b0b7d28f67
Fixed horrid bug in LiveVariables analysis where we were only merging at
...
confluence points the liveness information for variables (Decls) and NOT
block-level expressions.
llvm-svn: 47506
2008-02-22 23:17:20 +00:00
43638a87e5
Punt on unifying symbolic lvalues. This won't be needed for many checkers.
...
llvm-svn: 47489
2008-02-22 18:41:59 +00:00
cb507025d4
Added "assumption" logic for lval::FuncVal and lval::GotoLabel, and simplified
...
assumption logic for lval::DeclVal.
llvm-svn: 47466
2008-02-22 00:54:56 +00:00
51017b5432
Bug fix: For transfer function for unary "!", compare the subexpression value
...
against '0' of the same bit-width.
llvm-svn: 47465
2008-02-22 00:42:36 +00:00
20c91421fe
Bug fix in liveness: Only compute liveness information for VarDecls.
...
llvm-svn: 47464
2008-02-22 00:34:10 +00:00
eb653882de
Return "Unknown" when using the value of a function pointer whose value
...
is symbolic.
llvm-svn: 47463
2008-02-21 23:17:39 +00:00
9f1ed12bc4
Added transfer function support for dispatching to functions we don't know
...
about. The default logic is to invalidate the values of all values
passed-by-reference.
llvm-svn: 47456
2008-02-21 19:46:04 +00:00
e82c7a44d6
RemoveDeadBindings should now check for UninitalizedVal, as it is a now
...
an error to cast it to LVal.
llvm-svn: 47450
2008-02-21 19:30:14 +00:00
7328fa6ec8
Regression fix: Handle pointer arithmetic in unary ++/--.
...
llvm-svn: 47449
2008-02-21 19:29:23 +00:00
7f8ebb73af
Removed bogus assertions regard LValues binding to UnknownVal; they can
...
do so implicitly.
llvm-svn: 47447
2008-02-21 19:15:37 +00:00
d21429a8e7
Remove incorrect casts from UnknownVal to NonLVal.
...
llvm-svn: 47446
2008-02-21 19:10:12 +00:00
b1e3218125
FIX: Promote the correct operand.
...
llvm-svn: 47445
2008-02-21 18:46:24 +00:00
7e4861b3c1
Simplified and generalized transfer function logic for casts, allowing
...
the transfer function to be invoked without an Expr* for the Cast operation.
Added implicit promotions to the transfer function logic for compound
assignments.
llvm-svn: 47444
2008-02-21 18:43:30 +00:00
d2332f9625
Added transfer function support for sizeof(void)
...
llvm-svn: 47443
2008-02-21 18:15:29 +00:00
7f0639b039
Major cleanup of path-sensitive analysis engine and the current analysis
...
based on constant. prop. and limited symbolics.
- Renamed class: RValue -> RVal, LValue -> LVal, etc.
- Minor method renamings and interface cleanups.
- Tightened the RVal "type system" so that UninitializedVal and UnknownVal
cannot be cast to LVal or NonLVal. This forces these corner cases values
to be explicitly handled early before being dispatched to plug-in transfer
function logic.
- Major cleanup in the transfer function logic for binary and unary operators.
Still fixing some regressions, but we now explicitly handle Uninitialized
and Unknown values in a more rigorous way.
llvm-svn: 47441
2008-02-21 18:02:17 +00:00
34e83b80fd
Implemented transfer function logic for unary '+'
...
llvm-svn: 47357
2008-02-20 04:12:31 +00:00
b597bb9c4a
Placed transfer function logic for dereferences in its own method, while at
...
the same time clearing up some logic of how the unary '*' operator is processed.
llvm-svn: 47356
2008-02-20 04:02:35 +00:00
4ae9985285
Added missing case in constant propagation logic for handling the Xor of
...
two concrete integer values.
llvm-svn: 47341
2008-02-19 20:53:37 +00:00
9c08512656
Added special handling for UninitializedVals for the transfer function logic
...
for pointer dereferences.
llvm-svn: 47340
2008-02-19 20:53:06 +00:00
4baef06bbc
Implemented "getType()" for symbolic values representing the "contents" of
...
another symbolic value.
llvm-svn: 47339
2008-02-19 20:51:40 +00:00
9fd2531b5e
Fixed transfer function for casts to always evaluate the effects of the
...
cast's subexpression even if the cast itself has no effect.
llvm-svn: 47335
2008-02-19 18:52:54 +00:00
fe0b5740ce
Added transfer function support for casting to "void".
...
llvm-svn: 47333
2008-02-19 18:47:04 +00:00
86dc7ae58e
Fixed bug classof() bug with RValues that could cause an UninitializedVal
...
or UnknownVal to be interpreted as an actual NonLValue/LValue.
llvm-svn: 47304
2008-02-19 02:34:18 +00:00
8b51dc2754
Added back explicit state/node creation when visiting IntegerLiterals and
...
CharacterLiterals. This may not be a permanent solution; it doesn't cost that
much, however, to create a few additional states, and solves a whole bunch
of edge cases when handling ?, ||, and &&.
llvm-svn: 47299
2008-02-19 02:01:16 +00:00
e0188e6ad7
Added boilerplate transfer function support for CallExprs.
...
llvm-svn: 47298
2008-02-19 01:44:53 +00:00
58cc30b64b
Added FIXME for properly handling local arrays using symbolic LValues.
...
For now we just treat their values as "Unknown."
llvm-svn: 47294
2008-02-19 00:29:51 +00:00
0f7130adc4
--grsimple now reports the number of nodes in the ExplodedGraph for
...
an analyzed function.
