829
Sort
...
llvm-svn: 127624
2011-03-14 21:20:46 +00:00
066b226daa
Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.
...
Also add a test case showing that we correctly report multiple warnings for the same message expression.
llvm-svn: 127605
2011-03-14 19:50:37 +00:00
d91d5f162f
Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.
...
Ted or Argiris, I'd appreciate a review!
llvm-svn: 127572
2011-03-13 20:35:21 +00:00
a4a57c10da
Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.
...
llvm-svn: 127531
2011-03-12 06:14:28 +00:00
e5a89ac52a
Don't have side-effects (or rather non-trivial computation) in StringSwitch "cases."
...
llvm-svn: 127528
2011-03-12 04:08:07 +00:00
f89710b936
Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators.
...
This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).
llvm-svn: 127525
2011-03-12 02:49:15 +00:00
52d264cda5
Fix comments, and force auto progagation in VisitAggExpr.
...
llvm-svn: 127524
2011-03-12 02:49:11 +00:00
97474f7414
static analyzer: Handle 'ExprWithCleanups' in ExprEngine by essentially ignoring them.
...
llvm-svn: 127523
2011-03-12 02:49:09 +00:00
e190dee7a5
Add support for the OpenCL vec_step operator, by generalising and
...
extending the existing support for sizeof and alignof. Original
patch by Guy Benyei.
llvm-svn: 127475
2011-03-11 19:24:49 +00:00
2f1f023283
#include Store.h into BasicValueFactory.cpp to provide definitions of StoreRef constructor.
...
llvm-svn: 127291
2011-03-08 23:39:37 +00:00
4bb6c6b37e
static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects.
...
llvm-svn: 127288
2011-03-08 23:18:00 +00:00
3c50aea73f
Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString.
...
llvm-svn: 127268
2011-03-08 20:05:26 +00:00
b4526252db
Move some of the logic about classifying Objective-C methods into
...
conventional categories into Basic and AST. Update the self-init checker
to use this logic; CFRefCountChecker is complicated enough that I didn't
want to touch it.
llvm-svn: 126817
2011-03-02 01:50:55 +00:00
eff9a7ff91
Teach CFGBuilder to prune trivially unreachable case statements.
...
llvm-svn: 126797
2011-03-01 23:12:55 +00:00
96a7a59119
In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.
...
- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.
llvm-svn: 126738
2011-03-01 03:15:10 +00:00
a9a0f5d206
[analyzer] Also make sure that the parameter is coming from the current stack frame.
...
llvm-svn: 126735
2011-03-01 01:59:41 +00:00
456b18c279
[analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted!
...
llvm-svn: 126734
2011-03-01 01:47:48 +00:00
918c847890
[analyzer] Move lib/StaticAnalyzer/Checkers/ExprEngine.cpp -> lib/StaticAnalyzer/Core
...
and hope the wrath of the buildbots will not descend upon me.
llvm-svn: 126728
2011-03-01 01:24:23 +00:00
6a5674ffa6
[analyzer] Rename CheckerV2 -> Checker.
...
llvm-svn: 126726
2011-03-01 01:16:21 +00:00
0036b19abd
[analyzer] Remove Checker V1.
...
llvm-svn: 126725
2011-03-01 01:16:08 +00:00
d665807901
[analyzer] Remove checker V1 registration and running from ExprEngine.
...
llvm-svn: 126724
2011-03-01 01:16:03 +00:00
5ad574c096
Improves the coding style in SValBuilder. This patch:
...
- renames evalCastNL and evalCastL to evalCastFromNonLoc and
evalCastFromLoc (avoid abbreviations that aren't well known).
- makes all function parameter names start with a lower case letter
for consistency and distinction from member variables.
- avoids abbreviations in function parameter names.
Reviewed by kremenek@apple.com .
llvm-svn: 126722
2011-03-01 00:45:32 +00:00
29b8656935
[analyzer] Remove unused checker stuff from AnalysisConsumer and some unused headers.
...
llvm-svn: 126690
2011-02-28 22:30:38 +00:00
9eb02dfa89
[analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
...
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
6a1c760760
[analyzer] Run the ExprEngine depending on the CheckerManager having path-sensitive checkers.
...
llvm-svn: 126674
2011-02-28 19:49:17 +00:00
20f5caa518
[analyzer] The current UninitializedValuesChecker will go away, remove '-warn-uninit-values'.
...
llvm-svn: 126673
2011-02-28 19:49:12 +00:00
2c49ec7f1d
[analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
...
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.
llvm-svn: 126659
2011-02-28 17:36:18 +00:00
a15dfec3f5
[analyzer] Introduce "event" mechanism in CheckerManager.
...
A checker can register as receiver/listener of "events" (basically it registers a callback
with a function getting called with an argument of the event type) and other checkers can
register as "dispatchers" and can pass an event object to all the listeners.
This allows cooperation amongst checkers but with very loose coupling.
llvm-svn: 126658
2011-02-28 17:36:09 +00:00
98b570ecad
[analyzer] Run AST checkers for ObjCMethodDecls.
...
llvm-svn: 126657
2011-02-28 17:36:04 +00:00
64965ad75d
Fix CMake build.
...
llvm-svn: 126629
2011-02-28 02:13:22 +00:00
4b45f6628e
[analyzer] Introduce SVal::getAsVarDecl().
...
llvm-svn: 126627
2011-02-28 01:28:18 +00:00
6d6801c5c7
[analzyer] Migrate CallAndMessageChecker to CheckerV2.
...
llvm-svn: 126626
2011-02-28 01:28:13 +00:00
64fe456a6b
[analyzer] ExprEngine should not depend on checkers for not crashing.
