Ted Kremenek
73777059f0
BugReporter (extensive diagnostics): Do not include the range of target '}'
...
llvm-svn: 71832
2009-05-15 02:46:13 +00:00
Ted Kremenek
18665fe3c9
PathDiagnosticLocation::asRange(): for a PathDiagnosticLocation, the range of a DeclStmt is only the decl, not
...
the decl + initializer.
llvm-svn: 71831
2009-05-15 02:05:25 +00:00
Ted Kremenek
cfe7d02b2c
BugReporter (extensive diagnostics): Add control-flow piece to '}' in
...
loop body when generating 'Looping back to the head of the loop'
diagnostics.
llvm-svn: 71829
2009-05-15 01:50:15 +00:00
Ted Kremenek
f9fa3cb78a
Fix <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object.
...
llvm-svn: 71797
2009-05-14 21:29:16 +00:00
Ted Kremenek
bae777254a
Enhance diagnostics value tracking logic for null dereferences and uninitialized values.
...
llvm-svn: 71700
2009-05-13 19:16:35 +00:00
Ted Kremenek
5801f65a52
Fix crasher reported in PR 4209 caused by an invalid summary
...
generation when EvalObjCMessageExpr() did not resolve the
ObjCInterfaceDecl* for a receiver when the receiver's symbolic value
wasn't being explicitly tracked.
llvm-svn: 71685
2009-05-13 18:16:01 +00:00
Ted Kremenek
051a03d698
Fix crasher in CFRefCount.cpp reported by Nikita Zhuk due to recently added autorelease tracking.
...
llvm-svn: 71647
2009-05-13 07:12:33 +00:00
Ted Kremenek
1272f706ca
Fix: <rdar://problem/6320065> false positive - init method returns an object owned by caller
...
Now 'init' methods are treated by the retain/release checker as
claiming their receiver and allocating a new object.
llvm-svn: 71579
2009-05-12 20:06:54 +00:00
Zhongxing Xu
08a2ede018
Add logic for invalidating array region to CFRefCount.cpp. When invalidating
...
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.
Also fix some 80 columns violations.
llvm-svn: 71548
2009-05-12 10:10:00 +00:00
Ted Kremenek
95d181936a
Fix <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects
...
This was accomplished by having 'isTypeRef' recursively walk the typedef stack.
llvm-svn: 71538
2009-05-12 04:53:03 +00:00
Ted Kremenek
5fb7847fbf
BugReport::getEndPath() - Only add a Stmt's range to the constructed PathDiagnosticEventPiece if the BugReport contained no explicit ranges.
...
llvm-svn: 71516
2009-05-11 23:50:59 +00:00
Ted Kremenek
97f75f8bda
When stripping element regions for invalidating region values, treat FieldRegions and ObjCIvarRegions as "base" regions in addition to VarRegions.
...
llvm-svn: 71488
2009-05-11 22:55:17 +00:00
Ted Kremenek
2ee73b86c0
EdgeBuilder: DeclStmts and BinaryOperators are not the enclosing location context when they are used as initialization code for loops.
...
llvm-svn: 71480
2009-05-11 22:19:32 +00:00
Ted Kremenek
c0b879b4a7
EdgeBuilder::cleanUpLocation() should used the PathDiagnosticLocation constructor for a single point, not a range.
...
llvm-svn: 71477
2009-05-11 21:42:34 +00:00
Ted Kremenek
c14b594b14
BugReporter (extensive diagnostics): Add EdgeBuilder::cleanUpLocation for canonicalization locations and use this in both popLocation and rawAddEdge.
...
llvm-svn: 71470
2009-05-11 19:50:47 +00:00
Ted Kremenek
d0e3ab2196
Fix regression reported in <rdar://problem/6866843>. The analyzer should extend the lifetime of an object stored to a container.
...
llvm-svn: 71452
2009-05-11 18:30:24 +00:00
Ted Kremenek
dc7853cd98
Fix a bug found by Thomas Clement where 'return [[[NSString alloc] init] autorelease]' would emit a false 'too many overreleases' error.
...
llvm-svn: 71432
2009-05-11 15:26:06 +00:00
Zhongxing Xu
52091db11f
TypedRegion is a too general assumption. Usually we only want to invalidate
...
the VarRegion as a super region of an ElementRegion.
llvm-svn: 71431
2009-05-11 14:28:14 +00:00
Zhongxing Xu
c012656266
When retrieving an ElementRegion, if its super region is a StringRegion,
...
retrieve the string value.
llvm-svn: 71430
2009-05-11 14:23:36 +00:00
Zhongxing Xu
bf938d3160
Fix a bug that leads to infinite loop. Set the correct element type to
...
ElementRegion.
llvm-svn: 71428
2009-05-11 12:48:56 +00:00
Ted Kremenek
1f8e4346fa
Add special warning about returning a retained object where a GC'ed object is expected.
...
llvm-svn: 71397
2009-05-10 16:52:15 +00:00
Ted Kremenek
dee56e37fc
retain/release checker: Flag a warning for non-owned objects returned
...
where an owned one is expected. Also add preliminary checking for
returning a positive retain count object in GC mode where an owned GC
object is expected.
llvm-svn: 71388
2009-05-10 06:25:57 +00:00
Ted Kremenek
3978f7972d
analyzer:
...
- Improve -autorelease diagnostics.
- Improve VLA diagnostics.
