Commit Graph

2410 Commits

Author SHA1 Message Date
Ted Kremenek 7594e2a59a Fix a couple bugs:
- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
  ASTContext for the size (in bits) of 'int'. While it worked, it was a
  conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
  type "ConstantArray", and handles the case when uses use ordinary variables
  as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
  "array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>

llvm-svn: 63347
2009-01-30 00:08:43 +00:00
Ted Kremenek ed90de4caa retain/release checker: When generating summaries for CF/CG functions, allow arguments to "escape" if they are passed to a function containing the terms "InsertValue", "SetValue", or "AddValue". This fixes <rdar://problem/6539791>.
llvm-svn: 63341
2009-01-29 22:45:13 +00:00
Ted Kremenek c783209605 retain/release checker: Always generate an "autorelease" summary for an "autorelease" message, and have the summary processing logic treat it as a no-op in GC mode. This change is motivated to encode more of the semantics in the summaries themselves for eventual better diagnostics.
llvm-svn: 63241
2009-01-28 21:44:40 +00:00
Ted Kremenek f675864e3c Add autorelease test case.
llvm-svn: 63237
2009-01-28 21:20:48 +00:00
Ted Kremenek 4daeccf28f retain/release checker: Improve diagnostics to indicate that CF objects are not automatically garbage collected.
llvm-svn: 63187
2009-01-28 06:25:48 +00:00
Ted Kremenek 422d81dcd4 Fix bug in BasicStore::getLValueElement where if the base of an array subscript expression was an ElementRegion we stacked another ElementRegion on top of that.
This fixes PR 3422.

llvm-svn: 63110
2009-01-27 18:29:03 +00:00
Ted Kremenek b3fcaa7a77 Fix crash ElementRegion::getRValueType() when the RvalueType of the ArrayRegion is a typedef and not (directly) a pointer.
llvm-svn: 62909
2009-01-24 06:11:36 +00:00
Ted Kremenek f08ac278ed More hacking on static analyzer diagnostics. When emitting summary diagnostics the code paths for diagnostics involving paths or single locations are now unified. This patch also constifies many arguments/methods that are touched by this logic, leading to a nice overall code cleanup.
llvm-svn: 62903
2009-01-24 00:55:43 +00:00
Zhongxing Xu e37f9afb2e Implement retrieval of the default value of element and field regions.
llvm-svn: 62847
2009-01-23 11:22:12 +00:00
Zhongxing Xu b8365bd890 Add a test case for init expr of array and struct type.
llvm-svn: 62845
2009-01-23 10:23:13 +00:00
Ted Kremenek 2e1dfe25c5 For now, return UnknownVal() in RegionStore::getElementsSize() for AnonTypedRegions. It wasn't really doing the right thing and was crashing on rdar-6442306-1.m. This fix causes all path-sensitive test cases to pass with RegionStore.
llvm-svn: 62816
2009-01-22 23:56:56 +00:00
Ted Kremenek fe0f1788ca Add RegionStore support for the implicit object region that 'self' references. This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore.
llvm-svn: 62814
2009-01-22 23:43:57 +00:00
Ted Kremenek c6252091dd This test case now passes with RegionStore.
llvm-svn: 62805
2009-01-22 22:53:05 +00:00
Ted Kremenek db7b61c1b0 This test case now passes with RegionStore.
llvm-svn: 62804
2009-01-22 22:51:46 +00:00
Ted Kremenek c15118b03e This test case now passes with RegionStore.
llvm-svn: 62803
2009-01-22 22:50:46 +00:00
Ted Kremenek c3a28bdb9d This test case now passes with RegionStore.
llvm-svn: 62802
2009-01-22 22:49:49 +00:00
Ted Kremenek 21288a0f17 Enhance test case to test RegionStore with -checker-cfref.
llvm-svn: 62801
2009-01-22 22:46:40 +00:00
Ted Kremenek 5324e074a9 This test case now passes with RegionStore.
llvm-svn: 62800
2009-01-22 22:45:21 +00:00
Ted Kremenek 23dd509332 This test case now passes with RegionStore.
llvm-svn: 62799
2009-01-22 22:43:59 +00:00
Ted Kremenek dabd546875 This test case now passes with RegionStore.
llvm-svn: 62798
2009-01-22 22:42:59 +00:00
Ted Kremenek 36199e6201 This test case now passes with RegionStore.
llvm-svn: 62796
2009-01-22 22:42:16 +00:00
Ted Kremenek b6eec2c979 This test case now passes with RegionStore.
llvm-svn: 62795
2009-01-22 22:40:54 +00:00
Ted Kremenek e54b87f477 Test more array logic in outofbound.c
llvm-svn: 62782
2009-01-22 20:36:33 +00:00
Ted Kremenek 92d48a71f5 Fix RegionStore::getLValueElement() to handle the case when the base region is not an ElementRegion (also do some cleanups of its core logic).
This gets array-struct.c to work with RegionStore.

llvm-svn: 62781
2009-01-22 20:27:48 +00:00
Ted Kremenek e5ea41b5c4 These test cases now pass with RegionStore.
llvm-svn: 62773
2009-01-22 18:54:47 +00:00
Ted Kremenek 556c3709d6 The 'misc-ps.m' test case now passes with RegionStore. One case needed to be split out into 'misc-ps-basic-store.m' and 'misc-ps-region-store.m' because the behavior was different between the two store models (RegionStore flags an additional valid bug).
llvm-svn: 62772
2009-01-22 18:53:15 +00:00
Ted Kremenek ff6990d43b This test now passes using -analyzer-store-region.
llvm-svn: 62670
2009-01-21 07:13:46 +00:00
Ted Kremenek 8973cbfb21 This test now passes using -analyzer-store-region.
llvm-svn: 62669
2009-01-21 07:10:01 +00:00
Ted Kremenek fe32cc0ba6 Get RegionStore to work with the retain/release checker and its test cases.
Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings).

