Commit Graph

657 Commits

Author SHA1 Message Date
Mike Stump 014b3eabd1 Wire up for statement CFG improvements for conditionals that are known.
llvm-svn: 76529
2009-07-21 01:12:51 +00:00
Mike Stump 23a443bea7 Wire up CFG improvements for while when the condition is known.
llvm-svn: 76522
2009-07-21 00:38:52 +00:00
Mike Stump 0d76d075e4 Add yet more analysis for CFGs involving conditionals that are actually constant.
llvm-svn: 76500
2009-07-20 23:24:15 +00:00
Ted Kremenek 834e2f69da Enhanced IsReinterpreted() (RegionStore.cpp) to reason about higher-order
pointers.

Enhanced RegionStoreManager::Retrieve() to handle automatic casts when the
loaded value is different from the requested value. This should be refined over
time, but essentially we should always symbolicate locations as locations, and
convert them to non-locations on demand.

These changes now cause 'misc-ps.m' to pass again.

llvm-svn: 76497
2009-07-20 22:58:02 +00:00
Ted Kremenek 2f730c8aed This test now passes with RegionStore.
llvm-svn: 76484
2009-07-20 21:44:10 +00:00
Ted Kremenek bf04f98c1f Add XFAILED test.
llvm-svn: 76469
2009-07-20 21:00:55 +00:00
Ted Kremenek e9812bdac5 Fix crash in StoreManager::NewCastRegion() when handling casts from 'id' (or whatever) to a BlockPointerType.
llvm-svn: 76288
2009-07-18 06:27:51 +00:00
Ted Kremenek 6ab0a74a25 Add test case for bug fix in r76262.
llvm-svn: 76283
2009-07-18 05:02:33 +00:00
Mike Stump 48871a2880 Make noreturn functions alter the CFG.
llvm-svn: 76133
2009-07-17 01:04:31 +00:00
Ted Kremenek e5a068fcb3 Update test case to use '__has_feature' macro.
llvm-svn: 76129
2009-07-17 00:19:33 +00:00
Ted Kremenek c7b1dade86 Move RegionStoreManager over to using new
ValueManager::makeArrayIndex()/convertArrayIndex() methods.  This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.

llvm-svn: 75884
2009-07-16 01:33:37 +00:00
Ted Kremenek f3e1e4d9a1 Fix <rdar://problem/7062158> by having BasicStoreManager model values for 'static' global variables.
llvm-svn: 75844
2009-07-15 22:09:25 +00:00
Ted Kremenek e6fea68c46 More test cases revealed that the logic in StoreManager::InvalidateRegion() needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
  it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
  symbolic arrays that have been invalidated.  This uses the new SymbolDerived
  construct that was recently introduced.
  
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.

llvm-svn: 75730
2009-07-15 02:31:43 +00:00
Ted Kremenek 9a797db199 Split out 'test2' into an i386 and x86_64 file, illustrating how the
test behavior differs between architectures.  When this is no longer
the case, these tests will be merged.

llvm-svn: 75708
2009-07-14 23:17:22 +00:00
Ted Kremenek eea582f04f This test currently only passes for 32-bit archs.
llvm-svn: 75698
2009-07-14 22:58:18 +00:00
Ted Kremenek 0c37d19fea Enhance RegionStoreManager to handle 'Retrieve's from SymbolicRegions. We do this by silently wrapping the region with an ElementRegion. This fixes the failures in misc-ps-region-store.m.
llvm-svn: 75679
2009-07-14 20:48:22 +00:00
Ted Kremenek c057f417d8 Add basic checking for passing NULL to CFRetain/CFRelease, since those functions
are not explicitly marked as not accepting NULL pointers. This check illustrates
how we need more refactoring in the custom-check logic.

llvm-svn: 75570
2009-07-14 00:43:42 +00:00
Ted Kremenek b63f71528e Enhance SimpleSValuator::EvalBinOpNN to recognize the trivial case
where we are comparing a symbolic value against itself, regardless of
the nature of that symbolic value.

This enhancement identified a case where RegionStoreManager is not
correctly symbolicating the values of the pointees of parameters.  The
failing test is now in 'test/Analysis/misc-ps-region-store.m', with
that test file now (temporarily) marked XFAIL.

llvm-svn: 75521
2009-07-13 21:55:12 +00:00
Ted Kremenek da03e8443e Handle insidious corner case exposed by RegionStoreManager when handling void* values that are bound
to symbolic regions and then treated like integers.

llvm-svn: 75356
2009-07-11 04:38:49 +00:00
Zhongxing Xu e00c981feb remove duplicated test cast.
llvm-svn: 75329
2009-07-11 02:33:35 +00:00
Ted Kremenek 156700fd14 This test passes with RegionStoreManager.
llvm-svn: 75318
2009-07-11 00:07:06 +00:00
Ted Kremenek 74a7b9188a This test now passes with RegionStoreManager.
llvm-svn: 75316
2009-07-11 00:03:23 +00:00
Eli Friedman fd9b1094b8 Fix silly mistake I made applying patch to fix test.
llvm-svn: 75303
2009-07-10 22:27:56 +00:00
Ted Kremenek e057d4e5a9 Rename test file.
llvm-svn: 75297
2009-07-10 21:48:43 +00:00
Ted Kremenek 3fcf628b40 RegionStoreManager also passes this test file.
llvm-svn: 75296
2009-07-10 21:48:10 +00:00
Ted Kremenek 488495e491 RegionStoreManager now correctly passes this test file.
llvm-svn: 75295
2009-07-10 21:45:10 +00:00
Ted Kremenek 6cb2a34e3c Test case in test/Analysis/xfail_regionstore_wine_crash.c no longer fails, so
move this case to 'test/Analysis/misc-ps.m' to test with both BasicStoreManager
and RegionStoreManager.

llvm-svn: 75294
2009-07-10 21:43:30 +00:00
Ted Kremenek bf73ad47a8 Revert r75281 and simply remove the assertion in NewCastRegion that
CodeTextRegions can only be casted to FunctionPointer or BlockPointerTypes. This
simply isn't true. We can handle bogus operations on CodeTextRegions (e.g, an
array access) elsewhere.

llvm-svn: 75285
2009-07-10 21:24:45 +00:00
Ted Kremenek 6c94771a0b Fix crash in StoreManager::NewCastRegion regarding handling casts to void*,
void**, void***, etc.  Such casts should just pass the region through.

llvm-svn: 75281
2009-07-10 21:11:16 +00:00
Eli Friedman 7d369cd2a6 Misc fixes to fix tests on OpenBSD, per email to cfe-commits. Patches
by Jonathan Gray and Krister Walfridsson.

llvm-svn: 75268
2009-07-10 20:10:06 +00:00
Ted Kremenek f66557978e Switch BasicStoreManager to use the new CastRegion implementation by default,
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.

llvm-svn: 75209
2009-07-10 00:41:58 +00:00
Ted Kremenek 8ee3dd7cc5 Fix: <rdar://problem/7034511> ValueManager::makeIntVal(uint64_t X, QualType T) should return a 'Loc' when 'T' is a pointer
llvm-svn: 75062
2009-07-08 22:42:46 +00:00
Ted Kremenek 97213bac53 NewCastRegion: Handle casts *from* pointers to incomplete structs to other types.
llvm-svn: 74884
2009-07-06 23:47:19 +00:00
Ted Kremenek c5ab3a0eab StoreManager::NewCastRegion:
- Refactor logic that creates ElementRegions into a help method 'MakeElementRegion'.
- Fix crash due to not handling StringRegions.  Casts of StringRegions now
  result in a new ElementRegion layered on the original StringRegion.

