bc9118b165
Begin major changes to EvalXXX methods in GRTransferFuncs. Currently some of the methods only return an RVal; we want them to be able to create an arbitrary number of states.
...
llvm-svn: 53739
2008-07-17 21:27:31 +00:00
88a6b7fa80
Moved RemoveDeadBindings logic for the contents of 'Store' to a virtual RemoveDeadBindings method in StoreManager.
...
llvm-svn: 53726
2008-07-17 18:38:48 +00:00
ae543148bc
Fix regression introduced by http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20080714/006514.html .
...
The regression was the casts from integers to pointers where not being handled: they would just return UnknownVal. This would greatly decrease path-sensitivity.
llvm-svn: 53659
2008-07-16 00:23:49 +00:00
f46dddac5b
Fix transfer function logic in GRSimpleVals for integer casts: only support casts from integers to integers.
...
This fixes a crash reported by Anders Carlsson!
llvm-svn: 53649
2008-07-15 23:17:54 +00:00
ed1f72b67c
For the MissingDealloc check, don't treat IBOutlet ivars as being needed to be released
...
llvm-svn: 53647
2008-07-15 23:04:27 +00:00
81bfc074c9
Distinguish between dead stores and dead initializations.
...
llvm-svn: 53628
2008-07-15 18:06:32 +00:00
176e2c519d
isRetain() and isRelease() now only returns true if "Retain"/"Release" appears in the suffix of a function's name.
...
llvm-svn: 53621
2008-07-15 17:43:41 +00:00
fa89e2f09c
Support retain/release tracking for CoreGraphics (CGxxxRef) objects.
...
llvm-svn: 53617
2008-07-15 16:50:12 +00:00
c18255d80f
Refactor Dead Stores error reporting to use the simplified BugReporter::EmitBasicReport interface.
...
llvm-svn: 53573
2008-07-14 20:56:04 +00:00
0255531dd3
Added method "EmitBasicReport" to BugReporter to simplify the emission of simple bug diagnostics.
...
Refactored error reporting in CheckObjCDealloc and CheckObjCInstMethSignature to use this new bug reporting interface (major code simplification).
llvm-svn: 53560
2008-07-14 17:40:50 +00:00
e5b5953672
Tidy up error message.
...
llvm-svn: 53493
2008-07-11 23:17:01 +00:00
3bfb314c25
Add new check: -check-objc-methodsigs. This check scans methods in
...
ObjCImplementationDecls and sees if a ancestor class defines a method with the
same selector but with a different type signature. Right now it just compares
return types, and mainly looks at differences in primitive values. The checking
will be expanded in the future.
llvm-svn: 53482
2008-07-11 22:40:47 +00:00
aced3ad4b8
Fix comment.
...
llvm-svn: 53473
2008-07-11 20:53:14 +00:00
c50e1a196e
Refactored auditor interface within GRExprEngine and GRCoreEngine to use a "batch auditor" to dispatch to specialized auditors instead of having a separate vector for each audited Expr*. This not only provides a much cleaner implementation, but also allows us to install auditors for any expression.
...
llvm-svn: 53464
2008-07-11 18:37:32 +00:00
a7b8ffb05b
Refactored most of the "Store" piece of ValueState into a Store type. The
...
current store implementation is now encapsulated by BasicStore.
These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.
llvm-svn: 53423
2008-07-10 22:03:41 +00:00
976d1e0ea8
Remove unused class AnnotatedPath.
...
llvm-svn: 53413
2008-07-10 17:25:03 +00:00
ad4a7e4a69
Move some environment methods from ValueState/ValueStateManager to Environment/EnvironmentManager.
...
llvm-svn: 53412
2008-07-10 17:19:18 +00:00
5f996d5a06
Remove getParentMap() from GRExprEngine.
...
llvm-svn: 53343
2008-07-09 19:46:42 +00:00
ae529271e8
Fix PR2519: correctly handle CFDictionaryCreate.
...
llvm-svn: 53334
2008-07-09 18:11:16 +00:00
852ed373aa
Initial work on splitting the ValueState into an Environment, Store, and
...
Constraints. These concepts are already present in the current ValueState, but
the implementation is monolothic. Making ValueState more modular opens up new
design choices for customizing the analysis engine.
In the context of the analysis engine, the "Environment" is the binding between
Expr* (expressions) and intermediate symbolic values (RValues).
llvm-svn: 53252
2008-07-08 21:46:56 +00:00
4963d1144f
Updated clients of ImmutableMap::SlimFind to use ImmutableMap::lookup instead.
...
llvm-svn: 53172
2008-07-07 16:21:19 +00:00
37a2c0d5d1
Do not emit a "missing -dealloc" warning if a class contains no ivars that are pointers.
...
This patch aims to address some of the concerns of PR 2517: http://llvm.org/bugs/show_bug.cgi?id=2517
llvm-svn: 53168
2008-07-07 06:36:08 +00:00
4d85146e6d
Use conjured symbols for variables whose values are invalidated when
...
passed-by-reference to a function. This allows us to build up constraints for
their new values and restore some lost path-sensitivity. This addresses a few
false positives since in Adium.
llvm-svn: 53125
2008-07-03 23:26:32 +00:00
8044046efb
Fix a bug in the dead stores checker reported in the following email:
...
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-July/002157.html
Essentially the observer mechanism in LiveVariables was observing block-level
expressions multiple times, leading to a case where the dead store checker could
see a value as dead when it was really live.
llvm-svn: 53115
2008-07-03 22:25:27 +00:00
68b117fca4
Skip the "-dealloc" check if a ObjC class contains no ivars.
...
llvm-svn: 53100
2008-07-03 15:37:02 +00:00
e66ca6f35a
For the -dealloc checker, check the LangOptions to determine whether or not the code is compiled with GC.
...
llvm-svn: 53098
2008-07-03 14:35:01 +00:00
1d3c797c90
Have BugReporter::getCFG and BugReporter::getLiveVariables returns pointers instead of references, because they can both fail
...
on functions we cannot construct full CFGs for yet.
llvm-svn: 53081
2008-07-03 05:26:14 +00:00
0e7d25233e
Added static analysis check to see if a subclass of NSObject implements -dealloc, and whether or not that implementation calls [super dealloc].
...
llvm-svn: 53075
2008-07-03 04:29:21 +00:00
c7efb536d5
Unify the code path for the Dead Stores checker to always use the BugReporter interface.
...
llvm-svn: 53054
2008-07-02 23:16:33 +00:00
b1d0118a1a
Refactored some of the BugReporter interface so that data such as the ASTContext&, PathDiagnosticClient*, can be provided by an external source.
...
Split BugReporter into BugReporter and GRBugReporter so checkers not based on GRExprEngine can still use the BugReporter mechanism.
llvm-svn: 53048
2008-07-02 21:24:01 +00:00
125d4a3b2d
GRExprEngine now expects the LiveVariables information to be provided by its creator.
...
