Commit Graph

19 Commits

Author SHA1 Message Date
Anton Yartsev 5ac3720620 Fix for PR15623 (corrected r290413 reverted at 290415). The patch eliminates unwanted ProgramState checker data propagation from an operand of the logical operation to operation result.
The patch also simplifies an assume of a constraint of the form: "(exp comparison_op expr) != 0" to true into an assume of "exp comparison_op expr" to true. (And similarly, an assume of the form "(exp comparison_op expr) == 0" to true as an assume of exp comparison_op expr to false.) which improves precision overall.
https://reviews.llvm.org/D22862

llvm-svn: 290505
2016-12-25 00:57:51 +00:00
Anton Yartsev b2a5eb87f8 Revert changes made by r290413 until regression is fixed.
llvm-svn: 290415
2016-12-23 04:09:18 +00:00
Anton Yartsev 1a2a9e3087 Fix for PR15623. The patch eliminates unwanted ProgramState checker data propagation from an operand of the logical operation to operation result.
The patch also simplifies an assume of a constraint of the form: "(exp comparison_op expr) != 0" to true into an assume of "exp comparison_op expr" to true. (And similarly, an assume of the form "(exp comparison_op expr) == 0" to true as an assume of exp comparison_op expr to false.) which improves precision overall.
https://reviews.llvm.org/D22862

llvm-svn: 290413
2016-12-23 03:31:00 +00:00
Jordan Rose 1bd1927a14 [analyzer] Accept references to variables declared "extern void" (C only).
In C, 'void' is treated like any other incomplete type, and though it is
never completed, you can cast the address of a void-typed variable to do
something useful. (In C++ it's illegal to declare a variable with void type.)

Previously we asserted on this code; now we just treat it like any other
incomplete type.

And speaking of incomplete types, we don't know their extent. Actually
check that in TypedValueRegion::getExtent, though that's not being used
by any checkers that are on by default.

llvm-svn: 182880
2013-05-29 20:50:34 +00:00
Jordan Rose 4db7c1e7e5 [analyzer] When creating a trimmed graph, preserve whether a node is a sink.
This is important because sometimes two nodes are identical, except the
second one is a sink.

This bug has probably been around for a while, but it wouldn't have been an
issue in the old report graph algorithm. I'm ashamed to say I actually looked
at this the first time around and thought it would never be a problem...and
then didn't include an assertion to back that up.

PR15684

llvm-svn: 178944
2013-04-06 01:42:02 +00:00
Ted Kremenek 4e9a2dbde5 Refine analyzer's handling of unary '!' and floating types to not assert.
Fixes PR 14634 and <rdar://problem/12903080>.

llvm-svn: 172274
2013-01-11 23:36:25 +00:00
Ted Kremenek 039fac0347 Correctly propagate uninitialized values within logical expressions.
Fixes assertion failure reported in PR 14635 and
<rdar://problem/12902945> respectively.

llvm-svn: 172263
2013-01-11 22:35:39 +00:00
Ted Kremenek a8d0ca070f Add test case for <rdar://problem/12075238>, which recently got fixed by changes to RegionStore.
llvm-svn: 163406
2012-09-07 19:09:51 +00:00
Ted Kremenek bb81ffb342 Update ExprEngine's handling of ternary operators to find the ternary expression
value by scanning the path, rather than assuming we have visited the '?:' operator
as a terminator (which sets a value indicating which expression to grab the
final ternary expression value from).

llvm-svn: 160760
2012-07-25 21:58:25 +00:00
Ted Kremenek b14b42d477 Have ScanReachableSymbols reported reachable regions. Fixes a false positive with nested array literals. <rdar://problem/10686586>
llvm-svn: 151012
2012-02-21 00:46:29 +00:00
Anna Zaks 8158ef0dec [analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
     A :  Most system globals and const scalars

* invalidated by functions defined in system headers:
     B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
     B: errno
     C: all other globals (which are not in A nor B)

llvm-svn: 147569
2012-01-04 23:54:01 +00:00
Ted Kremenek 731607fab2 [analyzer;Regionstore] handle loads from StringLiteral elements for StringLiterals representing wide strings. Fixes PR 11294.
llvm-svn: 144563
2011-11-14 20:05:54 +00:00
Anna Zaks 9e82c62222 [analyzer] Fix PR11282 - an assert in markAsSink
This is another fallout from the refactoring. We were
calling MarkAsSink on a cached out node.
(Fixes radar://10376675)

llvm-svn: 143516
2011-11-01 22:41:14 +00:00
Anna Zaks 6d319489df [analyzer] BranchNodeBuilder should not generate autotransitions.
This fixes radar://10367606

llvm-svn: 143514
2011-11-01 22:41:06 +00:00
Ted Kremenek 77a0eb20ab Add test case for analyzer crash reported in <rdar://problem/10308201> (which is already fixed in mainline).
llvm-svn: 142606
2011-10-20 19:33:06 +00:00
Jordy Rose 1734737d9f [analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary.
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.

llvm-svn: 132840
2011-06-10 08:49:37 +00:00
Jordy Rose 891d613289 [analyzer] Ignore parentheses around block-level expressions when computing liveness. Fixes the other half of PR8962.
llvm-svn: 132769
2011-06-09 05:44:04 +00:00
Jordy Rose ab8a668849 [analyzer] Look through __extension__ expressions in a GRState's Environment. Fixes PR8962.
llvm-svn: 132762
2011-06-08 22:47:39 +00:00
Ted Kremenek 4c5d2888f4 static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen.
llvm-svn: 132100
2011-05-25 23:57:29 +00:00