- Use "short description" for bug when outputting to TextDiagnostics
llvm-svn: 71383
2009-05-10 05:11:21 +00:00
Zhongxing Xu
c9c3dab491
When casting VarRegion, if the var type is aggregate type and the cast-to
...
pointee type is scalar type, create element region regardless with the sizes
of types.
llvm-svn: 71360
2009-05-09 15:34:29 +00:00
Zhongxing Xu
4131114d99
Remove the rest TypedViewRegion processing code. There should be no
...
TypedViewRegion usage in region store.
llvm-svn: 71359
2009-05-09 15:23:42 +00:00
Zhongxing Xu
d6daef9165
When evaluating pointer arithmetic, if the base location is a symbolic region,
...
convert it to the first element region.
Also do not assume the array region is typed.
llvm-svn: 71358
2009-05-09 15:18:12 +00:00
Zhongxing Xu
b18d7cab0c
Do not create a TypedViewRegion when the base struct region is a symbolic
...
region. In the future we may set the cast-to type as the same time. But for
now, we simply leave it as it is.
llvm-svn: 71357
2009-05-09 13:36:16 +00:00
Zhongxing Xu
7c3826484e
Do not layer a TypedViewRegion when casting symbolic or alloca regions.
...
Modify getLValueElement accordingly. Now we don't require base region
to be a typed region. Do not create TypedViewRegion when base region is
symbolic or alloca region. We can do so because each element region has
its type information.
llvm-svn: 71355
2009-05-09 13:20:07 +00:00
Zhongxing Xu
e3e94bbf19
Remove the case for casting to compatible type in
...
RegionStoreManager::CastRegion(). This case should be subsumed by others.
llvm-svn: 71353
2009-05-09 10:03:08 +00:00
Zhongxing Xu
91e2ab496f
Rename:
...
SymbolRegionRValue => SymbolRegionValue
SymExpr::RegionRValue => SymExpr::RegionValueKind
llvm-svn: 71322
2009-05-09 04:08:27 +00:00
Zhongxing Xu
34d04b3ca9
As discussed with Ted, rename TypedRegion::getObjectType() to
...
TypedRegion::getValueType().
llvm-svn: 71321
2009-05-09 03:57:34 +00:00
Ted Kremenek
c2de72776c
Add back analyzer support for ns_returns_retained and cf_returns_retained.
...
llvm-svn: 71309
2009-05-09 02:58:13 +00:00
Ted Kremenek
2d0ff62a0d
It lives! The retain/release checker now tracks objects that are sent
...
'autorelease'.
llvm-svn: 71307
2009-05-09 01:50:57 +00:00
Zhongxing Xu
8038f7b30f
rename: MemRegion:
...
RValueType => ObjectType
LValueType => LocationType
No functionality change.
llvm-svn: 71304
2009-05-09 00:50:33 +00:00
Ted Kremenek
9ec08aa3f7
More hacking on autorelease errors. We now can emit basic errors (disabled for
...
now until ready).
llvm-svn: 71303
2009-05-09 00:44:07 +00:00
Ted Kremenek
d35272f96b
Put most of the boilerplate logic in place for reporting autorelease errors.
...
llvm-svn: 71301
2009-05-09 00:10:05 +00:00
Ted Kremenek
8c8fb488e6
retain/release checker: Add stub for HandleAutoreleaseCounts.
...
llvm-svn: 71290
2009-05-08 23:32:51 +00:00
Zhongxing Xu
ca143e73ea
Fix PR4182.
...
llvm-svn: 71288
2009-05-08 23:28:07 +00:00
Ted Kremenek
884a8996c5
retain/release checker: Refactor error-reporting code in EvalDeadSymbols and
...
EvalEndPath. This sets the stage for handling autorelease counts.
llvm-svn: 71283
2009-05-08 23:09:42 +00:00
Ted Kremenek
c218c84a80
Make BlockEntrace program points taggable.
...
llvm-svn: 71280
2009-05-08 23:08:34 +00:00
Ted Kremenek
3a0516b25a
retain checker: Track the number of times a tracked object is sent
...
'autorelease'. This isn't used yet to flag errors.
llvm-svn: 71244
2009-05-08 20:01:42 +00:00
Ted Kremenek
062c14ba24
Remove experimental ownership attributes from Clang.
...
llvm-svn: 71216
2009-05-08 15:19:25 +00:00
Zhongxing Xu
d2e8fa14df
Region store: when casting VarRegions, if the cast-to pointee type is
...
incomplete, do not compute its size and return the original region.
llvm-svn: 71213
2009-05-08 07:28:25 +00:00
Zhongxing Xu
afc875c766
Replace the heuristic isSmallerThan with ASTContext::getTypeSize().
...
llvm-svn: 71206
2009-05-08 02:12:59 +00:00
Zhongxing Xu
c0c074655d
Replace getTypeWidth() with ASTContext::getTypeSize().
...
llvm-svn: 71205
2009-05-08 02:00:55 +00:00
Zhongxing Xu
1ba79dfeea
Revert r71079.
...
llvm-svn: 71202
2009-05-08 01:33:18 +00:00
Ted Kremenek
3975f17f04
Fix <rdar://problem/6845148>. Signed integers compared against pointers should
...
implicitly be changed to unsigned values in GRSimpleVals.cpp. This can happen
when the comparison involves logic in specialized transfer functions (e.g.,
OSAtomicCompareAndSwap).
llvm-svn: 71200
2009-05-08 00:32:39 +00:00
Ted Kremenek
9157fbb6a6
Minor code cleanup in retain/release checker in preparation for some
...
other changes. Instead of repeatedly checking for GC mode when
getting the return effect, just do this computation once.
llvm-svn: 71193
2009-05-07 23:40:42 +00:00
Ted Kremenek
ba53fe98e7
More attribute renaming:
...