This allows an optimization in AnalysisConsumer where the same LiveVariables information is used between multiple analyses.
llvm-svn: 53046
2008-07-02 20:13:38 +00:00
d8ca1f6dd9
Added version of CheckDeadStores that accepts a client-provided LiveVariables object.
...
Modified the DeadStores logic in AnalysisConsumer.cpp to use the LiveVariables object created by the AnalysisManager.
llvm-svn: 53043
2008-07-02 18:39:20 +00:00
ab54e51b38
Unlike NSWindow objects, NSPanel objects initially do not have self-ownership.
...
llvm-svn: 52963
2008-07-01 17:21:27 +00:00
bc6d850088
Temporarily treat "Autorelease" as "StopTracking". This is the original behavior.
...
llvm-svn: 52940
2008-07-01 00:01:02 +00:00
a0e071c861
Added "Autorelease" ArgEffect to better simulate "autorelease" messages. Right
...
now this does the same thing as "MayEscape", but more functionality will go in
here shortly.
llvm-svn: 52904
2008-06-30 16:57:41 +00:00
cf1ab19086
Added a simple static analysis check to look for improper uses of CFCreateNumber.
...
llvm-svn: 52799
2008-06-26 23:59:48 +00:00
3185c9c9cd
CF ref checker:
...
Tracked objects now have their type information tracked with them.
Enhanced summaries for ObjC methods to include the type information of the receiver.
Used the enhanced summaries to support the idiom that NSWindow owns itself (it sends a release message to itself upon close).
Added some comments.
Did some cleanups with the checker logic using operator overloading (reduced redundant code which I was concerned about being the source of bugs).
llvm-svn: 52741
2008-06-25 21:21:56 +00:00
f890bfe0ff
Remove unneeded method arguments.
...
llvm-svn: 52668
2008-06-24 03:56:45 +00:00
b1d1329ac7
Cache ObjC summaries by IdentifierInfo*, not by ObjCInterfaceDecl.
...
llvm-svn: 52667
2008-06-24 03:49:48 +00:00
0cfc16100b
Added ObjCSummaryCache, a new summary cache object to cache summaries for Objective-C methods. Instead of mapping from Selectors -> Summaries, we will now map from (ObjCInterfaceDecl*,Selectors) -> Summaries. This will allow more nuanced summary generation. This patch just swaps in the new data structure; the rest of the code works as before by allowing the ObjCInterfaceDecl* to be null.
...
llvm-svn: 52653
2008-06-23 23:30:29 +00:00
ea736c5d02
Rename summary methods for "instance methods" to "class methods" (the names got screwed up). No functionality change.
...
llvm-svn: 52650
2008-06-23 22:21:20 +00:00
ab4a8b5213
The CF retain/release checker now assumes that allocations do not fail. Eventually we will add a flag to the driver to enable allocation failures (documented as a FIXME).
...
llvm-svn: 52632
2008-06-23 18:02:52 +00:00
c9cea053ba
When using the dead-stores checker with the BugReporter class, properly capture the diagnostic associated with a specific warning and emit it.
...
llvm-svn: 52565
2008-06-20 23:13:39 +00:00
34a691734e
Modified the dead stores checker to...
...
1) Check if a dead store appears as a subexpression. For such cases, we emit
a verbose diagnostic so that users aren't confused. This addresses:
<rdar://problem/5968508> checker gives misleading report for dead store in loop
2) Don't emit a dead store warning when assigning a null value to a pointer.
This is a common form of defensive programming. We may wish to make
this an option to the the checker one day.
This addresses the feature request in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html
llvm-svn: 52555
2008-06-20 21:45:25 +00:00
46c82ab994
Introduce initial transfer function support for __imag__ and __real__. We don't
...
have complex RValues yet, so this logic is only fully implemented when __imag__
and __real__ are used on non-complex types.
llvm-svn: 52501
2008-06-19 17:55:38 +00:00
9a935fbdeb
Added a new ProgramPoint: PostPurgeDeadSymbols. This new program point distinguishes between the cases when we just evaluated the transfer function of a Stmt* (PostStmt) or performed a load (PostLoad). This solves a caching bug observed in a recent bug report.
...
llvm-svn: 52443
2008-06-18 05:34:07 +00:00
3802fedfe4
Fix non-termination bug reported by Thomas Clement!
...
llvm-svn: 52426
2008-06-17 19:14:06 +00:00
5696e7badf
Change self/_cmd to be instances of ImplicitParamDecl instead of ParmVarDecl.
...
Patch by David Chisnall!
llvm-svn: 52422
2008-06-17 18:05:57 +00:00
08e171183f
This patch is motivated by numerous strict-aliasing warnings when compiling
...
clang as a Release build.
The big change is that all AST nodes (subclasses of Stmt) whose children are
Expr* store their children as Stmt* or arrays of Stmt*. This is to remove
strict-aliasing warnings when using StmtIterator. None of the interfaces of any
of the classes have changed (except those with arg_iterators, see below), as the
accessor methods introduce the needed casts (via cast<>). While this extra
casting may seem cumbersome, it actually adds some important sanity checks
throughout the codebase, as clients using StmtIterator can potentially overwrite
children that are expected to be Expr* with Stmt* (that aren't Expr*). The casts
provide extra sanity checks that are operational in debug builds to catch
invariant violations such as these.
For classes that have arg_iterators (e.g., CallExpr), the definition of
arg_iterator has been replaced. Instead of it being Expr**, it is an actual
class (called ExprIterator) that wraps a Stmt**, and provides the necessary
operators for iteration. The nice thing about this class is that it also uses
cast<> to type-checking, which introduces extra sanity checks throughout the
codebase that are useful for debugging.
A few of the CodeGen functions that use arg_iterator (especially from
OverloadExpr) have been modified to take begin and end iterators instead of a
base Expr** and the number of arguments. This matches more with the abstraction
of iteration. This still needs to be cleaned up a little bit, as clients expect
that ExprIterator is a RandomAccessIterator (which we may or may not wish to
allow for efficiency of representation).
This is a fairly large patch. It passes the tests (except CodeGen/bitfield.c,
which was already broken) on both a Debug and Release build, but it should
obviously be reviewed.
llvm-svn: 52378
2008-06-17 02:43:46 +00:00
0b6b0e7157
Teach the CF retain checker about "_init" methods. Fixes: <rdar://problem/5956379>
...
llvm-svn: 51872
2008-06-02 17:14:13 +00:00
021ca18bb5
- Move ObjC Expresssion AST's from Expr.h => ExprObjC.h
...
- #include ExprObjC.h in many places
llvm-svn: 51703
2008-05-29 21:12:08 +00:00
b91ef1b62b
Prototyped support in the BugReporter to emit diagnostics of the form "p now aliases q".
...
llvm-svn: 51453
2008-05-22 23:45:19 +00:00
1df2f3a1f5
Expand retain/release checker to consider methods/function calls that cause a
...
tracked object to "escape": it's reference count might be incremented by the
called function, thus causing an object's lifetime to extend beyond when the
local reference count is decremented to 0.
