Commit Graph

535 Commits

Author SHA1 Message Date
Eli Friedman fd9b1094b8 Fix silly mistake I made applying patch to fix test.
llvm-svn: 75303
2009-07-10 22:27:56 +00:00
Ted Kremenek e057d4e5a9 Rename test file.
llvm-svn: 75297
2009-07-10 21:48:43 +00:00
Ted Kremenek 3fcf628b40 RegionStoreManager also passes this test file.
llvm-svn: 75296
2009-07-10 21:48:10 +00:00
Ted Kremenek 488495e491 RegionStoreManager now correctly passes this test file.
llvm-svn: 75295
2009-07-10 21:45:10 +00:00
Ted Kremenek 6cb2a34e3c Test case in test/Analysis/xfail_regionstore_wine_crash.c no longer fails, so
move this case to 'test/Analysis/misc-ps.m' to test with both BasicStoreManager
and RegionStoreManager.

llvm-svn: 75294
2009-07-10 21:43:30 +00:00
Ted Kremenek bf73ad47a8 Revert r75281 and simply remove the assertion in NewCastRegion that
CodeTextRegions can only be casted to FunctionPointer or BlockPointerTypes. This
simply isn't true. We can handle bogus operations on CodeTextRegions (e.g, an
array access) elsewhere.

llvm-svn: 75285
2009-07-10 21:24:45 +00:00
Ted Kremenek 6c94771a0b Fix crash in StoreManager::NewCastRegion regarding handling casts to void*,
void**, void***, etc.  Such casts should just pass the region through.

llvm-svn: 75281
2009-07-10 21:11:16 +00:00
Eli Friedman 7d369cd2a6 Misc fixes to fix tests on OpenBSD, per email to cfe-commits. Patches
by Jonathan Gray and Krister Walfridsson.

llvm-svn: 75268
2009-07-10 20:10:06 +00:00
Ted Kremenek f66557978e Switch BasicStoreManager to use the new CastRegion implementation by default,
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.

llvm-svn: 75209
2009-07-10 00:41:58 +00:00
Ted Kremenek 8ee3dd7cc5 Fix: <rdar://problem/7034511> ValueManager::makeIntVal(uint64_t X, QualType T) should return a 'Loc' when 'T' is a pointer
llvm-svn: 75062
2009-07-08 22:42:46 +00:00
Ted Kremenek 97213bac53 NewCastRegion: Handle casts *from* pointers to incomplete structs to other types.
llvm-svn: 74884
2009-07-06 23:47:19 +00:00
Ted Kremenek c5ab3a0eab StoreManager::NewCastRegion:
- Refactor logic that creates ElementRegions into a help method 'MakeElementRegion'.
- Fix crash due to not handling StringRegions.  Casts of StringRegions now
  result in a new ElementRegion layered on the original StringRegion.

llvm-svn: 74867
2009-07-06 22:23:45 +00:00
Ted Kremenek eea8c29aa3 Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line using '-analyzer-store=basic-new-cast'.
llvm-svn: 74865
2009-07-06 21:58:46 +00:00
Ted Kremenek 0578e43862 Fix <rdar://problem/7033733>. The CF_RETURNS_RETAINED attribute should work if the return type on an Objective-C method is a CF type reference, not just an Objective-C object reference.
llvm-svn: 74841
2009-07-06 18:30:43 +00:00
Zhongxing Xu 9988bab609 add test case for r74407.
llvm-svn: 74761
2009-07-03 05:33:23 +00:00
Ted Kremenek 0b0f206efa Fix a horrible CFG bug reported in <rdar://problem/7027684>. The wrong successor
block would get hooked up in some cases when processing empty compound
statements.

llvm-svn: 74743
2009-07-03 00:10:50 +00:00
Ted Kremenek 725b4a3a51 Enhance RegionStore to lazily symbolicate fields and array elements for
structures passed-by-value as function arguments.

llvm-svn: 74729
2009-07-02 22:02:15 +00:00
Ted Kremenek a8a295f2d9 Temporarily disable RegionStore for stack-addr-ps.c, as a new test case reveals
a case where RegionStore doesn't create symbolic values for the fields of
structs that are passed-by-value.

llvm-svn: 74662
2009-07-01 23:24:11 +00:00
Ted Kremenek 55e07efeed Add a FIXME to RegionStore, do some minor code cleanup, and get RegionStore to
pass misc-ps.m. Currently RegionStore/BasicStore don't do any special reasoning
about clang-style vectors, so we should return UnknownVal (in all cases) when
accessing their values via an array.

llvm-svn: 74660
2009-07-01 23:19:52 +00:00
Zhongxing Xu e205d43c75 When retrieving element region, if its super region has binding, return
unknown for it.