- Rename 'ns_returns_owned' -> 'ns_returns_retained'.
- Rename 'cf_returns_owned' -> 'cf_returns_retained'.
llvm-svn: 71182
2009-05-07 21:49:45 +00:00
Ted Kremenek
a6e08327c0
analyzer: Add ProgramPoint 'PostLValue' just to distinguish (for
...
analysis introspection) when we computed an lvalue. This shouldn't
effect the current analysis results in any way.
llvm-svn: 71169
2009-05-07 18:27:16 +00:00
Ted Kremenek
9abe474852
Add preliminary support for enhancing null-pointer dereference diagnostics.
...
llvm-svn: 71135
2009-05-07 00:45:33 +00:00
Ted Kremenek
bb8d546208
Refactor BugReporter interface to have a new 'BugReporterContext' and
...
'BugReporterVisitor'. This simplifies callbacks from BugReporter to BugReports
(via VisitNode). It also lays the foundation for arbitrary visitor "call backs"
that can be registered to a BugReporterContext as a PathDiagnostic is
constructed. These call backs can help operate as separate "experts" that can
work on constructed pieces of a PathDiagnostic for which they possess special
knowledge.
llvm-svn: 71121
2009-05-06 21:39:49 +00:00
Ted Kremenek
0626df4eeb
Fix analyzer regression reported in PR 4164:
...
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
- Strip ElementRegions when the ElementRegion is just a 'raw data' view
on top of the underlying typed region.
llvm-svn: 71094
2009-05-06 18:19:24 +00:00
Zhongxing Xu
ea8c48d5a1
Improve RegionStoreManager::getSizeInElements()
...
- add a static function getTypeWidth(), which computes the width of a type
with the help of TargetInfo.
- no-outofbounds.c now passes for region store.
llvm-svn: 71080
2009-05-06 11:51:48 +00:00
Zhongxing Xu
c98868136f
Add a GDM for recording the cast type of regions.
...
llvm-svn: 71076
2009-05-06 08:33:50 +00:00
Zhongxing Xu
24ed0b28a8
The super region of ElementRegion no longer needs to be TypedRegion. In the
...
future we would create ElementRegion directly on top of typeless regions.
llvm-svn: 71075
2009-05-06 08:15:46 +00:00
Zhongxing Xu
1813e23a52
Implement a heuristic type size comparison method for now.
...
llvm-svn: 71074
2009-05-06 08:08:27 +00:00
Zhongxing Xu
b2d4a52e3f
remove commented code.
...
llvm-svn: 71060
2009-05-06 02:54:11 +00:00
Zhongxing Xu
d5e09be293
Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
...
RegionStore.
This CastRegion() performs casts according to the kind of the region being
cast instead of the type that is cast to.
llvm-svn: 71058
2009-05-06 02:42:32 +00:00
Ted Kremenek
a8106efce9
BugReporter (extensive diagnostics): improve location context generation for the
...
start of 'do' and '@synchronized' statements.
llvm-svn: 71038
2009-05-05 23:13:38 +00:00
Ted Kremenek
98017051ae
BugReporter (extensive diagnostics): Fix getEnclosingStmtLocation to reason
...
about Exprs that are not consumed and fix where the loop iteration diagnostic
goes.
llvm-svn: 71027
2009-05-05 22:19:17 +00:00
Ted Kremenek
213ff5a98e
Implement attribute 'ns_autorelease'.
...
llvm-svn: 70990
2009-05-05 18:44:20 +00:00
Ted Kremenek
94c464ef22
Implement attribute 'cf_returns_owned' (mirrors 'ns_returns_owned').
...
llvm-svn: 70952
2009-05-05 00:46:09 +00:00
Ted Kremenek
e5c315826e
Fix unused variable warning
...
llvm-svn: 70946
2009-05-05 00:06:16 +00:00
Ted Kremenek
6ae5615d80
Remove possibly incorrect assertion that doesn't matter.
...
llvm-svn: 70943
2009-05-05 00:02:18 +00:00
Ted Kremenek
6bdfcf47ad
Remove experimental attribute 'ns_ownership_make_collectable.'
...
llvm-svn: 70940
2009-05-04 23:46:06 +00:00
Ted Kremenek
0836a19931
Rename attributes 'objc_ownership...' to 'ns_ownership...'.
...
llvm-svn: 70897
2009-05-04 19:10:19 +00:00
Ted Kremenek
e396f72ec7
BugReporter (extensive diagnostics): don't mark location contexts that are
...
control-flow expressions as dead.
llvm-svn: 70887
2009-05-04 18:15:17 +00:00
Ted Kremenek
250d59f33f
Fix false positive null dereference by unifying code paths in GRSimpleVals for
...
'==' and '!=' (some code in the '!=' was not replicated in the '==' code,
causing some constraints to get lost).
llvm-svn: 70885
2009-05-04 17:53:11 +00:00
Ted Kremenek
5dbfa3fadd
Rename attributes:
...
'objc_ownership_cfretain' -> 'cf_ownership_retain'
'objc_ownership_cfrelease' -> 'cf_ownership_release'
Motivation: Core Foundation objects can be used in isolation from Objective-C,
and this forces users to reason about the separate semantics of CF objects. More
Sema support pending.
llvm-svn: 70884
2009-05-04 17:29:57 +00:00
Ted Kremenek
49a844e1a6
retain checker: Add checker support for FunctionDecl ownership annotations. Need to add Sema support.
