Commit Graph

46 Commits

Author SHA1 Message Date
Devin Coughlin 480a0c00ca [analyzer] Avoid crash when attempting to evaluate binary operation on LazyCompoundVal.
Instead, return UnknownValue if either operand is a nonloc::LazyCompoundVal. This is a
spot fix for PR 24951.

rdar://problem/23682244

llvm-svn: 260066
2016-02-08 00:28:24 +00:00
Jordan Rose 60619a639b [analyzer] Assume that strings are no longer than SIZE_MAX/4.
This keeps the analyzer from making silly assumptions, like thinking
strlen(foo)+1 could wrap around to 0. This fixes PR16558.

Patch by Karthik Bhat!

llvm-svn: 188680
2013-08-19 16:27:34 +00:00
Jordan Rose 6e3cf2ba85 [analyzer] Model strsep(), particularly that it returns its input.
This handles the false positive leak warning in PR15374, and also serves
as a basic model for the strsep() function.

llvm-svn: 180069
2013-04-22 23:18:42 +00:00
Jordan Rose 28c68a2d07 [analyzer] Don't invalidate globals when there's no call involved.
This fixes some mistaken condition logic in RegionStore that caused
global variables to be invalidated when /any/ region was invalidated,
rather than only as part of opaque function calls. This was only
being used by CStringChecker, and so users will now see that strcpy()
and friends do not invalidate global variables.

Also, add a test case we don't handle properly: explicitly-assigned
global variables aren't being invalidated by opaque calls. This is
being tracked by <rdar://problem/13464044>.

llvm-svn: 177572
2013-03-20 20:36:01 +00:00
Anna Zaks bda130f02a [analyzer] Use isLiveRegion to determine when SymbolRegionValue is dead.
Fixes a FIXME, improves dead symbol collection, suppresses a false positive,
which resulted from reusing the same symbol twice for simulation of 2 calls to the same function.

Fixing this lead to 2 possible false negatives in CString checker. Since the checker is still alpha and
the solution will not require revert of this commit, move the tests to a FIXME section.

llvm-svn: 177206
2013-03-15 23:34:29 +00:00
Ted Kremenek 722398f1d4 Fix analyzer tests.
llvm-svn: 162588
2012-08-24 20:39:55 +00:00
Jordy Rose 5934226067 [analyzer] Fix test for PR12206, which was failing on i386.
llvm-svn: 156941
2012-05-16 20:29:44 +00:00
Anna Zaks f8be8595ae [analyzer] Revert a regression committed in r156920.
This breaks the build with -triple i386-apple-darwin9.

llvm-svn: 156932
2012-05-16 18:46:25 +00:00
Jordy Rose 6d5a8caac3 [analyzer] Convert many existing tests to use clang_analyzer_eval.
llvm-svn: 156920
2012-05-16 16:01:10 +00:00
Jordy Rose 459d5f62c2 [analyzer] strncpy: Special-case a length of 0 to avoid an incorrect warning.
We check the address of the last element accessed, but with 0 calculating that
address results in element -1. This patch bails out early (and avoids a bunch
of other work at that).

Fixes PR12807.

llvm-svn: 156769
2012-05-14 17:58:35 +00:00
Jordy Rose d23232975f [analyzer] Equality ops are like relational ops in that the arguments shouldn't be converted to the result type. Fixes PR12206 and dupe PR12510.
This was probably the original intent of r133041 (also me, a year ago).

llvm-svn: 156062
2012-05-03 07:34:01 +00:00
Anna Zaks 0cdce4df76 [analyzer] Turn on by default the Malloc Checker and a couple of CString
checks:

- unix.Malloc - Checks for memory leaks, double free, use-after-free.
- unix.cstring.NullArg - Checks for null pointers passed as arguments to
CString functions + evaluates CString functions.
- unix.cstring.BadSizeArg - Checks for common anti-patterns in
strncat size argument.

llvm-svn: 150988
2012-02-20 21:10:37 +00:00
Anna Zaks e0c7c27473 [analyzer] Allow each CString check to be enabled/disabled
separately.

llvm-svn: 149947
2012-02-07 00:56:14 +00:00
Anna Zaks 87b6ff09f9 [analyzer] Add checks for common anti-patterns in strncat.
(Since this is syntax only, might be a good candidate for turning into a
compiler warning.)

llvm-svn: 149407
2012-01-31 19:33:39 +00:00
Anna Zaks 6228130099 [analyzer] RegionStoreManager::getBinding() should not crash when
looking up value at a CodeTextRegion even when the type is not provided.

llvm-svn: 148079
2012-01-13 00:56:48 +00:00
Anna Zaks 5f847144d1 [analyzer] Do not invalidate arguments when the parameter's
type is a pointer to const. (radar://10595327)

The regions corresponding to the pointer and reference arguments to
a function get invalidated by the calls since a function call can
possibly modify the pointed to data. With this change, we are not going
to invalidate the data if the argument is a pointer to const. This
change makes the analyzer more optimistic in reporting errors.
(Support for C, C++ and Obj C)

llvm-svn: 147002
2011-12-20 22:35:30 +00:00
Anna Zaks 7c96b7db96 [analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about. 