Mark the super region of a live region as live, if the live region is pointed
to by a live pointer variable.

These fixes xfail_regionstore_wine_crash.c.

llvm-svn: 74524
2009-06-30 12:32:59 +00:00
Zhongxing Xu 4744d560b8 Invalidate the alloca region by setting its default value to conjured symbol.
llvm-svn: 74419
2009-06-29 06:43:40 +00:00
Zhongxing Xu 55e070031f Now this test case passes.
llvm-svn: 74410
2009-06-28 14:25:10 +00:00
Zhongxing Xu 6f610707cf Invalidate a field of struct type by setting its default value to conjured
symbol.

llvm-svn: 74408
2009-06-28 13:59:24 +00:00
Ted Kremenek 1642bdaaa5 Introduce a new concept to the static analyzer: SValuator.
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.

We now have one implementation of SValuator: SimpleSValuator.

SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.

As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.

llvm-svn: 74229
2009-06-26 00:05:51 +00:00
Zhongxing Xu 540c009fbe Return UnknownVal for pointer arithmetic on struct fields.
llvm-svn: 73851
2009-06-21 13:24:24 +00:00
Zhongxing Xu 54fb536b5c A further step of r73690: associate the cast-to type with the created symbol,
because the type of the symbol is used to create the default range. We need the
sign to be consistent.

llvm-svn: 73756
2009-06-19 06:00:32 +00:00
Zhongxing Xu cc45762253 If the SymbolicRegion was cast to another type, use that type to create the
ElementRegion.

llvm-svn: 73754
2009-06-19 04:51:14 +00:00
Zhongxing Xu b21175ccbe Modify test case comments.
llvm-svn: 73691
2009-06-18 06:49:35 +00:00
Zhongxing Xu cea6578078 When casting region, if we do not create an element region, record the cast-to
type. 

When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.

llvm-svn: 73690
2009-06-18 06:29:10 +00:00
Ted Kremenek dc935e99e2 Add IOKit test cases for retain/release checker.
llvm-svn: 73549
2009-06-16 20:44:39 +00:00
Zhongxing Xu 838a0db0ba Use canonical type for building ElementRegion. Otherwise ElementRegions cannot
be unique.

llvm-svn: 73482
2009-06-16 09:55:50 +00:00
Zhongxing Xu e531f048f8 Do not invalidate unboundable regions in GRSimpleVals::EvalCall().
llvm-svn: 73474
2009-06-16 06:18:21 +00:00
Zhongxing Xu 519a47d4bd Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the
comments for added test case for details.

llvm-svn: 73189
2009-06-11 09:11:27 +00:00
Ted Kremenek a03705c82d Fix:
<rdar://problem/6948053> False positive: object substitution during -init* methods warns about returning +0 when using -fobjc-gc-only

llvm-svn: 72971
2009-06-05 23:18:01 +00:00
Ted Kremenek ea1c221334 Enhance attribute cf_returns_retained to also work (in the analyzer)
for non-Objctive-C pointer types.  This implicitly documents that the
return type is a CF object reference.

llvm-svn: 72968
2009-06-05 23:00:33 +00:00
Eli Friedman 8001b35d5d Clean up builtin lists, add a few new builtins. (I re-sorted the
string.h builtins to be in the same order as the list in the C99 
standard.)

llvm-svn: 72882
2009-06-04 19:35:30 +00:00
Ted Kremenek 2d22c84b4a Add more retain-checker tests for GC mode when using NSMakeCollectable.
llvm-svn: 72799
2009-06-03 19:19:06 +00:00
Ted Kremenek 1036912118 Add special cases to retain checker for 'create' methods in QCView, QCRenderer, and CIContext (Apple APIs).
This fixes:

<rdar://problem/6902710> clang: false positives w/QC and CoreImage methods.

llvm-svn: 72187
2009-05-20 22:39:57 +00:00
Zhongxing Xu 1075cc0b02 Treat AllocaRegion as SymbolicRegion in RegionStore::Retrieve().
llvm-svn: 72166
2009-05-20 09:18:48 +00:00
Zhongxing Xu 1f275ba1b4 Add comments to test case.
llvm-svn: 72165
2009-05-20 09:03:10 +00:00
Zhongxing Xu a7907608fb * API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
RegionStore needs to know the type of alloca region. 
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
  element region, as what is done to symbolic region.