...
llvm-svn: 70873
2009-05-04 16:43:50 +00:00
Ted Kremenek
863f68aa06
retain checker: Pull out logic for parameter annotations into a
...
separate method.
llvm-svn: 70870
2009-05-04 15:40:58 +00:00
Ted Kremenek
df76e6d09d
retain checker: Don't treat function's declared in macros differently.
...
llvm-svn: 70869
2009-05-04 15:34:07 +00:00
Ted Kremenek
a68556c4cc
Add array index assertion: BasicStore should not expect any fancy
...
ElementRegions that have non-zero array indices.
llvm-svn: 70867
2009-05-04 15:25:46 +00:00
Ted Kremenek
d795b02be7
Rename 'makeZeroIndex' to 'makeZeroArrayIndex'.
...
llvm-svn: 70865
2009-05-04 15:17:38 +00:00
Ted Kremenek
629a43ffa1
Zhongxing already implemented this FIXME.
...
llvm-svn: 70864
2009-05-04 15:14:27 +00:00
Zhongxing Xu
6ebde279ae
array indexes are unsigned integers of the same width as pointer.
...
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.
llvm-svn: 70844
2009-05-04 08:52:47 +00:00
Ted Kremenek
758fda4274
BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.
...
StoreManager: Handle casts from one element region to another.
Update test cases.
llvm-svn: 70836
2009-05-04 07:04:36 +00:00
Ted Kremenek
35cf12ab2d
Handle 'long x = 0; char *y = (char *) x;' by layering an
...
'ElementRegion' on top of the VarRegion for 'x'. This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager. It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.
llvm-svn: 70832
2009-05-04 06:35:49 +00:00
Ted Kremenek
02e508960c
Per conversations with Zhongxing, add an 'element type' to
...
ElementRegion. I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.
This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
'Line 159: Uninitialized or undefined return value returned to caller.'
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.
Zhongxing: When you get a chance, could you review this? I could have
easily screwed up something basic in RegionStoreManager.
llvm-svn: 70830
2009-05-04 06:18:28 +00:00
Ted Kremenek
1d9a267b2e
retain checker:
...
- Fix retain checker test failures.
- Update retain checker to have annotations override default summary effects, not completely redefine them.
llvm-svn: 70828
2009-05-04 05:31:22 +00:00
Ted Kremenek
ff606a1259
retain checker: RetainSummaryManager now has a 'DefaultSummary' object
...
which is returned instead of a null pointer. This helps centralize
the logic concerning "default effects".
llvm-svn: 70826
2009-05-04 04:57:00 +00:00
Ted Kremenek
1bff64e309
retain checker: Don't bother using a FoldingSet to unique summaries.
...
We never compare summaries by their pointers, and we create only a
handful of them when analyzing a given function.
llvm-svn: 70824
2009-05-04 04:30:18 +00:00
Ted Kremenek
4b59ccb563
Fix: <rdar://problem/6850275> CF objects returned from methods with "new" or "copy" in their name should be treated as owned
...
For methods that follow the "fundamental rule" and return Core
Foundation objects, treat those objects as owned by the caller.
llvm-svn: 70665
2009-05-03 06:08:32 +00:00
Ted Kremenek
7d79a5f87d
Convert ArgEffects from an std::vector to an ImmutableMap. This will make it much easier to clean up the summary generation logic with annotations.
...
llvm-svn: 70660
2009-05-03 05:20:50 +00:00
Ted Kremenek
b4cf4a52ab
Rename isTrackedObjectType() -> isTrackedObjCObjectType().
...
llvm-svn: 70657
2009-05-03 04:42:10 +00:00
Zhongxing Xu
3e3e69bbe7
region store: make Retrieve() can retrieve embedded array correctly. Also
...
simplify the retrieve logic.
llvm-svn: 70651
2009-05-03 00:27:40 +00:00
Ted Kremenek
f1e7667099
retain/release checker: Enhance leak description to say that the bug
...
occurs in GC mode.
llvm-svn: 70638
2009-05-02 19:05:19 +00:00
Ted Kremenek
2c32773fa2
Add a new BFS GRWorkList and make it the default worklist model for
...
GRCoreEngine. This tends to result in shorter paths for pathological cases.
llvm-svn: 70585
2009-05-01 22:18:46 +00:00
Ted Kremenek
9c21f1d174
StoreManager::CastRegion:
...
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
llvm-svn: 70565
2009-05-01 19:22:20 +00:00
Ted Kremenek
a11c607312
Basic Store: Always convert a non::LocAsInteger to a Loc when storing to a pointer.
...
llvm-svn: 70564
2009-05-01 19:04:28 +00:00
Ted Kremenek
0e3cc24e79
Update CMake file.
...
llvm-svn: 70563
2009-05-01 18:43:00 +00:00
Ted Kremenek
afbff15e64
BugReporter (extensive diagnostics): introduce the notion of a "dead"
...
location context. This allows us to postpone the decision of whether
or not a context should add a control-flow piece to the diagnostics
when inspecting its subexpressions.
llvm-svn: 70545
2009-05-01 16:08:09 +00:00
Ted Kremenek
29d0880e50
Remove #if 0'ed code.
...
llvm-svn: 70542
2009-05-01 15:19:33 +00:00
Ted Kremenek
2ff8a79d27
retain/release checker: Hook up attributes 'objc_ownership_retain' and
...
