cbfc7d6c2e
MemRegionManager: Migrate logic for getCodeTextRegion() over to using
...
trait-based MemRegion creation.
llvm-svn: 73941
2009-06-23 03:50:30 +00:00
1a195b264f
Remove duplicated methods.
...
llvm-svn: 73940
2009-06-23 02:51:21 +00:00
74fa0bc3de
add a fixme.
...
llvm-svn: 73939
2009-06-23 02:08:56 +00:00
fb87e30815
MemRegions:
...
- Embed a reference to MemRegionManager objects in MemSpaceRegion objects
- Use this embedded reference for MemRegion objects to access ASTContext objects without external help
- Use this access to ASTContext to simplify 'isBoundable' (no ASTContext& argument required)
llvm-svn: 73935
2009-06-23 00:46:41 +00:00
8bae300ade
MemRegionManager: Migrate logic for getAllocaRegion() over to using trait-based MemRegion creation.
...
llvm-svn: 73927
2009-06-23 00:15:41 +00:00
2266640a7a
MemRegionManager: Migrate getObjCObjectRegion() and getTypedViewRegion() to use
...
the new trait-based construction of MemRegion objects.
llvm-svn: 73926
2009-06-23 00:04:09 +00:00
214cdfea84
Migrate factory methods for FieldRegion and ObjCIVarRegion creation to use the
...
new generalized region-construction code.
llvm-svn: 73921
2009-06-22 23:34:21 +00:00
e5e8b0b09b
Refactor some of the logic in MemRegionManager for constructing regions using
...
member template functions and traits. The idea is to allow MemRegionManager to
construct subclasses of MemRegion that aren't declared in MemRegion.h (e.g.,
checker-specific regions).
llvm-svn: 73917
2009-06-22 23:13:13 +00:00
8077d7eb15
Allow CodeTextRegion to be cast to 'void *'.
...
llvm-svn: 73880
2009-06-22 08:36:10 +00:00
540c009fbe
Return UnknownVal for pointer arithmetic on struct fields.
...
llvm-svn: 73851
2009-06-21 13:24:24 +00:00
c55f0cdaa0
Remove more GetSVal/GetLValue methods in GRExprEngine/GRState, instead
...
preferring to use their replacements in GRState. This further unifies the code
paths for such logic and leads to some code reduction.
llvm-svn: 73771
2009-06-19 17:10:32 +00:00
54fb536b5c
A further step of r73690: associate the cast-to type with the created symbol,
...
because the type of the symbol is used to create the default range. We need the
sign to be consistent.
llvm-svn: 73756
2009-06-19 06:00:32 +00:00
cc45762253
If the SymbolicRegion was cast to another type, use that type to create the
...
ElementRegion.
llvm-svn: 73754
2009-06-19 04:51:14 +00:00
095f1a9848
Move clients over from using GRStateManager::BindXXX and friends to
...
GRState->bindXXX and friends (and constify some arguments along the way).
llvm-svn: 73740
2009-06-18 23:58:37 +00:00
4c6a367182
Remove GRStateManager& field from SimpleConstraintManager.
...
llvm-svn: 73735
2009-06-18 23:20:05 +00:00
f9906843b7
libAnalysis:
...
- Remove the 'isFeasible' flag from all uses of 'Assume'.
- Remove the 'Assume' methods from GRStateManager. Now the only way to
create a new GRState with an assumption is to use the new 'assume' methods
in GRState.
llvm-svn: 73731
2009-06-18 22:57:13 +00:00
78bd61f661
Move the static DeclAttrs map into ASTContext. Fixes <rdar://problem/6983177>.
...
llvm-svn: 73702
2009-06-18 16:11:24 +00:00
cea6578078
When casting region, if we do not create an element region, record the cast-to
...
type.
When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.
llvm-svn: 73690
2009-06-18 06:29:10 +00:00
6a667ab710
Remove GRStateRef.
...
llvm-svn: 73670
2009-06-18 01:33:24 +00:00
d93c6e3fd6
Remove more dependencies on GRStateRef. As a consequence, we can now
...
pretty-print a GRState object anywhere it is referenced (instead of
needing a GRStateRef of a GRStateManager handy).
llvm-svn: 73669
2009-06-18 01:23:53 +00:00
89a303caac
Remove another dependency on GRStateRef.
...
llvm-svn: 73667
2009-06-18 00:49:02 +00:00
fb4330f255
First step toward fixing <rdar://problem/6613046> refactor clang objc type representation.
...
Add a type (ObjCObjectPointerType) and remove a type (ObjCQualifiedIdType).
This large/tedious patch is just a first step. Next step is to remove ObjCQualifiedInterfaceType. After that, I will remove the magic TypedefType for 'id' (installed by Sema). This work will enable various simplifications throughout clang (when dealing with ObjC types).
No functionality change.
llvm-svn: 73649
2009-06-17 22:40:22 +00:00
b35e2caab5
Remove more uses of GRStateRef.
...
llvm-svn: 73648
2009-06-17 22:28:13 +00:00
609df30929
Start moving in the direction of removing GRStateRef. Now each
...
GRState object has a direct reference to its GRStateManager, making
the functionality of GRStateRef redunandant. This will lead to some
nice API cleanup and code shrinking across libAnalysis.
llvm-svn: 73644
2009-06-17 22:02:04 +00:00
4533a55696
RegionStoreManager:
...
