Commit Graph

47 Commits

Author SHA1 Message Date
Mark de Wever 9658d895c8 [Sema] Adds the pointer-to-int-cast diagnostic
Converting a pointer to an integer whose result cannot represented in the
integer type is undefined behavior is C and prohibited in C++. C++ already
has a diagnostic when casting. This adds a diagnostic for C.

Since this diagnostic uses the range of the conversion it also modifies
int-to-pointer-cast diagnostic to use a range.

Fixes PR8718: No warning on casting between pointer and non-pointer-sized int

Differential Revision: https://reviews.llvm.org/D72231
2020-02-16 15:38:25 +01:00
serge-sans-paille cee4a1c957 Improve support of GNU mempcpy
- Lower to the memcpy intrinsic
- Raise warnings when size/bounds are known

Differential Revision: https://reviews.llvm.org/D71374
2020-01-09 17:31:00 +01:00
Artem Dergachev 2b3f2071ec [analyzer] CStringChecker: Fix overly eager assumption that memcmp args overlap.
While analyzing code `memcmp(a, NULL, n);', where `a' has an unconstrained
symbolic value, the analyzer was emitting a warning about the *first* argument
being a null pointer, even though we'd rather have it warn about the *second*
argument.

This happens because CStringChecker first checks whether the two argument
buffers are in fact the same buffer, in order to take the fast path.
This boils down to assuming `a == NULL' to true. Then the subsequent check
for null pointer argument "discovers" that `a' is null.

Don't take the fast path unless we are *sure* that the buffers are the same.
Otherwise proceed as normal.

Differential Revision: https://reviews.llvm.org/D71322
2019-12-11 11:22:36 -08:00
Artem Dergachev 134faae042 [analyzer] CStringChecker: Improve warning messages.
Differential Revision: https://reviews.llvm.org/D71321
2019-12-11 11:22:36 -08:00
Kristof Umann 8cffa84850 [analyzer][NFC] Prettify some RUN: lines in test files.
This is a test commit in disguise.

llvm-svn: 361505
2019-05-23 15:49:04 +00:00
Erik Pilkington b6e16ea006 [Sema] Add some compile time _FORTIFY_SOURCE diagnostics
These diagnose overflowing calls to subset of fortifiable functions. Some
functions, like sprintf or strcpy aren't supported right not, but we should
probably support these in the future. We previously supported this kind of
functionality with -Wbuiltin-memcpy-chk-size, but that diagnostic doesn't work
with _FORTIFY implementations that use wrapper functions. Also unlike that
diagnostic, we emit these warnings regardless of whether _FORTIFY_SOURCE is
actually enabled, which is nice for programs that don't enable the runtime
checks.

Why not just use diagnose_if, like Bionic does? We can get better diagnostics in
the compiler (i.e. mention the sizes), and we have the potential to diagnose
sprintf and strcpy which is impossible with diagnose_if (at least, in languages
that don't support C++14 constexpr). This approach also saves standard libraries
from having to add diagnose_if.

rdar://48006655

Differential revision: https://reviews.llvm.org/D58797

llvm-svn: 356397
2019-03-18 19:23:45 +00:00
Clement Courbet 8c3343dfd5 [Builtins] Treat `bcmp` as a builtin.
Summary:
This makes it consistent with `memcmp` and `__builtin_bcmp`.

Also see the discussion in https://reviews.llvm.org/D56593.

Reviewers: jyknight

Subscribers: kristina, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D58120

llvm-svn: 354023
2019-02-14 12:00:34 +00:00
George Karpenkov a393e68b27 [analyzer] Move analyzer-eagerly-assume to AnalyzerOptions, enable by default
Differential Revision: https://reviews.llvm.org/D51251

llvm-svn: 340963
2018-08-29 20:29:17 +00:00
George Karpenkov 96871864d2 [analyzer] Hopefully fix the ARM buildbot.
llvm-svn: 328913
2018-03-31 02:17:15 +00:00
Dominic Chen 184c6242fa Reland 4: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296895
2017-03-03 18:02:02 +00:00
Dominic Chen 09d66f7528 Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468.

llvm-svn: 296841
2017-03-02 23:30:53 +00:00
Dominic Chen feaf9ff5ee Reland 3: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296837
2017-03-02 23:05:45 +00:00
Dominic Chen 4a90bf8c3f Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit f93343c099fff646a2314cc7f4925833708298b1.

llvm-svn: 296836
2017-03-02 22:58:06 +00:00
Dominic Chen 1cb0256a3c Reland 2: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296835
2017-03-02 22:45:24 +00:00
Dominic Chen 00355a51d0 Revert "Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830.

llvm-svn: 296422
2017-02-28 01:50:23 +00:00
Dominic Chen 59cd893320 Reland: [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296414
2017-02-28 00:02:36 +00:00
Dominic Chen 8589e10c30 Revert "[analyzer] NFC: Update test infrastructure to support multiple constraint managers"
This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787.

llvm-svn: 296317
2017-02-27 03:29:25 +00:00
Dominic Chen 02064a3076 [analyzer] NFC: Update test infrastructure to support multiple constraint managers
Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952.

Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin

Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits

Differential Revision: https://reviews.llvm.org/D30373

llvm-svn: 296312
2017-02-27 02:36:15 +00:00
Anna Zaks 2d2f137ed4 [analyzer] Make CStringChecker correctly calculate return value of mempcpy
The return value of mempcpy is only correct when the destination type is
one byte in size. This patch casts the argument to a char* so the
calculation is also correct for structs, ints etc.