In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)

This patch also contains 2 small bug fixes:
 - swap the order of operators inside SValBuilder::makeGenericVal.
 - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.

llvm-svn: 146343
2011-12-11 18:43:40 +00:00
Ted Kremenek 3f955e6d89 [analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
Jordy Rose 7770a8c6c5 [analyzer] strnlen isn't a builtin, don't test for it
llvm-svn: 133994
2011-06-28 05:34:40 +00:00
Jordy Rose b41f7c55f5 [analyzer] Finish size argument checking for strncat (and strncpy).
llvm-svn: 133472
2011-06-20 21:55:40 +00:00
Jordy Rose 328deeed7f [analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
llvm-svn: 133408
2011-06-20 03:49:16 +00:00
Jordy Rose dceb0cf3f3 [analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
llvm-svn: 133406
2011-06-20 02:06:40 +00:00
Jordy Rose c026370858 [analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
llvm-svn: 133154
2011-06-16 07:13:34 +00:00
Jordy Rose 634c12d23f [analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.

This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.

This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!

llvm-svn: 133046
2011-06-15 05:52:56 +00:00
Jordy Rose bc7483f505 [analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.
llvm-svn: 132958
2011-06-14 01:40:43 +00:00
Jordy Rose d359289669 [analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.
llvm-svn: 132955
2011-06-14 01:15:31 +00:00
Lenny Maiorani 5066858bcd Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
llvm-svn: 130758
2011-05-03 16:34:26 +00:00
Lenny Maiorani 0b510279c6 Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
llvm-svn: 130708
2011-05-02 19:05:49 +00:00
Lenny Maiorani 4af23c8159 Implements strcasecmp() checker in Static Analyzer.
llvm-svn: 130398
2011-04-28 15:09:11 +00:00
Argyrios Kyrtzidis a9b630e4d7 Emit a -Wnull-dereference warning for "*null" not just "*null = something". Addresses rdar://9269271.
llvm-svn: 130207
2011-04-26 17:41:22 +00:00
Lenny Maiorani e553e40467 Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
llvm-svn: 130161
2011-04-25 22:21:00 +00:00
Chris Lattner 57540c5be0 fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!

llvm-svn: 129559
2011-04-15 05:22:18 +00:00
Lenny Maiorani f3539ad5c7 This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
llvm-svn: 129364
2011-04-12 17:08:43 +00:00
Lenny Maiorani 467dbd5f13 strcat() and strncat() model additions to CStringChecker.
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.

llvm-svn: 129215
2011-04-09 15:12:58 +00:00
Ted Kremenek 49c79790de Rework checker "packages" and groups to be more hierarchical.
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
Carl Norum 58d489fc6e Fix tests to account for new warning "expected ';' at end of declaration list". Sorry, folks!
llvm-svn: 127188
2011-03-07 22:57:45 +00:00
Argyrios Kyrtzidis 9eb02dfa89 [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
Argyrios Kyrtzidis 2c49ec7f1d [analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.

llvm-svn: 126659
2011-02-28 17:36:18 +00:00
Argyrios Kyrtzidis c08d89e6c2 Allow passing a list of comma separated checker names to -analyzer-checker, e.g:
-analyzer-checker=cocoa,unix

llvm-svn: 126372
2011-02-24 08:42:20 +00:00
Ted Kremenek fb1a79af7a Add CStringChecker support for strncpy. Patch by Lenny Maiorani!
llvm-svn: 126188
2011-02-22 04:58:34 +00:00
Ted Kremenek 280a01fa1b Add CStringChecker support for strnlen. Patch by Lenny Maiorani!
llvm-svn: 126187
2011-02-22 04:55:05 +00:00
Argyrios Kyrtzidis 2d3905ffac [analyzer] Use the new registration mechanism on some of the experimental checks. These are:
CStringChecker
   ChrootChecker
   MallocChecker
   PthreadLockChecker
   StreamChecker
   UnreachableCodeChecker

MallocChecker creates implicit dependencies between checkers and needs to be handled differently.

llvm-svn: 125598
2011-02-15 21:25:03 +00:00
Jordy Rose 722f558f07 Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes:
- Fix memcpy() and friends to actually invalidate the destination buffer.
- Emit a different message for out-of-bounds buffer accesses if the buffer is being written to.
- When conjuring symbols, let ValueManager figure out the type.

llvm-svn: 111120
2010-08-16 07:51:42 +00:00
Jordy Rose 2a2e21c902 Update CStringChecker to take advantage of the new metadata symbols and region change callback. Now does basic tracking of string length for general regions. Currently this is still only used for modeling strlen().
llvm-svn: 111081
2010-08-14 21:02:52 +00:00
Tom Care 29a6250bf0 Added some false positive checking to UnreachableCodeChecker
- Allowed reporting of dead macros
- Added path walking function to search for false positives in conditional statements
- Updated some affected tests
- Added some false positive test cases

llvm-svn: 109561
2010-07-27 23:30:21 +00:00
Jordy Rose b052e8f436 Groundwork for C string length tracking. Currently only handles the length of constant string literals, which is not too helpful, and only calls to strlen() are checked.
llvm-svn: 109480
2010-07-27 01:37:31 +00:00