This addresses: <rdar://problem/5933215>
llvm-svn: 51433
2008-05-22 17:31:13 +00:00
a4010c698c
Don't use ostringstream (pulling in <sstream>) when creating the dead store diagnostic (simply not needed).
...
llvm-svn: 51432
2008-05-22 16:28:24 +00:00
91f035cda7
Improve dead stores diagnostics to include the variable name.
...
llvm-svn: 51395
2008-05-21 22:59:16 +00:00
b120ff1b95
Fixed bug in the transfer function for dereferences: the loaded value from EvalLoad should bind to the UnaryOperator*, not its subexpression.
...
Added test case to exercise this fix when checking for uses of uninitialized values.
Patch by Zhongxing Xu!
llvm-svn: 51377
2008-05-21 15:48:33 +00:00
652eaab03c
fix warning with gcc 4.1 (ptr to bool convertion)
...
llvm-svn: 51324
2008-05-20 17:33:56 +00:00
d727220d1a
Micro-optimization when checking for panic functions.
...
llvm-svn: 51214
2008-05-17 00:42:01 +00:00
c8081b4e16
Fix 80 col violation.
...
llvm-svn: 51213
2008-05-17 00:40:45 +00:00
0e76583574
Added panic function _XCAssertionFailureHandler.
...
llvm-svn: 51212
2008-05-17 00:33:23 +00:00
c812b23ce8
Cache leaks by the allocation site, not the leak location.
...
llvm-svn: 51198
2008-05-16 18:33:44 +00:00
590abd363e
Partitioned BugTypeCachedLocation::isCached() into two methods: one that accepts and ExplodedNode, and the other that accepts a ProgramPoint. The default behavior is to cache bug reports by the
...
location they occur (the end node). Subclasses can override this behavior by providing a different ProgramPoint.
llvm-svn: 51197
2008-05-16 18:33:14 +00:00
a0055a8ef5
Support StringLiteralVal when comparing LVal types.
...
llvm-svn: 50979
2008-05-12 17:41:30 +00:00
acdde6f099
Rename IsPointerType to LVal::IsLValType, and update CFRefCount::EvalSummary to use IsLValType when conjuring symbols for return values (this fixes a bug with an assertion firing in the analyzer when two qualified objective-c types were compared).
...
llvm-svn: 50924
2008-05-09 23:45:33 +00:00
bcdb46830b
Added support for "drain".
...
llvm-svn: 50831
2008-05-07 21:17:39 +00:00
f958ec50c0
Expand the CF retain checker to allow the Create/Get rule to apply to any
...
function that returns a CFxxxRef, not just functions whose name begins with
CF. This implements <rdar://problem/5917879>.
Added test case for this feature.
Updated calls to CStrInCStrNoCase to swap their arguments, per compatibility
with strcasestr.
llvm-svn: 50829
2008-05-07 20:06:41 +00:00
fcf060fd2f
Flip order of arguments to CStrInStrNoCase.
...
llvm-svn: 50824
2008-05-07 18:57:30 +00:00
b6cbf28d82
Use llvm::CStrInCStrNoCase instead of strcasestr, since the latter is not portable.
...
Correctly check if the result of CStrInCStrNoCase is NULL to generate summaries; before we were inverting the condition.
llvm-svn: 50822
2008-05-07 18:36:45 +00:00
89bd0fc27d
copy-paste: NS types are not typedefs.
...
llvm-svn: 50817
2008-05-07 17:35:41 +00:00
7bf9dc773c
Do not treat **instance** methods "copyWithZone:" and "mutableCopyWithZone:" from NSObject as allocators.
...
llvm-svn: 50802
2008-05-07 05:34:45 +00:00
9930bd8c4f
Be less promiscuous with generating summaries for "new", "copy", "create".
...
llvm-svn: 50798
2008-05-07 04:25:59 +00:00
08eb30f193
Added auto-summary generation for createXXX, copyXXX, newXXX methods.
...
llvm-svn: 50795
2008-05-07 03:45:05 +00:00
aec1811c6c
Don't report leaks for autoreleased objects.
...
llvm-svn: 50777
2008-05-06 23:07:13 +00:00
767d0742c7
More comments.
...
"#if 0" out some assumptions when auto-generating method summaries.
llvm-svn: 50772
2008-05-06 21:26:51 +00:00
10427bdbb9
Experiment with not converting bug names to lower case.
...
llvm-svn: 50753
2008-05-06 18:11:36 +00:00
8bcc1bd3d5
More refactorings in GeneratePathDiagnostic: use ExecutionContinues to display
...
"Execution continues..." message, which does a better job at handling corner cases.
llvm-svn: 50751
2008-05-06 18:11:09 +00:00
cb2e636606
Generate "stop" summaries for selectors involving receivers whose type is not NSxxxx.
...
llvm-svn: 50721
2008-05-06 15:44:25 +00:00
68f463b88e
Use strncmp correctly.
...
llvm-svn: 50715
2008-05-06 06:17:42 +00:00
5f478e9a0a
Make string comparison legible and remove buffer overrun introduced by typo.
...
llvm-svn: 50714
2008-05-06 06:09:09 +00:00
2f08fedec1
String comparison cleanups.
...
Added test case.
llvm-svn: 50711
2008-05-06 04:28:05 +00:00
041d02201f
Fix logic error in string processing.
...
llvm-svn: 50710
2008-05-06 04:21:38 +00:00
c9f4948bba
Remove assertion.
...
llvm-svn: 50709
2008-05-06 04:21:10 +00:00
015c3561ad
Use EvalSummary to process message expressions, thereby unifying the checker
...
logic for function calls and message expressions.
Use the following heuristic to infer "allocating" instance methods:
[ClassName classWithXXX] allocates an object
Update testcase to reflect this heuristic.
llvm-svn: 50708
2008-05-06 04:20:12 +00:00
821537ecdb
Added receiver effects to EvalSummary.
...
llvm-svn: 50700
2008-05-06 02:41:27 +00:00
b0862dca6c
Expand summaries to include "Receiver" effects.
...
llvm-svn: 50697
2008-05-06 02:26:56 +00:00
be7c56ed78
Added initialization code to generate initial set of ObjC method summaries (non-instance methods).
...
llvm-svn: 50690
2008-05-06 00:38:54 +00:00
0806f910d4
Added code to generate initial set of summaries for instance methods.
...
llvm-svn: 50689
2008-05-06 00:30:21 +00:00
3d1e972275
Add summary generation for "initXXX" methods.
...
llvm-svn: 50684
2008-05-05 23:55:01 +00:00
046845e842
Make CF retain diagnostics more succinct.
...
In a leak's "name", indicate GC or non-GC bugs.
llvm-svn: 50680
2008-05-05 23:16:31 +00:00
f15cd14a3d
Emit dead store warnings for ++ and -- operators.
...
llvm-svn: 50679
2008-05-05 23:12:21 +00:00
00daccdd2a
Initial work on refactoring the CFRefCount checker so that it is more
...
generic and handles reference counts for NSObjects.
llvm-svn: 50674
2008-05-05 22:11:16 +00:00
627c3074dd
Improve leak diagnostics to not report a leak on the same line where
...
the object was last used. This can be confusing to users.