llvm-svn: 74867
2009-07-06 22:23:45 +00:00
Ted Kremenek eea8c29aa3 Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line using '-analyzer-store=basic-new-cast'.
llvm-svn: 74865
2009-07-06 21:58:46 +00:00
Ted Kremenek 0578e43862 Fix <rdar://problem/7033733>. The CF_RETURNS_RETAINED attribute should work if the return type on an Objective-C method is a CF type reference, not just an Objective-C object reference.
llvm-svn: 74841
2009-07-06 18:30:43 +00:00
Zhongxing Xu 9988bab609 add test case for r74407.
llvm-svn: 74761
2009-07-03 05:33:23 +00:00
Ted Kremenek 0b0f206efa Fix a horrible CFG bug reported in <rdar://problem/7027684>. The wrong successor
block would get hooked up in some cases when processing empty compound
statements.

llvm-svn: 74743
2009-07-03 00:10:50 +00:00
Ted Kremenek 725b4a3a51 Enhance RegionStore to lazily symbolicate fields and array elements for
structures passed-by-value as function arguments.

llvm-svn: 74729
2009-07-02 22:02:15 +00:00
Ted Kremenek a8a295f2d9 Temporarily disable RegionStore for stack-addr-ps.c, as a new test case reveals
a case where RegionStore doesn't create symbolic values for the fields of
structs that are passed-by-value.

llvm-svn: 74662
2009-07-01 23:24:11 +00:00
Ted Kremenek 55e07efeed Add a FIXME to RegionStore, do some minor code cleanup, and get RegionStore to
pass misc-ps.m. Currently RegionStore/BasicStore don't do any special reasoning
about clang-style vectors, so we should return UnknownVal (in all cases) when
accessing their values via an array.

llvm-svn: 74660
2009-07-01 23:19:52 +00:00
Zhongxing Xu e205d43c75 When retrieving element region, if its super region has binding, return
unknown for it.

Mark the super region of a live region as live, if the live region is pointed
to by a live pointer variable.

These fixes xfail_regionstore_wine_crash.c.

llvm-svn: 74524
2009-06-30 12:32:59 +00:00
Zhongxing Xu 4744d560b8 Invalidate the alloca region by setting its default value to conjured symbol.
llvm-svn: 74419
2009-06-29 06:43:40 +00:00
Zhongxing Xu 55e070031f Now this test case passes.
llvm-svn: 74410
2009-06-28 14:25:10 +00:00
Zhongxing Xu 6f610707cf Invalidate a field of struct type by setting its default value to conjured
symbol.

llvm-svn: 74408
2009-06-28 13:59:24 +00:00
Ted Kremenek 1642bdaaa5 Introduce a new concept to the static analyzer: SValuator.
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.

We now have one implementation of SValuator: SimpleSValuator.

SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.

As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.

llvm-svn: 74229
2009-06-26 00:05:51 +00:00
Zhongxing Xu 540c009fbe Return UnknownVal for pointer arithmetic on struct fields.
llvm-svn: 73851
2009-06-21 13:24:24 +00:00
Zhongxing Xu 54fb536b5c A further step of r73690: associate the cast-to type with the created symbol,
because the type of the symbol is used to create the default range. We need the
sign to be consistent.

llvm-svn: 73756
2009-06-19 06:00:32 +00:00
Zhongxing Xu cc45762253 If the SymbolicRegion was cast to another type, use that type to create the
ElementRegion.

llvm-svn: 73754
2009-06-19 04:51:14 +00:00
Zhongxing Xu b21175ccbe Modify test case comments.
llvm-svn: 73691
2009-06-18 06:49:35 +00:00
Zhongxing Xu cea6578078 When casting region, if we do not create an element region, record the cast-to
type. 

When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.

llvm-svn: 73690
2009-06-18 06:29:10 +00:00
Ted Kremenek dc935e99e2 Add IOKit test cases for retain/release checker.
llvm-svn: 73549
2009-06-16 20:44:39 +00:00
Zhongxing Xu 838a0db0ba Use canonical type for building ElementRegion. Otherwise ElementRegions cannot
be unique.

llvm-svn: 73482
2009-06-16 09:55:50 +00:00
Zhongxing Xu e531f048f8 Do not invalidate unboundable regions in GRSimpleVals::EvalCall().
llvm-svn: 73474
2009-06-16 06:18:21 +00:00
Zhongxing Xu 519a47d4bd Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the
comments for added test case for details.

llvm-svn: 73189
2009-06-11 09:11:27 +00:00
Ted Kremenek a03705c82d Fix:
<rdar://problem/6948053> False positive: object substitution during -init* methods warns about returning +0 when using -fobjc-gc-only

llvm-svn: 72971
2009-06-05 23:18:01 +00:00
Ted Kremenek ea1c221334 Enhance attribute cf_returns_retained to also work (in the analyzer)
for non-Objctive-C pointer types.  This implicitly documents that the
return type is a CF object reference.

llvm-svn: 72968
2009-06-05 23:00:33 +00:00
Eli Friedman 8001b35d5d Clean up builtin lists, add a few new builtins. (I re-sorted the
string.h builtins to be in the same order as the list in the C99 
standard.)

llvm-svn: 72882
2009-06-04 19:35:30 +00:00
Ted Kremenek 2d22c84b4a Add more retain-checker tests for GC mode when using NSMakeCollectable.
llvm-svn: 72799
2009-06-03 19:19:06 +00:00
Ted Kremenek 1036912118 Add special cases to retain checker for 'create' methods in QCView, QCRenderer, and CIContext (Apple APIs).
This fixes:

<rdar://problem/6902710> clang: false positives w/QC and CoreImage methods.

llvm-svn: 72187
2009-05-20 22:39:57 +00:00
Zhongxing Xu 1075cc0b02 Treat AllocaRegion as SymbolicRegion in RegionStore::Retrieve().
llvm-svn: 72166
2009-05-20 09:18:48 +00:00
Zhongxing Xu 1f275ba1b4 Add comments to test case.
llvm-svn: 72165
2009-05-20 09:03:10 +00:00
Zhongxing Xu a7907608fb * API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
RegionStore needs to know the type of alloca region. 
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
  element region, as what is done to symbolic region.

llvm-svn: 72164
2009-05-20 09:00:16 +00:00
Eli Friedman 45966b4671 Remove the -arch option from clang-cc: for all practical purposes, it's
redundant with -triple.

llvm-svn: 72108
2009-05-19 11:12:40 +00:00
Ted Kremenek 501ba0365a Fix PR 4230: Don't flag leaks of NSAutoreleasePools until we know that we aren' at the top-most scope of autorelease pools.
llvm-svn: 72065
2009-05-18 23:14:34 +00:00
Eli Friedman 0b4af8f755 PR3009: Get rid of bogus warning for scalar compound literals.
This patch isn't quite ideal in that it eliminates the warning for 
constructs like "int a = {1};", where the braces are in fact redundant.  
However, that would have required a bunch of refactoring, and it's 
much less likely to cause confusion compared to redundant nested braces.

llvm-svn: 71939
2009-05-16 11:45:48 +00:00
Ted Kremenek e4302ee3bb Fix: <rdar://problem/6893565> False positive: don't flag leaks for return types that cannot be determined to be CF types
llvm-svn: 71921
2009-05-16 01:38:01 +00:00
Ted Kremenek 3281977dbb Fix crash when deriving the enclosing summary of a method whose first selector slot has a null IdentifierInfo*. This happens when analyzing Growl.
llvm-svn: 71857
2009-05-15 15:49:00 +00:00
Ted Kremenek f9fa3cb78a Fix <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object.
llvm-svn: 71797
2009-05-14 21:29:16 +00:00
Ted Kremenek 3b204e4c2e Add some basic type checking for attributes ns_returns_retained and
cf_returns_retained. Currently this attribute can now be applied to any
Objective-C method or C function that returns a pointer or Objective-C object
type.