...
llvm-svn: 126625
2011-02-28 01:28:08 +00:00
0a5a41d799
[analyzer] Migrate AdjustedReturnValueChecker to CheckerV2.
...
llvm-svn: 126624
2011-02-28 01:28:05 +00:00
6fff2e3d36
[analyzer] Migrate AttrNonNullChecker to CheckerV2.
...
llvm-svn: 126623
2011-02-28 01:28:01 +00:00
4f7745a3b1
[analyzer] ExprEngine should not depend on checkers for not crashing.
...
llvm-svn: 126622
2011-02-28 01:27:57 +00:00
68ed625bd3
[analyzer] Migrate VLASizeChecker to CheckerV2.
...
llvm-svn: 126621
2011-02-28 01:27:54 +00:00
ae468f77fa
[analyzer] Migrate DivZeroChecker to CheckerV2.
...
llvm-svn: 126620
2011-02-28 01:27:50 +00:00
4dc7fb37cb
[analyzer] Migrate ReturnUndefChecker to CheckerV2.
...
llvm-svn: 126619
2011-02-28 01:27:46 +00:00
da6c7568e2
[analyzer] Migrate UndefinedArraySubscriptChecker to CheckerV2.
...
llvm-svn: 126618
2011-02-28 01:27:41 +00:00
098874a2f8
[analyzer] Migrate UndefinedAssignmentChecker to CheckerV2.
...
llvm-svn: 126617
2011-02-28 01:27:37 +00:00
753b3ca32f
[analyzer] Migrate UndefBranchChecker to CheckerV2.
...
llvm-svn: 126616
2011-02-28 01:27:33 +00:00
60b6da721f
[analyzer] Migrate UndefCapturedBlockVarChecker to CheckerV2.
...
llvm-svn: 126615
2011-02-28 01:27:26 +00:00
d4d3cee6e4
[analyzer] Migrate UndefResultChecker to CheckerV2.
...
llvm-svn: 126614
2011-02-28 01:27:22 +00:00
142dbbfcd8
[analyzer] Migrate NoReturnFunctionChecker to CheckerV2.
...
llvm-svn: 126613
2011-02-28 01:27:17 +00:00
3e7ab19863
[analyzer] Move the DeadStores checker out of the 'core' package.
...
-Now it gets enabled with '-analyzer-checker=DeadStores'.
-The driver passes the above flag by default.
llvm-svn: 126612
2011-02-28 01:27:12 +00:00
f3ed8b631d
[analyzer] Migrate BuiltinFunctionChecker to CheckerV2.
...
llvm-svn: 126611
2011-02-28 01:27:07 +00:00
b2cf708395
[analyzer] Migrate OSAtomicChecker to CheckerV2.
...
llvm-svn: 126610
2011-02-28 01:27:02 +00:00
0a9ce3ec8f
[analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.
...
Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow
llvm-svn: 126609
2011-02-28 01:26:57 +00:00
560bbb1241
[analyzer] Turn -analyzer-stats into -analyzer-checker=debug.Stats
...
llvm-svn: 126608
2011-02-28 01:26:50 +00:00
21c9423ef4
[analyzer] Remove '-analyzer-experimental-checks' flag.
...
llvm-svn: 126607
2011-02-28 01:26:43 +00:00
183f0fb4cf
[analyzer] Migrate MallocChecker to CheckerV2.
...
llvm-svn: 126606
2011-02-28 01:26:35 +00:00
e925322f41
Update test cases.
...
llvm-svn: 126523
2011-02-25 22:19:14 +00:00
5eb4b60734
Tidy up help text in Checkers.td, and rename StackAddrLeakChecker to StackAddrEscapeChecker.
...
llvm-svn: 126522
2011-02-25 22:00:43 +00:00
17bee3e70a
Intoduce '-analyzer-checker-help' flag which outputs a list of all available static analyzer checkers.
...
This is pretty basic for now, eventually checkers should be grouped according to package, hidden checkers should be indicated etc.
llvm-svn: 126454
2011-02-25 00:09:51 +00:00
b388f77ad9
[analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't have any checkers associated with it anymore.
...
llvm-svn: 126440
2011-02-24 21:43:08 +00:00
51695bbb0a
[analyzer] Allow a checker to be hidden even if its package is hidden & enabled.
...
For example, if 'core.experimental.UnreachableCode' is hidden, it should not be enabled with 'core.experimental'.
Note that this requires llvm commit r126436.
llvm-svn: 126439
2011-02-24 21:42:52 +00:00
8b08906411
[analyzer] Migrate CastSizeChecker to CheckerV2.
...
llvm-svn: 126438
2011-02-24 21:42:49 +00:00
dd407f423b
[analyzer] Migrate ArrayBoundChecker to CheckerV2.
...
llvm-svn: 126371
2011-02-24 08:42:12 +00:00
8f38c3843d
[analyzer] Don't pass a GRState to CheckerManager::runCheckersForLocation, terrible mistake.
...
If the state is new, make sure an ExplodedNode is associated with it.
llvm-svn: 126370
2011-02-24 08:42:04 +00:00
7bc0141043
[analyzer] Migrate ReturnPointerRangeChecker to CheckerV2.
...
llvm-svn: 126369
2011-02-24 08:41:57 +00:00
d813801384
Fix tiny error in CFG construction for BinaryConditionalOperators, making sure the branch always has two successors. Also teach Environment::getSVal() about OpaqueValueExprs.
...
This fixes a crash reported in PR9287, and also fixes a false positive involving the value of such ternary
expressions not properly getting propagated.
llvm-svn: 126362
2011-02-24 03:09:15 +00:00
4769e9376e
[analyzer] Remove unused functions from CheckerManager.
...
llvm-svn: 126352
2011-02-24 01:05:37 +00:00
785459a2a9
[analyzer] Migrate StreamChecker to CheckerV2.
