wangtao
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43,241 Commits 29 Branches 0 Tags 2.2 GiB
Commit Graph

51 Commits

Author SHA1 Message Date
Ted Kremenek a16dacb6aa Add placeholder code in the static analyzer for MemberExprs involving struct temporaries. 
llvm-svn: 50502
 2008-04-30 22:17:15 +00:00
Ted Kremenek ca67cab1e8 Add workaround for __builtin_offsetof in the static analyzer. 
llvm-svn: 50500
 2008-04-30 21:45:55 +00:00
Ted Kremenek 99057462aa Provide SizeOfAlignTypeExpr workaround in the static analyzer for taking the sizeof of a ObjCInterfaceType. 
llvm-svn: 50499
 2008-04-30 21:31:12 +00:00
Ted Kremenek 84dea154fc When creating LVals for array entries, canonicalize entries with a 0 index. 
llvm-svn: 50497
 2008-04-30 21:05:35 +00:00
Ted Kremenek 20d8006e93 Teach more of the static analyzer about ObjCQualifiedIdType. 
llvm-svn: 50494
 2008-04-30 20:17:27 +00:00
Ted Kremenek 0940b99e3b Teach the static analysis engine about ObjCQualifiedIdType. 
llvm-svn: 50493
 2008-04-30 20:01:29 +00:00
Ted Kremenek 5ce35cc514 Add conjured symbols for decl initializations. 
Add db_error as panic function.

llvm-svn: 50489
 2008-04-30 17:54:04 +00:00
Ted Kremenek 5cc9e60a5f Invalidate old subexpression bindings when binding UnknownVal. 
llvm-svn: 50466
 2008-04-30 04:23:07 +00:00
Ted Kremenek 10246e8bfa Add lval::ArrayOffset, which represent the locations of entries in an array. 
llvm-svn: 50453
 2008-04-29 23:24:44 +00:00
Ted Kremenek 0d2ccffa83 Added lval::FieldOffset, which represents symbolic lvalues for field offsets from other Lvalues. 
This removes the failure in null-deref-ps.c (test suite).

llvm-svn: 50449
 2008-04-29 22:17:41 +00:00
Ted Kremenek fa5a3d0fe7 Major rewrite/refactoring of static analysis engine. We now use 
EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us
to do checks for null dereferences, etc., at any arbitrary load/store (these
were missed checks before). This also resulted in some major cleanups, some
conceptual, and others just in the structure of the code.

This temporarily introduces a regression in the test suite (null-deref-ps.c)
before I add a new LVal type for structure fields.

llvm-svn: 50443
 2008-04-29 21:04:26 +00:00
Ted Kremenek ecbdf75049 Do a better job at computing dead symbols. 
Implemented support for better localized leaks in the CF reference count checker.
Now leaks should be flagged close to where they occur.

This should implement the desired functionality in <rdar://problem/5879592>, although the diagnostics still need to be improved.

llvm-svn: 50241
 2008-04-25 01:25:15 +00:00
Ted Kremenek ae8014cb7e More boilerplate for handling specialized-transfer function logic for dead symbols. 
llvm-svn: 50233
 2008-04-24 23:35:58 +00:00
Ted Kremenek 3812b7676c Added initial boilerplate in GRExprEngine to allow checker-specific transfer 
function logic to act when symbols become dead.

llvm-svn: 50221
 2008-04-24 18:31:42 +00:00
Ted Kremenek dd43aeee54 Fixed: <rdar://problem/5881148> 
Problem:

In the recently refactored VisitDeref (which processes dereferences), we
were incorrectly skipping the node just generated for the subexpression
of the dereference.  This was a horrible regression.

llvm-svn: 50176
 2008-04-23 20:12:28 +00:00
Ted Kremenek d2419a0730 Remove false path where the default branch in a switch statement would 
always be taken even if it was not feasible.

llvm-svn: 50132
 2008-04-23 05:03:18 +00:00
Ted Kremenek ef9af73887 Added panic function "assfail". 
llvm-svn: 50119
 2008-04-23 00:41:25 +00:00
Ted Kremenek 3b42715930 Rewrote VisitDeclStmt to properly handle initializers that can do anything. 
llvm-svn: 50112
 2008-04-22 22:25:27 +00:00
Ted Kremenek c79c0591d6 Added lval type (and tracking) for StringLiterals. 
llvm-svn: 50109
 2008-04-22 21:39:21 +00:00
Ted Kremenek eccf3e5821 Added "nonlval::LValAsInteger" to represent abstract LVals casted to integers, allowing us to track lvals when they are casted back to pointers. 
llvm-svn: 50108
 2008-04-22 21:10:18 +00:00
Ted Kremenek 80f2c111bd Added panic function "dtrace_assfail". 
llvm-svn: 50091
 2008-04-22 06:09:33 +00:00
Ted Kremenek a2cca7dbdf Hardcode "Assert" as a no-return function (panic). 
llvm-svn: 50089
 2008-04-22 05:37:33 +00:00
Ted Kremenek da5cdda248 Added null-dereference check for ArraySubscriptExpr. 
llvm-svn: 50083
 2008-04-22 04:56:29 +00:00
Ted Kremenek 38213f9573 Added support for detected bad dereferences involving MemberExprs, e.g. x->f where "x" is NULL. 
llvm-svn: 50071
 2008-04-21 23:43:38 +00:00
Ted Kremenek c072b820cf Fixed more caching bugs related to the one fixed in r49914. Silence 
compiler warning introduced by a recent patch of mine.

llvm-svn: 49917
 2008-04-18 20:35:30 +00:00
Ted Kremenek acefba896c Fixed elusive caching bug that led to false positives. 
llvm-svn: 49914
 2008-04-18 19:34:16 +00:00
Ted Kremenek 4d83728a57 Added "GetErrorNodes()" to BugType so that -trim-egraph can recognize errors 
from registered BugTypes.  This helps with debugging.

