wangtao
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
89,149 Commits 29 Branches 0 Tags 2.2 GiB
Commit Graph

353 Commits

Author SHA1 Message Date
Jordy Rose 722f558f07 Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes: 
- Fix memcpy() and friends to actually invalidate the destination buffer.
- Emit a different message for out-of-bounds buffer accesses if the buffer is being written to.
- When conjuring symbols, let ValueManager figure out the type.

llvm-svn: 111120
 2010-08-16 07:51:42 +00:00
Jordy Rose df28e8ec41 - Allow making ElementRegions with complex offsets (expressions or symbols) for the purpose of bounds-checking. 
- Rewrite GRState::AssumeInBound to actually do that checking, and to use the normal constraint path.
- Remove ConstraintManager::AssumeInBound.
- Teach RegionStore and FlatStore to ignore those regions for now.

llvm-svn: 111116
 2010-08-16 01:15:17 +00:00
Jordy Rose d2b777a409 Move GRState's bind* methods out of its header file -- they're too big for inlining now. 
llvm-svn: 111113
 2010-08-15 22:19:33 +00:00
Zhongxing Xu ee770d40fd StoreManager::RemoveDeadBindings() can take a Store instead of an entire GRState now. 
llvm-svn: 111103
 2010-08-15 12:45:09 +00:00
Zhongxing Xu 0ba9fd6c47 Remove redundant method. 
llvm-svn: 111099
 2010-08-15 10:08:38 +00:00
Zhongxing Xu bce831f7e0 Implement MallocChecker::EvalDeadSymbols() with the new API. This time we 
iterate over symbols being tracked, instead of symbols being dead.

llvm-svn: 111097
 2010-08-15 08:19:57 +00:00
Argyrios Kyrtzidis 1cec2cc798 Remove dead code, caught by unused function warnings. 
llvm-svn: 111091
 2010-08-15 01:15:58 +00:00
Jordy Rose 2a2e21c902 Update CStringChecker to take advantage of the new metadata symbols and region change callback. Now does basic tracking of string length for general regions. Currently this is still only used for modeling strlen(). 
llvm-svn: 111081
 2010-08-14 21:02:52 +00:00
Jordy Rose ac0ab20e3b Add a callback for when region changes occur. Still somewhat of a work-in-progress, but working! Effect on clients: all changes to a store now go through GRState. 
llvm-svn: 111078
 2010-08-14 20:44:32 +00:00
Jordy Rose 1f3a553b9b Another metadata symbol change (missed a file) 
llvm-svn: 111077
 2010-08-14 20:22:12 +00:00
Jordy Rose 7fa9bf05bc Add a new metadata symbol type for checkers to use. Metadata symbols must be associated with a region and will be collected if the region dies or its checker fails to mark it as in use. 
llvm-svn: 111076
 2010-08-14 20:18:45 +00:00
Eli Friedman a2622dd266 Zap unused UnaryOperator::OffsetOf. 
llvm-svn: 110996
 2010-08-13 01:36:11 +00:00
Tom Care af9bbad718 Small changes to UnreachableCodeChecker 
- Added detection of Empty CFGBlocks (artificial blocks)
- Relaxed an assertion based on an incorrect assumption until further investigation

llvm-svn: 110974
 2010-08-12 23:01:06 +00:00
Tom Care f8a9863df9 Improved IdempotentOperationChecker false positives and false negatives. 
- Unfinished analysis may still report valid warnings if the path was completely analyzed
- New 'CanVary' heuristic to recursively determine if a subexpression has a varying element
- Updated test cases, including one known bug
- Exposed GRCoreEngine through GRExprEngine