For example:
// 'y' is leaked
x = foo(y);
instead:
x = foo(y);
// 'y' is leaked
llvm-svn: 50661
2008-05-05 18:50:19 +00:00
3917b82e85
Improved leak diagnostics.
...
llvm-svn: 50657
2008-05-05 17:53:17 +00:00
875db81301
Minor refactorings/cleanups in CF retain checker and added support for NSMakeCollectable.
...
Added test case for NSMakeCollectable.
llvm-svn: 50653
2008-05-05 16:51:50 +00:00
db04a9e967
When reporting branch conditions that evaluate to an uninitialized value,
...
highlight the most nested subexpression that appears most responsible (giving
the user better diagnostic feedback).
Updated test cases to illustrate this feature.
Implements: <rdar://problem/5880443>
llvm-svn: 50647
2008-05-05 15:56:53 +00:00
a5e2df015a
Rename member variable.
...
llvm-svn: 50597
2008-05-02 23:21:21 +00:00
983be7cee6
Improved diagnostics for leaks: now we report which variable was leaked.
...
llvm-svn: 50588
2008-05-02 20:53:50 +00:00
789942cfda
When running the reference count checker twice (GC and non-GC mode), only emit
...
basic warnings (dead stores, null dereferences) on the first pass.
llvm-svn: 50584
2008-05-02 18:01:49 +00:00
bb7386aff5
Really noreturn on exceptions.
...
llvm-svn: 50579
2008-05-02 17:12:56 +00:00
63d76df236
Fix copy-paste bug.
...
llvm-svn: 50557
2008-05-01 23:38:35 +00:00
2722f36465
Remove no longer valid assertion.
...
llvm-svn: 50556
2008-05-01 23:28:56 +00:00
1097b4c61f
Added line number diagnostics to indicate the allocation site of the leaked object.
...
llvm-svn: 50553
2008-05-01 23:13:35 +00:00
fabfb4677d
Do not highlight bogus ranges for leaks.
...
llvm-svn: 50549
2008-05-01 22:50:36 +00:00
8a56b06b5c
Correctly invalidate reference count state when passing objects by reference in message expressions we don't understand.
...
llvm-svn: 50541
2008-05-01 21:31:50 +00:00
7f824734e0
Added temporary fix for Obj-C exception handling in the static analyzer: treat these as panic functions.
...
llvm-svn: 50535
2008-05-01 18:33:28 +00:00
f0b0f2edfe
Renamed static method.
...
llvm-svn: 50533
2008-05-01 18:31:44 +00:00
b99d01269a
Added __assert_rtn to list of panic functions.
...
llvm-svn: 50530
2008-05-01 17:52:49 +00:00
ed36e4b9a4
Added ziperr as a panic function. Eventually inter-procedural analysis
...
should catch this one easily.
llvm-svn: 50526
2008-05-01 15:55:59 +00:00
9f696852c4
When processing "release", "retain", and "autorelease" messages return the
...
lval passed as an argument.
Fix: Inverted diagnostic messages.
llvm-svn: 50513
2008-05-01 04:02:04 +00:00
4828aa3152
Added support for "autorelease" message in CF ref. count checker.
...
llvm-svn: 50512
2008-05-01 02:18:37 +00:00
b0f87c48cb
added preliminary diagnostics in scan-build results to denote whether
...
a CF memory leak occurred with GC enabled, etc.
llvm-svn: 50507
2008-04-30 23:47:44 +00:00
f20e2285c9
More cleanups with ObjCQualifiedIdType in the static analyzer.
...
llvm-svn: 50503
2008-04-30 22:48:21 +00:00
a16dacb6aa
Add placeholder code in the static analyzer for MemberExprs involving struct temporaries.
...
llvm-svn: 50502
2008-04-30 22:17:15 +00:00
ca67cab1e8
Add workaround for __builtin_offsetof in the static analyzer.
...
llvm-svn: 50500
2008-04-30 21:45:55 +00:00
99057462aa
Provide SizeOfAlignTypeExpr workaround in the static analyzer for taking the sizeof of a ObjCInterfaceType.
...
llvm-svn: 50499
2008-04-30 21:31:12 +00:00
e0e8b535cf
Support implicit casts from pointers to references.
...
llvm-svn: 50498
2008-04-30 21:10:19 +00:00
84dea154fc
When creating LVals for array entries, canonicalize entries with a 0 index.
...
llvm-svn: 50497
2008-04-30 21:05:35 +00:00
20d8006e93
Teach more of the static analyzer about ObjCQualifiedIdType.
...
llvm-svn: 50494
2008-04-30 20:17:27 +00:00
0940b99e3b
Teach the static analysis engine about ObjCQualifiedIdType.
...
llvm-svn: 50493
2008-04-30 20:01:29 +00:00
5ce35cc514
Add conjured symbols for decl initializations.
...
Add db_error as panic function.
llvm-svn: 50489
2008-04-30 17:54:04 +00:00
39a736f723
Handle lval::ArrayOffset and lval::FieldOffset in EvalNE and EvalEQ.
...
llvm-svn: 50486
2008-04-30 16:07:22 +00:00
5cc9e60a5f
Invalidate old subexpression bindings when binding UnknownVal.
...
llvm-svn: 50466
2008-04-30 04:23:07 +00:00
9700bd42f0
Simplify RemoveDeadBindings.
...
llvm-svn: 50458
2008-04-29 23:58:03 +00:00
10246e8bfa
Add lval::ArrayOffset, which represent the locations of entries in an array.
...
llvm-svn: 50453
2008-04-29 23:24:44 +00:00
0d2ccffa83
Added lval::FieldOffset, which represents symbolic lvalues for field offsets from other Lvalues.
...
This removes the failure in null-deref-ps.c (test suite).
llvm-svn: 50449
2008-04-29 22:17:41 +00:00
fa5a3d0fe7
Major rewrite/refactoring of static analysis engine. We now use
...
EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us
to do checks for null dereferences, etc., at any arbitrary load/store (these
were missed checks before). This also resulted in some major cleanups, some
conceptual, and others just in the structure of the code.
This temporarily introduces a regression in the test suite (null-deref-ps.c)
before I add a new LVal type for structure fields.
llvm-svn: 50443
2008-04-29 21:04:26 +00:00
a374ea9a35
Update typestate logic to support GC-mode.
...
llvm-svn: 50396
2008-04-29 05:44:10 +00:00
4b7ca776cf
Implement semantics of CFMakeCollectable for the CF-reference count checker.
...
llvm-svn: 50395
2008-04-29 05:33:51 +00:00
4d1f422c6f
Provide the option to run the CF-retain checker in GC enabled mode.
...
The transfer functions for the checker don't do anything special yet in GC mode.
llvm-svn: 50394
2008-04-29 05:13:59 +00:00
fa2d2f2886
Make assertions for all addresses passed to ProgramPoint that they have at least an 8-byte alignment.