...
llvm-svn: 126351
2011-02-24 01:05:33 +00:00
c26f15dbad
[analyzer] Migrate CStringChecker to CheckerV2.
...
llvm-svn: 126350
2011-02-24 01:05:30 +00:00
506220fef7
[analyzer] Migrate StackAddrLeakChecker to CheckerV2.
...
llvm-svn: 126333
2011-02-23 21:04:54 +00:00
f1b5d1f01b
[analyzer] Refactor EndOfFunctionNodeBuilder.
...
-Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a
checker tag and not require the checkers to pass a tag.
-For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since
there are actual calls that assume the second parameter is ExplodedNode.
llvm-svn: 126332
2011-02-23 21:04:49 +00:00
66b38c2261
[analyzer] Migrate IdempotentOperationChecker to CheckerV2.
...
llvm-svn: 126331
2011-02-23 21:04:44 +00:00
68cab73ab9
[analyzer] const goodness.
...
llvm-svn: 126326
2011-02-23 19:38:45 +00:00
d0732a660a
[analyzer] Rename runPathSensitiveCheckers -> expandGraphWithCheckers.
...
llvm-svn: 126325
2011-02-23 19:38:41 +00:00
da02a25ae6
[analyzer] Migrate ChrootChecker to CheckerV2.
...
llvm-svn: 126324
2011-02-23 19:38:39 +00:00
bf61d97a98
[analyzer] Migrate UnreachableCodeChecker to CheckerV2.
...
llvm-svn: 126308
2011-02-23 07:19:23 +00:00
aad8372516
[analyzer] Migrate to CheckerV2:
...
NSAutoreleasePoolChecker
ObjCAtSyncChecker
llvm-svn: 126307
2011-02-23 07:19:18 +00:00
99ea46462a
[analyzer] Add LangOptions in CheckerManager.
...
llvm-svn: 126306
2011-02-23 07:19:14 +00:00
80861ca9b5
Migrate CFGReachabilityAnalysis out of the IdempotentOperationsChecker and into its own analysis file.
...
llvm-svn: 126289
2011-02-23 01:51:59 +00:00
cc7f1f8c2e
Have IdempotentOperationsChecker pull its CFGStmtMap from AnalysisContext.
...
llvm-svn: 126288
2011-02-23 01:51:53 +00:00
dff865d10b
[analyzer] Migrate to CheckerV2:
...
CastToStructChecker
FixedAddressChecker
MacOSXAPIChecker
PointerArithChecker
PointerSubChecker
PthreadLockChecker
UnixAPIChecker
llvm-svn: 126284
2011-02-23 01:05:36 +00:00
dd058d8a50
[analyzer] Migrate the BasicObjCFoundationChecks to CheckerV2:
...
NilArgChecker
CFNumberCreateChecker
ClassReleaseChecker
llvm-svn: 126275
2011-02-23 00:16:10 +00:00
22f2586bfb
[analyzer] Fix CheckerManager::runCheckersForObjCMessage.
...
It would run PostObjCMessage checkers even for PreObjCMessage checking.
llvm-svn: 126274
2011-02-23 00:16:07 +00:00
a1540db6e4
[analyzer] Refactor BugTypes and their ownership model.
...
-In general, don't have the BugReporter deleting BugTypes, BugTypes will eventually become owned by checkers
and outlive the BugReporter. In the meantime, there will be some leaks since some checkers assume that
the BugTypes they create will be destroyed by the BugReporter.
-Have BugReporter::EmitBasicReport create BugTypes that are reused if the same name & category strings
are passed to EmitBasicReport. These BugTypes are owned and destroyed by the BugReporter.
This allows bugs reported through EmitBasicReport to be coalesced.
-Remove the llvm::FoldingSet<BugReportEquivClass> from BugType and move it into the BugReporter.
For uniquing BugReportEquivClass also use the BugType* so that we can iterate over all of them using only one set.
llvm-svn: 126272
2011-02-23 00:16:01 +00:00
ed35cf271d
[analyzer] Start moving the path-sensitive checkers to CheckerV2.
...
-Migrate ObjCSelfInitChecker to CheckerV2. In the process remove the 'preCallSelfFlags' field
from the checker class and use GRState for storing that info.
-Get ExprEngine to start delegating checker running to CheckerManager.
llvm-svn: 126229
2011-02-22 17:30:38 +00:00
fb1a79af7a
Add CStringChecker support for strncpy. Patch by Lenny Maiorani!
...
llvm-svn: 126188
2011-02-22 04:58:34 +00:00
280a01fa1b
Add CStringChecker support for strnlen. Patch by Lenny Maiorani!
...
llvm-svn: 126187
2011-02-22 04:55:05 +00:00
6f72540e46
New function for tablegenning: clang_tablegen.
...
llvm-svn: 126093
2011-02-20 22:06:32 +00:00
e9c7994669
Correct name of dependent target.
...
CMake complained about this while generating VS project files but was
okay with it while generating makefiles on Linux.
llvm-svn: 126090
2011-02-20 19:41:34 +00:00
f7fa56f25f
Fix some add_dependencies.
...
The syntax is (add_dependencies target-name depend-target1 ...).
llvm-svn: 126049
2011-02-19 21:38:48 +00:00
eb8357c1d8
[analyzer] Fix crash when analyzing C++ code.
...
llvm-svn: 126025
2011-02-19 08:03:18 +00:00
ff6fd0f4b0
Change 'StoreRef' back to 'Store' in GRState, shrinking the size of GRState back by one pointer.
...
llvm-svn: 126020
2011-02-19 03:56:19 +00:00
21f347e729
[analyzer] Fix crash when analyzing C++ code.