Modify the tablegen definition of diagnostic 'warn_attribute_wrong_decl_type' to
expect that the diagnostics infrastructure will add quotes around the attribute
name when appropriate. Alonq with this change, I modified the places where this
warning is issued to passed the attribute's IdentifierInfo* instead of having a
hard-coded C constant string.

llvm-svn: 71718
2009-05-13 21:07:32 +00:00
Ted Kremenek bae777254a Enhance diagnostics value tracking logic for null dereferences and uninitialized values.
llvm-svn: 71700
2009-05-13 19:16:35 +00:00
Ted Kremenek 5801f65a52 Fix crasher reported in PR 4209 caused by an invalid summary
generation when EvalObjCMessageExpr() did not resolve the
ObjCInterfaceDecl* for a receiver when the receiver's symbolic value
wasn't being explicitly tracked.

llvm-svn: 71685
2009-05-13 18:16:01 +00:00
Ted Kremenek 051a03d698 Fix crasher in CFRefCount.cpp reported by Nikita Zhuk due to recently added autorelease tracking.
llvm-svn: 71647
2009-05-13 07:12:33 +00:00
Ted Kremenek 1272f706ca Fix: <rdar://problem/6320065> false positive - init method returns an object owned by caller
Now 'init' methods are treated by the retain/release checker as
claiming their receiver and allocating a new object.

llvm-svn: 71579
2009-05-12 20:06:54 +00:00
Zhongxing Xu 08a2ede018 Add logic for invalidating array region to CFRefCount.cpp. When invalidating
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.

Also fix some 80 columns violations.

llvm-svn: 71548
2009-05-12 10:10:00 +00:00
Ted Kremenek 95d181936a Fix <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects
This was accomplished by having	'isTypeRef' recursively walk the typedef stack.

llvm-svn: 71538
2009-05-12 04:53:03 +00:00
Ted Kremenek d0e3ab2196 Fix regression reported in <rdar://problem/6866843>. The analyzer should extend the lifetime of an object stored to a container.
llvm-svn: 71452
2009-05-11 18:30:24 +00:00
Ted Kremenek 7e7ed527dd Add test case for <rdar://problem/6257780>.
llvm-svn: 71444
2009-05-11 17:45:06 +00:00
Ted Kremenek dc7853cd98 Fix a bug found by Thomas Clement where 'return [[[NSString alloc] init] autorelease]' would emit a false 'too many overreleases' error.
llvm-svn: 71432
2009-05-11 15:26:06 +00:00
Ted Kremenek 1f8e4346fa Add special warning about returning a retained object where a GC'ed object is expected.
llvm-svn: 71397
2009-05-10 16:52:15 +00:00
Ted Kremenek dee56e37fc retain/release checker: Flag a warning for non-owned objects returned
where an owned one is expected.  Also add preliminary checking for
returning a positive retain count object in GC mode where an owned GC
object is expected.

llvm-svn: 71388
2009-05-10 06:25:57 +00:00
Ted Kremenek 3978f7972d analyzer:
- Improve -autorelease diagnostics.
- Improve VLA diagnostics.
- Use "short description" for bug when outputting to TextDiagnostics

llvm-svn: 71383
2009-05-10 05:11:21 +00:00
Zhongxing Xu c9c3dab491 When casting VarRegion, if the var type is aggregate type and the cast-to
pointee type is scalar type, create element region regardless with the sizes
of types.

llvm-svn: 71360
2009-05-09 15:34:29 +00:00
Zhongxing Xu 4bc5a4c3bd add comments to test case.
llvm-svn: 71356
2009-05-09 13:27:17 +00:00
Ted Kremenek d73cfc734b Add back test cases for ns_returns_retained and cf_returns_retained.
llvm-svn: 71312
2009-05-09 03:10:32 +00:00
Ted Kremenek 2d0ff62a0d It lives! The retain/release checker now tracks objects that are sent
'autorelease'.

llvm-svn: 71307
2009-05-09 01:50:57 +00:00
Fariborz Jahanian 5276014db2 We want to diagnose sending message to a forward class
and we also want to tell which message is actually 
being sent.

llvm-svn: 71296
2009-05-08 23:45:49 +00:00
Ted Kremenek 062c14ba24 Remove experimental ownership attributes from Clang.
llvm-svn: 71216
2009-05-08 15:19:25 +00:00
Zhongxing Xu d2e8fa14df Region store: when casting VarRegions, if the cast-to pointee type is
incomplete, do not compute its size and return the original region.

llvm-svn: 71213
2009-05-08 07:28:25 +00:00
Zhongxing Xu afc875c766 Replace the heuristic isSmallerThan with ASTContext::getTypeSize().
llvm-svn: 71206
2009-05-08 02:12:59 +00:00
Ted Kremenek 3975f17f04 Fix <rdar://problem/6845148>. Signed integers compared against pointers should
implicitly be changed to unsigned values in GRSimpleVals.cpp. This can happen
when the comparison involves logic in specialized transfer functions (e.g.,
OSAtomicCompareAndSwap).

llvm-svn: 71200
2009-05-08 00:32:39 +00:00
Ted Kremenek ba53fe98e7 More attribute renaming:
- Rename 'ns_returns_owned' -> 'ns_returns_retained'.
- Rename 'cf_returns_owned' -> 'cf_returns_retained'.

llvm-svn: 71182
2009-05-07 21:49:45 +00:00
Ted Kremenek 094bc31000 Fix <rdar://problem/6848739>. When using -analyze, -Werror has no effect.
llvm-svn: 71172
2009-05-07 19:02:53 +00:00
Ted Kremenek 0626df4eeb Fix analyzer regression reported in PR 4164:
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
  casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
  - Strip ElementRegions when the ElementRegion is just a 'raw data' view
    on top of the underlying typed region.

llvm-svn: 71094
2009-05-06 18:19:24 +00:00
Zhongxing Xu ea8c48d5a1 Improve RegionStoreManager::getSizeInElements()
- add a static function getTypeWidth(), which computes the width of a type
   with the help of TargetInfo.
 - no-outofbounds.c now passes for region store.

llvm-svn: 71080
2009-05-06 11:51:48 +00:00
Zhongxing Xu 1813e23a52 Implement a heuristic type size comparison method for now.
llvm-svn: 71074
2009-05-06 08:08:27 +00:00
Zhongxing Xu d5e09be293 Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
RegionStore.