llvm-svn: 62667
2009-01-21 06:57:53 +00:00
Daniel Dunbar 34fc92fdc2 Add -analyze action to run static analyzer, instead of inferring from
individual checker options.

llvm-svn: 62634
2009-01-20 23:17:32 +00:00
Daniel Dunbar 7dd97b12e7 Make test independent of stdint.h
llvm-svn: 62565
2009-01-20 01:27:09 +00:00
Ted Kremenek e5fe617e2b Dead stores checker: Fix <rdar://problem/6506065> by being more selective when say that a store is dead even though the computed value is used in the enclosing expression.
llvm-svn: 62552
2009-01-20 00:47:45 +00:00
Ted Kremenek 1ab188f48a Fix analyzer crash found when scanning Wine sources where the analyzer used old logic to determine the value of a switch 'case' label.
llvm-svn: 62395
2009-01-17 01:54:16 +00:00
Ted Kremenek 86afde337d Fix PR 3337 [retain/release checker]: Handle FunctionDecl's declared using typedefs.
llvm-svn: 62331
2009-01-16 18:40:33 +00:00
Zhongxing Xu cff637a568 Add KillStruct to region store.
- put the killed region in the kill set.
 - set its default value to unknown.
 - removes all bindings for its subregions.  

llvm-svn: 62138
2009-01-13 01:49:57 +00:00
Ted Kremenek 75c4d57b9c This test now passes.
llvm-svn: 62132
2009-01-13 01:06:56 +00:00
Ted Kremenek eb68db238f static analyzer: Handle casts from arrays to integers. This fixes PR 3297.
llvm-svn: 62130
2009-01-13 01:04:21 +00:00
Ted Kremenek 7e90422e95 retain/release checker:
- Refactor a bunch of logic in the retain/release checker, making it more
  condense and easier to read.
- Add support for "Create" methods in the DiskArbitration framework

retain/release tests:
- Rename CFDate.m to retain-release.m, and move test from CFString.c to
  retain-release.m
- Add DiskArbitration framework tests cases.
- Add/refine and few more retain/release GC test cases.

llvm-svn: 62106
2009-01-12 21:45:02 +00:00
Ted Kremenek 890d44eb7f Dead stores checker: Don't flag dead stores for self-assignments (common escape hatch for 'unused variable' warnings).
llvm-svn: 62010
2009-01-09 22:15:01 +00:00
Ted Kremenek 1d92d2c813 This commit reflects changes to the retain/release checker motivated by my
recent discussions with Thomas Clement and Ken Ferry concerning the "fundamental
rule" for Cocoa memory management
(http://developer.apple.com/documentation/Cocoa/Conceptual/MemoryMgmt/Tasks/MemoryManagementRules.html).

Here is the revised behavior of the checker concerning tracking retain/release
counts for objects returned from message expressions involving instance methods:

1) Track the returned object if the return type of the message expression is
id<..>, id, or a pointer to *any* object that subclasses NSObject. Such objects
are assumed to have a retain count. Previously the checker only tracked objects
when the receiver of the message expression was part of the standard Cocoa API
(i.e., had class names prefixed with 'NS'). This should significantly expand the
amount of checking performed.

2) Consider the object owned if the selector of the message expression contains
"alloc", "new", or "copy". Previously we also considered "create", but this
doesn't follow from the fundamental rule (discussions with the Cocoa folks
confirms this).

llvm-svn: 61837
2009-01-07 00:39:56 +00:00
Zhongxing Xu 5b0ae81ab1 Add an option to make 'RemoveDeadBindings' a configurable behavior. This enables
us to measure the effect of this optimization.

llvm-svn: 61319
2008-12-22 01:52:37 +00:00
Zhongxing Xu af7415ffb1 Lazy bingding for region-store manager.
* Now Bind() methods take and return GRState* because binding could
  also alter GDM.
* No variables are initialized except those declared with initial
  values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.

llvm-svn: 61274
2008-12-20 06:32:12 +00:00
Ted Kremenek 021752ab4e Added test case for suppressing leak warnings for reference-counted objects passed by-reference to an unknown function.
llvm-svn: 61227
2008-12-18 23:40:58 +00:00
Ted Kremenek 62d4c12d2c CF-retain/release checker:
- Fix regression reported in <rdar://problem/6452745>.  After a null check, null references to resources should not have a retain count.  This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.

llvm-svn: 61155
2008-12-17 21:50:35 +00:00
Ted Kremenek 300c9cc8c6 Fix <rdar://problem/6451816>:
- Because of the introduction of AnonTypedRegions when reasoning about casts, we
  had a regression in the "symbolication" of variable values passed-by-reference
  to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
  blasting through the layer of AnonTypedRegions when symbolicating the value of
  the variable. This logic may get moved elsewhere. Note that this change
  affects only -checker-cfref and not -checker-simple; eventually this logic
  should get pulled out of CFRefCount.cpp into a more common place. All users
  use -checker-cfref by default, and -checker-simple should probably just be
  removed.  
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
  a test case for this regression.

llvm-svn: 61147
2008-12-17 19:42:34 +00:00
Ted Kremenek 4299d5d2d8 Fix regression in handling sizeof(void) in the static analyzer.
llvm-svn: 61039
2008-12-15 18:51:00 +00:00
Ted Kremenek b5670fd555 MemRegion:
- Overhauled the notion of "types" for TypedRegions.  We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()).  Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type.  We can add it back once there is a need for it and we can resolve its role with these concepts.

StoreManager:
- Overhauled StoreManager::CastRegion.  It expects an *lvalue* type for a region.  This is actually what motivated the overhaul to the MemRegion type mechanism.  It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts.  This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().

AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type.  This change was needed to work with the changes to StoreManager::CastRegion.

GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.

Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.

llvm-svn: 60995
2008-12-13 21:49:13 +00:00
Ted Kremenek 1c89be0216 Temporarily XFAIL these tests.
llvm-svn: 60991
2008-12-13 19:27:01 +00:00
Ted Kremenek f065b15f7d A series of cleanups/fixes motivated by <rdar://problem/6442306>:
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node.  Failure to do so means that region values returned that don't require the state to be modified will get ignored.

MemRegion:
- Tighten the interface for ElementRegion.  Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion.  Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion.  All that matters is that it is a TypedRegion, which is now true all the time by design.

BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion.  This conforms to the updated interface for ElementRegion.

RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.

llvm-svn: 60990
2008-12-13 19:24:37 +00:00
Ted Kremenek c28ce29a12 [static analyzer] Extend VLA size checking to look for undefined sizes.
llvm-svn: 60734
2008-12-09 00:44:16 +00:00
Ted Kremenek d7266bf20a Add zero-sized VLA check test case.
llvm-svn: 60731
2008-12-09 00:14:48 +00:00
Ted Kremenek 223005f35a Incorporate MissingDealloc_IBOutlet.m test case into MissingDealloc.m
llvm-svn: 60722
2008-12-08 22:05:43 +00:00
Ted Kremenek 1f9dd45f57 Incorporate MissingDeallc_SEL.m test case into MissingDealloc.m
llvm-svn: 60721
2008-12-08 22:01:50 +00:00
Ted Kremenek 8f5c0ede0f Add test case for <rdar://problem/6380411>.
llvm-svn: 60720
2008-12-08 21:59:21 +00:00
Fariborz Jahanian 5a3422f602 Patch to diagnose a variety of misuse of property
attributes. Example would be, readonly, assign or
assign, copy, etc.

llvm-svn: 60620
2008-12-06 01:12:43 +00:00
Chris Lattner 2ca529ce61 instead of forcing blocks on by default, make them default to off, but let
specific targets default them to on.  Default blocks to on on 10.6 and later.
Add a -fblocks option that allows the user to override the target's default.
Use -fblocks in the various testcases that use blocks.

llvm-svn: 60563
2008-12-04 23:20:07 +00:00
Ted Kremenek 561370c23e Add 'expected-warning' to make test case pass.
llvm-svn: 60548
2008-12-04 19:44:23 +00:00
Ted Kremenek d58e74182e Add another static analyzer test case involving attribute(nonnull).
llvm-svn: 60547
2008-12-04 19:39:12 +00:00
Ted Kremenek 3f0e5c88d9 Add another test case for attribute(nonnull) checking.
llvm-svn: 60544
2008-12-04 18:35:53 +00:00
Ted Kremenek 4a3f1efd25 Revise bogus comment I just committed.
llvm-svn: 60522
2008-12-04 02:07:20 +00:00
Ted Kremenek 4cef8c2d58 Add comment to test case for documentation.
llvm-svn: 60521
2008-12-04 02:06:27 +00:00
Ted Kremenek fff9f4aaaf BasicConstraintManager:
- Fix nonsensical logic in AssumeSymGE. When comparing 'sym >= constant' and the
  constant is the maximum integer value, add the constraint that 'sym ==
  constant' when the path is deemed feasible.  All other cases are feasible.
- Improve AssumeSymGT. When comparing 'sym > constant' and constant is the
  maximum integer value we know the path is infeasible.
- Add test case for this enhancement to AssumeSymGT.

llvm-svn: 60490
2008-12-03 19:06:30 +00:00
Ted Kremenek f935cfe277 BasicConstraintManager:
- Fix nonsensical logic in AssumeSymLE. When comparing 'sym <= constant' and the
  constant is the minimum integer value, add the constraint that 'sym ==
  constant' when the path is deemed feasible.  All other cases are feasible.
- Improve AssumeSymLT to address <rdar://problem/6407949>.  When comparing
  'sym < constant' and constant is the minimum integer value we know the
  path is infeasible.
- Add test case for <rdar://problem/6407949>.

llvm-svn: 60489
2008-12-03 18:56:12 +00:00
Zhongxing Xu 9cc7cba848 remove a test case that causes compiler warning.
llvm-svn: 60282
2008-11-30 05:59:27 +00:00
Zhongxing Xu 5c75919093 Add test for initializing array with string literal.
llvm-svn: 60281
2008-11-30 05:51:19 +00:00
Nuno Lopes 8c6fbc04ee add missing RUN lines
llvm-svn: 60107
2008-11-26 15:50:12 +00:00
Fariborz Jahanian 9a207ee4dc Patch to allow over-riding of readonly property to
a writable property in one of its category.

llvm-svn: 60035
2008-11-25 17:56:43 +00:00
Zhongxing Xu f39268ae8c Add documentation for test.
llvm-svn: 60002
2008-11-25 01:45:11 +00:00
Zhongxing Xu 2939a50b67 Add no-warning to test case.
llvm-svn: 59995
2008-11-24 23:45:56 +00:00
Zhongxing Xu f556cd6cb9 Strings are NULL terminated. So the region size should plus one.
llvm-svn: 59943
2008-11-24 05:16:01 +00:00
Zhongxing Xu bf900755d0 Add test case for out-of-bound memory access checking.
llvm-svn: 59931
2008-11-24 02:19:49 +00:00
Chris Lattner 4fc69799f5 Rewrite FindDiagnostics to be more strict about the formatting of the
expected-foo strings.  Now the only allowed characters between 
expected-error and {{  is whitespace.