'objc_ownership_release' to the effects on receivers.
llvm-svn: 70507
2009-04-30 20:00:31 +00:00
Ted Kremenek
b4e27a1838
Handle case in EvalReturn where we cache out in the ExplodedGraph.
...
llvm-svn: 70475
2009-04-30 05:51:50 +00:00
Ted Kremenek
497df9126f
retain/release checker: Use the ObjCMethodDecl in the @implementation if no
...
matching ObjCMethodDecl exists in the @interface.
llvm-svn: 70474
2009-04-30 05:47:23 +00:00
Ted Kremenek
b2a143fad6
retain/release checker: Resolve method decl in @interface after getting the
...
ObjCInterfaceDecl, not before.
llvm-svn: 70473
2009-04-30 05:41:14 +00:00
Ted Kremenek
223a7d5445
retain/release checker: When determining whether an analyzed method can return
...
an owned object, consult its summary instead of inspecting the selector. This
picks up annotations, and is just more general.
llvm-svn: 70429
2009-04-29 23:03:22 +00:00
Ted Kremenek
d6bef2edab
Format cleanup. No functionality change.
...
llvm-svn: 70420
2009-04-29 22:25:52 +00:00
Ted Kremenek
9f08b842e1
Fix null dereference.
...
llvm-svn: 70417
2009-04-29 22:05:03 +00:00
Ted Kremenek
47187c6ad2
BugReporter/PathDiagnostics:
...
- Add an (optional) short description for BugReports for clients that want
to distinguish between long and short descriptions for bugs
- Make the bug report for VLA less obscene for Plist diagnostics by using
the short description
llvm-svn: 70415
2009-04-29 21:58:13 +00:00
Ted Kremenek
53cce5c195
Reformat long line. No functionality change.
...
llvm-svn: 70412
2009-04-29 21:31:59 +00:00
Ted Kremenek
6bd78709f2
retain/release checker: Hoist code for bug reports above transfer function logic
...
(those diffs are just code moving) and move the logic for "return of owned
object" leak reporting to EvalReturnStmt.
llvm-svn: 70399
2009-04-29 18:50:19 +00:00
Ted Kremenek
99fe1695c7
Add version of getMethodSummary() that can be used to query the summary for the
...
method currently being analyzed.
llvm-svn: 70388
2009-04-29 17:17:48 +00:00
Ted Kremenek
387243067a
Rename getMethodSummary() -> getInstanceMethodSummary().
...
llvm-svn: 70387
2009-04-29 17:09:14 +00:00
Ted Kremenek
3941d22a98
Add corner case logic to BasicStoreManager and GRSimpleVals::EvalBinOp to enable
...
reasoning about OSCompareAndSwap32Barrier/OSCompareAndSwap64Barrier. Essentially
the address of reference to a region (pointer-to-pointer) can be casted to
(int32_t*), and we need to handle the logic to convert the involved locations
back and forth from nonloc::LocAsInteger, nonloc::ConcreteInt, to Loc and
loc::ConcreteInt respectively. This adds some potentially suspect logic to
BasicStoreManager that allows the analyzer to reason about abuses of the C type
system. This should probably be refined, be ported over to RegionStoreManager,
and extended with "path-sensitive type checking" to flag bugs in clearly
incoherent code.
llvm-svn: 70382
2009-04-29 16:03:27 +00:00
Ted Kremenek
e034868a36
MemRegion pretty-printing: Convert DeclName to a string to print out the actual
...
name of the tracked function.
llvm-svn: 70381
2009-04-29 15:37:24 +00:00
Zhongxing Xu
f985648e83
SymbolicRegions may also be live roots.
...
llvm-svn: 70380
2009-04-29 09:24:35 +00:00
Ted Kremenek
0b50fb1de1
retain/release checker: Refactor getMethodSummary() to not depend on ObjCMessageExpr.
...
llvm-svn: 70369
2009-04-29 05:04:30 +00:00
Zhongxing Xu
3ee3044bd7
As discussed with Ted offline, re-apply r70293.
...
llvm-svn: 70358
2009-04-29 02:30:09 +00:00
Ted Kremenek
7686ffaf07
retain/release checker: Refactor the guts of getClassMethodSummary to not depend
...
on ObjCMessageExpr. This will enable us to use it elsewhere. This should not
change any functionality.
llvm-svn: 70352
2009-04-29 00:42:39 +00:00
Ted Kremenek
869292d5b6
Implement ownership attribute 'objc_ownership_make_collectable'. This allows one
...
to add 'CFMakeCollectable' semantics to a method.
llvm-svn: 70336
2009-04-28 22:32:26 +00:00
Ted Kremenek
ea62bf4e58
Revert 70293.
...
llvm-svn: 70313
2009-04-28 18:48:13 +00:00
Zhongxing Xu
6e304e6323
Now we can remove the 'blast-through' code.
...
llvm-svn: 70293
2009-04-28 13:49:42 +00:00
Ted Kremenek
9bea0dc178
Extensive diagnostics: Do not add a location context for do...while statements.
...
llvm-svn: 70286
2009-04-28 04:28:12 +00:00
Ted Kremenek
61114bc558
BugReporter (extensive diagnostics): Clean up do...while control-flow edges, and
...
add "Looping back to the head of the loop" diagnostic for loops.
llvm-svn: 70285
2009-04-28 04:23:15 +00:00
Ted Kremenek
84bfa2c2dc
Add two new checker-specific attributes: 'objc_ownership_release' and
...