llvm-svn: 72164
2009-05-20 09:00:16 +00:00
Eli Friedman 45966b4671 Remove the -arch option from clang-cc: for all practical purposes, it's
redundant with -triple.

llvm-svn: 72108
2009-05-19 11:12:40 +00:00
Ted Kremenek 501ba0365a Fix PR 4230: Don't flag leaks of NSAutoreleasePools until we know that we aren' at the top-most scope of autorelease pools.
llvm-svn: 72065
2009-05-18 23:14:34 +00:00
Eli Friedman 0b4af8f755 PR3009: Get rid of bogus warning for scalar compound literals.
This patch isn't quite ideal in that it eliminates the warning for 
constructs like "int a = {1};", where the braces are in fact redundant.  
However, that would have required a bunch of refactoring, and it's 
much less likely to cause confusion compared to redundant nested braces.

llvm-svn: 71939
2009-05-16 11:45:48 +00:00
Ted Kremenek e4302ee3bb Fix: <rdar://problem/6893565> False positive: don't flag leaks for return types that cannot be determined to be CF types
llvm-svn: 71921
2009-05-16 01:38:01 +00:00
Ted Kremenek 3281977dbb Fix crash when deriving the enclosing summary of a method whose first selector slot has a null IdentifierInfo*. This happens when analyzing Growl.
llvm-svn: 71857
2009-05-15 15:49:00 +00:00
Ted Kremenek f9fa3cb78a Fix <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object.
llvm-svn: 71797
2009-05-14 21:29:16 +00:00
Ted Kremenek 3b204e4c2e Add some basic type checking for attributes ns_returns_retained and
cf_returns_retained. Currently this attribute can now be applied to any
Objective-C method or C function that returns a pointer or Objective-C object
type.

Modify the tablegen definition of diagnostic 'warn_attribute_wrong_decl_type' to
expect that the diagnostics infrastructure will add quotes around the attribute
name when appropriate. Alonq with this change, I modified the places where this
warning is issued to passed the attribute's IdentifierInfo* instead of having a
hard-coded C constant string.

llvm-svn: 71718
2009-05-13 21:07:32 +00:00
Ted Kremenek bae777254a Enhance diagnostics value tracking logic for null dereferences and uninitialized values.
llvm-svn: 71700
2009-05-13 19:16:35 +00:00
Ted Kremenek 5801f65a52 Fix crasher reported in PR 4209 caused by an invalid summary
generation when EvalObjCMessageExpr() did not resolve the
ObjCInterfaceDecl* for a receiver when the receiver's symbolic value
wasn't being explicitly tracked.

llvm-svn: 71685
2009-05-13 18:16:01 +00:00
Ted Kremenek 051a03d698 Fix crasher in CFRefCount.cpp reported by Nikita Zhuk due to recently added autorelease tracking.
llvm-svn: 71647
2009-05-13 07:12:33 +00:00
Ted Kremenek 1272f706ca Fix: <rdar://problem/6320065> false positive - init method returns an object owned by caller
Now 'init' methods are treated by the retain/release checker as
claiming their receiver and allocating a new object.

llvm-svn: 71579
2009-05-12 20:06:54 +00:00
Zhongxing Xu 08a2ede018 Add logic for invalidating array region to CFRefCount.cpp. When invalidating
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.

Also fix some 80 columns violations.

llvm-svn: 71548
2009-05-12 10:10:00 +00:00
Ted Kremenek 95d181936a Fix <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects
This was accomplished by having	'isTypeRef' recursively walk the typedef stack.

llvm-svn: 71538
2009-05-12 04:53:03 +00:00
Ted Kremenek d0e3ab2196 Fix regression reported in <rdar://problem/6866843>. The analyzer should extend the lifetime of an object stored to a container.
llvm-svn: 71452
2009-05-11 18:30:24 +00:00
Ted Kremenek 7e7ed527dd Add test case for <rdar://problem/6257780>.
llvm-svn: 71444
2009-05-11 17:45:06 +00:00
Ted Kremenek dc7853cd98 Fix a bug found by Thomas Clement where 'return [[[NSString alloc] init] autorelease]' would emit a false 'too many overreleases' error.
llvm-svn: 71432
2009-05-11 15:26:06 +00:00
Ted Kremenek 1f8e4346fa Add special warning about returning a retained object where a GC'ed object is expected.
llvm-svn: 71397
2009-05-10 16:52:15 +00:00
Ted Kremenek dee56e37fc retain/release checker: Flag a warning for non-owned objects returned
where an owned one is expected.  Also add preliminary checking for
returning a positive retain count object in GC mode where an owned GC
object is expected.

