Commit Graph

34 Commits

Author SHA1 Message Date
NAKAMURA Takumi 5dadfd4bde SVal::getAsSymbol(bool IncludeBaseRegions): Follow clang/StaticAnalyzer/Core/PathSensitive/SVals.h, s/IncludeBaseRegion/IncludeBaseRegions/g [-Wdocumentation]
llvm-svn: 315572
2017-10-12 09:42:12 +00:00
Devin Coughlin 64c01f7bef [analyzer] Add a new SVal to support pointer-to-member operations.
Add a new type of NonLoc SVal for C++ pointer-to-member operations. This SVal
supports both pointers to member functions and pointers to member data.

A patch by Kirill Romanenkov!

Differential Revision: https://reviews.llvm.org/D25475

llvm-svn: 289873
2016-12-15 21:27:06 +00:00
Yaron Keren cdae941e03 Annotate dump() methods with LLVM_DUMP_METHOD, addressing Richard Smith r259192 post commit comment.
llvm-svn: 259232
2016-01-29 19:38:18 +00:00
Artem Dergachev 73f018e381 [analyzer] Fix SVal/SymExpr/MemRegion class and enum names for consistency.
The purpose of these changes is to simplify introduction of definition files
for the three hierarchies.

1. For every sub-class C of these classes, its kind in the relevant enumeration
is changed to "CKind" (or C##Kind in preprocessor-ish terms), eg:

  MemRegionKind   -> MemRegionValKind
  RegionValueKind -> SymbolRegionValueKind
  CastSymbolKind  -> SymbolCastKind
  SymIntKind      -> SymIntExprKind

2. MemSpaceRegion used to be inconsistently used as both an abstract base and
a particular region. This region class is now an abstract base and no longer
occupies GenericMemSpaceRegionKind. Instead, a new class, CodeSpaceRegion,
is introduced for handling the unique use case for MemSpaceRegion as
"the generic memory space" (when it represents a memory space that holds all
executable code).

3. BEG_ prefixes in memory region kind ranges are renamed to BEGIN_ for
consisitency with symbol kind ranges.

4. FunctionTextRegion and BlockTextRegion are renamed to FunctionCodeRegion and
BlockCodeRegion, respectively. The term 'code' is less jargony than 'text' and
we already refer to BlockTextRegion as a 'code region' in BlockDataRegion.

Differential Revision: http://reviews.llvm.org/D16062

llvm-svn: 257598
2016-01-13 13:49:29 +00:00
Craig Topper 0dbb783c7b [C++11] Use 'nullptr'. StaticAnalyzer edition.
llvm-svn: 209642
2014-05-27 02:45:47 +00:00
Anna Zaks 6c0c47ede5 [analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic
Introduce a new helper function, which computes the first symbolic region in
the base region chain. The corresponding symbol has been used for assuming that
a pointer is null. Now, it will also be used for checking if it is null.

This ensures that we are tracking a null pointer correctly in the BugReporter.

llvm-svn: 179916
2013-04-20 01:15:42 +00:00
Jordan Rose 8eca04b24e [analyzer] Loc-Loc operations (subtraction or comparison) produce a NonLoc.
For two concrete locations, we were producing another concrete location and
then casting it to an integer. We should just create a nonloc::ConcreteInt
to begin with.

No functionality change.

llvm-svn: 177805
2013-03-23 01:21:29 +00:00
David Blaikie 05785d1622 Include llvm::Optional in clang/Basic/LLVM.h
Post-commit CR feedback from Jordan Rose regarding r175594.

llvm-svn: 175679
2013-02-20 22:23:23 +00:00
David Blaikie 2fdacbc5b0 Replace SVal llvm::cast support to be well-defined.
See r175462 for another example/more details.

llvm-svn: 175594
2013-02-20 05:52:05 +00:00
Jordan Rose 49d5f8825d [analyzer] Reuse a LazyCompoundVal if its type matches the new region.
This allows us to keep from chaining LazyCompoundVals in cases like this:
  CGRect r = CGRectMake(0, 0, 640, 480);
  CGRect r2 = r;
  CGRect r3 = r2;

Previously we only made this optimization if the struct did not begin with
an aggregate member, to make sure that we weren't picking up an LCV for
the first field of the struct. But since LazyCompoundVals are typed, we can
make that inference directly by comparing types.

This is a pure optimization; the test changes are to guard against possible
future regressions.

llvm-svn: 174211
2013-02-01 19:49:57 +00:00
Benjamin Kramer 444a1304ad Include pruning and general cleanup.
llvm-svn: 169095
2012-12-01 17:12:56 +00:00
Anna Zaks 4278234360 [analyzer] Teach the analyzer about implicit initialization of statics
in ObjCMethods.

Extend FunctionTextRegion to represent ObjC methods as well as
functions. Note, it is not clear what type ObjCMethod region should
return. Since the type of the FunctionText region is not currently used,
defer solving this issue.

llvm-svn: 164046
2012-09-17 19:13:56 +00:00
Jordan Rose 07a7ed80cb [analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts.
...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class.

This allows us to enforce the invariant that a CXXBaseObjectRegion can always
provide an offset for its base region if its base region has a known class
type, by only allowing virtual bases and direct non-virtual bases to form
CXXBaseObjectRegions.