...
llvm-svn: 126013
2011-02-19 01:59:41 +00:00
fda3687515
Add 'StoreRef' smart pointer to allow more fine-grain memory lifetime control of Store objects.
...
This yields a minor memory reduction (for larger functions) on Sqlite at the cost of slightly
higher memory usage on some functions because of the increased size of GRState (which can be optimized).
I expect the real memory savings from this enhancement will come when we aggressively
canabilize more of the ExplodedGraph.
llvm-svn: 126012
2011-02-19 01:59:33 +00:00
e34245b30b
[analyzer] Fix crash when analyzing C++ code.
...
llvm-svn: 126007
2011-02-19 01:08:41 +00:00
ec016464ca
[analyzer] Fix crash when analyzing C++ code.
...
llvm-svn: 125963
2011-02-18 21:24:56 +00:00
79b52bfc46
CMake: updated source file list.
...
llvm-svn: 125783
2011-02-17 22:07:39 +00:00
57d736fd46
[analyzer] Use the new registration mechanism for the debugging info "checks".
...
The relative checker package is 'debug':
'-dump-live-variables' is replaced by '-analyzer-checker=debug.DumpLiveVars'
'-cfg-view' is replaced by '-analyzer-checker=debug.ViewCFG'
'-cfg-dump' is replaced by '-analyzer-checker=debug.DumpCFG'
llvm-svn: 125780
2011-02-17 21:39:39 +00:00
af45aca670
[analyzer] Use the new registration mechanism on the non-path-sensitive-checkers:
...
DeadStoresChecker
ObjCMethSigsChecker
ObjCUnusedIvarsChecker
SizeofPointerChecker
ObjCDeallocChecker
SecuritySyntaxChecker
llvm-svn: 125779
2011-02-17 21:39:33 +00:00
24ffc08f39
[analyzer]
...
-Introduce CheckerV2, a set of templates for convenient declaration & registration of checkers.
Currently useful just for checkers working on the AST not the path-sensitive ones.
-Enhance CheckerManager to actually collect the checkers and turn it into the entry point for
running the checkers.
-Use the new mechanism for the LLVMConventionsChecker.
llvm-svn: 125778
2011-02-17 21:39:24 +00:00
507ff53e39
[analyzer] Pass CheckerManager to the registration functions.
...
llvm-svn: 125777
2011-02-17 21:39:17 +00:00
9d5235d527
When building StaticAnalyzer/Frontend add -I "<Checkers build dir>" to allow Checkers.inc to be
...
included without '..', thus being compatible with build systems of *BSDs.
Patch by Joerg Sonnenberger!
llvm-svn: 125758
2011-02-17 18:40:33 +00:00
c07a0c7e48
Change the representation of GNU ?: expressions to use a different expression
...
class and to bind the shared value using OpaqueValueExpr. This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait; or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.
Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.
This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here. In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.
I've tried to update the analyzer to deal with this in at least some
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.
llvm-svn: 125744
2011-02-17 10:25:35 +00:00
c8e630e4db
Step #1/N of implementing support for __label__: split labels into
...
LabelDecl and LabelStmt. There is a 1-1 correspondence between the
two, but this simplifies a bunch of code by itself. This is because
labels are the only place where we previously had references to random
other statements, causing grief for AST serialization and other stuff.
This does cause one regression (attr(unused) doesn't silence unused
label warnings) which I'll address next.
This does fix some minor bugs:
1. "The only valid attribute " diagnostic was capitalized.
2. Various diagnostics printed as ''labelname'' instead of 'labelname'
3. This reduces duplication of label checking between functions and blocks.
Review appreciated, particularly for the cindex and template bits.
llvm-svn: 125733
2011-02-17 07:39:24 +00:00
5a9b1ec94c
simplify a bit.
...
llvm-svn: 125724
2011-02-17 05:38:27 +00:00
85a203ebdd
Makes most methods in SVals.h conform to the naming guide. Reviewed
...
by kremenek.
llvm-svn: 125687
2011-02-16 21:13:32 +00:00
bb1e5079b2
Revert r125642. This broke the build? It should be a no-op.
...
llvm-svn: 125645
2011-02-16 02:34:28 +00:00
757515588a
Don't use "../foo" to return to the current directory.
...
llvm-svn: 125642
2011-02-16 02:10:49 +00:00
034d68e97d
[analyzer] AnalyzerFrontend is dependent on AnalyzerCheckers.
...
llvm-svn: 125637
2011-02-16 01:40:55 +00:00
9d4d4f9104
[analyzer] Use the new registration mechanism on the apple checkers:
...
NilArgChecker
CFNumberCreateChecker
NSAutoreleasePoolChecker
CFRetainReleaseChecker
ClassReleaseChecker
llvm-svn: 125636
2011-02-16 01:40:52 +00:00
a9215281de
[analyzer] Use the new registration mechanism on some of the experimental internal checkers:
...
CastToStructChecker
FixedAddressChecker
PointerArithChecker
PointerSubChecker
llvm-svn: 125612
2011-02-15 22:55:20 +00:00
b2400924d9
[analyzer] Use the new registration mechanism on the IdempotentOperationChecker.
...
llvm-svn: 125611
2011-02-15 22:55:14 +00:00
f81ff04ba3
[analyzer] Remove ObjCSelfInitCheck from AnalyzerOptions.
...
llvm-svn: 125599
2011-02-15 21:25:07 +00:00
2d3905ffac
[analyzer] Use the new registration mechanism on some of the experimental checks. These are:
...
CStringChecker
ChrootChecker
MallocChecker
PthreadLockChecker
StreamChecker
UnreachableCodeChecker
MallocChecker creates implicit dependencies between checkers and needs to be handled differently.
llvm-svn: 125598
2011-02-15 21:25:03 +00:00
9892e3545a
Add missing CMake dependency
...
llvm-svn: 125566
2011-02-15 17:09:56 +00:00
6fa0d20a6f
Fix the clang-wpa example.