llvm-svn: 71388
2009-05-10 06:25:57 +00:00
Ted Kremenek 3978f7972d analyzer:
- Improve -autorelease diagnostics.
- Improve VLA diagnostics.
- Use "short description" for bug when outputting to TextDiagnostics

llvm-svn: 71383
2009-05-10 05:11:21 +00:00
Zhongxing Xu c9c3dab491 When casting VarRegion, if the var type is aggregate type and the cast-to
pointee type is scalar type, create element region regardless with the sizes
of types.

llvm-svn: 71360
2009-05-09 15:34:29 +00:00
Zhongxing Xu 4bc5a4c3bd add comments to test case.
llvm-svn: 71356
2009-05-09 13:27:17 +00:00
Ted Kremenek d73cfc734b Add back test cases for ns_returns_retained and cf_returns_retained.
llvm-svn: 71312
2009-05-09 03:10:32 +00:00
Ted Kremenek 2d0ff62a0d It lives! The retain/release checker now tracks objects that are sent
'autorelease'.

llvm-svn: 71307
2009-05-09 01:50:57 +00:00
Fariborz Jahanian 5276014db2 We want to diagnose sending message to a forward class
and we also want to tell which message is actually 
being sent.

llvm-svn: 71296
2009-05-08 23:45:49 +00:00
Ted Kremenek 062c14ba24 Remove experimental ownership attributes from Clang.
llvm-svn: 71216
2009-05-08 15:19:25 +00:00
Zhongxing Xu d2e8fa14df Region store: when casting VarRegions, if the cast-to pointee type is
incomplete, do not compute its size and return the original region.

llvm-svn: 71213
2009-05-08 07:28:25 +00:00
Zhongxing Xu afc875c766 Replace the heuristic isSmallerThan with ASTContext::getTypeSize().
llvm-svn: 71206
2009-05-08 02:12:59 +00:00
Ted Kremenek 3975f17f04 Fix <rdar://problem/6845148>. Signed integers compared against pointers should
implicitly be changed to unsigned values in GRSimpleVals.cpp. This can happen
when the comparison involves logic in specialized transfer functions (e.g.,
OSAtomicCompareAndSwap).

llvm-svn: 71200
2009-05-08 00:32:39 +00:00
Ted Kremenek ba53fe98e7 More attribute renaming:
- Rename 'ns_returns_owned' -> 'ns_returns_retained'.
- Rename 'cf_returns_owned' -> 'cf_returns_retained'.

llvm-svn: 71182
2009-05-07 21:49:45 +00:00
Ted Kremenek 094bc31000 Fix <rdar://problem/6848739>. When using -analyze, -Werror has no effect.
llvm-svn: 71172
2009-05-07 19:02:53 +00:00
Ted Kremenek 0626df4eeb Fix analyzer regression reported in PR 4164:
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
  casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
  - Strip ElementRegions when the ElementRegion is just a 'raw data' view
    on top of the underlying typed region.

llvm-svn: 71094
2009-05-06 18:19:24 +00:00
Zhongxing Xu ea8c48d5a1 Improve RegionStoreManager::getSizeInElements()
- add a static function getTypeWidth(), which computes the width of a type
   with the help of TargetInfo.
 - no-outofbounds.c now passes for region store.

llvm-svn: 71080
2009-05-06 11:51:48 +00:00
Zhongxing Xu 1813e23a52 Implement a heuristic type size comparison method for now.
llvm-svn: 71074
2009-05-06 08:08:27 +00:00
Zhongxing Xu d5e09be293 Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
RegionStore.

