using the bump-pointer allocator and a placed new; we accidentally allocated
a ValueStateImpl* instead, causing an overrun when we did a placed new().
llvm-svn: 46793
nonlval::SymIntConstraintVal.
Reworked transfer function for '==' and '!=' for LValues to return
SymIntConstraintVal when comparing a symbol with a constant.
llvm-svn: 46778
created for GRConstants. Moved instances of ValueManager and SymbolManager
inside this class. The goal is to gradually separate more of the state
management from the state transformation.
llvm-svn: 46721
(local) aliasing support.
Modified ExplodedGraph pretty-printer (for GRConstants) to also print out the
pointer value of the state associated with a node. This way one can easily
see that two states are identical.
llvm-svn: 46595
worklist until the dstor of GRBranchNodeBuilderImpl. This way clients can mark
creates nodes as "sinks" before they are added to the worklist.
llvm-svn: 46582
we automatically generate a new successor node along an edge if the checker
did not explicitly do so (i.e., we just propagate the current state).
llvm-svn: 46536
and now we require a FunctionDecl* object so that we can also keep track of
all of the ParmDecls.
Modified clients of LiveVariables to conform to the new interface.
llvm-svn: 46490
Refactoring: for GREngine and GRConstants, pushed references to CFG, ASTContext,
and the top-level FunctionDecl into ExplodedGraphImpl.
llvm-svn: 46475
Renamed ExprValue to RValue, as all expression values are RValues, and this
keeps with the C terminology (renamed old "RValue" class to "NonLValue").
Introduced "ConcreteInt", a class that represents a concrete, integer
constant as an RValue.
Temporarily removed classes to represent set of possible constants and set of !=
constants. Will replace with a more general class representing a set of
constraints.
Added some foundational code to track "symbolic" values, which are used to
accrue constraints on an abstract value that is shared between multiple
variables. e.g:
x = y; // at this point "x" and "y" share the same "value"
if (x > 1)
... // at this point, the value shared by "x" and "y" is "> 1".
llvm-svn: 46466
some previously missing NULL pointer checks.
Modified the UninitializedValues analysis to not expect that every Expr* at the
block-level is a block-level expression (we probably need to change the name of
such expressions to something truer to their meaning).
llvm-svn: 46380
Renamed RValueConjunctiveUnequal to RValInequalityANDSet.
Refactored add/subtract/multiple (and now divide) operations for
RValEqualityORSet to be based on a single template function.
llvm-svn: 46374
information is not separated into a "base" and "sub" type. Eventually the
value-tracking logic will know about LValues and RValues, but not about
specialized LValues and RValues; separating the "kind" information into bits
indicating whether an ExprValue is an LValue or an RValue from the bits that
specify the actual value type makes this separation easier.
llvm-svn: 46329
Added some workarounds for loss of signess information on some APSInt
operations. Considering the best route to integrate these into APSInt directly.
(FIXME's in GRConstants.cpp).
llvm-svn: 46310
abstract "L-values" and "R-values" when doing value tracking, and expanding
constant tracking to encompass tracking disjunctive sets of possible constants.
Further, the tree-walking is more efficient, as we don't blindly recurse the
tree if we won't generate new states.
llvm-svn: 46278
use ImmutableMap::SlimFind(), which returns the correct value.
Added pruning of dead block-level expressions and Decls from our value map
using liveness information.
llvm-svn: 46154
is because GNU-style Statement-expressions cause the last statement in the
statement-expression to act like an expression.
We now have two notions: block-level statements and block-level expressions.
The former are all Stmt* that appear in the list of statements in CFGBlocks. The
latter is the subset of the former; these block-level statements are used as
subexpressions somewhere in the AST. CFG::isBlockExpr() returns true for the
latter, not the former (previously isBlockExpr() always returned true for
non-Expr Stmt*).
Modified the LiveVariables analysis to also track liveness state for block-level
expressions (using the updated definition of block-level expressions).
Modified the dataflow solver so that when it records values for block-level
statements, it records the dataflow value *before* the transfer function for a
Stmt* is evaluated (not after). This is more in sync in what clients will want.
Modified CFGStmtVisitor to record the current block-level statement.
llvm-svn: 46143
values for the block-level expressions.
Modified 'LiveVariables' to provide the option to clients to record
liveness information for block-level expressions (using the above feature).
Modified 'DeadStores' to conform to the new interface of 'LiveVariables'.
Modified 'GRConstants' to compute liveness information for block-level
expressions.
llvm-svn: 46137
Refactored the use of this method into both the Sema module and Analysis module,
which were using their own static functions that did the same thing.
llvm-svn: 46129
handle the case where the number of nodes was 0.
Fixed bug in GREngineImpl where we did not proceed to the next statement
when processing a PostStmt location.
llvm-svn: 46093
Cleaned up GRConstants::AddBinding to not directly reference the
predecessor node. Now we just manipulate the current state, and a driver
function creates nodes as needed.
llvm-svn: 46040
the end of the block by processing empty blocks (at BlockEntrance) or
when we have just processed the last statement in a block (at PostStmt).
llvm-svn: 45991
ExplodedNodeImpl::NodeGroup from being defined inline to being defined
"out-of-line" in ExplodedGraph.cpp. This removes a dependence on including
<vector> in ExplodedGraph.h, and will hopefully result in smaller generated code
with negligible performance impact.
llvm-svn: 45928
ExplodedNode, ExplodedGraph (to match the vocabulary in the RHS paper)
ReachabilityEngine
The implementation of the core of the path-sensitive dataflow solver has
been de-templatized and places in ReachabilityEngine.cpp.