...
llvm-svn: 125565
2011-02-15 16:54:12 +00:00
4e52527c28
[analyzer] Reflect changes for tablegen'ing the checkers.
...
-Update tablegen files for checkers, use the tablegen class name for the checker class name.
-Update ClangSACheckersProvider to not look into hidden checker packages.
llvm-svn: 125560
2011-02-15 07:42:38 +00:00
a6d04d541d
[analyzer] Use the new registration mechanism on some of the internal checks. These are:
...
StackAddrLeakChecker
ObjCAtSyncChecker
UnixAPIChecker
MacOSXAPIChecker
The rest have/create implicit dependencies between checkers and need to be handled differently.
llvm-svn: 125559
2011-02-15 07:42:33 +00:00
4ea9004fe8
IdempotentOperationChecker: don't repeatedly recompute block reachability.
...
llvm-svn: 125548
2011-02-15 02:20:03 +00:00
c9987fbbfe
Add current binary and source directories to the header search list
...
for all compiler invocations.
llvm-svn: 125514
2011-02-14 20:14:11 +00:00
f0619868ae
Remove left-over #include.
...
llvm-svn: 125507
2011-02-14 19:02:35 +00:00
556c45e9c5
[analyzer] Overhauling of the checker registration mechanism.
...
-Checkers will be defined in the tablegen file 'Checkers.td'.
-Apart from checkers, we can define checker "packages" that will contain a collection of checkers.
-Checkers can be enabled with -analyzer-checker=<name> and disabled with -analyzer-disable-checker=<name> e.g:
Enable checkers from 'cocoa' and 'corefoundation' packages except the self-initialization checker:
-analyzer-checker=cocoa -analyzer-checker=corefoundation -analyzer-disable-checker=cocoa.SelfInit
-Introduces CheckerManager and CheckerProvider. CheckerProviders get the set of checker names to enable/disable and
register them with the CheckerManager which will be the entry point for all checker-related functionality.
Currently only the self-initialization checker takes advantage of the new mechanism.
llvm-svn: 125503
2011-02-14 18:13:31 +00:00
4ec3cf9937
[analyzer] Remove ManagerRegistry which is not used. In the future we may load analyzer plugins dynamically but
...
registration through static constructors should be avoided.
llvm-svn: 125502
2011-02-14 18:13:17 +00:00
2ef5f3c1c5
[analyzer] Move include/clang/StaticAnalyzer/AnalysisConsumer.h -> lib/StaticAnalyzer/Frontend/AnalysisConsumer.h since
...
FrontendActions.cpp is the only user.
llvm-svn: 125501
2011-02-14 18:13:11 +00:00
ae92c95d34
[analyzer] Move Checkers/FrontendActions.cpp -> Frontend/FrontendActions.cpp
...
llvm-svn: 125500
2011-02-14 18:13:06 +00:00
ecd3334dac
[analyzer] Introduce libclangStaticAnalyzerFrontend and move Checkers/AnalysisConsumer.cpp into Frontend lib.
...
llvm-svn: 125499
2011-02-14 18:13:01 +00:00
3374e03344
Remove dead code in IdempotentOperationChecker.
...
llvm-svn: 125497
2011-02-14 18:05:07 +00:00
5794ef6950
Fix edge case where we don't cull warnings in IdempotentOperationsChecker due to incomplete analysis of loops.
...
llvm-svn: 125495
2011-02-14 17:59:23 +00:00
a71d5d31a1
Use 'BitVector' instead of SmallPtrSet<CFGBlock*> in IdempotentOperationsChecker. No real functionality change.
...
llvm-svn: 125494
2011-02-14 17:59:20 +00:00
c059798756
Teach the IdempotentOperations checker to ignore property setters.
...
llvm-svn: 125443
2011-02-12 18:50:03 +00:00
70aeefa17e
Weaken the ObjCSelfInitChecker to only warn when one calls an 'init' method within an 'init' method. This is a temporary stop gap to avoid false positives while we investigate how to make it smarter.
...
llvm-svn: 125427
2011-02-12 03:03:54 +00:00
10b5926e29
static analyzer: Also invalidate instance variables of a receiver in a message expression, just as we do with parameters.
...
Fixes <rdar://problem/8725041>.
llvm-svn: 125422
2011-02-12 01:01:31 +00:00
b1c392aa56
Don't emit a dead store for '++' operations unless it occurs with a return statement. We've never seen any other cases that were real bugs.
...
Fixes <rdar://problem/6962292>.
llvm-svn: 125419
2011-02-12 00:17:19 +00:00
c498878e6d
Add CMake dependencies so that LLVM_USED_LIBS order doesn't matter.
...
I also sorted the tools/driver dependencies since their order no
longer matters.
llvm-svn: 125417
2011-02-11 23:46:38 +00:00
9865d7f0e6
Don't report dead stores on unreachable code paths. Fixes <rdar://problem/8405222>.
...
llvm-svn: 125415
2011-02-11 23:24:26 +00:00
7b3f290d61
Remove RegionStoreManager::evalBinOp(), which is now handled by the SValBuilder.
...
llvm-svn: 125396
2011-02-11 19:48:19 +00:00
eddeba0dae
Rename 'InvalidateRegions()' to 'invalidateRegions()'.
...
llvm-svn: 125395
2011-02-11 19:48:15 +00:00
5662dfefad
Allow the 'Eng' entry in GRStateManager to be a (possibly null) pointer instead of a reference.
...
llvm-svn: 125362
2011-02-11 04:20:16 +00:00
98dd73d66c
CMake: LLVM_NO_RTTI must be obsolete now!
