This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h. This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses. This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.
The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls. In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal. Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.
There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.
The memory region abstraction also allows type-information to literally be affixed to a memory region. This will allow the some now redundant logic to be removed from the retain/release checker.
llvm-svn: 57042
Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.
llvm-svn: 56894
Changed casing of many bug names. The convention will be to have bug names (mostly) lower cased, and categories use some capitalization.
llvm-svn: 56385
- Change definition of store::Region and store::Binding (once again) to make
them real classes that just wrap pointers. This makes them more strictly
typed, and allows specific implementations of Regions/Bindings to just
subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments
StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'
BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager
llvm-svn: 55688
Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).
llvm-svn: 55522
- Remove ConstNotEq from GRState/GRStateManager (!= tracking uses GDM instead).
- GRStateManager now can book-keep "contexts" (e.g., factory objects) for uses
with data elements stored into the GDM.
- Refactor pretty-printing of states to use GRState::Printer objects
exclusively. This removed a huge amount of pretty-printing logic from
GRExprEngine.
CFRefCount
- Simplified some API calls based on refinements to the GDM api.
llvm-svn: 54835
of using CheckerState).
Removed CheckerState from GRState.
Added class GRStateRef which wraps GRState* and GRStateManager*. This is handy
for generating new states with a single handle.
Added member template set/get functions to GRStateRef/GRState/GRStateManager for
accessing the Generic Data Map.
llvm-svn: 54788
- Drop {Decl.h,DeclObjC.h,IdentifierTable.h} from Expr.h
- Moved Sema::getCurMethodDecl() out of line (dependent on
ObjCMethodDecl via dyn_cast).
llvm-svn: 54629
current store implementation is now encapsulated by BasicStore.
These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.
llvm-svn: 53423
passed-by-reference to a function. This allows us to build up constraints for
their new values and restore some lost path-sensitivity. This addresses a few
false positives since in Adium.
llvm-svn: 53125
Tracked objects now have their type information tracked with them.
Enhanced summaries for ObjC methods to include the type information of the receiver.
Used the enhanced summaries to support the idiom that NSWindow owns itself (it sends a release message to itself upon close).
Added some comments.
Did some cleanups with the checker logic using operator overloading (reduced redundant code which I was concerned about being the source of bugs).
llvm-svn: 52741
clang as a Release build.
The big change is that all AST nodes (subclasses of Stmt) whose children are
Expr* store their children as Stmt* or arrays of Stmt*. This is to remove
strict-aliasing warnings when using StmtIterator. None of the interfaces of any
of the classes have changed (except those with arg_iterators, see below), as the
accessor methods introduce the needed casts (via cast<>). While this extra
casting may seem cumbersome, it actually adds some important sanity checks
throughout the codebase, as clients using StmtIterator can potentially overwrite
children that are expected to be Expr* with Stmt* (that aren't Expr*). The casts
provide extra sanity checks that are operational in debug builds to catch
invariant violations such as these.
For classes that have arg_iterators (e.g., CallExpr), the definition of
arg_iterator has been replaced. Instead of it being Expr**, it is an actual
class (called ExprIterator) that wraps a Stmt**, and provides the necessary
operators for iteration. The nice thing about this class is that it also uses
cast<> to type-checking, which introduces extra sanity checks throughout the
codebase that are useful for debugging.
A few of the CodeGen functions that use arg_iterator (especially from
OverloadExpr) have been modified to take begin and end iterators instead of a
base Expr** and the number of arguments. This matches more with the abstraction
of iteration. This still needs to be cleaned up a little bit, as clients expect
that ExprIterator is a RandomAccessIterator (which we may or may not wish to
allow for efficiency of representation).
This is a fairly large patch. It passes the tests (except CodeGen/bitfield.c,
which was already broken) on both a Debug and Release build, but it should
obviously be reviewed.
llvm-svn: 52378
tracked object to "escape": it's reference count might be incremented by the
called function, thus causing an object's lifetime to extend beyond when the
local reference count is decremented to 0.
This addresses: <rdar://problem/5933215>
llvm-svn: 51433
function that returns a CFxxxRef, not just functions whose name begins with
CF. This implements <rdar://problem/5917879>.
Added test case for this feature.
Updated calls to CStrInCStrNoCase to swap their arguments, per compatibility
with strcasestr.
llvm-svn: 50829
logic for function calls and message expressions.
Use the following heuristic to infer "allocating" instance methods:
[ClassName classWithXXX] allocates an object
Update testcase to reflect this heuristic.
llvm-svn: 50708
the object was last used. This can be confusing to users.
For example:
// 'y' is leaked
x = foo(y);
instead:
x = foo(y);
// 'y' is leaked
llvm-svn: 50661
Implemented support for better localized leaks in the CF reference count checker.
Now leaks should be flagged close to where they occur.
This should implement the desired functionality in <rdar://problem/5879592>, although the diagnostics still need to be improved.
llvm-svn: 50241
This fixes <rdar://problem/5886141>.
Part of this change resulted in creating sparser summaries. I also added
some more comments and did some minor code cleanups.
llvm-svn: 50214
Problem:
In the recently refactored VisitDeref (which processes dereferences), we
were incorrectly skipping the node just generated for the subexpression
of the dereference. This was a horrible regression.
llvm-svn: 50176
can decide the policy on how to cache related bugs. This allows us to
properly to handle warning about multiple leaks in the same location in the
ref count checker (not yet done).
llvm-svn: 49918
from registered BugTypes. This helps with debugging.
Add detection of NULL values in ref count checker; this suppresses false positives.
llvm-svn: 49912
Shuffled around code in CFRefCount to better pair classes with implementation,
and started adding subclasses of RangedBugReport to handle better diagnostics
for reference count bugs.
llvm-svn: 49889
EmitPathWarning into one method. We now properly handle emitting warnings
without a PathDiagnosticClient when the warning does not involve a particular
statement.
llvm-svn: 49884
GRSimpleVals::EvalCal(), and don't change reference counts.
Remove "getDoNothingSummary()", as a NULL summary does the same thing.
Added temporary hack for the "Get" rule for objects that return a pointer type:
treat them as non-owned CF objects.
Added test case to detect the release of a non-owned object.
llvm-svn: 49555
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.
GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.
ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.
llvm-svn: 49453
GRSimpleVals.h
Added a PathDiagnosticClient option to the driver functions for the
CFRefCountChecker and the GRSimpleVals analysis. Both analyses now accept a "-o"
argument from the driver that specifies where HTML reports should be dumped.
llvm-svn: 48989
lib dir and move all the libraries into it. This follows the main
llvm tree, and allows the libraries to be built in parallel. The
top level now enforces that all the libs are built before Driver,
but we don't care what order the libs are built in. This speeds
up parallel builds, particularly incremental ones.
llvm-svn: 48402
Zhongxing Xu