This CastRegion() performs casts according to the kind of the region being 
cast instead of the type that is cast to.

llvm-svn: 71058
2009-05-06 02:42:32 +00:00
Ted Kremenek 213ff5a98e Implement attribute 'ns_autorelease'.
llvm-svn: 70990
2009-05-05 18:44:20 +00:00
Ted Kremenek dad8889d62 Enhance ownership attribute tests with functions that use the attributes!
llvm-svn: 70984
2009-05-05 17:46:22 +00:00
Ted Kremenek 94c464ef22 Implement attribute 'cf_returns_owned' (mirrors 'ns_returns_owned').
llvm-svn: 70952
2009-05-05 00:46:09 +00:00
Ted Kremenek de1aa1e4dd Rename ownership attributes:
ns_ownership_returns -> ns_returns_owned
 ns_ownership_retain -> ns_retains
 ns_ownership_release -> ns_releases
 cf_ownership_retain ->  cf_retains
 cf_ownership_release -> cf_releases

llvm-svn: 70949
2009-05-05 00:21:59 +00:00
Ted Kremenek bbec22d2b2 Rename attribute 'ns_ownership_returns' to 'ns_returns_ownership'.
llvm-svn: 70941
2009-05-04 23:52:59 +00:00
Ted Kremenek 6bdfcf47ad Remove experimental attribute 'ns_ownership_make_collectable.'
llvm-svn: 70940
2009-05-04 23:46:06 +00:00
Ted Kremenek 0836a19931 Rename attributes 'objc_ownership...' to 'ns_ownership...'.
llvm-svn: 70897
2009-05-04 19:10:19 +00:00
Ted Kremenek 250d59f33f Fix false positive null dereference by unifying code paths in GRSimpleVals for
'==' and '!=' (some code in the '!=' was not replicated in the '==' code,
causing some constraints to get lost).

llvm-svn: 70885
2009-05-04 17:53:11 +00:00
Ted Kremenek 5dbfa3fadd Rename attributes:
'objc_ownership_cfretain' -> 'cf_ownership_retain'
'objc_ownership_cfrelease' -> 'cf_ownership_release'

Motivation: Core Foundation objects can be used in isolation from Objective-C,
and this forces users to reason about the separate semantics of CF objects. More
Sema support pending.

llvm-svn: 70884
2009-05-04 17:29:57 +00:00
Ted Kremenek 0b0ee3c49d Update test case.
llvm-svn: 70883
2009-05-04 17:27:32 +00:00
Ted Kremenek bc76c72f94 Remove support for ObjCMethodDecl attributes that appear between the
return type and the selector.  This is inconsistent with C functions
(where such attributes would be placed on the return type, not the the
FunctionDecl), and is inconsistent with what people are use to seeing.

llvm-svn: 70878
2009-05-04 17:04:30 +00:00
Ted Kremenek 238d0b6ecd Rename no-outofbounds.c to xfail-no-outofbounds.c and split off that
test into a separate file to monitor the fact that BasicStoreManager
passes the test.

llvm-svn: 70859
2009-05-04 14:31:19 +00:00
Zhongxing Xu 6ebde279ae array indexes are unsigned integers of the same width as pointer.
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.

llvm-svn: 70844
2009-05-04 08:52:47 +00:00
Ted Kremenek 2d9fa1b4b7 Test now passes. I'll hold off merging it with the BasicStore test until we know this is a stable change.
llvm-svn: 70837
2009-05-04 07:11:21 +00:00
Ted Kremenek 758fda4274 BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.
StoreManager: Handle casts from one element region to another.
Update test cases.

llvm-svn: 70836
2009-05-04 07:04:36 +00:00
Ted Kremenek 95162024e2 This test no longer fails.
llvm-svn: 70834
2009-05-04 06:45:58 +00:00
Ted Kremenek 35cf12ab2d Handle 'long x = 0; char *y = (char *) x;' by layering an
'ElementRegion' on top of the VarRegion for 'x'.  This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager.  It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.

llvm-svn: 70832
2009-05-04 06:35:49 +00:00
Ted Kremenek 02e508960c Per conversations with Zhongxing, add an 'element type' to
ElementRegion.  I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.

This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager.  Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
  'Line 159: Uninitialized or undefined return value returned to caller.'
  
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.

Zhongxing: When you get a chance, could you review this?  I could have
easily screwed up something basic in RegionStoreManager.

llvm-svn: 70830
2009-05-04 06:18:28 +00:00
Ted Kremenek 055797b789 Add RegionStore test that illustrates a bogus array-out-of-bounds error.
llvm-svn: 70795
2009-05-03 19:24:34 +00:00
Ted Kremenek 3f4e62f397 Add failing test case.
llvm-svn: 70791
2009-05-03 19:09:37 +00:00
Ted Kremenek 4b59ccb563 Fix: <rdar://problem/6850275> CF objects returned from methods with "new" or "copy" in their name should be treated as owned
For methods that follow the "fundamental rule" and return Core
Foundation objects, treat those objects as owned by the caller.

llvm-svn: 70665
2009-05-03 06:08:32 +00:00
Zhongxing Xu 3e3e69bbe7 region store: make Retrieve() can retrieve embedded array correctly. Also
simplify the retrieve logic.

llvm-svn: 70651
2009-05-03 00:27:40 +00:00
Ted Kremenek 49805454e6 Add CFG support for @synchronized. This fixes <rdar://problem/6848820>.
llvm-svn: 70620
2009-05-02 01:49:13 +00:00
Ted Kremenek 2bfed98b0a Add another null pointer check test case.
llvm-svn: 70614
2009-05-02 00:41:02 +00:00
Ted Kremenek 407d81b2cd Add another test case found due to an analyzer regression.
llvm-svn: 70600
2009-05-01 23:35:18 +00:00
Fariborz Jahanian 07b7165b50 Check for method type conflict between declaration in
class/protocol and implementation which could be
an imm. implementation or down in the inheritance
hierarchy.

llvm-svn: 70568
2009-05-01 20:07:12 +00:00
Ted Kremenek 9c21f1d174 StoreManager::CastRegion:
- Don't layer TypedViewRegions on top of any region except
  SymbolicRegions and AllocaRegions.  This follows from my offline
  discussion within Zhongxing about how TypedViewRegions really only
  represent memory getting re-appropriated for a new purpose.

Fallout	from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
  (it now passes).

- test/Analysis/fields.c now fails for region store (crash).
  Marking XFAIL.

- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
  Marking XFAIL.

  Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
   access then the one flagged:

  rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
    *p = 1;
    ^~

  Changing the line:
   char *p = (void*) &wonky[1];
  to
   char *p = (void*) &wonky[0];

  (which should delay the buffer overrun) causes region store to crash, probably
  because it expects a TypedViewRegion.

- test/Analysis/casts.c (region store) now fails (crash).
  Marking XFAIL.

llvm-svn: 70565
2009-05-01 19:22:20 +00:00
Ted Kremenek 5cfe43ddd3 Add function prototype for OSAtomicCompareAndSwap32Barrier.
llvm-svn: 70559
2009-05-01 17:37:31 +00:00
Ted Kremenek 38ce220817 Fix run line in failing test case (it was missing the '%s' for the
file name, thus causing the test case to hang).

llvm-svn: 70558
2009-05-01 17:29:33 +00:00
Ted Kremenek 3b201db3c0 Add failing static analyzer case (this crashes).
llvm-svn: 70532
2009-05-01 04:13:51 +00:00
Ted Kremenek 2ff8a79d27 retain/release checker: Hook up attributes 'objc_ownership_retain' and
'objc_ownership_release' to the effects on receivers.

llvm-svn: 70507
2009-04-30 20:00:31 +00:00
Ted Kremenek 2acb5adac9 Allow attributes 'objc_ownership_retain' and 'objc_ownership_release' to be
applied to ObjCMethodDecls, not just parameters. This allows one to specific
side-effects on the receiver of a message expression. No checker support yet.

llvm-svn: 70505
2009-04-30 19:18:03 +00:00
Ted Kremenek 290fbb1d42 Hook up Sema support for attributes on Objective-C method declarations that
appear between the return type and the selector. This is a separate code path
from regular attribute processing, as we only want to (a) accept only a specific
set of attributes in this place and (b) want to distinguish to clients the
context in which an attribute was added to an ObjCMethodDecl.