llvm-svn: 59925
2008-11-24 01:28:17 +00:00
Zhongxing Xu 60d6cd1940 Improve test case.
llvm-svn: 59902
2008-11-23 05:50:21 +00:00
Ted Kremenek dfcbcfe328 Add checker test case: warn about returning an uninitialized value to the caller.
llvm-svn: 59765
2008-11-21 00:28:47 +00:00
Ted Kremenek c7792048ff Enable test file for 'region store' in addition to basic store.
llvm-svn: 59762
2008-11-21 00:15:15 +00:00
Zhongxing Xu 06b377668d Split region store specific test cases.
llvm-svn: 59683
2008-11-20 00:46:15 +00:00
Zhongxing Xu 16a92afc4b Add test for path-sensitive uninit-val detection involving struct field.
llvm-svn: 59620
2008-11-19 11:10:42 +00:00
Zhongxing Xu 19cad71552 Add test cast for struct array.
llvm-svn: 59522
2008-11-18 13:30:46 +00:00
Steve Naroff 773cdc7c0d Fix <rdar://problem/6333904> [sema] message lookup on super is incorrect
Missing special lookup rule in Sema::ActOnInstanceMessage().

llvm-svn: 59467
2008-11-17 22:29:32 +00:00
Zhongxing Xu a3b2ef6fa9 Re-enable array-struct test.
llvm-svn: 59396
2008-11-16 04:47:39 +00:00
Ted Kremenek 3ebd7dea7e Add a test case for compound assignments that lazily symbolicate the value of the LHS when the computation type is an integer of more bits.
llvm-svn: 59352
2008-11-15 04:44:13 +00:00
Ted Kremenek 7d5389e4b3 - Revert r59229 and r59232: AllocRegion should be immutable.
- Temporarily disabled test Analysis/array-struct.c for region store.

llvm-svn: 59245
2008-11-13 15:42:31 +00:00
Zhongxing Xu e9857ddcc0 Add test for unsigned array index.
llvm-svn: 59239
2008-11-13 09:20:05 +00:00
Zhongxing Xu b9ec8f555f Add test for incomplete struct pointer.
llvm-svn: 59236
2008-11-13 08:44:52 +00:00
Zhongxing Xu 06a04bd1ae Add a test case for alloca().
llvm-svn: 59233
2008-11-13 07:59:15 +00:00
Ted Kremenek 16866d6fd8 GRExprEngine/CFRefCount/GRSimpleVals: We don't do any special handling (yet) of vector types. Add explicit checks that when we process integers that they really are scalars.
llvm-svn: 59225
2008-11-13 06:10:40 +00:00
Ted Kremenek 45698bf05f GRExprEngine::VisitInitListExpr:
- Don't crash on vector types.
- Handle typedefs.

llvm-svn: 59220
2008-11-13 05:05:34 +00:00
Zhongxing Xu f8b84b0def Add && to test command.
llvm-svn: 59014
2008-11-11 01:25:18 +00:00
Zhongxing Xu 7be05ed6b8 Add region store model to path-sensitive testing.
llvm-svn: 58983
2008-11-10 09:43:12 +00:00
Anders Carlsson aaa183e944 include alloca.h instead of malloc.h. If this doesn't work for everyone we can just declare alloca directly in the file.
llvm-svn: 58853
2008-11-07 15:41:33 +00:00
Argyrios Kyrtzidis a848ced426 Append the test runs with '&&'.
llvm-svn: 58851
2008-11-07 14:28:18 +00:00
Argyrios Kyrtzidis c118934d12 Bring in 'alloca' for the Analysis/stack-addr-ps.c test case.
llvm-svn: 58849
2008-11-07 14:00:25 +00:00
Ted Kremenek eb39732d53 Add a test case for CFMakeCollectable.
llvm-svn: 58772
2008-11-05 22:17:39 +00:00
Zhongxing Xu de297f8198 Add function side-effect test cast.
llvm-svn: 58565
2008-11-02 13:17:44 +00:00
Ted Kremenek f3d9f805c7 Add 'alloca' test case for return-of-stack-address checker.
llvm-svn: 58554
2008-11-02 00:37:31 +00:00
Zhongxing Xu 87bfa4340c Add test code for array initialization.
llvm-svn: 58502
2008-10-31 10:23:14 +00:00
Ted Kremenek d119c0bd24 Added missing 'expected-warning'
llvm-svn: 58481
2008-10-31 00:20:13 +00:00
Ted Kremenek 20cf431bce Enhance compound literal test case.
llvm-svn: 58480
2008-10-31 00:19:42 +00:00
Ted Kremenek 3d71fe1503 Add missing "expected warning".
Add compound literal with empty initializer (just to test the analyzer handles it).

llvm-svn: 58470
2008-10-30 23:17:05 +00:00
Ted Kremenek ae4d61efb2 Add method that will be invoked using the dot-syntax just to test that the missing -dealloc checker handles it.
llvm-svn: 58467
2008-10-30 23:00:13 +00:00
Ted Kremenek b7d13803ce Improve compound literal test case.
llvm-svn: 58447
2008-10-30 18:46:50 +00:00
Ted Kremenek d26da8cf82 Patch by Nikita Zhuk: test case for fix for false positive reported in PR2978.
llvm-svn: 58432
2008-10-30 15:19:43 +00:00
Ted Kremenek 03ce9eeee2 Add 'expected-warning' for braces around scalar initializer
llvm-svn: 58280
2008-10-27 22:00:16 +00:00
Ted Kremenek c1739912c8 Added compound literal test case.
llvm-svn: 58279
2008-10-27 21:57:17 +00:00
Zhongxing Xu b32af436df Add test for SCA region store.
llvm-svn: 58235
2008-10-27 09:21:27 +00:00
Zhongxing Xu 7a2ce566bc Add test for SCA region store.
llvm-svn: 58234
2008-10-27 09:19:25 +00:00
Ted Kremenek e69a1fa342 Do not crash when performing VisitLValue on union types.
This fixes PR 2948.