- Add "sections" to RegionStoreManager.cpp to delineate functionality.
- Add new function "CreateFieldsOnlyRegionStoreManager" that uses the new
RegionStoreFeatures class to use a reduced set of features from
RegionStoreManager (in this case, only field-sensitivity). This isn't
completely hooked up yet.
llvm-svn: 73572
2009-06-16 22:36:44 +00:00
838a0db0ba
Use canonical type for building ElementRegion. Otherwise ElementRegions cannot
...
be unique.
llvm-svn: 73482
2009-06-16 09:55:50 +00:00
e531f048f8
Do not invalidate unboundable regions in GRSimpleVals::EvalCall().
...
llvm-svn: 73474
2009-06-16 06:18:21 +00:00
96aa146d90
Fix: <rdar://problem/6945561> -[CIContext createCGLayerWithSize:info:] misinterpreted by clang scan-build
...
llvm-svn: 73415
2009-06-15 20:58:58 +00:00
3092e9c5c2
Fix: <rdar://problem/6961230> add knowledge of IOKit functions to retain/release checker
...
llvm-svn: 73411
2009-06-15 20:36:07 +00:00
15ba94987a
Sink the BuiltinInfo object from ASTContext into the
...
preprocessor and initialize it early in clang-cc. This
ensures that __has_builtin works in all modes, not just
when ASTContext is around.
llvm-svn: 73319
2009-06-14 01:54:56 +00:00
70b27e6f8b
Stop tracking non-compound value for struct. It may be caused by imprecise cast
...
logic.
llvm-svn: 73279
2009-06-13 01:31:11 +00:00
2693c504c2
use getAsPointerType() method.
...
llvm-svn: 73218
2009-06-12 03:59:12 +00:00
ea675cf6a3
Add summary lookup for IOServiceGetMatchingService.
...
Convert tabs to spaces.
llvm-svn: 73198
2009-06-11 18:17:24 +00:00
a74ead4103
Refactor some function name -> summary lookup using a switch statement.
...
llvm-svn: 73197
2009-06-11 18:10:48 +00:00
519a47d4bd
Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the
...
comments for added test case for details.
llvm-svn: 73189
2009-06-11 09:11:27 +00:00
d85a991253
Use more robust getAsRecordType() method.
...
llvm-svn: 73186
2009-06-11 07:27:30 +00:00
a03705c82d
Fix:
...
<rdar://problem/6948053> False positive: object substitution during -init* methods warns about returning +0 when using -fobjc-gc-only
llvm-svn: 72971
2009-06-05 23:18:01 +00:00
ea1c221334
Enhance attribute cf_returns_retained to also work (in the analyzer)
...
for non-Objctive-C pointer types. This implicitly documents that the
return type is a CF object reference.
llvm-svn: 72968
2009-06-05 23:00:33 +00:00
1036912118
Add special cases to retain checker for 'create' methods in QCView, QCRenderer, and CIContext (Apple APIs).
...
This fixes:
<rdar://problem/6902710> clang: false positives w/QC and CoreImage methods.
llvm-svn: 72187
2009-05-20 22:39:57 +00:00
1075cc0b02
Treat AllocaRegion as SymbolicRegion in RegionStore::Retrieve().
...
llvm-svn: 72166
2009-05-20 09:18:48 +00:00
a7907608fb
* API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
...
RegionStore needs to know the type of alloca region.
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
element region, as what is done to symbolic region.
llvm-svn: 72164
2009-05-20 09:00:16 +00:00
501ba0365a
Fix PR 4230: Don't flag leaks of NSAutoreleasePools until we know that we aren' at the top-most scope of autorelease pools.
...
llvm-svn: 72065
2009-05-18 23:14:34 +00:00
29f36b4c9a
Silence a Release-Asserts warning.
...
llvm-svn: 72013
2009-05-18 16:48:48 +00:00
e4302ee3bb
Fix: <rdar://problem/6893565> False positive: don't flag leaks for return types that cannot be determined to be CF types
...
llvm-svn: 71921
2009-05-16 01:38:01 +00:00
a28565ac62
Fix another bug in BugReporter where we wouldn't always select the bug report in a bug equivalence class with the shortest path.
...
llvm-svn: 71920
2009-05-16 01:11:58 +00:00
3281977dbb
Fix crash when deriving the enclosing summary of a method whose first selector slot has a null IdentifierInfo*. This happens when analyzing Growl.
...
llvm-svn: 71857
2009-05-15 15:49:00 +00:00
4785e41c12
Remove extra whitespace character in string literal. Purely cosmetic.
...
llvm-svn: 71847
2009-05-15 06:02:08 +00:00
3d436c7b35
Use dyn_cast instead of cast to allow our assumptions to be safely wrong.
...
llvm-svn: 71843
2009-05-15 05:34:49 +00:00
608a6176a1
Cleanup internal checks bug reporting, allowing intermediate diagnostics to be generated for bad argument warnings, bad branches, etc.
...
llvm-svn: 71838
2009-05-15 05:25:09 +00:00
73777059f0
BugReporter (extensive diagnostics): Do not include the range of target '}'
...
llvm-svn: 71832
2009-05-15 02:46:13 +00:00
18665fe3c9
PathDiagnosticLocation::asRange(): for a PathDiagnosticLocation, the range of a DeclStmt is only the decl, not
...
the decl + initializer.
llvm-svn: 71831
2009-05-15 02:05:25 +00:00
cfe7d02b2c
BugReporter (extensive diagnostics): Add control-flow piece to '}' in
...
loop body when generating 'Looping back to the head of the loop'
diagnostics.
llvm-svn: 71829
2009-05-15 01:50:15 +00:00
f9fa3cb78a
Fix <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object.