Currently, the attribute 'objc_ownership_returns' is the only attribute that
uses this new feature. Shortly I will add a warning for 'objc_ownership_returns'
to be placed at the end of a method declaration.

llvm-svn: 70504
2009-04-30 18:41:06 +00:00
Ted Kremenek 8c06515f2b Add parsing support in an Objective-C method declaration for attributes between
the return type and selector. Haven't hooked this up to Sema yet.

llvm-svn: 70501
2009-04-30 17:55:29 +00:00
Steve Naroff 62e0cb0a22 Warn about invalid return statements by default.
This fixes <rdar://problem/6839489> 10A345: Clang does not warm about mismatched returns (void return from a bool function)
 
Will implement -Wreturn-type, -Wno-return-type in another commit.

llvm-svn: 70492
2009-04-30 16:01:26 +00:00
Ted Kremenek 223a7d5445 retain/release checker: When determining whether an analyzed method can return
an owned object, consult its summary instead of inspecting the selector. This
picks up annotations, and is just more general.

llvm-svn: 70429
2009-04-29 23:03:22 +00:00
Ted Kremenek 6bd78709f2 retain/release checker: Hoist code for bug reports above transfer function logic
(those diffs are just code moving) and move the logic for "return of owned
object" leak reporting to EvalReturnStmt.

llvm-svn: 70399
2009-04-29 18:50:19 +00:00
Ted Kremenek bcf597d2e5 Add test case for transfer function logic for OSCompareAndSwap32Barrier.
llvm-svn: 70383
2009-04-29 16:03:59 +00:00
Zhongxing Xu f985648e83 SymbolicRegions may also be live roots.
llvm-svn: 70380
2009-04-29 09:24:35 +00:00
Zhongxing Xu 12233fd97e Added comments to test case.
llvm-svn: 70374
2009-04-29 05:59:48 +00:00
Zhongxing Xu 892a5f78eb Update test case.
llvm-svn: 70359
2009-04-29 02:37:26 +00:00
Zhongxing Xu c14f097f58 XFAIL the test case.
llvm-svn: 70356
2009-04-29 01:50:12 +00:00
Ted Kremenek ebc6d91f4e Add regression test case provided by <rdar://problem/6833332>.
llvm-svn: 70350
2009-04-29 00:41:31 +00:00
Ted Kremenek 869292d5b6 Implement ownership attribute 'objc_ownership_make_collectable'. This allows one
to add 'CFMakeCollectable' semantics to a method.

llvm-svn: 70336
2009-04-28 22:32:26 +00:00
Ted Kremenek 89c3861061 Improve retain/release test cases for ownership attributes.
llvm-svn: 70327
2009-04-28 21:43:40 +00:00
Zhongxing Xu 3c3fee0fb8 Add test case.
llvm-svn: 70294
2009-04-28 13:52:13 +00:00
Ted Kremenek 84bfa2c2dc Add two new checker-specific attributes: 'objc_ownership_release' and
'objc_ownership_cfrelease'. These are the 'release' equivalents of
'objc_ownership_retain' and 'objc_ownership_cfretain' respectively.

llvm-svn: 70235
2009-04-27 19:36:56 +00:00
Ted Kremenek e6633567e0 Track objects in GC mode returned by 'alloc', 'new', etc. methods. These are
treated as "not owned" objects.

llvm-svn: 70232
2009-04-27 19:14:45 +00:00
Ted Kremenek ebbef7d0d3 Add new checker-specific attribute 'objc_ownership_cfretain'. This is the same
as 'objc_ownership_cfretain' except that the method acts like a CFRetain instead
of a [... retain] (important in GC modes). Checker support is wired up, but
currently only for Objective-C message expressions (not function calls).

llvm-svn: 70218
2009-04-27 18:27:22 +00:00
Ted Kremenek e75de95408 Hook up attribute 'objc_ownership_retain' to the analyzer. This attribute allows
users to specify that a method's argument is visibly retained (reference count
incremented).

llvm-svn: 70008
2009-04-25 01:21:50 +00:00
Ted Kremenek 2cfd264636 Add new checker-specific attribute 'objc_ownership_retain'. This isn't hooked up
to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function increments the reference count of a passed
object.

llvm-svn: 70005
2009-04-25 00:17:17 +00:00
Ted Kremenek b97d093e16 Hook up __attribute__((objc_ownership_returns)) to the retain/release checker.
llvm-svn: 70002
2009-04-24 23:32:32 +00:00
Ted Kremenek 44e662cd4f Add new checker-specific attribute 'objc_ownership_returns'. This isn't hooked
up to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function returns an owned an Objective-C object.

llvm-svn: 70001
2009-04-24 23:09:54 +00:00
Ted Kremenek 6a966b2486 Fix the same false positive reported in PR 2542 and <rdar://problem/6793409>
involving an NSAnimation object delegating its release to a delegate method.

llvm-svn: 69992
2009-04-24 21:56:17 +00:00
Ted Kremenek 8a5ad39a46 retain/release checker:
- Fix summary lookup for class methods to now use the (optional)
  ObjCInterfaceDecl associated with a message expression. This removes a
  long-standing FIXME.
- Partial fix for <rdar://problem/6062730> by stop tracking objects that
  are passed to [NSObject performSelector].  These methods are often used
  for delegates, which the analyzer doesn't reason about well yet.

llvm-svn: 69982
2009-04-24 17:50:11 +00:00
Ted Kremenek 37467813c5 Further cleanups to isTrackedObjectType().
llvm-svn: 69929
2009-04-23 22:11:07 +00:00
Ted Kremenek 0a1f9c423f retain/release checker: Don't call isTrackedObject() with the canonical type.
This was preventing the checker from tracking return objects referenced by 'id'.

llvm-svn: 69922
2009-04-23 21:25:57 +00:00
Ted Kremenek d6ed5b7376 Temporarily remove expected warnings.
llvm-svn: 69917
2009-04-23 20:03:52 +00:00
Ted Kremenek f27110fc27 Per discussions with Ken Ferry and Paul Marks (<rdar://problem/6815234>) greatly
extend the number of objects tracked by the retain/release checker by assuming
that all class and instance methods should follow Cocoa object "getter" and
"alloc/new" conventions.

llvm-svn: 69908
2009-04-23 19:11:35 +00:00
Ted Kremenek 9c03f68206 Fix PR 4033: the analyzer shouldn't crash on computed gotos involving symbolic
target addresses.

llvm-svn: 69900
2009-04-23 17:49:43 +00:00
Ted Kremenek fe95afd0bc Fix crash reported in PR 3991. The analyzer doesn't reason about ObjCKVCExpr.
llvm-svn: 69754
2009-04-21 23:53:32 +00:00
Ted Kremenek 35f875c136 Fix: <rdar://problem/6777209> false Dereference of null pointer in loop: pointer increment/decrement preserves non-nullness
When the StoreManager doesn't reason well about pointer-arithmetic, propagate
the non-nullness constraint on a pointer value when performing pointer
arithmetic uisng ++/--.

llvm-svn: 69741
2009-04-21 22:38:05 +00:00
Ted Kremenek a8e8bc24b3 Added over-release test case.
llvm-svn: 69703
2009-04-21 20:01:03 +00:00
Chris Lattner dac168d2a6 Fix rdar://6771034: don't warn on use of forward declared protocol in protocol
list of another protocol definition.  This warning is very noisy and GCC doesn't
produce it so existing code doesn't expect it.

llvm-svn: 68894
2009-04-12 08:43:13 +00:00
Ted Kremenek 4531be138c Add analyzer support for objc_atomicCompareAndSwap()
llvm-svn: 68849
2009-04-11 00:54:13 +00:00
Ted Kremenek df24000d24 Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"
ProgramPoints all the way through to GRCoreEngine.

NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.

llvm-svn: 68845
2009-04-11 00:11:10 +00:00
Ted Kremenek b3b2395520 Split failing test case from misc-ps.m to misc-ps-ranges.m (which tests
functionality specific to RangeConstraintManager).

llvm-svn: 68759
2009-04-10 04:02:38 +00:00
Ted Kremenek 5054663daa Fix: <rdar://problem/6776949> Branch condition evaluates to an uninitialized value (argc is guaranteed to be >= 1)
The analyzer now adds the precondition that the first argument of 'main' is > 0.

llvm-svn: 68757
2009-04-10 00:59:50 +00:00
Ted Kremenek 40f4ee74fd Implement attribute "analyzer_noreturn" (<rdar://problem/6777003>). This allows
clients of the analyzer to designate custom assertion routines as "noreturn"
functions from the analyzer's perspective but not the compiler's.

llvm-svn: 68746
2009-04-10 00:01:14 +00:00
Ted Kremenek f9f9420303 GRExprEngine: Don't try to reason about the size of 'void' for the return type
of messages sent to nil.

llvm-svn: 68683
2009-04-09 05:45:56 +00:00
Daniel Dunbar 6eaebd0934 Force triple for these tests.
llvm-svn: 68651
2009-04-08 23:02:51 +00:00
Ted Kremenek 5451c60f5a Enhance analyzer reasoning about sending messages to nil. A nil receiver returns 0 for scalars of size <= sizeof(void*).
llvm-svn: 68629
2009-04-08 18:51:08 +00:00
Ted Kremenek 605fee8445 New static analyzer check by Nikita Zhuk!
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718.  The patch also includes test cases."

llvm-svn: 68585
2009-04-08 03:07:17 +00:00
Ted Kremenek 25db1f3ff1 Add test case.
llvm-svn: 68505
2009-04-07 05:33:18 +00:00
Ted Kremenek 751e7e3833 retain/release checker: don't track NSPanel until we have better reasoning about
the subtle ownership issues of such objects.

llvm-svn: 68397
2009-04-03 19:02:51 +00:00
Ted Kremenek 701fc10087 Add a few more analyzer test cases.
llvm-svn: 68326
2009-04-02 17:25:00 +00:00
Ted Kremenek 9335fecc2a Update expected warning in test case.
llvm-svn: 68276
2009-04-02 02:52:13 +00:00
Ted Kremenek 8b0dba358a Fix: <rdar://problem/6740387>. Sending nil to an object that returns a struct
should only be an error if that value is consumed. This fix was largely
accomplished by moving 'isConsumedExpr' back to ParentMap.

llvm-svn: 68195
2009-04-01 06:52:48 +00:00
Ted Kremenek f0ec333fc1 Update test case.
llvm-svn: 68084
2009-03-31 03:34:38 +00:00
Ted Kremenek cf2d8f0404 Add another uninitialized values test case illustrating that the CFG correctly
handles declarations with multiple variables.

llvm-svn: 68046
2009-03-30 18:29:27 +00:00
Ted Kremenek 035cf930d5 Fix regression in pointer comparison with NULL (e.g., 0 != ptr). This fixes
<rdar://problem/6732151>.

llvm-svn: 67954
2009-03-28 19:59:33 +00:00
Daniel Dunbar a45cf5b6b0 Rename clang to clang-cc.
Tests and drivers updated, still need to shuffle dirs.

llvm-svn: 67602
2009-03-24 02:24:46 +00:00
Ted Kremenek af6543455f A test case to test that -warn-dead-stores does not emit a warning for stores to variables marked with '#pragma unused'.
llvm-svn: 67570
2009-03-23 22:30:58 +00:00
Ted Kremenek b294d196b3 analyzer: Provide temporary workaround for false positive reported by
<rdar://problem/6704930> involving SimpleConstraintManager not reasoning well
about symbolic constraint values involving arithmetic operators.

llvm-svn: 67534
2009-03-23 17:10:25 +00:00
Ted Kremenek c7fef2ad53 analyzer: Fix embarrassing regression in BasicStore when invalidating struct
values passed-by-reference to unknown functions.

llvm-svn: 67519
2009-03-23 15:42:58 +00:00
Ted Kremenek 67a3bb7af7 Add test cases for PR 3820.
llvm-svn: 67327
2009-03-19 19:50:58 +00:00
Ted Kremenek 891642e4da Fix PR 3836 by eagerly assuming symbolic constraints returned by unary '!'.
llvm-svn: 67260
2009-03-18 23:49:26 +00:00
Ted Kremenek b36e01d87e Fix crash reported in <rdar://problem/6695527>. We now have
SVal::GetRValueSymbolVal do the checking if we can symbolicate a type instead of
having BasicStoreManager do it (which wasn't always doing the check
consistently). Having this check in SVal::GetRValueSymbolVal keeps the check in
one centralized place.

llvm-svn: 67245
2009-03-18 22:10:22 +00:00
Zhongxing Xu e40de828fc add test case.
llvm-svn: 67154
2009-03-18 02:07:30 +00:00
Ted Kremenek 340fd2dd6e Fix PR 3677 [retain checker]: custom 'allocWithZone' methods should be allowed
to return an owning pointer.

llvm-svn: 66934
2009-03-13 20:27:06 +00:00
Ted Kremenek 22358bd681 Add a hack in the analyzer to recover some path-sensitivity at branch
conditions. Currently the analyzer does not reason well about
promotions/truncations of symbolic values, so at branch conditions when we see:

  if (condition)
  
and condition is something like a 'short' or 'char', essentially ignore the
promotion to 'int' so that we track constraints on the original symbolic value.
We only ignore the casts if the underlying type has the same or fewer bits as
the converted type.

This fixes:

<rdar://problem/6619921>

llvm-svn: 66899
2009-03-13 16:32:54 +00:00
Ted Kremenek ec94f08dce Fix failure reported by Sebastian of test/Analysis/ptr-arith.c when the target
is 64-bit. I used his suggestion of doing a direct bitwidth/signedness
conversion of the 'offset' instead of just changing the sign. For more
information, see:

http://lists.cs.uiuc.edu/pipermail/cfe-dev/2009-March/004587.html

llvm-svn: 66892
2009-03-13 15:35:24 +00:00
Ted Kremenek dd772264f4 Fix crash when using TypedViewRegions and ObjCQualifiedIdTypes (TypedViewRegion::getLValueType() was not implemented).
llvm-svn: 66830
2009-03-12 22:15:08 +00:00
Daniel Dunbar 4f495980c4 Add Diagnostic files for Frontend and move a couple errors over.
- Notably, clang now exits with an error if it can't find a
   file. This flushed out a bug in the CGColorSpace.c test case. :)

llvm-svn: 66789
2009-03-12 10:14:16 +00:00
Zhongxing Xu ca026916f4 Add comments to test case.
llvm-svn: 66760
2009-03-12 01:55:38 +00:00
Ted Kremenek be485b6c7d Fix StmtIterator bug reported in PR 3780 where a VLA within a DeclGroup would
not be consulted for its size expression when operator* was called in the
StmtIterator (this resulted in an assertion failure).

llvm-svn: 66679
2009-03-11 18:17:16 +00:00
Zhongxing Xu f6b6a39b04 This test case checks if we get the right rvalue type of a TypedViewRegion.
The ElementRegion's type depends on the array region's rvalue type. If it was
a pointer type, we would get a loc::SymbolVal for '*p'.