'objc_ownership_cfrelease'. These are the 'release' equivalents of
'objc_ownership_retain' and 'objc_ownership_cfretain' respectively.
llvm-svn: 70235
2009-04-27 19:36:56 +00:00
Ted Kremenek
e6633567e0
Track objects in GC mode returned by 'alloc', 'new', etc. methods. These are
...
treated as "not owned" objects.
llvm-svn: 70232
2009-04-27 19:14:45 +00:00
Ted Kremenek
ebbef7d0d3
Add new checker-specific attribute 'objc_ownership_cfretain'. This is the same
...
as 'objc_ownership_cfretain' except that the method acts like a CFRetain instead
of a [... retain] (important in GC modes). Checker support is wired up, but
currently only for Objective-C message expressions (not function calls).
llvm-svn: 70218
2009-04-27 18:27:22 +00:00
Sebastian Redl
a7b98a772c
Implement function-try-blocks. However, there's a very subtle bug that I can't track down.
...
llvm-svn: 70155
2009-04-26 20:35:05 +00:00
Eli Friedman
5cdb8cc267
Minor code cleanup.
...
llvm-svn: 70144
2009-04-26 19:04:51 +00:00
Chris Lattner
f0b64d73a8
split ObjC and C++ Statements out into their own headers.
...
llvm-svn: 70105
2009-04-26 01:32:48 +00:00
Ted Kremenek
e75de95408
Hook up attribute 'objc_ownership_retain' to the analyzer. This attribute allows
...
users to specify that a method's argument is visibly retained (reference count
incremented).
llvm-svn: 70008
2009-04-25 01:21:50 +00:00
Ted Kremenek
b97d093e16
Hook up __attribute__((objc_ownership_returns)) to the retain/release checker.
...
llvm-svn: 70002
2009-04-24 23:32:32 +00:00
Ted Kremenek
6a966b2486
Fix the same false positive reported in PR 2542 and <rdar://problem/6793409>
...
involving an NSAnimation object delegating its release to a delegate method.
llvm-svn: 69992
2009-04-24 21:56:17 +00:00
Ted Kremenek
53c5b7e0bd
Minor refactoring: pass selector to getCommonMethodSummary(). No functionality
...
change.
llvm-svn: 69985
2009-04-24 18:19:07 +00:00
Ted Kremenek
6e86cafca3
retain/release checker: more hacks to workaround false positives cause by
...
delegates. When a reference counted object is passed as to a 'void*' argument to
a method stop tracking the reference count.
llvm-svn: 69984
2009-04-24 18:00:17 +00:00
Ted Kremenek
21895e0b89
Sentence case bug name.
...
llvm-svn: 69983
2009-04-24 17:51:19 +00:00
Ted Kremenek
8a5ad39a46
retain/release checker:
...
- Fix summary lookup for class methods to now use the (optional)
ObjCInterfaceDecl associated with a message expression. This removes a
long-standing FIXME.
- Partial fix for <rdar://problem/6062730> by stop tracking objects that
are passed to [NSObject performSelector]. These methods are often used
for delegates, which the analyzer doesn't reason about well yet.
llvm-svn: 69982
2009-04-24 17:50:11 +00:00
Ted Kremenek
60746a0a83
Refactor common logic in getMethodSummary() and getClassMethodSummary(). No
...
functionality change.
llvm-svn: 69936
2009-04-23 23:08:22 +00:00
Ted Kremenek
37467813c5
Further cleanups to isTrackedObjectType().
...
llvm-svn: 69929
2009-04-23 22:11:07 +00:00
Ted Kremenek
0a1f9c423f
retain/release checker: Don't call isTrackedObject() with the canonical type.
...
This was preventing the checker from tracking return objects referenced by 'id'.
llvm-svn: 69922
2009-04-23 21:25:57 +00:00
Ted Kremenek
b2f419dc88
retain/release checker: For class methods, only treat return values that are
...
object references as tracked objects.
llvm-svn: 69915
2009-04-23 20:02:30 +00:00
Ted Kremenek
f27110fc27
Per discussions with Ken Ferry and Paul Marks (<rdar://problem/6815234>) greatly
...
extend the number of objects tracked by the retain/release checker by assuming
that all class and instance methods should follow Cocoa object "getter" and
"alloc/new" conventions.
llvm-svn: 69908
2009-04-23 19:11:35 +00:00
Ted Kremenek
9c03f68206
Fix PR 4033: the analyzer shouldn't crash on computed gotos involving symbolic
...
target addresses.
llvm-svn: 69900
2009-04-23 17:49:43 +00:00
Ted Kremenek
3ebc5057ac
BugReporter (extensive diagnostics): Recursively adjust the referred expression
...
when popping location contexts.
llvm-svn: 69898
2009-04-23 16:44:22 +00:00
Ted Kremenek
e60809c31d
BugReporter (extensive diagnostics): Ignore parentheses when added control-flow
...
pieces for location contexts.
llvm-svn: 69895
2009-04-23 16:19:29 +00:00
Douglas Gregor
29bd76fd04
Eliminate the three SmallVectors in ObjCImplDecl (for instance
...
methods, class methods, and property implementations) and instead
place all of these entities into the DeclContext.