...
llvm-svn: 71797
2009-05-14 21:29:16 +00:00
bae777254a
Enhance diagnostics value tracking logic for null dereferences and uninitialized values.
...
llvm-svn: 71700
2009-05-13 19:16:35 +00:00
5801f65a52
Fix crasher reported in PR 4209 caused by an invalid summary
...
generation when EvalObjCMessageExpr() did not resolve the
ObjCInterfaceDecl* for a receiver when the receiver's symbolic value
wasn't being explicitly tracked.
llvm-svn: 71685
2009-05-13 18:16:01 +00:00
051a03d698
Fix crasher in CFRefCount.cpp reported by Nikita Zhuk due to recently added autorelease tracking.
...
llvm-svn: 71647
2009-05-13 07:12:33 +00:00
1272f706ca
Fix: <rdar://problem/6320065> false positive - init method returns an object owned by caller
...
Now 'init' methods are treated by the retain/release checker as
claiming their receiver and allocating a new object.
llvm-svn: 71579
2009-05-12 20:06:54 +00:00
08a2ede018
Add logic for invalidating array region to CFRefCount.cpp. When invalidating
...
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.
Also fix some 80 columns violations.
llvm-svn: 71548
2009-05-12 10:10:00 +00:00
95d181936a
Fix <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects
...
This was accomplished by having 'isTypeRef' recursively walk the typedef stack.
llvm-svn: 71538
2009-05-12 04:53:03 +00:00
5fb7847fbf
BugReport::getEndPath() - Only add a Stmt's range to the constructed PathDiagnosticEventPiece if the BugReport contained no explicit ranges.
...
llvm-svn: 71516
2009-05-11 23:50:59 +00:00
97f75f8bda
When stripping element regions for invalidating region values, treat FieldRegions and ObjCIvarRegions as "base" regions in addition to VarRegions.
...
llvm-svn: 71488
2009-05-11 22:55:17 +00:00
2ee73b86c0
EdgeBuilder: DeclStmts and BinaryOperators are not the enclosing location context when they are used as initialization code for loops.
...
llvm-svn: 71480
2009-05-11 22:19:32 +00:00
c0b879b4a7
EdgeBuilder::cleanUpLocation() should used the PathDiagnosticLocation constructor for a single point, not a range.
...
llvm-svn: 71477
2009-05-11 21:42:34 +00:00
c14b594b14
BugReporter (extensive diagnostics): Add EdgeBuilder::cleanUpLocation for canonicalization locations and use this in both popLocation and rawAddEdge.
...
llvm-svn: 71470
2009-05-11 19:50:47 +00:00
d0e3ab2196
Fix regression reported in <rdar://problem/6866843>. The analyzer should extend the lifetime of an object stored to a container.
...
llvm-svn: 71452
2009-05-11 18:30:24 +00:00
dc7853cd98
Fix a bug found by Thomas Clement where 'return [[[NSString alloc] init] autorelease]' would emit a false 'too many overreleases' error.
...
llvm-svn: 71432
2009-05-11 15:26:06 +00:00
52091db11f
TypedRegion is a too general assumption. Usually we only want to invalidate
...
the VarRegion as a super region of an ElementRegion.
llvm-svn: 71431
2009-05-11 14:28:14 +00:00
c012656266
When retrieving an ElementRegion, if its super region is a StringRegion,
...
retrieve the string value.
llvm-svn: 71430
2009-05-11 14:23:36 +00:00
bf938d3160
Fix a bug that leads to infinite loop. Set the correct element type to
...
ElementRegion.
llvm-svn: 71428
2009-05-11 12:48:56 +00:00
1f8e4346fa
Add special warning about returning a retained object where a GC'ed object is expected.
...
llvm-svn: 71397
2009-05-10 16:52:15 +00:00
dee56e37fc
retain/release checker: Flag a warning for non-owned objects returned
...
where an owned one is expected. Also add preliminary checking for
returning a positive retain count object in GC mode where an owned GC
object is expected.
llvm-svn: 71388
2009-05-10 06:25:57 +00:00
3978f7972d
analyzer:
...
- Improve -autorelease diagnostics.
- Improve VLA diagnostics.
- Use "short description" for bug when outputting to TextDiagnostics
llvm-svn: 71383
2009-05-10 05:11:21 +00:00
c9c3dab491
When casting VarRegion, if the var type is aggregate type and the cast-to
...
pointee type is scalar type, create element region regardless with the sizes
of types.
llvm-svn: 71360
2009-05-09 15:34:29 +00:00
4131114d99
Remove the rest TypedViewRegion processing code. There should be no
...
TypedViewRegion usage in region store.
llvm-svn: 71359
2009-05-09 15:23:42 +00:00
d6daef9165
When evaluating pointer arithmetic, if the base location is a symbolic region,
...
convert it to the first element region.