GRExprEngine now records stores to "uninitialized lvalues" (which are sinks in
the ExplodedGraph).
llvm-svn: 47293
2008-02-19 00:22:37 +00:00
346169fa3d
Added more assertions and checks in transfer function logic to check for
...
UninitializedVals and UnknownVals.
llvm-svn: 47288
2008-02-18 22:57:02 +00:00
3b1beb224b
Temporary solution to push analysis through to analyzing PCRE.
...
We will implement symbol "unification" later.
llvm-svn: 47284
2008-02-18 21:19:49 +00:00
1d88371663
A couple of msvc compile fixes from the ml; I haven't tested with msvc,
...
but the fixes are reasonable.
llvm-svn: 47224
2008-02-16 23:17:23 +00:00
074965c5cb
Further cleanup. Moved definitions for SymbolManager and ValueManager into
...
their own [.cpp;.h] files.
llvm-svn: 47201
2008-02-16 01:12:31 +00:00
6698cb8aa3
Refactored code for transfer functions for binary operators involving two LValues.
...
Fixed bug in transfer functions for sizeof(*); we were incorrectly evaluating to
a value of the wrong type.
Fixed bug in transfer functions for compound assignments where we did not properly
handle assignments involving dereferences of symbolic values.
llvm-svn: 47190
2008-02-15 23:15:23 +00:00
8db4b110c3
Added transfer function support for conditional branches with a NULL condition (e.g., "for(;;)").
...
Fixed bug in transfer function for compound assignment operators when both operands where variables but had a non-pointer type (we fired an assertion).
llvm-svn: 47184
2008-02-15 22:29:00 +00:00
e81734b01c
Simplified transfer function logic for ++/-- operators.
...
Added more boilerplate transfer function support for pointer arithmetic.
Added more pretty-printing support for symbolic constraints.
Added transfer function support for handling enum values.
Minor pointer types cleanup in ExplodedGraphImpl.
llvm-svn: 47183
2008-02-15 22:09:30 +00:00
783a5c262b
Remove unnecessary references to VariableArrayType from Analysis.
...
llvm-svn: 47157
2008-02-15 12:28:27 +00:00
bc0ba39a1e
Added boilerplate transfer function support for pointer arithmetic operations.
...
llvm-svn: 47147
2008-02-15 00:52:26 +00:00
e161afc4dd
Added --grsimple-view option to clang driver; this is the same as
...
--grsimple except that it visualizes the ExplodedGraph using dot and
outputs the current function being analyzed. --grsimple is now silent
except when it emits diagnostics.
llvm-svn: 47146
2008-02-15 00:35:38 +00:00
8e6f6e05c3
Added "symbol iterators" for RValues, allowing easy iteration over the symbols
...
referenced by an RValue, instead of having to query the type of the RValue.
Modified ValueState::RemoveDeadBindings to also prune dead symbols.
llvm-svn: 47142
2008-02-14 23:25:54 +00:00
5b70a22656
When visualizing ExplodedNodes created by GRExprEngine, color nodes with
...
null-dereferences or bad control-flow red.
llvm-svn: 47140
2008-02-14 22:54:53 +00:00
5d8bab7ecd
Don't analyze functions when we have parse errors.
...
llvm-svn: 47139
2008-02-14 22:54:17 +00:00
d3122cb83c
Renamed GRConstants => GRSimpleVals.
...
Moved driver logic for --grsimple to GRSimpleVals.cpp.
llvm-svn: 47137
2008-02-14 22:36:46 +00:00
bd8957b6b2
#include cleanups in GRExprEngine.cpp/GRExprEngine.h. Moved GRExprEngine to
...
clang namespace.
llvm-svn: 47136
2008-02-14 22:16:04 +00:00
64de207c52
Partitioned definition/implementation of GRExperEngine into .h and .cpp.
...
Still some cleanup to do, but this initial checkin compiles and runs correctly.
llvm-svn: 47135
2008-02-14 22:13:12 +00:00
cf7cf8e8b0
Migrated transfer functions for binary operators for simple value tracking
...
from RValues to GRTransferFuncs/GRSimpleVals.
llvm-svn: 47131
2008-02-14 19:37:24 +00:00
4bad8f7ad6
Migrated transfer functions for unary "~" and "-" to GRTransferFuncs/GRSimpleVals.
...
llvm-svn: 47126
2008-02-14 18:40:24 +00:00
3ca942969e
Started partitioning of transfer function logic (and thus the policy behind
...
these operations) into GRTransferFuncs and its subclasses. Originally all
of this logic was handled by the class RValue, but in reality different
analyses will want more flexibility on how they evaluate different values.
Transfer functions migrated so far: "Cast"
llvm-svn: 47125
2008-02-14 18:28:23 +00:00
747c777bde
Moved Rvalues.h from "Analysis/" to "include/clang/Analysis/PathSensitive".
...
llvm-svn: 47123
2008-02-14 17:30:51 +00:00
80ebc1d1c9
Added support to GRCoreEngine/GRExprEngine for processing control-flow
...
from switch...case...default statements.
llvm-svn: 47100
2008-02-13 23:08:21 +00:00
cd44b12f96
Fixed 80 col violations.
...
llvm-svn: 47076
2008-02-13 18:06:44 +00:00
755d39b233
Unbreak the build.
...
llvm-svn: 47072
2008-02-13 17:45:18 +00:00
Ted Kremenek