...
llvm-svn: 50310
2008-04-26 15:19:51 +00:00
dd38e0bd0d
Fix bug in BugReporter where we didn't handle emitting diagnostics for
...
empty CFGBlocks that only contained a terminator.
Added improved diagnostics for break and continue statements and default branches in switch statements.
This fixes <rdar://problem/5889244>.
llvm-svn: 50286
2008-04-25 19:01:27 +00:00
99131c9f5a
Handle dereferences of function pointers (which return a handle to the function).
...
llvm-svn: 50246
2008-04-25 01:56:50 +00:00
2e5092320e
Don't abort on GetRVal when the LVal is a StringLiteralVal.
...
llvm-svn: 50245
2008-04-25 01:45:38 +00:00
4dd412e022
Don't emit empty strings for path diagnostics when taking the default branch of a switch statement that has no label.
...
llvm-svn: 50242
2008-04-25 01:29:56 +00:00
ecbdf75049
Do a better job at computing dead symbols.
...
Implemented support for better localized leaks in the CF reference count checker.
Now leaks should be flagged close to where they occur.
This should implement the desired functionality in <rdar://problem/5879592>, although the diagnostics still need to be improved.
llvm-svn: 50241
2008-04-25 01:25:15 +00:00
b0daf2f6f5
Add preliminary support for flagging leaks around when they happen (doesn't work yet).
...
llvm-svn: 50237
2008-04-24 23:57:27 +00:00
ae8014cb7e
More boilerplate for handling specialized-transfer function logic for dead symbols.
...
llvm-svn: 50233
2008-04-24 23:35:58 +00:00
3812b7676c
Added initial boilerplate in GRExprEngine to allow checker-specific transfer
...
function logic to act when symbols become dead.
llvm-svn: 50221
2008-04-24 18:31:42 +00:00
f7141597e8
CF reference count checker: handle variadic functions that allocate CF objects.
...
This fixes <rdar://problem/5886141>.
Part of this change resulted in creating sparser summaries. I also added
some more comments and did some minor code cleanups.
llvm-svn: 50214
2008-04-24 17:22:33 +00:00
21bf6006b0
For case statements involving enums, BugReporter now generates PathDiagnostics
...
that say that we are jumping to "case a" instead of "case 0".
This is a feature implementation for <rdar://problem/5880430>.
llvm-svn: 50197
2008-04-23 23:35:07 +00:00
05e6267466
Fix minor regression in bug report generation.
...
llvm-svn: 50195
2008-04-23 23:04:32 +00:00
f26bc55b9a
When building PathDiagnostics for bug reports, generate a trimmed ExplodedGraph with a single path that BugReport objects can safely walk and introspect.
...
llvm-svn: 50194
2008-04-23 23:02:12 +00:00
dd43aeee54
Fixed: <rdar://problem/5881148>
...
Problem:
In the recently refactored VisitDeref (which processes dereferences), we
were incorrectly skipping the node just generated for the subexpression
of the dereference. This was a horrible regression.
llvm-svn: 50176
2008-04-23 20:12:28 +00:00
d2419a0730
Remove false path where the default branch in a switch statement would
...
always be taken even if it was not feasible.
llvm-svn: 50132
2008-04-23 05:03:18 +00:00
ef9af73887
Added panic function "assfail".
...
llvm-svn: 50119
2008-04-23 00:41:25 +00:00
0224ac57e0
For default branches in switch statements with no default label, print out
...
the line we are going to.
llvm-svn: 50113
2008-04-22 22:29:46 +00:00
3b42715930
Rewrote VisitDeclStmt to properly handle initializers that can do anything.
...
llvm-svn: 50112
2008-04-22 22:25:27 +00:00
c79c0591d6
Added lval type (and tracking) for StringLiterals.
...
llvm-svn: 50109
2008-04-22 21:39:21 +00:00
eccf3e5821
Added "nonlval::LValAsInteger" to represent abstract LVals casted to integers, allowing us to track lvals when they are casted back to pointers.
...
llvm-svn: 50108
2008-04-22 21:10:18 +00:00
9718c9e8ee
PathDiagnosticClients now retain ownership of passed PathDiagnostics, requiring
...
them to not be stack-allocated.
HTMLDiagnostics now batches PathDiagnostics before emitting HTML in its dtor.
This is a workaround for a problem when we trampled the Preprocessor state
when highlighting macros (sometimes resulting in an assertion failure).
llvm-svn: 50102
2008-04-22 16:15:03 +00:00
901a4e406b
Use back() instead of end()-1
...
llvm-svn: 50098
2008-04-22 07:37:18 +00:00
80f2c111bd
Added panic function "dtrace_assfail".
...
llvm-svn: 50091
2008-04-22 06:09:33 +00:00
a2cca7dbdf
Hardcode "Assert" as a no-return function (panic).
...
llvm-svn: 50089
2008-04-22 05:37:33 +00:00
da5cdda248
Added null-dereference check for ArraySubscriptExpr.
...
llvm-svn: 50083
2008-04-22 04:56:29 +00:00
38213f9573
Added support for detected bad dereferences involving MemberExprs, e.g. x->f where "x" is NULL.
...
llvm-svn: 50071
2008-04-21 23:43:38 +00:00
5fa90e49a9
Fix improper dereference of end() iterator. Patch by Argiris Kirtzidis!
...
llvm-svn: 50012
2008-04-20 23:54:24 +00:00
575f24ef73
Gracefully handle when the receiver of a message expression is not a pointer type.
...
llvm-svn: 49959
2008-04-19 19:12:50 +00:00
423edc2384
Another bug fix in emitting warnings without a path: construct a unit PathDiagnostic as we did
...
before. This allows the HTMLDiagnostic object to retrieve the bug type, bug description, etc.
llvm-svn: 49939
2008-04-18 22:56:53 +00:00
bf27dc9659
Reenable using the PathDiagnosticClient for BugReports without paths.
...
llvm-svn: 49934
2008-04-18 22:11:59 +00:00
31484b2477
Generalize caching mechanism for bugs reports. Now individual BugTypes
...
can decide the policy on how to cache related bugs. This allows us to
properly to handle warning about multiple leaks in the same location in the
ref count checker (not yet done).
llvm-svn: 49918
2008-04-18 20:54:29 +00:00
c072b820cf
Fixed more caching bugs related to the one fixed in r49914. Silence
...
compiler warning introduced by a recent patch of mine.
llvm-svn: 49917
2008-04-18 20:35:30 +00:00
acefba896c
Fixed elusive caching bug that led to false positives.
...
llvm-svn: 49914
2008-04-18 19:34:16 +00:00
4d83728a57
Added "GetErrorNodes()" to BugType so that -trim-egraph can recognize errors
...
from registered BugTypes. This helps with debugging.