Also do not assume the array region is typed.
llvm-svn: 71358
2009-05-09 15:18:12 +00:00
b18d7cab0c
Do not create a TypedViewRegion when the base struct region is a symbolic
...
region. In the future we may set the cast-to type as the same time. But for
now, we simply leave it as it is.
llvm-svn: 71357
2009-05-09 13:36:16 +00:00
7c3826484e
Do not layer a TypedViewRegion when casting symbolic or alloca regions.
...
Modify getLValueElement accordingly. Now we don't require base region
to be a typed region. Do not create TypedViewRegion when base region is
symbolic or alloca region. We can do so because each element region has
its type information.
llvm-svn: 71355
2009-05-09 13:20:07 +00:00
e3e94bbf19
Remove the case for casting to compatible type in
...
RegionStoreManager::CastRegion(). This case should be subsumed by others.
llvm-svn: 71353
2009-05-09 10:03:08 +00:00
91e2ab496f
Rename:
...
SymbolRegionRValue => SymbolRegionValue
SymExpr::RegionRValue => SymExpr::RegionValueKind
llvm-svn: 71322
2009-05-09 04:08:27 +00:00
34d04b3ca9
As discussed with Ted, rename TypedRegion::getObjectType() to
...
TypedRegion::getValueType().
llvm-svn: 71321
2009-05-09 03:57:34 +00:00
c2de72776c
Add back analyzer support for ns_returns_retained and cf_returns_retained.
...
llvm-svn: 71309
2009-05-09 02:58:13 +00:00
2d0ff62a0d
It lives! The retain/release checker now tracks objects that are sent
...
'autorelease'.
llvm-svn: 71307
2009-05-09 01:50:57 +00:00
8038f7b30f
rename: MemRegion:
...
RValueType => ObjectType
LValueType => LocationType
No functionality change.
llvm-svn: 71304
2009-05-09 00:50:33 +00:00
9ec08aa3f7
More hacking on autorelease errors. We now can emit basic errors (disabled for
...
now until ready).
llvm-svn: 71303
2009-05-09 00:44:07 +00:00
d35272f96b
Put most of the boilerplate logic in place for reporting autorelease errors.
...
llvm-svn: 71301
2009-05-09 00:10:05 +00:00
8c8fb488e6
retain/release checker: Add stub for HandleAutoreleaseCounts.
...
llvm-svn: 71290
2009-05-08 23:32:51 +00:00
ca143e73ea
Fix PR4182.
...
llvm-svn: 71288
2009-05-08 23:28:07 +00:00
884a8996c5
retain/release checker: Refactor error-reporting code in EvalDeadSymbols and
...
EvalEndPath. This sets the stage for handling autorelease counts.
llvm-svn: 71283
2009-05-08 23:09:42 +00:00
c218c84a80
Make BlockEntrace program points taggable.
...
llvm-svn: 71280
2009-05-08 23:08:34 +00:00
3a0516b25a
retain checker: Track the number of times a tracked object is sent
...
'autorelease'. This isn't used yet to flag errors.
llvm-svn: 71244
2009-05-08 20:01:42 +00:00
062c14ba24
Remove experimental ownership attributes from Clang.
...
llvm-svn: 71216
2009-05-08 15:19:25 +00:00
d2e8fa14df
Region store: when casting VarRegions, if the cast-to pointee type is
...
incomplete, do not compute its size and return the original region.
llvm-svn: 71213
2009-05-08 07:28:25 +00:00
afc875c766
Replace the heuristic isSmallerThan with ASTContext::getTypeSize().
...
llvm-svn: 71206
2009-05-08 02:12:59 +00:00
c0c074655d
Replace getTypeWidth() with ASTContext::getTypeSize().
...
llvm-svn: 71205
2009-05-08 02:00:55 +00:00
1ba79dfeea
Revert r71079.
...
llvm-svn: 71202
2009-05-08 01:33:18 +00:00
3975f17f04
Fix <rdar://problem/6845148>. Signed integers compared against pointers should
...
implicitly be changed to unsigned values in GRSimpleVals.cpp. This can happen
when the comparison involves logic in specialized transfer functions (e.g.,
OSAtomicCompareAndSwap).
llvm-svn: 71200
2009-05-08 00:32:39 +00:00
9157fbb6a6
Minor code cleanup in retain/release checker in preparation for some
...
other changes. Instead of repeatedly checking for GC mode when
getting the return effect, just do this computation once.
llvm-svn: 71193
2009-05-07 23:40:42 +00:00
ba53fe98e7
More attribute renaming:
...
- Rename 'ns_returns_owned' -> 'ns_returns_retained'.
- Rename 'cf_returns_owned' -> 'cf_returns_retained'.
llvm-svn: 71182
2009-05-07 21:49:45 +00:00
a6e08327c0
analyzer: Add ProgramPoint 'PostLValue' just to distinguish (for
...
analysis introspection) when we computed an lvalue. This shouldn't
effect the current analysis results in any way.
llvm-svn: 71169
2009-05-07 18:27:16 +00:00
9abe474852
Add preliminary support for enhancing null-pointer dereference diagnostics.
...
llvm-svn: 71135
2009-05-07 00:45:33 +00:00
bb8d546208
Refactor BugReporter interface to have a new 'BugReporterContext' and
...
'BugReporterVisitor'. This simplifies callbacks from BugReporter to BugReports
(via VisitNode). It also lays the foundation for arbitrary visitor "call backs"
that can be registered to a BugReporterContext as a PathDiagnostic is
constructed. These call backs can help operate as separate "experts" that can
work on constructed pieces of a PathDiagnostic for which they possess special
knowledge.
llvm-svn: 71121
2009-05-06 21:39:49 +00:00
0626df4eeb
Fix analyzer regression reported in PR 4164:
...