llvm-svn: 110970
 2010-08-12 22:45:47 +00:00
Jordy Rose 5af0e3cbba Remove OwnershipAttr::Kind, since it's essentially redundant with attr::Kind the way it's being used. Also fix isa<OwnershipAttr> support, break more-than-80-char lines, and other miscellaneous ownership attr cleanup. 
llvm-svn: 110908
 2010-08-12 08:54:03 +00:00
Jordy Rose 2f7ee3ca40 Actually use reduced set of checkers in EvalAssume. 
llvm-svn: 110904
 2010-08-12 04:05:07 +00:00
Zhongxing Xu 8de0a3d8c3 MemRegion can refer to ASTContext without external help. 
llvm-svn: 110784
 2010-08-11 06:10:55 +00:00
Ted Kremenek 2b4adffa16 Have GRCoreEngine record the blocks where analysis was aborted because we visited a block too many times along a given path. This is to support the unreachable code analysis. 
llvm-svn: 110755
 2010-08-11 00:03:02 +00:00
Jordy Rose c6c0fc9164 Allow EvalBinOpNN to handle expressions of the form $a+$b if $b can be reduced to a constant. 
llvm-svn: 110592
 2010-08-09 20:31:57 +00:00
Douglas Gregor 8b2d2fe234 Allow reference binding of a reference of Objective-C object type to 
an lvalue of another, compatible Objective-C object type (e.g., a
subclass). Introduce a new initialization sequence step kind to
describe this binding, along with a new cast kind. Fixes PR7741.

llvm-svn: 110513
 2010-08-07 11:51:51 +00:00
Tom Care 925501c548 Removed IdempotentOperationChecker from default analysis and returned back to a flag (-analyzer-check-idempotent-operations) 
- Added IdempotentOperationChecker to experimental analyses for testing purposes
- Updated test cases to explictly call the checker

llvm-svn: 110482
 2010-08-06 22:23:07 +00:00
Ted Kremenek 0bbf24d579 Fix 80 col. violations. 
llvm-svn: 110473
 2010-08-06 21:12:55 +00:00
Ted Kremenek 63dc1f4694 Nest variable declaration into into 'if' condition, thus restricting the scope of the variable and condensing the code. 
llvm-svn: 110472
 2010-08-06 21:12:53 +00:00
Ted Kremenek b0c67c85db Use 'GenerateNode()' instead of 'GenerateSink()' when reporting a leak. A leak is not a hard enough bug to stop analyzing a path. 
llvm-svn: 110471
 2010-08-06 21:12:49 +00:00
Zhongxing Xu 44207a9e9f If all nodes are sunk, bail out early. This make the later check for checkersEvaluated really meaningful. 
llvm-svn: 110430
 2010-08-06 04:20:59 +00:00
Zhongxing Xu cf61a0639d Don't assert on a file stream if its state is not tracked. Fix pr7831. 
llvm-svn: 110392
 2010-08-05 23:24:13 +00:00
Jordy Rose afdb053618 When checking if a buffer access is valid, first make sure the buffer has a valid Loc. Fixes PR7830. 
llvm-svn: 110390
 2010-08-05 23:11:30 +00:00
Tom Care 16ba7c652e Fixed logic error in UnreachableCodeChecker's marking algorithm that would sometimes allow for multiple sequential statements to be flagged. 
llvm-svn: 110353
 2010-08-05 17:53:44 +00:00
Ted Kremenek 9c22219d9c Revert r110317, and add a comment why the assertion is not an invariant. 
llvm-svn: 110330
 2010-08-05 15:03:30 +00:00
Eli Friedman 0cdda02f44 Make checker recognize OffsetOfExpr as a form of __builtin_offsetof. 
llvm-svn: 110320
 2010-08-05 09:43:11 +00:00
Zhongxing Xu 478fdb16db Turn the predicate into an assertion. When could the unequal case happen? 
llvm-svn: 110317
 2010-08-05 07:38:23 +00:00
Jordy Rose 28041c29af Tweak GRState::unbindLoc to use makeWithStore, and make sure it's only called for non-region locations. 
llvm-svn: 110310
 2010-08-05 03:33:56 +00:00
Jordy Rose c88c74cb2f Remove InvalidateRegion from stores, since it's no longer called from outside. 
llvm-svn: 110309
 2010-08-05 03:28:45 +00:00
Ted Kremenek 1d08fd9b79 Correctly handle 'Class<...>' when examining Cocoa conventions in the static analyzer. Fixes a crash reported in <rdar://problem/8272168>. Patch by Henry Mason! 
llvm-svn: 110289
 2010-08-05 00:19:24 +00:00
Jordy Rose c36df4d0b7 Change the checker callback cache in GRExprEngine to be more compact (and IMHO a little easier to understand), and add the same sort of caching for EvalAssume (tied for least-used callback), mostly as proof-of-concept. 
Before we go further with these, we should figure out a way to reuse the visit-and-cache code in CheckerVisit.