Add detection of NULL values in ref count checker; this suppresses false positives.
llvm-svn: 49912
2008-04-18 19:23:43 +00:00
3388381993
Added "EvalAssume" virtual method to GRTransferFuncs; this is for evaluating
...
the checker-specific logic of symbolic assumptions.
llvm-svn: 49910
2008-04-18 17:20:23 +00:00
d004c418b6
Fixed bug in GREndPathNodeBuilder: only return a node if it wasn't in the node cache.
...
llvm-svn: 49907
2008-04-18 16:30:14 +00:00
f03e07c34d
More grammar fixes.
...
llvm-svn: 49895
2008-04-18 05:32:44 +00:00
ca8892b456
Fix plurality debacle.
...
llvm-svn: 49894
2008-04-18 05:13:26 +00:00
40d601f958
Added path diagnostics for reference counts.
...
llvm-svn: 49892
2008-04-18 04:55:01 +00:00
396f43620f
BugReport::VisitNode now takes BugReporter& instead of ASTContext&.
...
Shuffled around code in CFRefCount to better pair classes with implementation,
and started adding subclasses of RangedBugReport to handle better diagnostics
for reference count bugs.
llvm-svn: 49889
2008-04-18 03:39:05 +00:00
89e6a9b98c
Added null check.
...
llvm-svn: 49887
2008-04-18 02:24:50 +00:00
cffe635699
Simplified internal logic of BugReporter, consolidating EmitWarning and
...
EmitPathWarning into one method. We now properly handle emitting warnings
without a PathDiagnosticClient when the warning does not involve a particular
statement.
llvm-svn: 49884
2008-04-18 01:56:37 +00:00
69049c272f
Modified BugReport::getEndPath() to handle the case where end path is at
...
the exit block of the CFG.
llvm-svn: 49880
2008-04-17 23:44:37 +00:00
cc0951bde1
Hook up reporting reference count memory leaks to the BugReporter mechanism.
...
llvm-svn: 49879
2008-04-17 23:43:50 +00:00
a506fec90a
Added transfer function support for ReturnStmt to support detecting leaks
...
involving objects that are returned but have an excessive reference count.
llvm-svn: 49861
2008-04-17 18:12:53 +00:00
fc2f058230
Fix MSVC compiler error: "initialization of 'VD' is skipped by 'case' label"
...
llvm-svn: 49853
2008-04-17 13:52:22 +00:00
9c375158a0
Handle ReturnStmts by dispatching to "EvalReturn" in the transfer function object.
...
llvm-svn: 49826
2008-04-16 23:05:51 +00:00
cbf4c6134e
CF ref. count checker: Register memory leaks at the end of a path.
...
llvm-svn: 49824
2008-04-16 22:32:20 +00:00
86051690ea
Bug fix in GREndPathNodeBuilderImpl: Use the specified state to construct
...
a node, not the state of the predecessor.
llvm-svn: 49823
2008-04-16 22:30:40 +00:00
c1f9a28e4d
Added CFGBlock::getTerminatorCondition() to get the Expr* of the condition a block's terminator.
...
Refactored LiveVariables to use getTerminatorCondition() in VisitTerminator().
Bug fix: CFG now computes Block-level expression numbers using information
from block terminators. This fixes <rdar://problem/5868189>.
llvm-svn: 49818
2008-04-16 21:10:48 +00:00
7145489c37
Small tweaks to EvalStore: pass an "RVal" instead of "LVal" for the TargetLV to
...
represent possible stores to "Unknown."
llvm-svn: 49811
2008-04-16 20:40:59 +00:00
673b5c1e42
Add missing file.
...
llvm-svn: 49805
2008-04-16 18:39:25 +00:00
90c7cb6810
Hook up "EvalStore" from GRTransferFuncs to GRExprEngine.
...
llvm-svn: 49804
2008-04-16 18:39:06 +00:00
2044a5183d
Take first step to migrating handling of "stores" to values from GRExprEngine
...
to the plug-in GRTransferFuncs object.
llvm-svn: 49801
2008-04-16 18:21:25 +00:00
ed30e8da56
LiveVariables now updates the liveness state of block-level expressions that
...
are referenced by CFGBlock terminators.
llvm-svn: 49798
2008-04-16 17:07:59 +00:00
08e562d3c8
In ExplodedGraphImpl::Trim, prioritize for paths that don't span loops by using
...
two worklists: for nodes whose locations are block edges with loop terminators
and another for nodes with all other locations. We only dequeue from the loop
worklist when the other is empty. Exploration of the graph is still in
reverse-BFS.
llvm-svn: 49791
2008-04-16 15:51:26 +00:00
8cb96e92a1
Implemented toll-free bridging support for CF Reference count checker.
...
llvm-svn: 49771
2008-04-16 04:28:53 +00:00
e556f9e39c
Simplify some code.
...
llvm-svn: 49763
2008-04-16 02:59:55 +00:00
748c7ce4ba
Added initial boilerplate to support toll-free bridging in the ref-count checker.
...
llvm-svn: 49756
2008-04-15 23:44:31 +00:00
667cacb2ff
Added some comments to GRExprEngine. Reorder some of the method definitions
...
to start logically organizing them.
Added initial plug-in transfer function support for Objective-C message expressions.
llvm-svn: 49752
2008-04-15 23:06:53 +00:00
6204498aad
Change "VisitBlockVarDecl" to "VisitVarDecl". UninitializedValues now works
...
as before r49748 (where BlockVarDecl was removed).
llvm-svn: 49749
2008-04-15 23:02:18 +00:00
08899ff85d
Remove FileVarDecl and BlockVarDecl. They are replaced by VarDecl::isBlockVarDecl() and VarDecl::isFileVarDecl().
...
This is a fairly mechanical/large change. As a result, I avoided making any changes/simplifications that weren't directly related. I did break two Analysis tests. I also have a couple FIXME's in UninitializedValues.cpp. Ted, can you take a look? If the bug isn't obvious, I am happy to dig in and fix it (since I broke it).
llvm-svn: 49748
2008-04-15 22:42:06 +00:00
82ff6d65bc
Fix bug in terminator processing for uninitialized-values: simply ignore the terminator, don't reprocess it.
...
LiveVariables analysis now does a flow-insensitive analysis to determine what variables have their address taken; these variables are now always treated as being live.
The DataflowSolver now uses "SetTopValue()" when getting the initial value for the entry/exit block.
llvm-svn: 49734
2008-04-15 18:35:30 +00:00
45887902b6
Fix a compiler error on MSVC (variable name 'E' clash).
...
llvm-svn: 49727
2008-04-15 16:30:10 +00:00
6d41b82ea4
Improve dead store diagnostic.
...
llvm-svn: 49711
2008-04-15 05:31:00 +00:00
8adeebb274
Added initial support into the flow-sensitive dataflow solver to visit the Block-level expression
...
in a block's terminator. This expression is visited within a block, but it is accessed by the
terminator. This is important to observe because for live-variables analysis the block-level
expression is live between the terminator and where the expression occurs in the block. So far
this hasn't been an issue to not observe this because the block-level expression used in the
terminator is always the last one in the block, and we have never queried the liveness information
about this point (but before the terminator).
llvm-svn: 49709
2008-04-15 04:39:08 +00:00
66279073f7
Bug fix in dead stores: don't always check the liveness of the first decl
...
in a DeclStmt.
llvm-svn: 49708
2008-04-15 04:11:48 +00:00
cd76f95dd0
++/-- makes a variable live since it is used; thus the liveness state is
...