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
- Strip ElementRegions when the ElementRegion is just a 'raw data' view
on top of the underlying typed region.
llvm-svn: 71094
2009-05-06 18:19:24 +00:00
ea8c48d5a1
Improve RegionStoreManager::getSizeInElements()
...
- add a static function getTypeWidth(), which computes the width of a type
with the help of TargetInfo.
- no-outofbounds.c now passes for region store.
llvm-svn: 71080
2009-05-06 11:51:48 +00:00
c98868136f
Add a GDM for recording the cast type of regions.
...
llvm-svn: 71076
2009-05-06 08:33:50 +00:00
24ed0b28a8
The super region of ElementRegion no longer needs to be TypedRegion. In the
...
future we would create ElementRegion directly on top of typeless regions.
llvm-svn: 71075
2009-05-06 08:15:46 +00:00
1813e23a52
Implement a heuristic type size comparison method for now.
...
llvm-svn: 71074
2009-05-06 08:08:27 +00:00
b2d4a52e3f
remove commented code.
...
llvm-svn: 71060
2009-05-06 02:54:11 +00:00
d5e09be293
Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
...
RegionStore.
This CastRegion() performs casts according to the kind of the region being
cast instead of the type that is cast to.
llvm-svn: 71058
2009-05-06 02:42:32 +00:00
a8106efce9
BugReporter (extensive diagnostics): improve location context generation for the
...
start of 'do' and '@synchronized' statements.
llvm-svn: 71038
2009-05-05 23:13:38 +00:00
98017051ae
BugReporter (extensive diagnostics): Fix getEnclosingStmtLocation to reason
...
about Exprs that are not consumed and fix where the loop iteration diagnostic
goes.
llvm-svn: 71027
2009-05-05 22:19:17 +00:00
213ff5a98e
Implement attribute 'ns_autorelease'.
...
llvm-svn: 70990
2009-05-05 18:44:20 +00:00
94c464ef22
Implement attribute 'cf_returns_owned' (mirrors 'ns_returns_owned').
...
llvm-svn: 70952
2009-05-05 00:46:09 +00:00
e5c315826e
Fix unused variable warning
...
llvm-svn: 70946
2009-05-05 00:06:16 +00:00
6ae5615d80
Remove possibly incorrect assertion that doesn't matter.
...
llvm-svn: 70943
2009-05-05 00:02:18 +00:00
6bdfcf47ad
Remove experimental attribute 'ns_ownership_make_collectable.'
...
llvm-svn: 70940
2009-05-04 23:46:06 +00:00
0836a19931
Rename attributes 'objc_ownership...' to 'ns_ownership...'.
...
llvm-svn: 70897
2009-05-04 19:10:19 +00:00
e396f72ec7
BugReporter (extensive diagnostics): don't mark location contexts that are
...
control-flow expressions as dead.
llvm-svn: 70887
2009-05-04 18:15:17 +00:00
250d59f33f
Fix false positive null dereference by unifying code paths in GRSimpleVals for
...
'==' and '!=' (some code in the '!=' was not replicated in the '==' code,
causing some constraints to get lost).
llvm-svn: 70885
2009-05-04 17:53:11 +00:00
5dbfa3fadd
Rename attributes:
...
'objc_ownership_cfretain' -> 'cf_ownership_retain'
'objc_ownership_cfrelease' -> 'cf_ownership_release'
Motivation: Core Foundation objects can be used in isolation from Objective-C,
and this forces users to reason about the separate semantics of CF objects. More
Sema support pending.
llvm-svn: 70884
2009-05-04 17:29:57 +00:00
49a844e1a6
retain checker: Add checker support for FunctionDecl ownership annotations. Need to add Sema support.
...
llvm-svn: 70873
2009-05-04 16:43:50 +00:00
863f68aa06
retain checker: Pull out logic for parameter annotations into a
...
separate method.
llvm-svn: 70870
2009-05-04 15:40:58 +00:00
df76e6d09d
retain checker: Don't treat function's declared in macros differently.
...
llvm-svn: 70869
2009-05-04 15:34:07 +00:00
a68556c4cc
Add array index assertion: BasicStore should not expect any fancy
...
ElementRegions that have non-zero array indices.
llvm-svn: 70867
2009-05-04 15:25:46 +00:00
d795b02be7
Rename 'makeZeroIndex' to 'makeZeroArrayIndex'.
...
llvm-svn: 70865
2009-05-04 15:17:38 +00:00
629a43ffa1
Zhongxing already implemented this FIXME.
...
llvm-svn: 70864
2009-05-04 15:14:27 +00:00
6ebde279ae
array indexes are unsigned integers of the same width as pointer.
...
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.
llvm-svn: 70844
2009-05-04 08:52:47 +00:00
758fda4274
BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.
...
StoreManager: Handle casts from one element region to another.
Update test cases.
llvm-svn: 70836
2009-05-04 07:04:36 +00:00
35cf12ab2d
Handle 'long x = 0; char *y = (char *) x;' by layering an
...
'ElementRegion' on top of the VarRegion for 'x'. This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager. It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.
llvm-svn: 70832
2009-05-04 06:35:49 +00:00
02e508960c
Per conversations with Zhongxing, add an 'element type' to
...
