a scalar variable with a scalar parameter. This is a
form of defensive programming. If the variable is unused,
it will be caused by -Wunused-variable.
llvm-svn: 98795
Beyond simplifying the algorithm significantly, we no longer
need to build subregion maps in RemoveDeadBindings(). This
and other changes cause a significant speedup: the time to
analyze sqlite3.c (single core) drops by 14%.
llvm-svn: 98159
cluster analysis algorithm as RegionStore::InvalidateRegions().
Beyond simplifying the algorithm significantly, we no longer
need to build subregion maps in RemoveDeadBindings(). This
and other changes cause a significant speedup: the time to
analyze sqlite3.c (single core) drops by 14%.
llvm-svn: 98144
we now may have identical states with different analysis context.
Set the right AnalysisContext in state when entering and leaving a callee.
With both of the above changes, we can pass the test case.
llvm-svn: 97724
After discussion with Zhongxing, don't force the initializer of DeclStmts to be
block-level expressions.
This led to some interesting fallout:
[UninitializedValues]
Always visit the initializer of DeclStmts (do not assume they are block-level expressions).
[BasicStore]
With initializers of DeclStmts no longer block-level expressions, this causes self-referencing initializers (e.g. 'int x = x') to no longer cause the initialized variable to be live before the DeclStmt. While this is correct, it caused BasicStore::RemoveDeadBindings() to prune off the values of these variables from the initial store (where they are set to uninitialized). The fix is to back-port some (and only some) of the lazy-binding logic from RegionStore to
BasicStore. Now the default values of local variables are determined lazily as opposed
to explicitly initialized.
llvm-svn: 97591
Use this information to find the returned value and bind it to CallExpr in
ProcessCallExit.
And there is no need to remove dead bindings in ProcessCallExit, because
a. it would clean up the return value bound to CallExpr
b. we still would do it in the next ProcessStmt(), where we would not misclean
up the return value.
llvm-svn: 97225
This patch implements the CallEnter/CallExit idea of Ted.
Add two interfaces to GRSubEngine: ProcessCallEnter, ProcessCallExit.
The CallEnter program point uses caller's location context. The
CallExit program point uses callee's location context.
CallEnter is built by GRStmtNodeBuilder. CallExit is built by
GREndPathNodeBuilder.
llvm-svn: 97122
to various MacOS X functions. The checks in BasicObjCFoundationChecks.cpp will
gradually be migrated here.
As a first check, check that when 'dispatch_once()' is passed a predicate value
that has non-local storage.
llvm-svn: 97116
to various unix/posix functions, e.g. 'open()'.
As a first check, check that when 'open()' is passed 'O_CREAT' that it has
a third argument.
llvm-svn: 97086
pointer (for defensive programming). This matches the behavior with
assigning NULL to a regular pointer. Fixes <rdar://problem/7631278>.
llvm-svn: 96985
of operating on each code decl. This exposes two flaws in AnalysisConsumer
that should eventually be fixed:
(1) It is not possible to associate multiple "actions" with a single
command line argument. This will require the notion of an
"analysis" group, and possibly tablegen support. (although eventually
we want to support dynamically loading analyses as well)
(2) AnalysisConsumer may not actually be scanning the declarations in namespaces.
We'll experiment first in LLVMConventionsChecker before changing the
behavior in AnalysisConsumer.
llvm-svn: 96183
Currently these checks are intended to be largely syntactical, but may get more
sophisticated over time.
As an initial foray into this brave new world, emit a static analyzer warning
when binding a temporary 'std::string' to an 'llvm::StringRef' where the
lifetime of the 'std::string' does not outlive the 'llvm::StringRef'.
llvm-svn: 96147
NULL, not the store, to determine if a lookup succeeded. The store
can be null if it contained no bindings. This fixes a false positive
reported to me by a user of the analyzer.
llvm-svn: 95679
a different return type. While we don't emit any errors (yet), at
least we avoid cases where we might crash because of an assertion
failure later on (when the return type differs from what is expected).
llvm-svn: 95268
RegionStoreManager::InvalidateRegions() by adjusting the worklist to
iterate over BindingKeys instead of MemRegions. We also only need to
do the actual invalidation work on base regions, and for non-base
regions just blow away their bindings.
llvm-svn: 95200
not build a subregion map and instead do a single scan of the store.
This is done by building "region clusters" that represent the
collection of regions that have the same base region. Invalidating
any region in a cluster means that they all should get invalidated.
This change brought out a point that Zhongxing mentioned to me
offline: the flattened memory binding has issues distinguishing
between direct and default bindings. For example, setting the default
value for an entire struct is the same as binding to the first
element. To address this problem, I moved the binding "tag" (Direct
or Default) from BindingVal to BdingKey (and removed BindingVal
entirely). This requires us to do double lookups in some cases; and
there is still much more cleanup that can be done.
This change produced a noticeable speedup when analyzing sqlite3 (a
reduction of 4% in running time).
llvm-svn: 95193
reusable and modular API pieces.
Start by pulling the logic for deriving the Cocoa naming convention
into a separate API, header, and source file.
llvm-svn: 94662
(1) libAnalysis is a generic analysis library that can be used by
Sema. It defines the CFG, basic dataflow analysis primitives, and
inexpensive flow-sensitive analyses (e.g. LiveVariables).
(2) libChecker contains the guts of the static analyzer, incuding the
path-sensitive analysis engine and domain-specific checks.
Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.
This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker. More changes pending. :)
This change also exposed a layering violation between AnalysisContext
and MemRegion. BlockInvocationContext shouldn't explicitly know about
BlockDataRegions. For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet). We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.
llvm-svn: 94406
Daniel Dunbar