This eliminates more linear walks when looking for class or instance
methods and should make PCH (de-)serialization of ObjCDecls trivial
(and lazy).
llvm-svn: 69849
2009-04-23 01:02:12 +00:00
Ted Kremenek
63e29cc99c
Add PathDiagnosticRange to PathDiagnostics. These simply wrap SourceRange and
...
indicate whether or not the range represents an absolute range or should be
extended by lexing to the end of the token.
llvm-svn: 69834
2009-04-22 22:26:10 +00:00
Ted Kremenek
48b7875e55
BugReporter (extensive diagnostics): Use correct location for location contexts.
...
llvm-svn: 69824
2009-04-22 20:51:59 +00:00
Ted Kremenek
fb05406cef
BugReporter (extensive diagnostics): always add an edge if there is no location
...
context.
llvm-svn: 69823
2009-04-22 20:36:26 +00:00
Ted Kremenek
6c867a1460
BugReporter (extensive diagnostics):
...
- Remove stale assertion that was breaking the test suite.
- When popping location contexts, only add a control-flow piece for fileID
locations.
llvm-svn: 69814
2009-04-22 18:37:42 +00:00
Ted Kremenek
0752a5dff3
BugReporter (extensive diagnostic algorithm): The initial control-flow edge now
...
starts from the first character of the first statement.
llvm-svn: 69813
2009-04-22 18:16:20 +00:00
Ted Kremenek
22579c4c8f
PathDiagnosticLocation: ranges for terminators now only include the first
...
character instead of the entire range for the IfStmt, ForStmt, etc. We may
gradually refine these ranges later, but basically terminator ranges just refer
to the first keyword.
llvm-svn: 69812
2009-04-22 18:03:00 +00:00
Ted Kremenek
fe95afd0bc
Fix crash reported in PR 3991. The analyzer doesn't reason about ObjCKVCExpr.
...
llvm-svn: 69754
2009-04-21 23:53:32 +00:00
Ted Kremenek
eff7c6a2d6
This patch is largely due to Zhongxing Xu. I've simply applied it because of
...
some refactoring I did recently to StoreManager.
StoreManager::CastRegion: Handle casts to void* by stripping TypedViewRegions.
llvm-svn: 69751
2009-04-21 23:31:46 +00:00
Ted Kremenek
35f875c136
Fix: <rdar://problem/6777209> false Dereference of null pointer in loop: pointer increment/decrement preserves non-nullness
...
When the StoreManager doesn't reason well about pointer-arithmetic, propagate
the non-nullness constraint on a pointer value when performing pointer
arithmetic uisng ++/--.
llvm-svn: 69741
2009-04-21 22:38:05 +00:00
Ted Kremenek
1a1b62c168
Tweak pretty-printing of constraints.
...
llvm-svn: 69740
2009-04-21 22:37:11 +00:00
Ted Kremenek
2d495a6f43
Refactor 'BasicStoreManager::CastRegion' and 'RegionStoreManager::CastRegion'
...
into StoreManager::CastRegion. Both methods were practically identical, and this
is core logic that is common to all StoreManagers since it defines the basic
invariants of the abstract memory model.
llvm-svn: 69730
2009-04-21 21:51:34 +00:00
Ted Kremenek
9bb660c3f4
Recommit 69694 but this time also include the header changes (sorry for breaking
...
the build).
llvm-svn: 69702
2009-04-21 19:56:58 +00:00
Daniel Dunbar
2655f85975
Revert 69694 (use of undefined getSymbol)
...
llvm-svn: 69697
2009-04-21 18:54:52 +00:00
Ted Kremenek
99de8ae19c
Add pretty-printing for CodeTextRegions.
...
llvm-svn: 69694
2009-04-21 18:31:19 +00:00
Ted Kremenek
7421c0161a
Lexically order the implementation of MemRegion 'print' methods. No functionality change.
...
llvm-svn: 69688
2009-04-21 18:09:22 +00:00
Ted Kremenek
30fb341f4f
Use 'getAs<CodeTextRegion>' instead of 'dyn_cast<CodeTextRegion>' to handle any
...
layered regions.
llvm-svn: 69686
2009-04-21 17:37:26 +00:00
Zhongxing Xu
3070210377
Remove loc::FuncVal.
...
llvm-svn: 69577
2009-04-20 06:35:22 +00:00
Zhongxing Xu
ac1294318d
get a CodeTextRegion when visiting FunctionDecl reference.
...
get FunctionDecl with more general utility method.
llvm-svn: 69570
2009-04-20 05:24:46 +00:00
Zhongxing Xu
23e1f45664
As we now have ValueManager as the new value factory, we do not need factory
...
methods of SVal.
llvm-svn: 69565
2009-04-20 02:27:09 +00:00
Douglas Gregor
e3dcb2ddd1
FunctionDecl::getBody() is getting an ASTContext argument for use in
...
lazy PCH deserialization. Propagate that argument wherever it needs to
be. No functionality change, except that I've tightened up a few PCH
tests in preparation.
llvm-svn: 69406
2009-04-18 00:02:19 +00:00
Ted Kremenek
4531be138c
Add analyzer support for objc_atomicCompareAndSwap()
...
llvm-svn: 68849
2009-04-11 00:54:13 +00:00
Ted Kremenek
df24000d24
Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"
...
ProgramPoints all the way through to GRCoreEngine.
NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.
llvm-svn: 68845
2009-04-11 00:11:10 +00:00
Ted Kremenek
ffe4ad6795
Move a few more NonLoc static functions to ValueManager.
...
llvm-svn: 68800
2009-04-10 18:11:44 +00:00
Zhongxing Xu
1aced0c9d2
Add prototype for CodeTextRegion.