ElementRegion. I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.
This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
'Line 159: Uninitialized or undefined return value returned to caller.'
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.
Zhongxing: When you get a chance, could you review this? I could have
easily screwed up something basic in RegionStoreManager.
llvm-svn: 70830
2009-05-04 06:18:28 +00:00
1d9a267b2e
retain checker:
...
- Fix retain checker test failures.
- Update retain checker to have annotations override default summary effects, not completely redefine them.
llvm-svn: 70828
2009-05-04 05:31:22 +00:00
ff606a1259
retain checker: RetainSummaryManager now has a 'DefaultSummary' object
...
which is returned instead of a null pointer. This helps centralize
the logic concerning "default effects".
llvm-svn: 70826
2009-05-04 04:57:00 +00:00
1bff64e309
retain checker: Don't bother using a FoldingSet to unique summaries.
...
We never compare summaries by their pointers, and we create only a
handful of them when analyzing a given function.
llvm-svn: 70824
2009-05-04 04:30:18 +00:00
4b59ccb563
Fix: <rdar://problem/6850275> CF objects returned from methods with "new" or "copy" in their name should be treated as owned
...
For methods that follow the "fundamental rule" and return Core
Foundation objects, treat those objects as owned by the caller.
llvm-svn: 70665
2009-05-03 06:08:32 +00:00
7d79a5f87d
Convert ArgEffects from an std::vector to an ImmutableMap. This will make it much easier to clean up the summary generation logic with annotations.
...
llvm-svn: 70660
2009-05-03 05:20:50 +00:00
b4cf4a52ab
Rename isTrackedObjectType() -> isTrackedObjCObjectType().
...
llvm-svn: 70657
2009-05-03 04:42:10 +00:00
3e3e69bbe7
region store: make Retrieve() can retrieve embedded array correctly. Also
...
simplify the retrieve logic.
llvm-svn: 70651
2009-05-03 00:27:40 +00:00
f1e7667099
retain/release checker: Enhance leak description to say that the bug
...
occurs in GC mode.
llvm-svn: 70638
2009-05-02 19:05:19 +00:00
2c32773fa2
Add a new BFS GRWorkList and make it the default worklist model for
...
GRCoreEngine. This tends to result in shorter paths for pathological cases.
llvm-svn: 70585
2009-05-01 22:18:46 +00:00
9c21f1d174
StoreManager::CastRegion:
...
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
llvm-svn: 70565
2009-05-01 19:22:20 +00:00
a11c607312
Basic Store: Always convert a non::LocAsInteger to a Loc when storing to a pointer.
...
llvm-svn: 70564
2009-05-01 19:04:28 +00:00
0e3cc24e79
Update CMake file.
...
llvm-svn: 70563
2009-05-01 18:43:00 +00:00
afbff15e64
BugReporter (extensive diagnostics): introduce the notion of a "dead"
...
location context. This allows us to postpone the decision of whether
or not a context should add a control-flow piece to the diagnostics
when inspecting its subexpressions.
llvm-svn: 70545
2009-05-01 16:08:09 +00:00
29d0880e50
Remove #if 0'ed code.
...
llvm-svn: 70542
2009-05-01 15:19:33 +00:00
2ff8a79d27
retain/release checker: Hook up attributes 'objc_ownership_retain' and
...
'objc_ownership_release' to the effects on receivers.
llvm-svn: 70507
2009-04-30 20:00:31 +00:00
b4e27a1838
Handle case in EvalReturn where we cache out in the ExplodedGraph.
...
llvm-svn: 70475
2009-04-30 05:51:50 +00:00
497df9126f
retain/release checker: Use the ObjCMethodDecl in the @implementation if no
...
matching ObjCMethodDecl exists in the @interface.
llvm-svn: 70474
2009-04-30 05:47:23 +00:00
b2a143fad6
retain/release checker: Resolve method decl in @interface after getting the
...
ObjCInterfaceDecl, not before.
llvm-svn: 70473
2009-04-30 05:41:14 +00:00
223a7d5445
retain/release checker: When determining whether an analyzed method can return
...
an owned object, consult its summary instead of inspecting the selector. This
picks up annotations, and is just more general.
llvm-svn: 70429
2009-04-29 23:03:22 +00:00
d6bef2edab
Format cleanup. No functionality change.
...
llvm-svn: 70420
2009-04-29 22:25:52 +00:00
9f08b842e1
Fix null dereference.
...
llvm-svn: 70417
2009-04-29 22:05:03 +00:00
47187c6ad2
BugReporter/PathDiagnostics:
...
- Add an (optional) short description for BugReports for clients that want
to distinguish between long and short descriptions for bugs
- Make the bug report for VLA less obscene for Plist diagnostics by using
the short description
llvm-svn: 70415
2009-04-29 21:58:13 +00:00
53cce5c195
Reformat long line. No functionality change.
...
llvm-svn: 70412
2009-04-29 21:31:59 +00:00
6bd78709f2
retain/release checker: Hoist code for bug reports above transfer function logic
...
(those diffs are just code moving) and move the logic for "return of owned
object" leak reporting to EvalReturnStmt.
llvm-svn: 70399
2009-04-29 18:50:19 +00:00
99fe1695c7
Add version of getMethodSummary() that can be used to query the summary for the
...
method currently being analyzed.
llvm-svn: 70388
2009-04-29 17:17:48 +00:00
387243067a
Rename getMethodSummary() -> getInstanceMethodSummary().