"Alive" as opposed to staying the same.
llvm-svn: 49707
2008-04-15 04:08:54 +00:00
f4212bdbc3
Bug fix in LiveVariables: Operators ++/-- may kill a value, but the variable
...
is still live.
llvm-svn: 49705
2008-04-15 03:47:30 +00:00
87bfc03f4a
Don't flag dead stores that occur in macros.
...
llvm-svn: 49672
2008-04-14 18:28:25 +00:00
bae225d57a
Have BugReporter::EmitWarning use the PathDiagnosticClient if it is available.
...
llvm-svn: 49668
2008-04-14 18:06:42 +00:00
75ff623e2e
Bug fix in dead-store checker when walking the Decls in a DeclStmt: don't
...
assume that DeclStmts only have VarDecls; they can have TypedefDecls.
llvm-svn: 49662
2008-04-14 17:52:13 +00:00
12e721a728
Treat calls to unresolved functions in the CF-ref count checker as calls
...
to functions with NULL summaries.
llvm-svn: 49660
2008-04-14 17:45:13 +00:00
7e15130dc9
Hooked up the dead-store checker to the BugReporter interface. Now dead-store
...
warnings are emitted as part of the warnings registered by GRSimpleVals.
llvm-svn: 49658
2008-04-14 17:39:48 +00:00
8784a7c006
Add some boilerplate to report memory leaks at the end of an analyzed function.
...
Still need some boilerplate in BugReporter to report bugs at the end
of a function (not associated with a particular statement).
llvm-svn: 49564
2008-04-11 22:25:11 +00:00
811c2b4edb
Added "GREndPathNodeBuilder", a new node builder that will be used for
...
evaluating transfer functions at the end-of-path.
llvm-svn: 49561
2008-04-11 22:03:04 +00:00
0a86fdb1ff
Added FIXME
...
llvm-svn: 49558
2008-04-11 20:51:02 +00:00
831f327568
Fix regression introduced by my last commit.
...
llvm-svn: 49556
2008-04-11 20:23:24 +00:00
a7c44113bc
Changed behavior of how we handle "NULL" summaries: just call
...
GRSimpleVals::EvalCal(), and don't change reference counts.
Remove "getDoNothingSummary()", as a NULL summary does the same thing.
Added temporary hack for the "Get" rule for objects that return a pointer type:
treat them as non-owned CF objects.
Added test case to detect the release of a non-owned object.
llvm-svn: 49555
2008-04-11 20:11:19 +00:00
988990f842
Use RangedBugReport to report better ranges for reference count errors.
...
llvm-svn: 49552
2008-04-11 18:40:51 +00:00
6e38ffa517
Added "RangedBugReport".
...
llvm-svn: 49551
2008-04-11 18:40:29 +00:00
4b77209694
Fixed some logic errors in the CF ref count checker; we now can detect simple
...
use-after-release errors. Added test case.
llvm-svn: 49509
2008-04-10 23:44:06 +00:00
3c03d52d6e
Simplify CF ref. count checker state machine.
...
llvm-svn: 49505
2008-04-10 23:09:18 +00:00
22bd628056
Fix some bonehead bugs in summary generation in CFRefCount.
...
llvm-svn: 49503
2008-04-10 22:58:08 +00:00
4a78c3ae11
Refactored all logic to run the GRSimpleVals and CFRef checker into a common
...
code path in the clang driver.
Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.
llvm-svn: 49500
2008-04-10 22:16:52 +00:00
ea1bc3bec6
CFRefCount analysis now properly calls "EmitWarnings" after analyzing a function.
...
llvm-svn: 49488
2008-04-10 16:21:09 +00:00
42d9db75f0
When not emitting path diagnostics in BugReporter::EmitWarning(), use the
...
BugReport-specific SourceRanges (when available).
llvm-svn: 49486
2008-04-10 16:12:38 +00:00
83744ddbd9
Fixed regressions in error reporting due to copy-paste errors (using the "begin"
...
iterator instead of "end") and not implementing "getDescription()" for Nil
argument checks.
llvm-svn: 49485
2008-04-10 16:05:13 +00:00
c8bef6a076
Hooked up initial reference-count checks to the BugReporter interface.
...
llvm-svn: 49455
2008-04-09 23:49:11 +00:00
7acc3a36ef
Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter.
...
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.
GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.
ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.
llvm-svn: 49453
2008-04-09 21:41:14 +00:00
ce8e881dc3
Added some boilerplate for emitting warnings from the CF-reference count checker.
...
llvm-svn: 49414
2008-04-09 01:10:13 +00:00
3cef454e2e
Added new "BugReporterHelper" class which is used by BugReporter to emit
...
checker-specific diagnostics.
llvm-svn: 49412
2008-04-09 00:20:43 +00:00
e73006ee45
Improve BugReport diagnostics for loops and ? operator.
...
llvm-svn: 49356
2008-04-07 23:35:17 +00:00
1e830c07a2
templates can't be static.
...
llvm-svn: 49258
2008-04-06 04:22:39 +00:00
d1a2efadba
Added investigate patch for an occasionally failing assertion (heisenbug?)
...
llvm-svn: 49193
2008-04-03 21:44:24 +00:00
10569cdd87
Better range highlight for undefined-argument checks.
...
llvm-svn: 49184
2008-04-03 18:52:25 +00:00
5f5592062b
When reporting "bad receiver" warnings, highlight the receiver.
...
llvm-svn: 49183
2008-04-03 18:46:16 +00:00
89575b7bcb
Use "getRanges" in default implementation of "getEndPath" to determine
...
the ranges of highlighted elements in the source code.
llvm-svn: 49181
2008-04-03 18:00:37 +00:00
cb2dc8eca5
Hooked up GRSimpleAPICheck and the simple Objective-C Foundation checks to use
...
the new BugReporter interface.
llvm-svn: 49180
2008-04-03 17:57:38 +00:00
ca40664275
Handle the case when getEndPath() returns NULL.
...
llvm-svn: 49155
2008-04-03 07:33:55 +00:00
e4c029e7aa
Add back bug name to PathDiagnostic.
...
llvm-svn: 49139
2008-04-03 05:23:19 +00:00
4e9cc3f272
When creating PathDiagnostics, created a trimmed graph first and report the
...
BFS path to the root. This also avoids problems with loops in the ExplodedGraph.
llvm-svn: 49133
2008-04-03 04:59:14 +00:00
505a36afc6
Created new path-sensitive bug-reporting scheme based on the classes
...
"BugReporter" and "BugDescription". BugDescription is used to describe
a bug and provide pieces of the PathDiagnostic, and BugReporter creates
the actual PathDiagnostic by crawling through the ExplodedGraph.