This CastRegion() performs casts according to the kind of the region being 
cast instead of the type that is cast to.

llvm-svn: 71058
2009-05-06 02:42:32 +00:00
Ted Kremenek 213ff5a98e Implement attribute 'ns_autorelease'.
llvm-svn: 70990
2009-05-05 18:44:20 +00:00
Ted Kremenek dad8889d62 Enhance ownership attribute tests with functions that use the attributes!
llvm-svn: 70984
2009-05-05 17:46:22 +00:00
Ted Kremenek 94c464ef22 Implement attribute 'cf_returns_owned' (mirrors 'ns_returns_owned').
llvm-svn: 70952
2009-05-05 00:46:09 +00:00
Ted Kremenek de1aa1e4dd Rename ownership attributes:
ns_ownership_returns -> ns_returns_owned
 ns_ownership_retain -> ns_retains
 ns_ownership_release -> ns_releases
 cf_ownership_retain ->  cf_retains
 cf_ownership_release -> cf_releases

llvm-svn: 70949
2009-05-05 00:21:59 +00:00
Ted Kremenek bbec22d2b2 Rename attribute 'ns_ownership_returns' to 'ns_returns_ownership'.
llvm-svn: 70941
2009-05-04 23:52:59 +00:00
Ted Kremenek 6bdfcf47ad Remove experimental attribute 'ns_ownership_make_collectable.'
llvm-svn: 70940
2009-05-04 23:46:06 +00:00
Ted Kremenek 0836a19931 Rename attributes 'objc_ownership...' to 'ns_ownership...'.
llvm-svn: 70897
2009-05-04 19:10:19 +00:00
Ted Kremenek 250d59f33f Fix false positive null dereference by unifying code paths in GRSimpleVals for
'==' and '!=' (some code in the '!=' was not replicated in the '==' code,
causing some constraints to get lost).

llvm-svn: 70885
2009-05-04 17:53:11 +00:00
Ted Kremenek 5dbfa3fadd Rename attributes:
'objc_ownership_cfretain' -> 'cf_ownership_retain'
'objc_ownership_cfrelease' -> 'cf_ownership_release'

Motivation: Core Foundation objects can be used in isolation from Objective-C,
and this forces users to reason about the separate semantics of CF objects. More
Sema support pending.

llvm-svn: 70884
2009-05-04 17:29:57 +00:00
Ted Kremenek 0b0ee3c49d Update test case.
llvm-svn: 70883
2009-05-04 17:27:32 +00:00
Ted Kremenek bc76c72f94 Remove support for ObjCMethodDecl attributes that appear between the
return type and the selector.  This is inconsistent with C functions
(where such attributes would be placed on the return type, not the the
FunctionDecl), and is inconsistent with what people are use to seeing.

llvm-svn: 70878
2009-05-04 17:04:30 +00:00
Ted Kremenek 238d0b6ecd Rename no-outofbounds.c to xfail-no-outofbounds.c and split off that
test into a separate file to monitor the fact that BasicStoreManager
passes the test.

llvm-svn: 70859
2009-05-04 14:31:19 +00:00
Zhongxing Xu 6ebde279ae array indexes are unsigned integers of the same width as pointer.
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.

llvm-svn: 70844
2009-05-04 08:52:47 +00:00
Ted Kremenek 2d9fa1b4b7 Test now passes. I'll hold off merging it with the BasicStore test until we know this is a stable change.
llvm-svn: 70837
2009-05-04 07:11:21 +00:00
Ted Kremenek 758fda4274 BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.
StoreManager: Handle casts from one element region to another.
Update test cases.

llvm-svn: 70836
2009-05-04 07:04:36 +00:00
Ted Kremenek 95162024e2 This test no longer fails.
llvm-svn: 70834
2009-05-04 06:45:58 +00:00
Ted Kremenek 35cf12ab2d Handle 'long x = 0; char *y = (char *) x;' by layering an
'ElementRegion' on top of the VarRegion for 'x'.  This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager.  It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.

llvm-svn: 70832
2009-05-04 06:35:49 +00:00
Ted Kremenek 02e508960c Per conversations with Zhongxing, add an 'element type' to
ElementRegion.  I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.

This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager.  Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
  'Line 159: Uninitialized or undefined return value returned to caller.'
  
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.

Zhongxing: When you get a chance, could you review this?  I could have
easily screwed up something basic in RegionStoreManager.

llvm-svn: 70830
2009-05-04 06:18:28 +00:00
Ted Kremenek 055797b789 Add RegionStore test that illustrates a bogus array-out-of-bounds error.
llvm-svn: 70795
2009-05-03 19:24:34 +00:00
Ted Kremenek 3f4e62f397 Add failing test case.
llvm-svn: 70791
2009-05-03 19:09:37 +00:00
Ted Kremenek 4b59ccb563 Fix: <rdar://problem/6850275> CF objects returned from methods with "new" or "copy" in their name should be treated as owned
For methods that follow the "fundamental rule" and return Core
Foundation objects, treat those objects as owned by the caller.