...
llvm-svn: 125275
2011-02-10 09:15:32 +00:00
1656db69f3
Run ~GRState() when reclaiming GRStates.
...
llvm-svn: 125262
2011-02-10 03:07:40 +00:00
75e4564140
static analyzer: Make GRStates reference counted, with reference counts managed by ExplodedNodes.
...
This reduces memory usage of the analyzer on sqlite by another 5%.
llvm-svn: 125260
2011-02-10 02:21:52 +00:00
f8cbac4b91
Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.
...
This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.
llvm-svn: 125251
2011-02-10 01:03:03 +00:00
41f8546233
AST, Sema, Serialization: add CUDAKernelCallExpr and related semantic actions
...
llvm-svn: 125217
2011-02-09 21:07:24 +00:00
bd06678921
Remove vtables from the Stmt hierarchy; this was pretty easy as
...
there were only three virtual methods of any significance.
The primary way to grab child iterators now is with
Stmt::child_range children();
Stmt::const_child_range children() const;
where a child_range is just a std::pair of iterators suitable for
being llvm::tie'd to some locals. I've left the old child_begin()
and child_end() accessors in place, but it's probably a substantial
penalty to grab the iterators individually now, since the
switch-based dispatch is kindof inherently slower than vtable
dispatch. Grabbing them together is probably a slight win over the
status quo, although of course we could've achieved that with vtables, too.
I also reclassified SwitchCase (correctly) as an abstract Stmt
class, which (as the first such class that wasn't an Expr subclass)
required some fiddling in a few places.
There are somewhat gross metaprogramming hooks in place to ensure
that new statements/expressions continue to implement
getSourceRange() and children(). I had to work around a recent clang
bug; dgregor actually fixed it already, but I didn't want to
introduce a selfhosting dependency on ToT.
llvm-svn: 125183
2011-02-09 08:16:59 +00:00
a40f8ebc83
static analyzer: Further reduce the analyzer's memory usage when analyzing sqlite3 by 7-10% by recylcing "uninteresting" ExplodedNodes.
...
The optimization involves eagerly pruning ExplodedNodes from the ExplodedGraph that contain
practically no difference between the predecessor and successor nodes. For example, if
the state is different between a predecessor and a node, the node is left in. Only for
the 'environment' component of the state do we not care if the ExplodedNodes are different.
This paves the way for future optimizations where we can reclaim the environment objects.
llvm-svn: 125154
2011-02-09 01:27:33 +00:00
1953f97ac9
analyzer, retain/release checker: Remove hack where objects passed in message to 'self' are no longer tracked.
...
llvm-svn: 125130
2011-02-08 22:54:26 +00:00
fa0734ec4f
[analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core.
...
Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration.
Yet another library to avoid cyclic dependencies between Core and Checkers.
llvm-svn: 125124
2011-02-08 22:30:36 +00:00
4975170267
[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.cpp -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp
...
llvm-svn: 125123
2011-02-08 22:30:15 +00:00
f410a6299f
[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.h
...
llvm-svn: 125122
2011-02-08 22:30:11 +00:00
f99d595cfd
[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineInternalChecks.h -> lib/StaticAnalyzer/Checkers/InternalChecks.h
...
llvm-svn: 125121
2011-02-08 22:30:02 +00:00
dd03d8ddaa
[analyzer] Fix a false positive of the 'self' initialization checker.
...
A common pattern in classes with multiple initializers is to put the
subclass's common initialization bits into a static function that receives
the value of 'self', e.g:
if (!(self = [super init]))
return nil;
if (!(self = _commonInit(self)))
return nil;
It was reported that 'self' was not set to the result of [super init].
Until we can use inter-procedural analysis, in such a call, transfer the
ObjCSelfInitChecker flags associated with 'self' to the result of the call.
Fixes rdar://8937441 & http://llvm.org/PR9094
llvm-svn: 124940
2011-02-05 05:54:53 +00:00
58f8b590e1
[analyzer] Fix a crash until we can handle temporary struct objects properly.
...
llvm-svn: 124822
2011-02-03 22:01:32 +00:00
c63de66c4f
An insomniac stab at making block declarations list the variables they close
...
on, as well as more reliably limiting invalid references to locals from
nested scopes.
llvm-svn: 124721
2011-02-02 13:00:07 +00:00
c1b4534e42
Fix the message. Thanks to Thomas Clement for noticing.
...
llvm-svn: 124680
2011-02-01 20:33:05 +00:00
15a3daa189
[analyzer] Slightly improve the diagnostic message of ObjCSelfInitChecker.
...
llvm-svn: 124674
2011-02-01 19:32:55 +00:00
afe348ea43
Wire up attributes 'ns_consumed' and 'cf_consumed' in the static analyzer's ObjC retain/release checker.
...
llvm-svn: 124386
2011-01-27 18:43:03 +00:00
add754a02e
[analyzer] Fix crash when handling dot syntax on 'super'.
...
llvm-svn: 124376
2011-01-27 16:17:11 +00:00
f9cbcc4cc2
Fix whitespace.
...
llvm-svn: 124364
2011-01-27 07:10:08 +00:00
7c2888689d
7bit-ize.
...
llvm-svn: 124363
2011-01-27 07:09:49 +00:00
0e89838ced
Hook up attribute ns_consumes_self in the ObjC retain/release checker in the static analyzer.
...
llvm-svn: 124360
2011-01-27 06:54:14 +00:00
c7ffd35cb7
[analyzer] Enable the self-init checker under command-line option '-analyzer-check-objc-self-init' which by default
...
is enabled by the driver for '--analyze'.
llvm-svn: 124266
2011-01-26 01:26:50 +00:00
8781b7dded
[analyzer] Improve the diagnostic for the self-init checker. Suggestion by Ted!