llvm-svn: 58148
2008-10-25 20:09:21 +00:00
Zhongxing Xu 80422b07c5 Add StringLiteral test code.
llvm-svn: 58136
2008-10-25 14:11:23 +00:00
Ted Kremenek 14e6350dcc This test no longer is marked XFAIL.
Enhance test to include a case where a tracked object escapes because it is stored to a local ivar through a method dispatch to 'self.'

llvm-svn: 58109
2008-10-24 20:33:56 +00:00
Zhongxing Xu d2f0c7b37b Add random array and struct test code for SCA.
llvm-svn: 58085
2008-10-24 08:51:58 +00:00
Ted Kremenek c5092cc061 Temporarily mark this test XFAIL.
llvm-svn: 58024
2008-10-23 01:57:31 +00:00
Ted Kremenek 631ff239fc Warn about potentially leaked objects that are returned from methods whose names do not follow the Cocoa Memory Management guidelines.
llvm-svn: 58012
2008-10-22 23:56:21 +00:00
Ted Kremenek 9a96bf22ec Enhance reference-count checker to correctly identify CG "release" functions. This fixes <rdar://problem/6303488>.
llvm-svn: 57997
2008-10-22 20:54:52 +00:00
Zhongxing Xu da84f683c8 Add test case for FuncDecl and function pointer variable.
llvm-svn: 57979
2008-10-22 14:39:20 +00:00
Ted Kremenek c32ec3a0c4 Further improve path-sensitivity with divide-by-zero checking by assuming that a denominator cannot be zero even when the result of an '/' or '%' expression is unknown.
llvm-svn: 57855
2008-10-20 23:40:25 +00:00
Ted Kremenek e67437f3a9 Added test case inspired by <rdar://6268365>: recover path-sensitivity after compound assignment when the result of the assignment is not known.
llvm-svn: 57852
2008-10-20 23:14:31 +00:00
Ted Kremenek f8d65a30d6 Add support in GRExprEngine for UnaryOperator::AlignOf. This fixes one crash report in PR 2796.
llvm-svn: 57777
2008-10-18 22:20:20 +00:00
Ted Kremenek fef1f30ea2 Use "VisitLValue" when processing the base for "x.f" field accesses, and "Visit" when processing the base for "x->f" field accesses.
llvm-svn: 57754
2008-10-18 03:28:48 +00:00
Ted Kremenek 0b09ea54ba This test now passes again.
llvm-svn: 57742
2008-10-17 22:53:09 +00:00
Ted Kremenek 055891cbf3 Test now passes.
llvm-svn: 57718
2008-10-17 20:29:05 +00:00
Ted Kremenek 5870046c43 "Implement" GRExprEngine::VisitLValue for ObjCPropertyRefExpr. This is only a bandid; we need to properly handle properties by using locv/nonloc objects and specially handling property assignments in the transfer function for BinaryOperator.
llvm-svn: 57693
2008-10-17 17:24:14 +00:00
Zhongxing Xu 0dd213f8f5 Add test case for array and struct variable lvalue evaluation.
llvm-svn: 57670
2008-10-17 05:19:52 +00:00
Ted Kremenek 7ff153c9cb Mark these tests XFAIL. We need to add back assumption logic when doing array and field accesses.
llvm-svn: 57658
2008-10-17 00:51:39 +00:00
Ted Kremenek bb7818b666 Enhance dead store checker to not flag preincrements to dead variables where the preincrement is a subexpression, e.g. foo(++x); This can cause false negatives, but will remove a whole class of false positives.
llvm-svn: 57554
2008-10-15 05:23:41 +00:00
Ted Kremenek 3aa89a971d Enhance NSError** checking with analogous checking for CFErrorRef*.
Expand checking to include functions, not just methods.

llvm-svn: 56938
2008-10-01 23:24:09 +00:00
Ted Kremenek 63249b6e57 Added test case.
llvm-svn: 56915
2008-10-01 05:05:46 +00:00
Ted Kremenek f5e7e3ae26 Add more control-flow to test case.
llvm-svn: 56707
2008-09-26 23:05:47 +00:00
Ted Kremenek d86d39cc9e Add CFG support for implicit-control flow for VLA size expressions within an SizeOfAlignOfTypeExpr.
llvm-svn: 56706
2008-09-26 22:58:57 +00:00
Ted Kremenek 2ece64bbc4 Examine VLA size expressions when computing liveness information.
Fixes <rdar://problem/6248086>

llvm-svn: 56645
2008-09-26 05:52:45 +00:00
Ted Kremenek 1f58ec6475 Updated test case.
llvm-svn: 56548
2008-09-24 06:40:03 +00:00
Ted Kremenek 81ec48a1d5 Added test case.
llvm-svn: 56493
2008-09-23 18:05:01 +00:00
Ted Kremenek 8cdc71859c Test case for transfer function logic of const casts.
llvm-svn: 56369
2008-09-19 20:53:52 +00:00
Ted Kremenek 34bfd8a490 Fixed logic error in BasicConstraintManager pointed out by Zhongxing Xu.
For checking if a symbol >= value, we need to check if symbol == value || symbol
> value. When checking symbol > value and we know that symbol != value, the path
is infeasible only if value == maximum integer.

For checking if a symbol <= value, we need to check if symbol == value || symbol
< value. When checking symbol < value and we know that symbol != value, the path
is infeasible only if value == minimum integer.