...
llvm-svn: 70387
2009-04-29 17:09:14 +00:00
3941d22a98
Add corner case logic to BasicStoreManager and GRSimpleVals::EvalBinOp to enable
...
reasoning about OSCompareAndSwap32Barrier/OSCompareAndSwap64Barrier. Essentially
the address of reference to a region (pointer-to-pointer) can be casted to
(int32_t*), and we need to handle the logic to convert the involved locations
back and forth from nonloc::LocAsInteger, nonloc::ConcreteInt, to Loc and
loc::ConcreteInt respectively. This adds some potentially suspect logic to
BasicStoreManager that allows the analyzer to reason about abuses of the C type
system. This should probably be refined, be ported over to RegionStoreManager,
and extended with "path-sensitive type checking" to flag bugs in clearly
incoherent code.
llvm-svn: 70382
2009-04-29 16:03:27 +00:00
e034868a36
MemRegion pretty-printing: Convert DeclName to a string to print out the actual
...
name of the tracked function.
llvm-svn: 70381
2009-04-29 15:37:24 +00:00
f985648e83
SymbolicRegions may also be live roots.
...
llvm-svn: 70380
2009-04-29 09:24:35 +00:00
0b50fb1de1
retain/release checker: Refactor getMethodSummary() to not depend on ObjCMessageExpr.
...
llvm-svn: 70369
2009-04-29 05:04:30 +00:00
3ee3044bd7
As discussed with Ted offline, re-apply r70293.
...
llvm-svn: 70358
2009-04-29 02:30:09 +00:00
7686ffaf07
retain/release checker: Refactor the guts of getClassMethodSummary to not depend
...
on ObjCMessageExpr. This will enable us to use it elsewhere. This should not
change any functionality.
llvm-svn: 70352
2009-04-29 00:42:39 +00:00
869292d5b6
Implement ownership attribute 'objc_ownership_make_collectable'. This allows one
...
to add 'CFMakeCollectable' semantics to a method.
llvm-svn: 70336
2009-04-28 22:32:26 +00:00
ea62bf4e58
Revert 70293.
...
llvm-svn: 70313
2009-04-28 18:48:13 +00:00
6e304e6323
Now we can remove the 'blast-through' code.
...
llvm-svn: 70293
2009-04-28 13:49:42 +00:00
9bea0dc178
Extensive diagnostics: Do not add a location context for do...while statements.
...
llvm-svn: 70286
2009-04-28 04:28:12 +00:00
61114bc558
BugReporter (extensive diagnostics): Clean up do...while control-flow edges, and
...
add "Looping back to the head of the loop" diagnostic for loops.
llvm-svn: 70285
2009-04-28 04:23:15 +00:00
84bfa2c2dc
Add two new checker-specific attributes: 'objc_ownership_release' and
...
'objc_ownership_cfrelease'. These are the 'release' equivalents of
'objc_ownership_retain' and 'objc_ownership_cfretain' respectively.
llvm-svn: 70235
2009-04-27 19:36:56 +00:00
e6633567e0
Track objects in GC mode returned by 'alloc', 'new', etc. methods. These are
...
treated as "not owned" objects.
llvm-svn: 70232
2009-04-27 19:14:45 +00:00
ebbef7d0d3
Add new checker-specific attribute 'objc_ownership_cfretain'. This is the same
...
as 'objc_ownership_cfretain' except that the method acts like a CFRetain instead
of a [... retain] (important in GC modes). Checker support is wired up, but
currently only for Objective-C message expressions (not function calls).
llvm-svn: 70218
2009-04-27 18:27:22 +00:00
a7b98a772c
Implement function-try-blocks. However, there's a very subtle bug that I can't track down.
...
llvm-svn: 70155
2009-04-26 20:35:05 +00:00
5cdb8cc267
Minor code cleanup.
...
llvm-svn: 70144
2009-04-26 19:04:51 +00:00
f0b64d73a8
split ObjC and C++ Statements out into their own headers.
...
llvm-svn: 70105
2009-04-26 01:32:48 +00:00
e75de95408
Hook up attribute 'objc_ownership_retain' to the analyzer. This attribute allows
...
users to specify that a method's argument is visibly retained (reference count
incremented).
llvm-svn: 70008
2009-04-25 01:21:50 +00:00
b97d093e16
Hook up __attribute__((objc_ownership_returns)) to the retain/release checker.
...
llvm-svn: 70002
2009-04-24 23:32:32 +00:00
6a966b2486
Fix the same false positive reported in PR 2542 and <rdar://problem/6793409>
...
involving an NSAnimation object delegating its release to a delegate method.
llvm-svn: 69992
2009-04-24 21:56:17 +00:00
53c5b7e0bd
Minor refactoring: pass selector to getCommonMethodSummary(). No functionality
...
change.
llvm-svn: 69985
2009-04-24 18:19:07 +00:00
6e86cafca3
retain/release checker: more hacks to workaround false positives cause by
...
delegates. When a reference counted object is passed as to a 'void*' argument to
a method stop tracking the reference count.
llvm-svn: 69984
2009-04-24 18:00:17 +00:00
21895e0b89
Sentence case bug name.
...
llvm-svn: 69983
2009-04-24 17:51:19 +00:00
8a5ad39a46
retain/release checker:
...