...
llvm-svn: 124263
2011-01-26 01:26:41 +00:00
3ae681eb12
[analyzer] Do the self-init check only on NSObject subclasses. Patch by Jean-Daniel Dupas!
...
llvm-svn: 124249
2011-01-25 23:54:44 +00:00
fedad3c668
Don't try and symbolicate unions; we don't reason
...
about them yet. Fixes crash reported in PR 9049.
llvm-svn: 124228
2011-01-25 21:08:47 +00:00
ade45d9703
Recycle memory for GRStates that are never referenced
...
by ExplodedNodes. This leads to about a 4-8%
reduction in memory footprint when analyzing
functions in sqlite3.
llvm-svn: 124214
2011-01-25 19:13:54 +00:00
7fd987de23
Tweak wording of static analyzer diagnostic
...
for a block capturing the value of an uninitialized
variable.
llvm-svn: 124212
2011-01-25 19:13:42 +00:00
ffb08c46fa
[analyzer] Handle the dot syntax for properties in the ExprEngine.
...
We translate property accesses to obj-c messages by simulating "loads" or "stores" to properties
using a pseudo-location SVal kind (ObjCPropRef).
Checkers can now reason about obj-c messages for both explicit message expressions and implicit
messages due to property accesses.
llvm-svn: 124161
2011-01-25 00:04:03 +00:00
fdbcd54658
[analyzer] Introduce ExprEngine::VisitObjCMessage for handling general ObjCMessages (both message expressions and property access)
...
and use it in ExprEngine::VisitObjCMessageExpr.
llvm-svn: 124160
2011-01-25 00:03:57 +00:00
37ab726d63
[analyzer] Introduce ObjCMessage which represents both explicit ObjC message expressions and implicit
...
messages that are sent for handling properties in dot syntax.
Replace all direct uses of ObjCMessageExpr in the checkers and checker interface with ObjCMessage.
llvm-svn: 124159
2011-01-25 00:03:53 +00:00
8e169a5f18
[analyzer] Simplify GetReceiverType function in BasicObjCFoundationChecks.cpp; no functionality change.
...
llvm-svn: 124157
2011-01-25 00:03:45 +00:00
c28614cec4
Use CharUnits for the offset amount of RegionRawOffset.
...
llvm-svn: 124093
2011-01-24 01:55:39 +00:00
a1ec4f39f4
Enhance AnalysisConsumer to also visit functions
...
and methods defined within 'namespace X { ... }'.
llvm-svn: 123921
2011-01-20 17:09:48 +00:00
424cec97bd
Change QualType::getTypePtr() to return a const pointer, then change a
...
thousand other things which were (generally inadvertantly) relying on that.
llvm-svn: 123814
2011-01-19 06:33:43 +00:00
8dfa5f1776
Fix warnings found by gcc-4.6, from -Wunused-but-set-variable and
...
-Wint-to-pointer-cast.
llvm-svn: 123719
2011-01-18 02:00:16 +00:00
45e84b0053
NetBSD, OpenBSD, and Dragonfly BSD also have arc4random. Patch from
...
Joerg Sonnenberger!
llvm-svn: 123669
2011-01-17 19:16:24 +00:00
cdbc539aee
Introduce a new expression kind, SubstNonTypeTemplateParmPackExpr,
...
that captures the substitution of a non-type template argument pack
for a non-type template parameter pack within a pack expansion that
cannot be fully expanded. This follows the approach taken by
SubstTemplateTypeParmPackType.
llvm-svn: 123506
2011-01-15 01:15:58 +00:00
8cb349de80
Cleanup confused code that redundantly called "getDeclContext()" twice.
...
Found by clang static analyzer.
llvm-svn: 123485
2011-01-14 22:31:41 +00:00
44e2c5cdd9
Rename 'RemoveDeadBindings()' to 'removeDeadBindings()'
...
llvm-svn: 123460
2011-01-14 20:34:15 +00:00
7c211625e0
Rename 'EnterStackFrame()' to 'enterStackFrame()'.
...
llvm-svn: 123459
2011-01-14 20:34:10 +00:00
95d874fa5d
Teach RegionStore::EnterStackFrame() to handle
...
the case where the called function has fewer
formal arguments than actual arguments. This
fixes a crash in the analyzer when doing
function call inlining.
Patch by Zhenbo Xu!
llvm-svn: 123458
2011-01-14 20:29:43 +00:00
c7ed09378e
Rename 'CheckDeadStores.cpp' to 'DeadStoresChecker.cpp'.
...
llvm-svn: 123395
2011-01-13 20:58:59 +00:00
f224820b45
Remove warning in dead stores checker for
...
dead stores within nested assignments. I have
never seen an actual bug found by this specific
warning, and it can lead to many false positives.
llvm-svn: 123394
2011-01-13 20:58:56 +00:00
3a3c0fd2d1
CXXBaseObjectRegion is like FieldRegion. Need to blast through it when
...
getting the base region. This makes the RemoveDeadBindings() correct.
llvm-svn: 123375
2011-01-13 12:46:31 +00:00
0d87e0c65b
Support inlining base initializers. We still haven't got it completely right,
...
since the bindings are purged after they are set up. Need to investigate
RemoveDeadBindings algorithm.
llvm-svn: 123374
2011-01-13 12:30:12 +00:00
304b6e4aa1
Fix a corner case in RegionStore where we assign
...
a struct value to a symbolic index into array.
RegionStore can't actually reason about this,
so we were getting bogus warnings about loading
uninitialized values from the array. The solution
is invalidate the entire array when we cannot
represent the binding explicitly.