Updated test case exercising this logic: we only prune paths if the values are
unsigned.

llvm-svn: 56354
2008-09-19 18:00:36 +00:00
Ted Kremenek 55bec4d511 Added test case for PR 2600: proper use of NSError**
llvm-svn: 56332
2008-09-19 04:56:32 +00:00
Ted Kremenek 137fc0ea01 Added CFNumberCreate test case to illustrate a 32-bit/64-bit arch issue.
llvm-svn: 56295
2008-09-18 00:28:23 +00:00
Ted Kremenek 24bef31597 Add path-sensitivity test case.
llvm-svn: 56294
2008-09-17 22:24:13 +00:00
Ted Kremenek 025f83534c Fix copy-paste error in test case.
llvm-svn: 56261
2008-09-16 23:25:28 +00:00
Ted Kremenek 8782716c4a Minor pass-sensitivity improvement:
if we know that 'len != 0' and know that 'i == 0' then we know that
  'i < len' must evaluate to true and cannot evaluate to false

llvm-svn: 56260
2008-09-16 23:24:45 +00:00
Ted Kremenek 72c06446bb Added test case for the dead stores checker that was originally an FP reported in PR 2763.
llvm-svn: 55801
2008-09-04 21:52:52 +00:00
Ted Kremenek c4f6d90ba1 Tidy up sema processing of attribute "nonull":
- warn about nonnull being applied to functions with no pointer arguments
- continue processing argument list in the attribute when we encounter a non-pointer parameter being marked as nonnull
- when no argument list is specified, only mark pointers as nonnull.  This fixes PR 2732 and radar 6188814.

llvm-svn: 55610
2008-09-01 19:57:52 +00:00
Ted Kremenek 3b977558ce Enhance null-dereference checker test.
llvm-svn: 54834
2008-08-16 00:45:40 +00:00
Ted Kremenek ea6fa77ccc Added test case.
llvm-svn: 54717
2008-08-13 03:55:18 +00:00
Ted Kremenek 83180f6e47 Enhanced test case.
llvm-svn: 54436
2008-08-06 23:26:31 +00:00
Daniel Dunbar 81f7f2904c Add EXTWARN Diagnostic class.
- Like EXTENSION but always generates a warning (even without
   -pedantic).
 - Updated ptr -> int, int -> ptr, and incompatible cast warnings to
   be EXTWARN.
 - Other EXTENSION level diagnostics should be audited for upgrade.
 - Updated several test cases to fix code which produced unanticipated
   warnings.

llvm-svn: 54335
2008-08-05 00:07:51 +00:00
Ted Kremenek a7045d663d Enhanced path-sensitive return-of-stack-address check to print out the name of the variable whose address was returned.
llvm-svn: 54253
2008-07-31 20:31:27 +00:00
Ted Kremenek e17c037f4f Remove '.' in expected warning
llvm-svn: 54051
2008-07-25 20:30:34 +00:00
Ted Kremenek 092ec76923 Don't emit 'dead initialization' warnings for variables marked 'unused'.
This fixes PR 2573: http://llvm.org/bugs/show_bug.cgi?id=2573

llvm-svn: 54009
2008-07-25 04:47:34 +00:00
Ted Kremenek 9e9afb552c Correctly handle NSAssertionHandle -handleFailureInMethod:object:file:lineNumber:description:
This fixes: http://llvm.org/bugs/show_bug.cgi?id=2593

llvm-svn: 53993
2008-07-24 18:47:16 +00:00
Ted Kremenek 0e60b7588a Don't issue a missing +dealloc warning for classes that just contain SEL ivars.
This fixes PR 2592: http://llvm.org/bugs/show_bug.cgi?id=2592

llvm-svn: 53987
2008-07-24 17:45:56 +00:00
Ted Kremenek 53b29025f1 Rename test case file.
llvm-svn: 53984
2008-07-24 17:02:18 +00:00
Ted Kremenek 87b16f4258 Issue dead store warnings for preincrements involved in a subexpression.
llvm-svn: 53983
2008-07-24 17:01:17 +00:00
Ted Kremenek 0b5eb1ac87 Added dead stores test case.
llvm-svn: 53966
2008-07-23 23:18:43 +00:00
Ted Kremenek ecc851bb6e Further refine dead store checking to distinguish between dead stores and dead increments.
llvm-svn: 53960
2008-07-23 21:16:38 +00:00
Ted Kremenek 46abc7db6b Properly skip IBOutlets when checking for unused ivars.
Refine the error message of unused ivars.
Added test case.

llvm-svn: 53957
2008-07-23 18:21:36 +00:00
Ted Kremenek 98f6e582f2 Added path-sensitive checking for null pointer values passed to function arguments marked nonnull.
This implements <rdar://problem/6069935>

llvm-svn: 53891
2008-07-22 00:46:16 +00:00
Ted Kremenek 8857703b57 Added test case.
llvm-svn: 53770
2008-07-18 20:48:10 +00:00
Ted Kremenek ed1f72b67c For the MissingDealloc check, don't treat IBOutlet ivars as being needed to be released
llvm-svn: 53647
2008-07-15 23:04:27 +00:00
Ted Kremenek 81bfc074c9 Distinguish between dead stores and dead initializations.
llvm-svn: 53628
2008-07-15 18:06:32 +00:00
Ted Kremenek fd7efdf20d Provide an "Analysis Scope" for Analyses so checks can either be run on code declarations (bodies) or Objective-C @implementation blocks.
llvm-svn: 53584
2008-07-15 00:46:02 +00:00
Ted Kremenek 3bfb314c25 Add new check: -check-objc-methodsigs. This check scans methods in
ObjCImplementationDecls and sees if a ancestor class defines a method with the
same selector but with a different type signature. Right now it just compares
return types, and mainly looks at differences in primitive values. The checking
will be expanded in the future.