llvm-svn: 70665
2009-05-03 06:08:32 +00:00
Zhongxing Xu 3e3e69bbe7 region store: make Retrieve() can retrieve embedded array correctly. Also
simplify the retrieve logic.

llvm-svn: 70651
2009-05-03 00:27:40 +00:00
Ted Kremenek 49805454e6 Add CFG support for @synchronized. This fixes <rdar://problem/6848820>.
llvm-svn: 70620
2009-05-02 01:49:13 +00:00
Ted Kremenek 2bfed98b0a Add another null pointer check test case.
llvm-svn: 70614
2009-05-02 00:41:02 +00:00
Ted Kremenek 407d81b2cd Add another test case found due to an analyzer regression.
llvm-svn: 70600
2009-05-01 23:35:18 +00:00
Fariborz Jahanian 07b7165b50 Check for method type conflict between declaration in
class/protocol and implementation which could be
an imm. implementation or down in the inheritance
hierarchy.

llvm-svn: 70568
2009-05-01 20:07:12 +00:00
Ted Kremenek 9c21f1d174 StoreManager::CastRegion:
- Don't layer TypedViewRegions on top of any region except
  SymbolicRegions and AllocaRegions.  This follows from my offline
  discussion within Zhongxing about how TypedViewRegions really only
  represent memory getting re-appropriated for a new purpose.

Fallout	from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
  (it now passes).

- test/Analysis/fields.c now fails for region store (crash).
  Marking XFAIL.

- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
  Marking XFAIL.

  Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
   access then the one flagged:

  rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
    *p = 1;
    ^~

  Changing the line:
   char *p = (void*) &wonky[1];
  to
   char *p = (void*) &wonky[0];

  (which should delay the buffer overrun) causes region store to crash, probably
  because it expects a TypedViewRegion.

- test/Analysis/casts.c (region store) now fails (crash).
  Marking XFAIL.

llvm-svn: 70565
2009-05-01 19:22:20 +00:00
Ted Kremenek 5cfe43ddd3 Add function prototype for OSAtomicCompareAndSwap32Barrier.
llvm-svn: 70559
2009-05-01 17:37:31 +00:00
Ted Kremenek 38ce220817 Fix run line in failing test case (it was missing the '%s' for the
file name, thus causing the test case to hang).

llvm-svn: 70558
2009-05-01 17:29:33 +00:00
Ted Kremenek 3b201db3c0 Add failing static analyzer case (this crashes).
llvm-svn: 70532
2009-05-01 04:13:51 +00:00
Ted Kremenek 2ff8a79d27 retain/release checker: Hook up attributes 'objc_ownership_retain' and
'objc_ownership_release' to the effects on receivers.

llvm-svn: 70507
2009-04-30 20:00:31 +00:00
Ted Kremenek 2acb5adac9 Allow attributes 'objc_ownership_retain' and 'objc_ownership_release' to be
applied to ObjCMethodDecls, not just parameters. This allows one to specific
side-effects on the receiver of a message expression. No checker support yet.

llvm-svn: 70505
2009-04-30 19:18:03 +00:00
Ted Kremenek 290fbb1d42 Hook up Sema support for attributes on Objective-C method declarations that
appear between the return type and the selector. This is a separate code path
from regular attribute processing, as we only want to (a) accept only a specific
set of attributes in this place and (b) want to distinguish to clients the
context in which an attribute was added to an ObjCMethodDecl.

Currently, the attribute 'objc_ownership_returns' is the only attribute that
uses this new feature. Shortly I will add a warning for 'objc_ownership_returns'
to be placed at the end of a method declaration.

llvm-svn: 70504
2009-04-30 18:41:06 +00:00
Ted Kremenek 8c06515f2b Add parsing support in an Objective-C method declaration for attributes between
the return type and selector. Haven't hooked this up to Sema yet.

llvm-svn: 70501
2009-04-30 17:55:29 +00:00
Steve Naroff 62e0cb0a22 Warn about invalid return statements by default.
This fixes <rdar://problem/6839489> 10A345: Clang does not warm about mismatched returns (void return from a bool function)
 
Will implement -Wreturn-type, -Wno-return-type in another commit.

llvm-svn: 70492
2009-04-30 16:01:26 +00:00
Ted Kremenek 223a7d5445 retain/release checker: When determining whether an analyzed method can return
an owned object, consult its summary instead of inspecting the selector. This
picks up annotations, and is just more general.