A patch by Daniel Fahlgren!

llvm-svn: 219024
2014-10-03 21:48:54 +00:00
Ted Kremenek 722398f1d4 Fix analyzer tests.
llvm-svn: 162588
2012-08-24 20:39:55 +00:00
Jordy Rose 6d5a8caac3 [analyzer] Convert many existing tests to use clang_analyzer_eval.
llvm-svn: 156920
2012-05-16 16:01:10 +00:00
Anna Zaks b3b56bb960 [analyzer] CString Checker: Do not split the path unless the user
specifically checks for equality to null.

Enforcing this general practice, which keeps the analyzer less
noisy, in the CString Checker. This change suppresses "Assigned value is
garbage or undefined" warning in the added test case.

llvm-svn: 156085
2012-05-03 18:21:28 +00:00
Anna Zaks 0cdce4df76 [analyzer] Turn on by default the Malloc Checker and a couple of CString
checks:

- unix.Malloc - Checks for memory leaks, double free, use-after-free.
- unix.cstring.NullArg - Checks for null pointers passed as arguments to
CString functions + evaluates CString functions.
- unix.cstring.BadSizeArg - Checks for common anti-patterns in
strncat size argument.

llvm-svn: 150988
2012-02-20 21:10:37 +00:00
Anna Zaks e0c7c27473 [analyzer] Allow each CString check to be enabled/disabled
separately.

llvm-svn: 149947
2012-02-07 00:56:14 +00:00
Anna Zaks 87b6ff09f9 [analyzer] Add checks for common anti-patterns in strncat.
(Since this is syntax only, might be a good candidate for turning into a
compiler warning.)

llvm-svn: 149407
2012-01-31 19:33:39 +00:00
Ted Kremenek 3f955e6d89 [analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
Jordy Rose dceb0cf3f3 [analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
llvm-svn: 133406
2011-06-20 02:06:40 +00:00
Jordy Rose bc7483f505 [analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.
llvm-svn: 132958
2011-06-14 01:40:43 +00:00
Jordy Rose 097c5397a8 [analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
llvm-svn: 132617
2011-06-04 01:47:27 +00:00
Jordy Rose 63b84be6cb [analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
llvm-svn: 132607
2011-06-04 00:04:22 +00:00
Jordy Rose aee7fb9e64 [analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)
llvm-svn: 132605
2011-06-03 23:42:56 +00:00
Argyrios Kyrtzidis a9b630e4d7 Emit a -Wnull-dereference warning for "*null" not just "*null = something". Addresses rdar://9269271.
llvm-svn: 130207
2011-04-26 17:41:22 +00:00
Chris Lattner 57540c5be0 fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!

llvm-svn: 129559
2011-04-15 05:22:18 +00:00
Lenny Maiorani 79d74141b1 Adding Static Analyzer checker for mempcpy().
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.

llvm-svn: 128677
2011-03-31 21:36:53 +00:00
Ted Kremenek 49c79790de Rework checker "packages" and groups to be more hierarchical.
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
Argyrios Kyrtzidis 9eb02dfa89 [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
Argyrios Kyrtzidis 2c49ec7f1d [analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.

llvm-svn: 126659
2011-02-28 17:36:18 +00:00
Argyrios Kyrtzidis 21c9423ef4 [analyzer] Remove '-analyzer-experimental-checks' flag.
llvm-svn: 126607
2011-02-28 01:26:43 +00:00
Argyrios Kyrtzidis 2d3905ffac [analyzer] Use the new registration mechanism on some of the experimental checks. These are:
CStringChecker
   ChrootChecker
   MallocChecker
   PthreadLockChecker
   StreamChecker
   UnreachableCodeChecker

MallocChecker creates implicit dependencies between checkers and needs to be handled differently.

llvm-svn: 125598
2011-02-15 21:25:03 +00:00
Jordy Rose 722f558f07 Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes:
- Fix memcpy() and friends to actually invalidate the destination buffer.
- Emit a different message for out-of-bounds buffer accesses if the buffer is being written to.
- When conjuring symbols, let ValueManager figure out the type.

llvm-svn: 111120
2010-08-16 07:51:42 +00:00
Jordy Rose afdb053618 When checking if a buffer access is valid, first make sure the buffer has a valid Loc. Fixes PR7830.
llvm-svn: 110390
2010-08-05 23:11:30 +00:00
Tom Care 29a6250bf0 Added some false positive checking to UnreachableCodeChecker
- Allowed reporting of dead macros
- Added path walking function to search for false positives in conditional statements
- Updated some affected tests
- Added some false positive test cases

llvm-svn: 109561
2010-07-27 23:30:21 +00:00
Tom Care cba9f517ac Added an path-sensitive unreachable code checker to the experimental analyzer checks.
- Created a new class to do post-analysis
- Updated several test cases with unreachable code to expect a warning
- Added some general tests

llvm-svn: 109286
2010-07-23 23:04:53 +00:00
Jordy Rose d5d2e50f3e Cleanup in CStringChecker. Now properly bifurcates the state for zero/nonzero sizes.
llvm-svn: 107935
2010-07-08 23:57:29 +00:00
Jordy Rose 65136fb669 Add memcmp() and bcmp() to CStringChecker. These check for valid access to the buffer arguments and have a special-case for when the buffer arguments are known to be the same address, or when the size is zero.
llvm-svn: 107761
2010-07-07 08:15:01 +00:00
Jordy Rose 33c829a6fd Cleanup on CStringChecker and its associated tests. Also check for null arguments...which are allowed if the access length is 0!
llvm-svn: 107759
2010-07-07 07:48:06 +00:00
Jordy Rose 134a236a14 Add a new path-sensitive checker for functions in <string.h>, for both null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon.
llvm-svn: 107722
2010-07-06 23:11:01 +00:00