llvm-svn: 66656
2009-03-11 09:15:38 +00:00
Zhongxing Xu 507202ecb7 Fix crash when LHS of pointer arithmetic is not ElementRegion.
llvm-svn: 66649
2009-03-11 07:43:49 +00:00
Ted Kremenek 0fa538528e Fix PR 3780: In one code path in BasicValueFactory::getValue() we would not
return an unsigned integer for a null pointer value.

llvm-svn: 66630
2009-03-11 02:52:39 +00:00
Ted Kremenek 3f5a85ad06 SimpleConstraintManager doesn't reason about bitwise-constraints on symbolic
values. Indicating this in 'canReasonAbout' allows GRExprEngine to recover
path-sensitivity in some cases.

llvm-svn: 66628
2009-03-11 02:29:48 +00:00
Ted Kremenek 0b891a343a retain/release checker: Allow allocations to fail by returning nil.
llvm-svn: 66487
2009-03-09 22:46:49 +00:00
Ted Kremenek 3987bbee34 Add test case for <rdar://problem/6659160>.
llvm-svn: 66483
2009-03-09 22:28:18 +00:00
Ted Kremenek 3add5e51ff Fix another GRExprEngine::VisitCast regression: handle casts of void* to function pointers.
llvm-svn: 66211
2009-03-05 22:47:06 +00:00
Ted Kremenek a06a68fa9b Fix regression in GRExprEngine::VisitCast: Do not wrap symbolic function pointers with TypedViewRegions.
llvm-svn: 66187
2009-03-05 20:22:13 +00:00
Ted Kremenek a7ec605dbd Update test case: objects stored to self.ivar are not tracked.
llvm-svn: 66168
2009-03-05 18:15:02 +00:00
Ted Kremenek fa3d77bc2c Retrofit some basic tracking of ivars (for the current object) into BasicStore.
llvm-svn: 66166
2009-03-05 18:08:28 +00:00
Ted Kremenek 2b24f306df Test case: When using RegionStore with the retain/release checker, stop tracking objects assigned to self's ivar.
llvm-svn: 66139
2009-03-05 05:14:55 +00:00
Ted Kremenek 77a3cb2dfa Add test case for RegionStore's tracking of the ivars of 'self'.
llvm-svn: 66136
2009-03-05 04:55:08 +00:00
Ted Kremenek eba836a457 GRExprEngine: Polish up handling of casting integer constants to pointers and back.
llvm-svn: 66127
2009-03-05 02:42:32 +00:00
Ted Kremenek 00dfe30409 For now, do not track NSWindow objects and it's subclasses.
llvm-svn: 66107
2009-03-04 23:30:42 +00:00
Ted Kremenek 33129a26f7 Add prototype support for invalidating fields for structures passed-by-reference
to unknown functions. Most of this logic should be eventually moved to
RegionStore and be made lazy.

llvm-svn: 66094
2009-03-04 22:56:43 +00:00
Ted Kremenek d69e29e8c4 This test now passes using RegionStore.
llvm-svn: 65988
2009-03-04 00:23:28 +00:00
Zhongxing Xu 6765d449ed Add test case for pointer arithmetic.
llvm-svn: 65907
2009-03-03 00:28:42 +00:00
Douglas Gregor 5741efbba0 Fix PR3509 by providing correct starting locations for initializer lists
llvm-svn: 65777
2009-03-01 17:12:46 +00:00
Ted Kremenek dc3f50fbd9 Add experimental logic in GRExprEngine::EvalEagerlyAssume() to handle
expressions of the form: 'short x = (y != 10);' While we handle 'int x = (y !=
10)' lazily, the cast to another integer type currently loses the symbolic
constraint. Eager evaluation of the constraint causes the paths to bifurcate and
eagerly evaluate 'y != 10' to a constant of 1 or 0. This should address
<rdar://problem/6619921> until we have a better (more lazy approach) for
handling promotions/truncations of symbolic integer values.

llvm-svn: 65480
2009-02-25 22:32:02 +00:00
Ted Kremenek cce27f5502 Fix <rdar://problem/6611677>: Add basic transfer function support in the static
analyzer for array subscript expressions involving bases that are vectors. This
solution is probably a hack: it gets the lvalue of the vector instead of an
rvalue like all other types. This should be reviewed (big FIXME in
GRExprEngine).

llvm-svn: 65366
2009-02-24 02:23:11 +00:00
Ted Kremenek e73f282213 retain/release checker: For now don't track the retain count of NSWindow objects (opt for false negatives).
llvm-svn: 65304
2009-02-23 02:51:29 +00:00
Ted Kremenek e6d2b40bcc More retain/release naming convention tests.
llvm-svn: 65303
2009-02-23 02:50:20 +00:00
Ted Kremenek 5fa0d070a5 Add test case for PR 2599.
llvm-svn: 65299
2009-02-23 01:29:25 +00:00
Ted Kremenek 8a73c71486 Improved naming convention heuristics in the retain/release checker to better
handle method names that contain 'new', 'copy', etc., but those words might be
the substring of larger words such as 'newsgroup' and 'photocopy' that do not
indicate the allocation of objects. This should address the issues discussed in
<rdar://problem/6552389>.

llvm-svn: 65224
2009-02-21 05:13:43 +00:00
Ted Kremenek a26ad40e41 Add test case for <rdar://problem/6562655>.
llvm-svn: 65085
2009-02-20 00:10:09 +00:00
Ted Kremenek bea465aefb Update test case to include a leak that occurs at the place of allocation.
llvm-svn: 65048
2009-02-19 18:20:28 +00:00
Zhongxing Xu 5b9223fcf2 add test case.
llvm-svn: 65036
2009-02-19 08:42:43 +00:00
Ted Kremenek e571c4eeb7 Add test case for 'nil receiver returns undefined struct value' check.
llvm-svn: 65004
2009-02-19 04:07:38 +00:00
Ted Kremenek 443e040d06 Add a few more GC-only test cases for the retain/release checker.
llvm-svn: 64960
2009-02-18 22:11:23 +00:00
Eli Friedman 61d484ea8b Fix test: config.h is not guaranteed to exist at the location in
question.  Use __builtin_alloca instead, which is guaranteed to mean the right
thing without any includes.

llvm-svn: 64868
2009-02-18 01:02:14 +00:00
Ted Kremenek 51189468ea Update several tests to explicitly use BasicConstraintManager as well as to use RangeConstraintManager with RegionStoreManager.
llvm-svn: 64854
2009-02-17 23:32:18 +00:00
Daniel Dunbar abdc0f1e07 Eliminate dependency on where test is run from.
llvm-svn: 64837
2009-02-17 22:47:27 +00:00
Ted Kremenek 35b13439cc Convert tabs to spaces.
llvm-svn: 64799
2009-02-17 19:53:58 +00:00
Ted Kremenek 47c853007e Enhance tests to exercise more combinations of using the RangeConstraintManager with the RegionStoreManager.
llvm-svn: 64788
2009-02-17 19:29:07 +00:00
Ben Laurie c8f1ab5035 Don't include alloca.h if it doesn't exist.
llvm-svn: 64771
2009-02-17 17:33:31 +00:00
Ted Kremenek b535181199 Static Analyzer driver/options (partial) cleanup:
- Move all analyzer options logic to AnalysisConsumer.cpp.
- Unified specification of stores/constraints/output to be:
   -analyzer-output=...
   -analyzer-store=...
   -analyzer-constraints=...
  instead of -analyzer-range-constraints, -analyzer-store-basic, etc.
- Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new
  interface
- Updated test cases to conform to new driver options

llvm-svn: 64737
2009-02-17 04:27:41 +00:00
Ted Kremenek 227811afca Test passes with -analyzer-range-contraints.
llvm-svn: 64663
2009-02-16 19:43:20 +00:00
Ted Kremenek d25fb7a613 GRExprEngine: Handle empty statement expressions.
llvm-svn: 64541
2009-02-14 05:55:08 +00:00
Ted Kremenek 4e9d4b5d48 Added GRStateManager::scanReachableSymbols(), a method which scans the reachable
symbols from an SVal.