llvm-svn: 110191
 2010-08-04 07:10:57 +00:00
Tom Care be633d91d0 Improved false positive detection and numerous small issues in UnreachableCodeChecker 
- Reporting now uses getUnreachableStmt which returns the Stmt* we should report
- Indexing of reachable and visited blocks now use CFGBlock ID's instead of pointers
- The CFG used in the unreachable search is now the unoptimized CFG
- Added 'Dead code' category to warnings
- Removed obsolete function getCondition
- Simplified false positive detection based on properties of FindUnreachableEntryPoints

llvm-svn: 110148
 2010-08-03 21:24:13 +00:00
Jordy Rose ddec092641 Makes GRState::makeWithStore private, to encourage clients to make store changes through GRState instead of directly accessing the StoreManager. Also adds cover methods for InvalidateRegion(s) and EnterStackFrame to GRState. 
This is in preparation for proposed region change notifications. No functionality change.

llvm-svn: 110137
 2010-08-03 20:44:35 +00:00
Zhongxing Xu 42b8c30de6 Allow offsets to be negative. Out-of-bound cases are checked elsewhere. We 
shouldn't put restrictions in store manager.

llvm-svn: 110106
 2010-08-03 06:34:25 +00:00
Zhongxing Xu 83734e46ce Pull the region offset computation logic into a single method. 
llvm-svn: 110102
 2010-08-03 04:52:05 +00:00
Tom Care 44081fbc6c Changed GRExprEngine to pass down a reference to itself when checkers are doing postanalysis. This allows the checker to gather information about the state of the engine when it has finished. 
- Exposed the worklist and BlockAborted flag in GRCoreEngine
- Changed postanalysis checkers to use the new infrastructure

llvm-svn: 110095
 2010-08-03 01:55:07 +00:00
Ted Kremenek 4a2b237967 Add -cc1 option '-unoptimized-cfg' to toggle using a CFG (for static analysis) that doesn't prune CFG edges. 
llvm-svn: 110087
 2010-08-03 00:09:51 +00:00
Ted Kremenek 297e2e5bf6 Fix idempotent operations false positive caused by ivars not being invalidated in function 
calls when the enclosing object had retain/release state.  Fixes <rdar://problem/8261992>.

llvm-svn: 110068
 2010-08-02 21:59:12 +00:00
John McCall 8b0f4ff317 Further adjustments to -Wglobal-constructors; works for references and direct 
initializations now.

llvm-svn: 110063
 2010-08-02 21:13:48 +00:00
Ted Kremenek 8a4a2b14e8 'Assumption &A' gets default initialized to 'Possible' if it doesn't exist; no need to two 
lookups in the hashtable.

llvm-svn: 110059
 2010-08-02 20:33:02 +00:00
Zhongxing Xu fd91d27630 Improve flat store: MemRegion::getAsOffset() computes a region's offset within 
the top-level object. FlatStore now can bind and retrieve element and field
regions.
PR7297 is fixed by flat store.

llvm-svn: 110020
 2010-08-02 04:56:14 +00:00
Ted Kremenek d21139a34f After a lengthy design discussion, add support for "ownership attributes" for malloc/free checking. Patch by Andrew McGregor! 
llvm-svn: 109939
 2010-07-31 01:52:11 +00:00
Tom Care 18f67e669f Uncomment unfinished work bailout in IdempotentOperationsChecker. 
llvm-svn: 109893
 2010-07-30 21:14:15 +00:00
Jordy Rose daa1c83413 Use a LazyCompoundVal to handle initialization with a string literal, rather than copying each character. 
llvm-svn: 109734
 2010-07-29 06:40:33 +00:00
Ted Kremenek 8bedb7dd3f Teach GRExprEngine::VisitLValue() about FloatingLiteral, ImaginaryLiteral, and CharacterLiteral. Fixes an assertion failure reported in PR 7675. 
llvm-svn: 109719
 2010-07-29 01:31:59 +00:00
Ted Kremenek 385f71b1f4 Augment RegionStore::BindStruct() to bind symbolicated struct values. This fixes a false path issue reported in <rdar://problem/8243408> and also spurs another cause where the idempotent operations checker fires. 
llvm-svn: 109710
 2010-07-29 00:28:47 +00:00