Add detection of NULL values in ref count checker; this suppresses false positives.

llvm-svn: 49912
 2008-04-18 19:23:43 +00:00
Ted Kremenek 3388381993 Added "EvalAssume" virtual method to GRTransferFuncs; this is for evaluating 
the checker-specific logic of symbolic assumptions.

llvm-svn: 49910
 2008-04-18 17:20:23 +00:00
Ted Kremenek 9c375158a0 Handle ReturnStmts by dispatching to "EvalReturn" in the transfer function object. 
llvm-svn: 49826
 2008-04-16 23:05:51 +00:00
Ted Kremenek 7145489c37 Small tweaks to EvalStore: pass an "RVal" instead of "LVal" for the TargetLV to 
represent possible stores to "Unknown."

llvm-svn: 49811
 2008-04-16 20:40:59 +00:00
Ted Kremenek 90c7cb6810 Hook up "EvalStore" from GRTransferFuncs to GRExprEngine. 
llvm-svn: 49804
 2008-04-16 18:39:06 +00:00
Ted Kremenek 2044a5183d Take first step to migrating handling of "stores" to values from GRExprEngine 
to the plug-in GRTransferFuncs object.

llvm-svn: 49801
 2008-04-16 18:21:25 +00:00
Ted Kremenek 667cacb2ff Added some comments to GRExprEngine. Reorder some of the method definitions 
to start logically organizing them.

Added initial plug-in transfer function support for Objective-C message expressions.

llvm-svn: 49752
 2008-04-15 23:06:53 +00:00
Steve Naroff 08899ff85d Remove FileVarDecl and BlockVarDecl. They are replaced by VarDecl::isBlockVarDecl() and VarDecl::isFileVarDecl(). 
This is a fairly mechanical/large change. As a result, I avoided making any changes/simplifications that weren't directly related. I did break two Analysis tests. I also have a couple FIXME's in UninitializedValues.cpp. Ted, can you take a look? If the bug isn't obvious, I am happy to dig in and fix it (since I broke it).

llvm-svn: 49748
 2008-04-15 22:42:06 +00:00
Ted Kremenek 4b77209694 Fixed some logic errors in the CF ref count checker; we now can detect simple 
use-after-release errors.  Added test case.

llvm-svn: 49509
 2008-04-10 23:44:06 +00:00
Ted Kremenek 7acc3a36ef Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter. 
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.

GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.

ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.

llvm-svn: 49453
 2008-04-09 21:41:14 +00:00
Chris Lattner 182f660d8d simplify some code by using PointerLikeType. 
llvm-svn: 49101
 2008-04-02 17:45:06 +00:00
Ted Kremenek f646774f32 Added path-sensitive check for return statements that return the address 
of a stack variable.  This is the path-sensitive version of a check that
is already done during semantic analysis.

llvm-svn: 48980
 2008-03-31 15:02:58 +00:00
Ted Kremenek 27156c8c9f Hooked up initial NSString interface checking to GRSimpleVals. 
llvm-svn: 48895
 2008-03-27 21:15:17 +00:00
Ted Kremenek c04149299c Added "GRAuditor" and "GRSimpleAPICheck" interface to allow simple stateless checkers to be injected into the analyzer. 
Added "AnnotatedPath" class to record an annotated path that will be useful for inspecting paths.
Added some boilerplate code for simple checks of Apple's Foundation API.

llvm-svn: 48867
 2008-03-27 07:25:52 +00:00
Ted Kremenek ea128437b3 Bug fix: use GetRVal instead of GetLVal (were getting the value of a DeclRefExpr, not it's address). 
llvm-svn: 48846
 2008-03-26 22:21:58 +00:00
Ted Kremenek cb047289a8 Bug fix in transfer function for ObjCMessageExpr: Visit the receiver expression as an ordinary expression, not using VisitLVal. 
llvm-svn: 48842
 2008-03-26 21:36:08 +00:00
Ted Kremenek 3335120f69 Tweak to transfer function for ObjCMessageExpr: handle both instance methods 
and message expressions with a specified receiver.

llvm-svn: 48773
 2008-03-25 16:07:41 +00:00
Ted Kremenek 945a246ad8 Added logic to check for uninitialized values as the receivers for message expressions 
and uninitialized values passed-by-value as arguments to message expressions.

llvm-svn: 48760
 2008-03-25 02:10:28 +00:00
Ted Kremenek 64100da427 Added initial transfer function support for ObjCMessageExpr. 
llvm-svn: 48757
 2008-03-25 00:34:37 +00:00
Ted Kremenek 181f72369f Rename "Nodify" to "MakeNode" 
llvm-svn: 48659
 2008-03-21 21:30:14 +00:00
Ted Kremenek a9b30c0651 Fix assertion. 
llvm-svn: 48470
 2008-03-17 22:18:22 +00:00
Ted Kremenek 9eae403cde Fix integer overflow bug when processing switch statements. 
llvm-svn: 48469
 2008-03-17 22:17:56 +00:00
Ted Kremenek 58021a617b Properly hook up inline asm transfer function logic to the main GRExprEngine logic. 
llvm-svn: 48468
 2008-03-17 21:31:48 +00:00
Ted Kremenek 7c7a331f74 Added initial transfer function support for inline asm. 
llvm-svn: 48466
 2008-03-17 21:11:24 +00:00