Migrated checks done by GRSimpleVals to be reported using the new BugReporter
mechanism.
llvm-svn: 49127
2008-04-03 04:42:52 +00:00
33d03a52f0
80 col violation
...
llvm-svn: 49120
2008-04-02 22:08:09 +00:00
744fb6d9e7
Added more PathDiagnostic rendering for terminators: switch, goto, loops.
...
llvm-svn: 49119
2008-04-02 22:03:53 +00:00
383bfd27d0
Shorted bug-description.
...
llvm-svn: 49102
2008-04-02 18:02:54 +00:00
182f660d8d
simplify some code by using PointerLikeType.
...
llvm-svn: 49101
2008-04-02 17:45:06 +00:00
d12d21c000
Beginning of some cleanups; start generating path diagnostics using objects
...
that describe a bug.
llvm-svn: 49086
2008-04-02 07:05:46 +00:00
2c71d51513
Added initial hacked support for display path diagnostics with
...
GRSimpleVals warnings. Cleaning up, but now we get multiple bubbles (branches are annotated).
llvm-svn: 49077
2008-04-02 05:15:22 +00:00
94896e17bb
Patch by Argiris Kirtzidis: Fix a dangling pointer error!
...
llvm-svn: 49057
2008-04-01 22:35:58 +00:00
e9f2a90d1f
Do not prepend the keyword "[CHECKER]" to checker messages when using
...
a PathDiagnosticClient.
llvm-svn: 48996
2008-03-31 20:42:43 +00:00
bb7f03f926
Include ranges in GRSimpleVals diagnostics.
...
llvm-svn: 48990
2008-03-31 18:44:32 +00:00
c27815ca82
Inlined clang/Analysis/Analyses/GRSimpleVals.h into LocalCheckers.h and removed
...
GRSimpleVals.h
Added a PathDiagnosticClient option to the driver functions for the
CFRefCountChecker and the GRSimpleVals analysis. Both analyses now accept a "-o"
argument from the driver that specifies where HTML reports should be dumped.
llvm-svn: 48989
2008-03-31 18:26:32 +00:00
f646774f32
Added path-sensitive check for return statements that return the address
...
of a stack variable. This is the path-sensitive version of a check that
is already done during semantic analysis.
llvm-svn: 48980
2008-03-31 15:02:58 +00:00
c719424caa
Added skeleton checking for NSString's method initWithFormat: (do not pass nil). This won't be useful in most cases right now
...
because the analyzer isn't tracking expected types for an object, and [NSString alloc] just runs "id".
llvm-svn: 48917
2008-03-28 16:09:38 +00:00
276278e5d2
Expanded NSString checking to check for nil for a few more methods.
...
llvm-svn: 48898
2008-03-27 22:05:32 +00:00
2e4e7ccb22
Add line SourceLocation to NSString checks.
...
Added test case to test warning about passing 'nil' to NSString's compare: method.
llvm-svn: 48896
2008-03-27 21:23:57 +00:00
27156c8c9f
Hooked up initial NSString interface checking to GRSimpleVals.
...
llvm-svn: 48895
2008-03-27 21:15:17 +00:00
a4d60b6de3
Add creation of BasicObjCFoundationChecks when running GRSimpleVals from the driver.
...
llvm-svn: 48886
2008-03-27 17:17:22 +00:00
c04149299c
Added "GRAuditor" and "GRSimpleAPICheck" interface to allow simple stateless checkers to be injected into the analyzer.
...
Added "AnnotatedPath" class to record an annotated path that will be useful for inspecting paths.
Added some boilerplate code for simple checks of Apple's Foundation API.
llvm-svn: 48867
2008-03-27 07:25:52 +00:00
710714c365
PathDiagnosticPiece no longer contains a vector of strings; just one string.
...
PathDiagnostic no longer contains a diagnostic ID or diagnostic level.
llvm-svn: 48864
2008-03-27 06:16:40 +00:00
4fa20c9bba
Added classes "PathDiagnosticPiece", "PathDiagnostic", and "PathDiagnosticClient", which encapsulate diagnostic reporting for paths.
...
llvm-svn: 48861
2008-03-27 03:49:32 +00:00
ea128437b3
Bug fix: use GetRVal instead of GetLVal (were getting the value of a DeclRefExpr, not it's address).
...
llvm-svn: 48846
2008-03-26 22:21:58 +00:00
cb047289a8
Bug fix in transfer function for ObjCMessageExpr: Visit the receiver expression as an ordinary expression, not using VisitLVal.
...
llvm-svn: 48842
2008-03-26 21:36:08 +00:00
4b55badc39
GRSimple analysis now outputs additional diagnostic warnings about
...
passing an uninitialized value to a message expresion.
llvm-svn: 48776
2008-03-25 16:40:05 +00:00
3335120f69
Tweak to transfer function for ObjCMessageExpr: handle both instance methods
...
and message expressions with a specified receiver.
llvm-svn: 48773
2008-03-25 16:07:41 +00:00
945a246ad8
Added logic to check for uninitialized values as the receivers for message expressions
...
and uninitialized values passed-by-value as arguments to message expressions.
llvm-svn: 48760
2008-03-25 02:10:28 +00:00
64100da427
Added initial transfer function support for ObjCMessageExpr.
...
llvm-svn: 48757
2008-03-25 00:34:37 +00:00
fb475ec504
Changed merge operation for uninitialized values analysis to "intersect" (previous union).
...
The effect is that if a variable is uninitialized along a branch (but initialized along another), at merge points it is considered uninitialized. Previously we had the opposite behavior. The new behavior is more conservative, and more in line with gcc's behavior.
llvm-svn: 48689
2008-03-22 20:11:00 +00:00
181f72369f
Rename "Nodify" to "MakeNode"
...
llvm-svn: 48659
2008-03-21 21:30:14 +00:00
b7151c7ca8
LiveVariables analysis now uses intersect for the merge of block-level expression liveness information.
...
The rationale is that a block-level expression cannot be live in a parent block unless it is live in all of the successor blocks.
llvm-svn: 48618
2008-03-20 21:46:49 +00:00
a9b30c0651
Fix assertion.
...
llvm-svn: 48470
2008-03-17 22:18:22 +00:00
9eae403cde
Fix integer overflow bug when processing switch statements.
...
llvm-svn: 48469
2008-03-17 22:17:56 +00:00
58021a617b
Properly hook up inline asm transfer function logic to the main GRExprEngine logic.
...
llvm-svn: 48468
2008-03-17 21:31:48 +00:00
7c7a331f74
Added initial transfer function support for inline asm.
...
llvm-svn: 48466
2008-03-17 21:11:24 +00:00
7a51313d8a
Make a major restructuring of the clang tree: introduce a top-level
...
lib dir and move all the libraries into it. This follows the main
llvm tree, and allows the libraries to be built in parallel. The
top level now enforces that all the libs are built before Driver,
but we don't care what order the libs are built in. This speeds
up parallel builds, particularly incremental ones.
llvm-svn: 48402
2008-03-15 23:59:48 +00:00
Ted Kremenek