llvm-svn: 70429
2009-04-29 23:03:22 +00:00
Ted Kremenek 6bd78709f2 retain/release checker: Hoist code for bug reports above transfer function logic
(those diffs are just code moving) and move the logic for "return of owned
object" leak reporting to EvalReturnStmt.

llvm-svn: 70399
2009-04-29 18:50:19 +00:00
Ted Kremenek bcf597d2e5 Add test case for transfer function logic for OSCompareAndSwap32Barrier.
llvm-svn: 70383
2009-04-29 16:03:59 +00:00
Zhongxing Xu f985648e83 SymbolicRegions may also be live roots.
llvm-svn: 70380
2009-04-29 09:24:35 +00:00
Zhongxing Xu 12233fd97e Added comments to test case.
llvm-svn: 70374
2009-04-29 05:59:48 +00:00
Zhongxing Xu 892a5f78eb Update test case.
llvm-svn: 70359
2009-04-29 02:37:26 +00:00
Zhongxing Xu c14f097f58 XFAIL the test case.
llvm-svn: 70356
2009-04-29 01:50:12 +00:00
Ted Kremenek ebc6d91f4e Add regression test case provided by <rdar://problem/6833332>.
llvm-svn: 70350
2009-04-29 00:41:31 +00:00
Ted Kremenek 869292d5b6 Implement ownership attribute 'objc_ownership_make_collectable'. This allows one
to add 'CFMakeCollectable' semantics to a method.

llvm-svn: 70336
2009-04-28 22:32:26 +00:00
Ted Kremenek 89c3861061 Improve retain/release test cases for ownership attributes.
llvm-svn: 70327
2009-04-28 21:43:40 +00:00
Zhongxing Xu 3c3fee0fb8 Add test case.
llvm-svn: 70294
2009-04-28 13:52:13 +00:00
Ted Kremenek 84bfa2c2dc Add two new checker-specific attributes: 'objc_ownership_release' and
'objc_ownership_cfrelease'. These are the 'release' equivalents of
'objc_ownership_retain' and 'objc_ownership_cfretain' respectively.

llvm-svn: 70235
2009-04-27 19:36:56 +00:00
Ted Kremenek e6633567e0 Track objects in GC mode returned by 'alloc', 'new', etc. methods. These are
treated as "not owned" objects.

llvm-svn: 70232
2009-04-27 19:14:45 +00:00
Ted Kremenek ebbef7d0d3 Add new checker-specific attribute 'objc_ownership_cfretain'. This is the same
as 'objc_ownership_cfretain' except that the method acts like a CFRetain instead
of a [... retain] (important in GC modes). Checker support is wired up, but
currently only for Objective-C message expressions (not function calls).

llvm-svn: 70218
2009-04-27 18:27:22 +00:00
Ted Kremenek e75de95408 Hook up attribute 'objc_ownership_retain' to the analyzer. This attribute allows
users to specify that a method's argument is visibly retained (reference count
incremented).

llvm-svn: 70008
2009-04-25 01:21:50 +00:00
Ted Kremenek 2cfd264636 Add new checker-specific attribute 'objc_ownership_retain'. This isn't hooked up
to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function increments the reference count of a passed
object.

llvm-svn: 70005
2009-04-25 00:17:17 +00:00
Ted Kremenek b97d093e16 Hook up __attribute__((objc_ownership_returns)) to the retain/release checker.
llvm-svn: 70002
2009-04-24 23:32:32 +00:00
Ted Kremenek 44e662cd4f Add new checker-specific attribute 'objc_ownership_returns'. This isn't hooked
up to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function returns an owned an Objective-C object.

llvm-svn: 70001
2009-04-24 23:09:54 +00:00
Ted Kremenek 6a966b2486 Fix the same false positive reported in PR 2542 and <rdar://problem/6793409>
involving an NSAnimation object delegating its release to a delegate method.

llvm-svn: 69992
2009-04-24 21:56:17 +00:00
Ted Kremenek 8a5ad39a46 retain/release checker:
- Fix summary lookup for class methods to now use the (optional)
  ObjCInterfaceDecl associated with a message expression. This removes a
  long-standing FIXME.
- Partial fix for <rdar://problem/6062730> by stop tracking objects that
  are passed to [NSObject performSelector].  These methods are often used
  for delegates, which the analyzer doesn't reason about well yet.