- Fixed a bug in EnvironmentManager::RemoveDeadBindings() where it did not mark
  live all the symbols reachable from a live block-level expression.

- Fixed a bug in the retain/release checker where it did not stop tracking
  symbols that 'escaped' via compound literals being assigned to something the
  BasicStoreManager didn't reason about.

llvm-svn: 64534
2009-02-14 03:16:10 +00:00
Douglas Gregor ac5d4c5f8e Extend builtin "attribute" syntax to include a notation for
printf-like functions, both builtin functions and those in the
C library. The function-call checker now queries this attribute do
determine if we have a printf-like function, rather than scanning
through the list of "known functions IDs". However, there are 5
functions they are not yet "builtins", so the function-call checker
handles them specifically still:

  - fprintf and vfprintf: the builtins mechanism cannot (yet)
    express FILE* arguments, so these can't be encoded.
  - NSLog: the builtins mechanism cannot (yet) express NSString*
    arguments, so this (and NSLogv) can't be encoded.
  - asprintf and vasprintf: these aren't part of the C99 standard
    library, so we really shouldn't be defining them as builtins in
    the general case (and we don't seem to have the machinery to make
    them builtins only on certain targets and depending on whether
    extensions are enabled).

llvm-svn: 64512
2009-02-14 00:32:47 +00:00
Douglas Gregor b9063fc1b3 Implicitly declare certain C library functions (malloc, strcpy, memmove,
etc.) when we perform name lookup on them. This ensures that we
produce the correct signature for these functions, which has two
practical impacts:

  1) When we're supporting the "implicit function declaration" feature
  of C99, these functions will be implicitly declared with the right
  signature rather than as a function returning "int" with no
  prototype. See PR3541 for the reason why this is important (hint:
  GCC always predeclares these functions).
 
  2) If users attempt to redeclare one of these library functions with
  an incompatible signature, we produce a hard error.

This patch does a little bit of work to give reasonable error
messages. For example, when we hit case #1 we complain that we're
implicitly declaring this function with a specific signature, and then
we give a note that asks the user to include the appropriate header
(e.g., "please include <stdlib.h> or explicitly declare 'malloc'"). In
case #2, we show the type of the implicit builtin that was incorrectly
declared, so the user can see the problem. We could do better here:
for example, when displaying this latter error message we say
something like:

  'strcpy' was implicitly declared here with type 'char *(char *, char
  const *)'

but we should really print out a fake code line showing the
declaration, like this:

  'strcpy' was implicitly declared here as:

    char *strcpy(char *, char const *)

This would also be good for printing built-in candidates with C++
operator overloading.

The set of C library functions supported by this patch includes all
functions from the C99 specification's <stdlib.h> and <string.h> that
(a) are predefined by GCC and (b) have signatures that could cause
codegen issues if they are treated as functions with no prototype
returning and int. Future work could extend this set of functions to
other C library functions that we know about.

llvm-svn: 64504
2009-02-13 23:20:09 +00:00
Ted Kremenek 02b63b4287 Add test case illustrating special handling of 'SenTestCase' subclasses for the missing -dealloc check.
llvm-svn: 64494
2009-02-13 22:26:30 +00:00
Ted Kremenek ae63cf0b64 This test now passes.
llvm-svn: 64417
2009-02-13 00:39:34 +00:00
Ted Kremenek 5dcf9034c2 Add another test case for the MissingDealloc checker.
llvm-svn: 64257
2009-02-10 23:41:52 +00:00
Ted Kremenek 0203db73ee Fix PR 2514: Do not flag dead initializations for variables initialized to a constant global variable.
llvm-svn: 64149
2009-02-09 18:01:00 +00:00
Sebastian Redl aa400d83e6 Make the test cases failing due to exact diagnostic matching XFAIL.
llvm-svn: 64080
2009-02-08 10:28:44 +00:00
Ted Kremenek 394dfeb37b Update test case.
llvm-svn: 64045
2009-02-07 22:55:48 +00:00
Zhongxing Xu 4bdb124036 Put the region store specific test in a separate file.
llvm-svn: 63930
2009-02-06 08:56:58 +00:00
Zhongxing Xu dec48a50df Create ElementRegion when the base is SymbolicRegion. This is like what we do
for FieldRegion. This enables us to track more values.

Simplify SymbolicRegion::getRValueType(). We assume the symbol always has
pointer type.

llvm-svn: 63928
2009-02-06 08:44:27 +00:00
Ted Kremenek 0ca23d3f73 Add 'AppendValue' to the list of magic CF function names that cause a tracked object to escape. Fixes <rdar://problem/6560661>.
llvm-svn: 63891
2009-02-05 22:34:53 +00:00
Ted Kremenek fc5d067ea0 Overhaul BugReporter interface and implementation. The new interface cleans up
the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes,
and BugTypes are owned by the BugReporter object.

The major functionality change in this patch is that reports are not immediately
emitted by a call to BugReporter::EmitWarning (now called EmitReport), but
instead of queued up in report "equivalence classes". When
BugReporter::FlushReports() is called, it emits one diagnostic per report
equivalence class. This provides a nice cleanup with the caching of reports as
well as enables the BugReporter engine to select the "best" path for reporting a
path-sensitive bug based on all the locations in the ExplodedGraph that the same
bug could occur.

Along with this patch, Leaks are now coalesced into a common equivalence class
by their allocation site, and the "summary" diagnostic for leaks now reports the
allocation site as the location of the bug (this may later be augmented to also
provide an example location where the leak occurs).

llvm-svn: 63796
2009-02-04 23:49:09 +00:00
Ted Kremenek 378e7fd330 Fix horrible non-termination bug in LiveVariables. The issue was that
the liveness state of block-level expressions could oscillate because
of two issues:
- The initial value before a merge was not always set to "Top"
- The set of live block-level expressions is a union, not an intersection

This fixes <rdar://problem/650084>.

llvm-svn: 63421
2009-01-30 21:35:30 +00:00
Nuno Lopes 8247c9a38f fix RUN line
llvm-svn: 63392
2009-01-30 14:03:37 +00:00
Nuno Lopes c3a558fd45 enable test as it works
llvm-svn: 63391
2009-01-30 13:01:29 +00:00
Ted Kremenek 7594e2a59a Fix a couple bugs:
- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
  ASTContext for the size (in bits) of 'int'. While it worked, it was a
  conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
  type "ConstantArray", and handles the case when uses use ordinary variables
  as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
  "array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>

llvm-svn: 63347
2009-01-30 00:08:43 +00:00
Ted Kremenek ed90de4caa retain/release checker: When generating summaries for CF/CG functions, allow arguments to "escape" if they are passed to a function containing the terms "InsertValue", "SetValue", or "AddValue". This fixes <rdar://problem/6539791>.
llvm-svn: 63341
2009-01-29 22:45:13 +00:00
Ted Kremenek c783209605 retain/release checker: Always generate an "autorelease" summary for an "autorelease" message, and have the summary processing logic treat it as a no-op in GC mode. This change is motivated to encode more of the semantics in the summaries themselves for eventual better diagnostics.
llvm-svn: 63241
2009-01-28 21:44:40 +00:00