The solver is still incomplete.
llvm-svn: 45711
"GREngine" (Graph Reachability Engine). The idea is to provide a separation
of concerns between the constant prop. details and the core analysis engine.
llvm-svn: 45555
propagation analysis via graph reachability. This analysis (which is incomplete)
will be the basis for later developments on the core engine for path-sensitive
analysis analysis.
llvm-svn: 45552
Created include/clang/Analysis/Analyses directory.
- Moved LiveVariables.h and UninitializedValues.h into this dir.
Moved ExprDeclBitVector.h into Analysis/Support.
Updated all clients who use these headers to reflect the new paths.
llvm-svn: 45292
of array types. For things like:
char x[10];
we should treat "x" as being initialized, because the variable "x" really
refers to the memory block of the array. Clearly x[1] is uninitialized, but
expressions like "(char*) x" really do refer to an initialized value. This
simple dataflow analysis does not reason about the contents of arrays.
This fixes: PR 1859 (http://llvm.org/bugs/show_bug.cgi?id=1859)
llvm-svn: 44984
we incorrectly examine the expression within a sizeof() for use in computing
dataflow values.
This fixes: PR 1858 (http://llvm.org/bugs/show_bug.cgi?id=1858)
llvm-svn: 44982
Moved all clients of Diagnostics to use FullSourceLoc instead of SourceLocation.
Added many utility methods to FullSourceLoc to provide shorthand for:
FullLoc.getManager().someMethod(FullLoc.getLocation());
instead we have:
FullLoc.someMethod();
Modified TextDiagnostics (and related classes) to use this short-hand.
llvm-svn: 44957
SourceManager is passed by reference, allowing the SourceManager to be
associated with a specific translation unit, and not the entire execution
of the driver.
Modified all users of Diagnostics to comply with this new interface.
Integrated SourceManager as a member variable of TargetInfo. TargetInfo will
eventually be associated with a single translation unit (just like
SourceManager).
Made the SourceManager reference in ASTContext private. Provided accessor
getSourceManager() for clients to use instead. Modified clients to comply with
new interface.
llvm-svn: 44878
We accidentally were throttling the propagation of uninitialized state across
assignments (e.g. x = y). Thanks to Anders Carlsson for spotting this problem.
Added test cases to test suite to provide regression testing for the
uninitialized values analysis.
llvm-svn: 44306
"block-expressions" when visiting arbitrary expressions (via calls to
"Visit()"). This results in a refactoring where a dataflow analysis no
longer needs to always special case when handling block-expressions versus
non-block expressions.
Updated LiveVariables and UninitializedValues to conform to the slightly
altered interface of these visitor classes.
Thanks to Nuno Lopes for providing a test case that illustrated some
fundamental problems in the current design of the CFGXXXStmtVisitor classes
and how they were used.
llvm-svn: 44246
Rename SourceRange::Begin()/End() to getBegin()/getEnd() for
consistency with other code.
Start building the rewriter towards handling @encode.
llvm-svn: 43047
taintness across expressions.
Made "smart-culling" of taint propagation (for error reporting)
correctly handle conditional expressions and a few other edge cases.
llvm-svn: 42421
values associated with ScopedDecls and CFGBlock-level Exprs. This is the common
boilerplate needed by UninitializedValues and LiveVariables.
Refactored UninitializedValues to use ExprDeclBitVector.
Shortened the string diagnostic for UninitializedValues.
llvm-svn: 42408
code that uses the solver to reflect the new location.
Created "FlowSensitive" subdirectory in include/clang/Analysis to hold
header files relating to flow-sensitive analyses. Moved
"DataflowValues.h" into this subdirectory.
llvm-svn: 42320
between forward and backward analyses, with trait classes being used
to implement the key differences in operations/functionality.
Converted the LiveVariables analysis to use the generic DataflowSolver. This,
along with removing some extra functionality that was not needed, reduced
the code for LiveVariables by over half.
Modified Driver code to handle the updated interface to LiveVariables.
Modified the DeadStores checker to handle the update interface to
LiveVariables.
Updated DataflowValues (generic ADT to store dataflow values) to also
store values for blocks. This is used by DeadStores. Updated some comments.
llvm-svn: 42293
invocation of the solver.
UninitializedValues checker now uses CFG::runOnAllBlocks to query the
computed dataflow values (tighter code).
llvm-svn: 42107
with CFG *edges* instead of blocks. This will fascilitate dataflow
analyses that are sensitive to block terminators, and also simplifies
some reasoning.
Updated UninitializedValues to comply to this new interface.
llvm-svn: 42099
too "conservative").
Several revisions to UninitializedValues checker after testing. We
now appear to be working correctly (probably some bugs still, but main
functionality appears to be there). Implemented careful emitting of
warnings so that we wouldn't get a cascade of warnings for simply not
defining a single variable and using it everywhere. This way the
warnings point closer to the root cause rather than "symptoms" from
using values derived from uninitialized variables.
llvm-svn: 42067
mechanism can be implemented simply by affixing the Observer to an
analysis meta data, so it doesn't need to be a required type. This
also permits analyses not to implement an Observer if it doesn't make
sense.
Changed "DataflowValues::MetaDataTy" to
"DataflowValues::AnalysisDataTy" to reflect that the type
enscapsulated the data associated with analyzing a given CFG.
Changed CFGStmtVisitor::BlockStmt_VisitImplicitControlFlowStmt(Stmt*)
to ...VisitImplicitControlFlowExpr(Expr*). The type narrowing is more
precise and more useful to clients.
Added CFGStmtVisitor::BlockStmt_VisitExpr to reflect the visitation of
expressions at the block statement level. This captures all implicit
control-flow statements as well as other expressions that are hoisted
to the block level (such as conditions for terminators and function
calls). This is especially useful for dataflow analysis.
llvm-svn: 42034
Ted Kremenek