llvm-svn: 69982
2009-04-24 17:50:11 +00:00
Ted Kremenek 37467813c5 Further cleanups to isTrackedObjectType().
llvm-svn: 69929
2009-04-23 22:11:07 +00:00
Ted Kremenek 0a1f9c423f retain/release checker: Don't call isTrackedObject() with the canonical type.
This was preventing the checker from tracking return objects referenced by 'id'.

llvm-svn: 69922
2009-04-23 21:25:57 +00:00
Ted Kremenek d6ed5b7376 Temporarily remove expected warnings.
llvm-svn: 69917
2009-04-23 20:03:52 +00:00
Ted Kremenek f27110fc27 Per discussions with Ken Ferry and Paul Marks (<rdar://problem/6815234>) greatly
extend the number of objects tracked by the retain/release checker by assuming
that all class and instance methods should follow Cocoa object "getter" and
"alloc/new" conventions.

llvm-svn: 69908
2009-04-23 19:11:35 +00:00
Ted Kremenek 9c03f68206 Fix PR 4033: the analyzer shouldn't crash on computed gotos involving symbolic
target addresses.

llvm-svn: 69900
2009-04-23 17:49:43 +00:00
Ted Kremenek fe95afd0bc Fix crash reported in PR 3991. The analyzer doesn't reason about ObjCKVCExpr.
llvm-svn: 69754
2009-04-21 23:53:32 +00:00
Ted Kremenek 35f875c136 Fix: <rdar://problem/6777209> false Dereference of null pointer in loop: pointer increment/decrement preserves non-nullness
When the StoreManager doesn't reason well about pointer-arithmetic, propagate
the non-nullness constraint on a pointer value when performing pointer
arithmetic uisng ++/--.

llvm-svn: 69741
2009-04-21 22:38:05 +00:00
Ted Kremenek a8e8bc24b3 Added over-release test case.
llvm-svn: 69703
2009-04-21 20:01:03 +00:00
Chris Lattner dac168d2a6 Fix rdar://6771034: don't warn on use of forward declared protocol in protocol
list of another protocol definition.  This warning is very noisy and GCC doesn't
produce it so existing code doesn't expect it.

llvm-svn: 68894
2009-04-12 08:43:13 +00:00
Ted Kremenek 4531be138c Add analyzer support for objc_atomicCompareAndSwap()
llvm-svn: 68849
2009-04-11 00:54:13 +00:00
Ted Kremenek df24000d24 Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"
ProgramPoints all the way through to GRCoreEngine.

NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.

llvm-svn: 68845
2009-04-11 00:11:10 +00:00
Ted Kremenek b3b2395520 Split failing test case from misc-ps.m to misc-ps-ranges.m (which tests
functionality specific to RangeConstraintManager).

llvm-svn: 68759
2009-04-10 04:02:38 +00:00
Ted Kremenek 5054663daa Fix: <rdar://problem/6776949> Branch condition evaluates to an uninitialized value (argc is guaranteed to be >= 1)
The analyzer now adds the precondition that the first argument of 'main' is > 0.

llvm-svn: 68757
2009-04-10 00:59:50 +00:00
Ted Kremenek 40f4ee74fd Implement attribute "analyzer_noreturn" (<rdar://problem/6777003>). This allows
clients of the analyzer to designate custom assertion routines as "noreturn"
functions from the analyzer's perspective but not the compiler's.

llvm-svn: 68746
2009-04-10 00:01:14 +00:00
Ted Kremenek f9f9420303 GRExprEngine: Don't try to reason about the size of 'void' for the return type
of messages sent to nil.

llvm-svn: 68683
2009-04-09 05:45:56 +00:00
Daniel Dunbar 6eaebd0934 Force triple for these tests.
llvm-svn: 68651
2009-04-08 23:02:51 +00:00
Ted Kremenek 5451c60f5a Enhance analyzer reasoning about sending messages to nil. A nil receiver returns 0 for scalars of size <= sizeof(void*).
llvm-svn: 68629
2009-04-08 18:51:08 +00:00
Ted Kremenek 605fee8445 New static analyzer check by Nikita Zhuk!
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718.  The patch also includes test cases."

llvm-svn: 68585
2009-04-08 03:07:17 +00:00
Ted Kremenek 25db1f3ff1 Add test case.
llvm-svn: 68505
2009-04-07 05:33:18 +00:00
Ted Kremenek 751e7e3833 retain/release checker: don't track NSPanel until we have better reasoning about
the subtle ownership issues of such objects.

llvm-svn: 68397
2009-04-03 19:02:51 +00:00