llvm-svn: 53482
2008-07-11 22:40:47 +00:00
Ted Kremenek 1aaa6d8c19 Add test case.
llvm-svn: 53335
2008-07-09 18:11:43 +00:00
Argyrios Kyrtzidis 5708a4661e '&&' commands together so that the test status reflects the results of all the commands, otherwise the test status will be the result of only the last command.
llvm-svn: 53135
2008-07-04 10:33:02 +00:00
Ted Kremenek 4449ec09d6 '&&' clang commands together so that the test status reflects the results of all three clang executions.
llvm-svn: 53132
2008-07-04 04:38:48 +00:00
Ted Kremenek 8044046efb Fix a bug in the dead stores checker reported in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-July/002157.html

Essentially the observer mechanism in LiveVariables was observing block-level
expressions multiple times, leading to a case where the dead store checker could
see a value as dead when it was really live.

llvm-svn: 53115
2008-07-03 22:25:27 +00:00
Ted Kremenek 68b117fca4 Skip the "-dealloc" check if a ObjC class contains no ivars.
llvm-svn: 53100
2008-07-03 15:37:02 +00:00
Ted Kremenek 0e7d25233e Added static analysis check to see if a subclass of NSObject implements -dealloc, and whether or not that implementation calls [super dealloc].
llvm-svn: 53075
2008-07-03 04:29:21 +00:00
Ted Kremenek 80025c257f Update test case with new clang arguments.
llvm-svn: 53056
2008-07-02 23:18:57 +00:00
Ted Kremenek e6b2fa5029 Update test case: simply running "clang -checker-simple" doesn't invoke the dead store checker anymore. We need "-warn-dead-stores" as well.
llvm-svn: 53055
2008-07-02 23:18:22 +00:00
Ted Kremenek 494e98d0e5 Fix typo in test case.
llvm-svn: 53024
2008-07-02 15:28:06 +00:00
Ted Kremenek f0413bfcda Added AnalysisConsumer, a meta-level ASTConsumer class to drive various
analyses. This potentially is the primordial origins of a Clang-equivalent
"PassManager".

The new AnalysisConsumer interface allows multiple analyses to be run from a
single invocation of Clang.

Migrated the logic of "-warn-dead-stores" and "-warn-uninit-values" to use the
new AnalysisConsumer interface. The new interface results in a significant code
reduction to incorporate an analysis into the Driver.

Updated a test case to (correctly) acknowledge that it contains a dead store
(this check wasn't being performed because it was previously masked by
-warn-uninit-values).

llvm-svn: 52996
2008-07-02 00:03:09 +00:00
Ted Kremenek 5f06a935a3 Added reference count checker test case.
llvm-svn: 52993
2008-07-01 23:29:51 +00:00
Ted Kremenek cf1ab19086 Added a simple static analysis check to look for improper uses of CFCreateNumber.
llvm-svn: 52799
2008-06-26 23:59:48 +00:00
Ted Kremenek 3185c9c9cd CF ref checker:
Tracked objects now have their type information tracked with them.

Enhanced summaries for ObjC methods to include the type information of the receiver.

Used the enhanced summaries to support the idiom that NSWindow owns itself (it sends a release message to itself upon close).

Added some comments.

Did some cleanups with the checker logic using operator overloading (reduced redundant code which I was concerned about being the source of bugs).

llvm-svn: 52741
2008-06-25 21:21:56 +00:00
Ted Kremenek ab4a8b5213 The CF retain/release checker now assumes that allocations do not fail. Eventually we will add a flag to the driver to enable allocation failures (documented as a FIXME).
llvm-svn: 52632
2008-06-23 18:02:52 +00:00
Ted Kremenek 68d2368064 Include stdint.h instead of stdio.h.
llvm-svn: 52578
2008-06-21 17:20:55 +00:00
Ted Kremenek 22cf89d9cd Test the dead-store checker using both -warn-dead-stores and -checker-simple.
llvm-svn: 52568
2008-06-20 23:14:52 +00:00
Ted Kremenek 34a691734e Modified the dead stores checker to...
1) Check if a dead store appears as a subexpression.  For such cases, we emit
   a verbose diagnostic so that users aren't confused.  This addresses:
   
   <rdar://problem/5968508> checker gives misleading report for dead store in loop
   
2) Don't emit a dead store warning when assigning a null value to a pointer.
   This is a common form of defensive programming.  We may wish to make
   this an option to the the checker one day.
   
   This addresses the feature request in the following email:
   
   http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html

llvm-svn: 52555
2008-06-20 21:45:25 +00:00
Ted Kremenek 46c82ab994 Introduce initial transfer function support for __imag__ and __real__. We don't
have complex RValues yet, so this logic is only fully implemented when __imag__
and __real__ are used on non-complex types.

llvm-svn: 52501
2008-06-19 17:55:38 +00:00
Ted Kremenek f3c8650502 Move test case "uninit-msg-expr.m" from Analysis-Apple to Analysis (now works on all platforms).
llvm-svn: 52362
2008-06-16 21:15:29 +00:00
Ted Kremenek 2eed4d7a25 Moved test case NoReturn.m from Analysis-Apple to Analysis (now works on all platforms).
llvm-svn: 52359
2008-06-16 21:05:04 +00:00
Ted Kremenek bbe6111cc3 Move NSString.m test case from Analysis-Apple to Analysis. The test case now works on all platforms.
llvm-svn: 52354
2008-06-16 20:37:30 +00:00
Ted Kremenek ccafce3d4c Update test case to use -pedantic (makes the test case more clear).
llvm-svn: 52349
2008-06-16 19:53:46 +00:00
Ted Kremenek 5935a17daf Fix misspelling of "svelte".
llvm-svn: 52348
2008-06-16 19:51:41 +00:00
Ted Kremenek 951bc67096 Move Analysis-Apple/CFString.c to Analysis (the test case now works on all platforms).
llvm-svn: 52346
2008-06-16 19:35:31 +00:00
Ted Kremenek 107f13971f Move CFDateGC.m test case from Analysis-Apple to Analysis (it now runs on all platforms).
llvm-svn: 52344
2008-06-16 18:46:17 +00:00
Ted Kremenek 7056bb1f21 Moved CFDate.m from test/Analysis-Apple to test/Analysis, and added the necessary declarations from Foundation.h to CFDate.m so that the test case can be exercised on all platforms.
llvm-svn: 52343
2008-06-16 18:34:22 +00:00
Ted Kremenek 91f035cda7 Improve dead stores diagnostics to include the variable name.
llvm-svn: 51395
2008-05-21 22:59:16 +00:00
Ted Kremenek b120ff1b95 Fixed bug in the transfer function for dereferences: the loaded value from EvalLoad should bind to the UnaryOperator*, not its subexpression.
Added test case to exercise this fix when checking for uses of uninitialized values.