Fixes <rdar://problem/8848957>
llvm-svn: 123368
2011-01-13 06:58:15 +00:00
f41bdd7c24
Rename 'HasGeneratedNode' to 'hasGeneratedNode'
...
and 'getBasePredecessor()' to 'getPredecessor()'.
Also remove a unneeded save-and-restore of
node builder's tag field.
llvm-svn: 123363
2011-01-13 04:36:46 +00:00
b86ec25256
Remove unnecessary save-and-restore of the
...
node builder's 'HasGeneratedNode' field.
llvm-svn: 123362
2011-01-13 04:36:40 +00:00
f044bd68e1
Remove CheckerContext's dependence on setting
...
the node builder's "tag" ivar (which we would
like to remove).
llvm-svn: 123361
2011-01-13 04:36:36 +00:00
ebbeb79234
Add some documentation for C++ static analyzer.
...
llvm-svn: 123313
2011-01-12 07:20:03 +00:00
4b7433fab2
[analyzer] Introduce ObjCSelfInitChecker, which checks initialization methods to verify that they assign 'self' to the
...
result of an initialization call (e.g. [super init], or [self initWith..]) before using any instance variable or
returning 'self'.
llvm-svn: 123264
2011-01-11 19:45:25 +00:00
9c23e6c689
[analyzer] Support post-visiting ObjCIvarRefExprs for checkers.
...
llvm-svn: 123263
2011-01-11 19:45:20 +00:00
1790c975e7
[analyzer] Add 'isLoad' parameter in Checker::visitLocation() to conveniently distinguish between loads/stores.
...
llvm-svn: 123261
2011-01-11 19:45:13 +00:00
841df11dab
Remove ProgramPoint parameter from GenericNodeBuilder::generateNode().
...
llvm-svn: 123240
2011-01-11 16:53:44 +00:00
9b76fa9b07
Rename GenericNodeBuilder to GenericNodeBuilderRefCount to avoid namespace clash using MSVC.
...
llvm-svn: 123228
2011-01-11 10:41:37 +00:00
a00bccc0c5
Rework ExprEngine::processCFGBlockEntrance()
...
to use a node builder. This paves the way
for Checkers to interpose (via a "visit" method)
at the entrance to blocks.
llvm-svn: 123217
2011-01-11 06:37:47 +00:00
f82068a994
Remove several silly methods from ento::CoreEngine
...
that just forwarded to ento::SubEngine.
llvm-svn: 123216
2011-01-11 04:49:40 +00:00
f4ef3d3ca1
Rename misc. methods in ento::Worklist to start
...
with lowercase letter.
llvm-svn: 123212
2011-01-11 02:34:50 +00:00
926c96211e
Rename misc. methods in GRSubEngine to start
...
with a lower-case letter. No functionality change.
llvm-svn: 123211
2011-01-11 02:34:45 +00:00
e503f89b4b
Replace all uses of PathV1::isDirectory with PathV2::fs::is_directory.
...
llvm-svn: 123208
2011-01-11 01:21:20 +00:00
fb060c9014
Fix CMakeLists.txt.
...
llvm-svn: 123167
2011-01-10 09:33:41 +00:00
40c9d8a4c5
Revert r123160. There are linking dependency problems.
...
llvm-svn: 123166
2011-01-10 09:23:01 +00:00
eff85ad41b
Unbreak the CMake build.
...
llvm-svn: 123162
2011-01-10 07:26:53 +00:00
7d4ab7d915
ExprEngine.cpp and AnalysisConsumer.cpp should not be in the Checkers directory.
...
llvm-svn: 123160
2011-01-10 05:52:42 +00:00
5609e21337
In C++, assignment and compound assignment operators return an lvalue.
...
llvm-svn: 123158
2011-01-10 03:54:19 +00:00
0710f5c5e1
The isPrefix() checking is redundant. Lvalue incremental/decremental expressions
...
are all prefixes.
llvm-svn: 123156
2011-01-10 03:22:57 +00:00
1d7926502f
Renamed CXXBaseOrMemberInitializer to CXXCtorInitializer. This is both shorter,
...
more accurate, and makes it make sense for it to hold a delegating constructor
call.
llvm-svn: 123084
2011-01-08 20:30:50 +00:00
35c7e84eb7
There is nothing interesting to analyze with a sizeof...(pack) expression
...
llvm-svn: 122818
2011-01-04 18:46:34 +00:00
e8e9dd624c
Implement support for pack expansions whose pattern is a non-type
...
template argument (described by an expression, of course). For
example:
template<int...> struct int_tuple { };
template<int ...Values>
struct square {
typedef int_tuple<(Values*Values)...> type;
};
It also lays the foundation for pack expansions in an initializer-list.
llvm-svn: 122751
2011-01-03 17:17:50 +00:00
2835efdc75
Set LLVM_NO_RTTI and LLVM_USED_LIBS for clangStaticAnalyzerCheckers
...
Patch by arrowdodger!
llvm-svn: 122747
2011-01-03 14:53:25 +00:00
5614c46fcf
Add basic support for pointer arithmetic in
...
SimpleSValBuilder. This clears up some
false positives emitted by ArrayBoundCheckerV2
due to the lack of support for pointer arithmetic.
llvm-svn: 122546
2010-12-24 08:39:33 +00:00
9d6af5328e
Remove the EntoSA directories.
...
llvm-svn: 122543
2010-12-24 06:19:58 +00:00
d99bd55a5e
Chris Lattner has strong opinions about directory
...
layout. :)
Rename the 'EntoSA' directories to 'StaticAnalyzer'.
Internally we will still use the 'ento' namespace
for the analyzer engine (unless there are further
sabre rattlings...).
llvm-svn: 122514
2010-12-23 19:38:26 +00:00
Benjamin Kramer