- Fix summary lookup for class methods to now use the (optional)
ObjCInterfaceDecl associated with a message expression. This removes a
long-standing FIXME.
- Partial fix for <rdar://problem/6062730> by stop tracking objects that
are passed to [NSObject performSelector]. These methods are often used
for delegates, which the analyzer doesn't reason about well yet.
llvm-svn: 69982
2009-04-24 17:50:11 +00:00
60746a0a83
Refactor common logic in getMethodSummary() and getClassMethodSummary(). No
...
functionality change.
llvm-svn: 69936
2009-04-23 23:08:22 +00:00
37467813c5
Further cleanups to isTrackedObjectType().
...
llvm-svn: 69929
2009-04-23 22:11:07 +00:00
0a1f9c423f
retain/release checker: Don't call isTrackedObject() with the canonical type.
...
This was preventing the checker from tracking return objects referenced by 'id'.
llvm-svn: 69922
2009-04-23 21:25:57 +00:00
b2f419dc88
retain/release checker: For class methods, only treat return values that are
...
object references as tracked objects.
llvm-svn: 69915
2009-04-23 20:02:30 +00:00
f27110fc27
Per discussions with Ken Ferry and Paul Marks (<rdar://problem/6815234>) greatly
...
extend the number of objects tracked by the retain/release checker by assuming
that all class and instance methods should follow Cocoa object "getter" and
"alloc/new" conventions.
llvm-svn: 69908
2009-04-23 19:11:35 +00:00
9c03f68206
Fix PR 4033: the analyzer shouldn't crash on computed gotos involving symbolic
...
target addresses.
llvm-svn: 69900
2009-04-23 17:49:43 +00:00
3ebc5057ac
BugReporter (extensive diagnostics): Recursively adjust the referred expression
...
when popping location contexts.
llvm-svn: 69898
2009-04-23 16:44:22 +00:00
e60809c31d
BugReporter (extensive diagnostics): Ignore parentheses when added control-flow
...
pieces for location contexts.
llvm-svn: 69895
2009-04-23 16:19:29 +00:00
29bd76fd04
Eliminate the three SmallVectors in ObjCImplDecl (for instance
...
methods, class methods, and property implementations) and instead
place all of these entities into the DeclContext.
This eliminates more linear walks when looking for class or instance
methods and should make PCH (de-)serialization of ObjCDecls trivial
(and lazy).
llvm-svn: 69849
2009-04-23 01:02:12 +00:00
63e29cc99c
Add PathDiagnosticRange to PathDiagnostics. These simply wrap SourceRange and
...
indicate whether or not the range represents an absolute range or should be
extended by lexing to the end of the token.
llvm-svn: 69834
2009-04-22 22:26:10 +00:00
48b7875e55
BugReporter (extensive diagnostics): Use correct location for location contexts.
...
llvm-svn: 69824
2009-04-22 20:51:59 +00:00
fb05406cef
BugReporter (extensive diagnostics): always add an edge if there is no location
...
context.
llvm-svn: 69823
2009-04-22 20:36:26 +00:00
6c867a1460
BugReporter (extensive diagnostics):
...
- Remove stale assertion that was breaking the test suite.
- When popping location contexts, only add a control-flow piece for fileID
locations.
llvm-svn: 69814
2009-04-22 18:37:42 +00:00
0752a5dff3
BugReporter (extensive diagnostic algorithm): The initial control-flow edge now
...
starts from the first character of the first statement.
llvm-svn: 69813
2009-04-22 18:16:20 +00:00
22579c4c8f
PathDiagnosticLocation: ranges for terminators now only include the first
...
character instead of the entire range for the IfStmt, ForStmt, etc. We may
gradually refine these ranges later, but basically terminator ranges just refer
to the first keyword.
llvm-svn: 69812
2009-04-22 18:03:00 +00:00
fe95afd0bc
Fix crash reported in PR 3991. The analyzer doesn't reason about ObjCKVCExpr.
...
llvm-svn: 69754
2009-04-21 23:53:32 +00:00
eff7c6a2d6
This patch is largely due to Zhongxing Xu. I've simply applied it because of
...
some refactoring I did recently to StoreManager.
StoreManager::CastRegion: Handle casts to void* by stripping TypedViewRegions.
llvm-svn: 69751
2009-04-21 23:31:46 +00:00
35f875c136
Fix: <rdar://problem/6777209> false Dereference of null pointer in loop: pointer increment/decrement preserves non-nullness
...
When the StoreManager doesn't reason well about pointer-arithmetic, propagate
the non-nullness constraint on a pointer value when performing pointer
arithmetic uisng ++/--.
llvm-svn: 69741
2009-04-21 22:38:05 +00:00
1a1b62c168
Tweak pretty-printing of constraints.
...
llvm-svn: 69740
2009-04-21 22:37:11 +00:00
2d495a6f43
Refactor 'BasicStoreManager::CastRegion' and 'RegionStoreManager::CastRegion'
...
into StoreManager::CastRegion. Both methods were practically identical, and this
is core logic that is common to all StoreManagers since it defines the basic
invariants of the abstract memory model.
llvm-svn: 69730
2009-04-21 21:51:34 +00:00
9bb660c3f4
Recommit 69694 but this time also include the header changes (sorry for breaking
...
the build).
llvm-svn: 69702
2009-04-21 19:56:58 +00:00
Zhongxing Xu