Patch by Zhongxing Xu!

llvm-svn: 51377
2008-05-21 15:48:33 +00:00
Ted Kremenek f15cd14a3d Emit dead store warnings for ++ and -- operators.
llvm-svn: 50679
2008-05-05 23:12:21 +00:00
Ted Kremenek db04a9e967 When reporting branch conditions that evaluate to an uninitialized value,
highlight the most nested subexpression that appears most responsible (giving
the user better diagnostic feedback).

Updated test cases to illustrate this feature.

Implements: <rdar://problem/5880443>
llvm-svn: 50647
2008-05-05 15:56:53 +00:00
Ted Kremenek 772d9f0aae Added test case for the static analyzer.
llvm-svn: 50467
2008-04-30 04:40:48 +00:00
Ted Kremenek 10bad41159 Added test case to test null dereference checking with lval::ArrayOffset.
llvm-svn: 50454
2008-04-29 23:25:09 +00:00
Ted Kremenek 6e06f91085 Added uninitialized-values (path-sensitive) test case as a regression test
for the fix in r50178 (http://llvm.org/viewvc/llvm-project?rev=50178&view=rev).
This fix was for <rdar://problem/5881148>.

llvm-svn: 50220
2008-04-24 18:28:14 +00:00
Ted Kremenek c79c0591d6 Added lval type (and tracking) for StringLiterals.
llvm-svn: 50109
2008-04-22 21:39:21 +00:00
Ted Kremenek eccf3e5821 Added "nonlval::LValAsInteger" to represent abstract LVals casted to integers, allowing us to track lvals when they are casted back to pointers.
llvm-svn: 50108
2008-04-22 21:10:18 +00:00
Ted Kremenek 6fdd3b35dc Added null dereference test involving arrays.
llvm-svn: 50084
2008-04-22 04:56:55 +00:00
Ted Kremenek efa92f1dfc Added missing expected-warning.
llvm-svn: 50073
2008-04-21 23:45:26 +00:00
Ted Kremenek 503924bb9c Added null dereference test case looking for null dereferences involving MemberExpr.
llvm-svn: 50072
2008-04-21 23:44:17 +00:00
Ted Kremenek 15d8f4cc27 Added test case illustrating the use of '&'.
llvm-svn: 49735
2008-04-15 18:37:29 +00:00
Ted Kremenek 16a8a3be41 Added test case to dead stores checker.
llvm-svn: 49647
2008-04-14 15:56:17 +00:00
Ted Kremenek 4a78c3ae11 Refactored all logic to run the GRSimpleVals and CFRef checker into a common
code path in the clang driver.

Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.

llvm-svn: 49500
2008-04-10 22:16:52 +00:00
Ted Kremenek 018ba60f8e Added path-sensitive null dereference test case.
llvm-svn: 49095
2008-04-02 16:54:39 +00:00
Ted Kremenek f646774f32 Added path-sensitive check for return statements that return the address
of a stack variable.  This is the path-sensitive version of a check that
is already done during semantic analysis.

llvm-svn: 48980
2008-03-31 15:02:58 +00:00
Ted Kremenek fb475ec504 Changed merge operation for uninitialized values analysis to "intersect" (previous union).
The effect is that if a variable is uninitialized along a branch (but initialized along another), at merge points it is considered uninitialized.  Previously we had the opposite behavior.  The new behavior is more conservative, and more in line with gcc's behavior.

llvm-svn: 48689
2008-03-22 20:11:00 +00:00
Ted Kremenek c6a8352820 Convert tabs to spaces.
llvm-svn: 48539
2008-03-19 07:31:52 +00:00
Anders Carlsson 801c5c7467 GCC has an extension where the left hand side of the ? : operator can be omitted. Handle this in a few more places.
llvm-svn: 44462
2007-11-30 19:04:31 +00:00
Bill Wendling 8da1db4f34 The checking for the delimiters of expected error/warning messages was
looking only for { and } instead of {{ and }}. Changed it to check for
this explicitly.

llvm-svn: 44326
2007-11-26 08:26:20 +00:00
Ted Kremenek 0d20033c6a Added more test cases for uninitialized values checker.
llvm-svn: 44307
2007-11-24 23:06:58 +00:00
Ted Kremenek 2e04d73d83 Fixed bogus culling of uninitialized-values "taint" propagation during assignments.
We accidentally were throttling the propagation of uninitialized state across
assignments (e.g. x = y).  Thanks to Anders Carlsson for spotting this problem.

Added test cases to test suite to provide regression testing for the
uninitialized values analysis.

llvm-svn: 44306
2007-11-24 20:07:36 +00:00
Ted Kremenek 33407b3338 Moved dead-stores test cast to a new test suite subdirectory: Analysis.
llvm-svn: 44305
2007-11-24 19:49:35 +00:00