This does mean some slight problems for our modeling of dynamic_cast, which
needs to be resolved by finding a path from the current region to the class
we're trying to cast to.

llvm-svn: 161797
2012-08-13 22:11:34 +00:00
Jordan Rose 074ebb3a6f [analyzer] Remove obsolete ObjCPropRef SVal kind.
ObjC properties are handled through their semantic form of ObjCMessageExprs
and their wrapper PseudoObjectExprs, and have been for quite a while. The
syntactic ObjCPropertyRefExprs do not appear in the CFG and are not visited
by ExprEngine.

No functionality change.

llvm-svn: 160458
2012-07-18 21:59:37 +00:00
Anna Zaks e70eea0234 [analyzer] Remove redundant if statement (pointed out by Ted).
llvm-svn: 154075
2012-04-05 02:10:14 +00:00
Anna Zaks 180e4aa246 [analyzer] +Comments
llvm-svn: 152961
2012-03-16 23:24:16 +00:00
David Blaikie f47fa304a4 Remove unnecessary default cases in switches over enums.
This allows -Wswitch-enum to find switches that need updating when these enums are modified.

llvm-svn: 148281
2012-01-17 02:30:50 +00:00
Anna Zaks ee1a43533b [analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it
for finding dependent symbols for taint.

llvm-svn: 145986
2011-12-06 23:12:33 +00:00
Anna Zaks c25efccc8b [analyzer] Propagate taint through NonLoc to NonLoc casts.
- Created a new SymExpr type - SymbolCast.
 - SymbolCast is created when we don't know how to simplify a NonLoc to
NonLoc casts.
 - A bit of code refactoring: introduced dispatchCast to have better
code reuse, remove a goto.
 - Updated the test case to showcase the new taint flow.

llvm-svn: 145985
2011-12-06 23:12:27 +00:00
Anna Zaks d066f79c80 [analyzer] Unify SymbolVal and SymExprVal under a single SymbolVal
class.

We are going into the direction of handling SymbolData and other SymExpr
uniformly, so it makes less sense to keep two different SVal classes.
For example, the checkers would have to take an extra step to reason
about each type separately.

The classes have the same members, we were just using the SVal kind
field for easy differentiation in 3 switch statements. The switch
statements look more ugly now, but we can make the code more readable in
other ways, for example, moving some code into separate functions.

llvm-svn: 145833
2011-12-05 18:58:30 +00:00
Anna Zaks 51090d5f7f [analyzer] First step toward removing
ConstraintManager::canReasonAbout() from the ExprEngine.

ExprEngine should not care if the constraint solver can reason about
something or not. The solver should be able to handle all the SymExprs.

To do this, the solver should be able to keep track of not only the
SymbolData but of all SymExprs. This is why we change SymbolRef to be an
alias of SymExpr*. When encountering an expression it cannot simplify,
the solver should just add the constraints to it.

llvm-svn: 145831
2011-12-05 18:58:19 +00:00
Anna Zaks af36e9128a [analyzer] Add a helper method.
Naming could be improved.. But we should first rename the classes in the SVal hierarchy.

llvm-svn: 144927
2011-11-17 22:57:01 +00:00
Anna Zaks 6b1a955130 [analyzer] Cleanup: Null->0, comments.
llvm-svn: 144823
2011-11-16 19:58:05 +00:00
David Blaikie aa347f9392 Removing a bunch of dead returns/breaks after llvm_unreachables.
llvm-svn: 140407
2011-09-23 20:26:49 +00:00
David Blaikie 83d382b1ca Switch assert(0/false) llvm_unreachable.
llvm-svn: 140367
2011-09-23 05:06:16 +00:00
Ted Kremenek 001fd5b498 Rename GRState to ProgramState, and cleanup some code formatting along the way.
llvm-svn: 137665
2011-08-15 22:09:50 +00:00
Ted Kremenek 5ef32dbf2a Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
llvm-svn: 137537
2011-08-12 23:37:29 +00:00
Chris Lattner 0e62c1cc0b remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.

llvm-svn: 135852
2011-07-23 10:55:15 +00:00
Argyrios Kyrtzidis 456b18c279 [analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted!
llvm-svn: 126734
2011-03-01 01:47:48 +00:00
Argyrios Kyrtzidis 4b45f6628e [analyzer] Introduce SVal::getAsVarDecl().
llvm-svn: 126627
2011-02-28 01:28:18 +00:00
Chris Lattner c8e630e4db Step #1/N of implementing support for __label__: split labels into
LabelDecl and LabelStmt.  There is a 1-1 correspondence between the
two, but this simplifies a bunch of code by itself.  This is because
labels are the only place where we previously had references to random
other statements, causing grief for AST serialization and other stuff.

This does cause one regression (attr(unused) doesn't silence unused
label warnings) which I'll address next.

This does fix some minor bugs:
1. "The only valid attribute " diagnostic was capitalized.
2. Various diagnostics printed as ''labelname'' instead of 'labelname'
3. This reduces duplication of label checking between functions and blocks.

Review appreciated, particularly for the cindex and template bits.

llvm-svn: 125733
2011-02-17 07:39:24 +00:00
Zhanyong Wan 85a203ebdd Makes most methods in SVals.h conform to the naming guide. Reviewed
by kremenek.

llvm-svn: 125687
2011-02-16 21:13:32 +00:00
Ted Kremenek f8cbac4b91 Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.
This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

llvm-svn: 125251
2011-02-10 01:03:03 +00:00
Argyrios Kyrtzidis fa0734ec4f [analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core.
Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration.
Yet another library to avoid cyclic dependencies between Core and Checkers.

llvm-svn: 125124
2011-02-08 22:30:36 +00:00