...
A CodeTextRegion wraps two kinds of data: FunctionDecl* or SymbolRef.
The latter comes from the symbolic function pointer that are generated from
function calls or input data.
llvm-svn: 68777
2009-04-10 08:45:10 +00:00
Zhongxing Xu
dadf250598
Finally nuke loc::SymbolVal.
...
llvm-svn: 68771
2009-04-10 06:06:13 +00:00
Ted Kremenek
5054663daa
Fix: <rdar://problem/6776949> Branch condition evaluates to an uninitialized value (argc is guaranteed to be >= 1)
...
The analyzer now adds the precondition that the first argument of 'main' is > 0.
llvm-svn: 68757
2009-04-10 00:59:50 +00:00
Ted Kremenek
40f4ee74fd
Implement attribute "analyzer_noreturn" (<rdar://problem/6777003>). This allows
...
clients of the analyzer to designate custom assertion routines as "noreturn"
functions from the analyzer's perspective but not the compiler's.
llvm-svn: 68746
2009-04-10 00:01:14 +00:00
Ted Kremenek
f2489ea043
- Move ownership of MemRegionManager into ValueManager.
...
- Pull SVal::GetConjuredSymbol() and friends into ValueManager. This greatly
simplifies the calling interface to clients.
llvm-svn: 68731
2009-04-09 22:22:44 +00:00
Douglas Gregor
bcced4ec31
Propagate the ASTContext to various AST traversal and lookup functions.
...
No functionality change (really).
llvm-svn: 68726
2009-04-09 21:40:53 +00:00
Ted Kremenek
f8cb51c20e
Remove SVal::MakeZero and replace it with ValueManager::makeZeroVal.
...
llvm-svn: 68711
2009-04-09 16:46:55 +00:00
Ted Kremenek
aa4cfc2604
analyzer: Introduce a new class, ValueManager, that serves as an aggregate
...
"manager of symbolic values", wrapping BasicValueFactory, SymbolManager, and
MemRegionManager. While these individual managers nicely separate functionality
in the analyzer, constructing symbolic values can sometimes be cumbersome
because it requires using multiple managers at once. The goal of this class is
to create some factory methods to create SVals that require the use of these
different managers, thus (hopefully) simplifying the analyzer API for clients.
llvm-svn: 68709
2009-04-09 16:13:17 +00:00
Zhongxing Xu
7e9c193398
stop using loc::SymbolVal and clean up code with new API.
...
llvm-svn: 68703
2009-04-09 07:39:46 +00:00
Zhongxing Xu
48abb5d91f
clean up code with new API.
...
llvm-svn: 68701
2009-04-09 07:04:45 +00:00
Zhongxing Xu
783cd82487
clean up code with new API.
...
llvm-svn: 68700
2009-04-09 07:01:16 +00:00
Zhongxing Xu
726876b385
clean up code with new API.
...
llvm-svn: 68699
2009-04-09 06:56:25 +00:00
Zhongxing Xu
2945210d71
clean up code with new API.
...
llvm-svn: 68698
2009-04-09 06:53:24 +00:00
Zhongxing Xu
c48eb32872
stop using loc::SymbolVal.
...
llvm-svn: 68697
2009-04-09 06:49:52 +00:00
Zhongxing Xu
22f72485ed
stop using loc::SymbolVal.
...
llvm-svn: 68696
2009-04-09 06:43:44 +00:00
Zhongxing Xu
0c87a4e79b
stop using loc::SymbolVal.
...
llvm-svn: 68695
2009-04-09 06:41:51 +00:00
Zhongxing Xu
4a8f0cf874
clean up code with new API.
...
llvm-svn: 68694
2009-04-09 06:35:30 +00:00
Zhongxing Xu
b74817f387
clean up code with new API.
...
llvm-svn: 68693
2009-04-09 06:32:20 +00:00
Zhongxing Xu
9410d7ee97
Add a new method because sometimes the type of the conjured symbol is not the
...
type of the expression where we create the symbol.
llvm-svn: 68692
2009-04-09 06:30:17 +00:00
Zhongxing Xu
40934cfa9b
make a conjured symbol as the original code.
...
llvm-svn: 68691
2009-04-09 06:18:05 +00:00
Zhongxing Xu
d3b33ba406
clean up code with new API.
...
llvm-svn: 68687
2009-04-09 06:03:54 +00:00
Ted Kremenek
2f3b0dbff4
Fix a null pointer dereference error due to state caching in a loop involving
...
sending a message to a nil receiver.
llvm-svn: 68686
2009-04-09 06:02:06 +00:00
Zhongxing Xu
cb5d3ced70
Create a symbolic region instead of a loc::SymbolVal. This is a continued step
...
to eliminate the use of loc::SymbolVal.
llvm-svn: 68685
2009-04-09 05:57:11 +00:00
Ted Kremenek
f9f9420303
GRExprEngine: Don't try to reason about the size of 'void' for the return type
...
of messages sent to nil.
llvm-svn: 68683
2009-04-09 05:45:56 +00:00
Ted Kremenek
c3f7c85129
Fix another regression introduced by changes to the analyzer's reasoning about
...
nil receivers in message expressions.
llvm-svn: 68672
2009-04-09 04:06:51 +00:00
Ted Kremenek
d937ed386e
Refactor/cleanup reasoning of nil receivers in message expressions.
...
llvm-svn: 68661
2009-04-09 00:00:02 +00:00
Ted Kremenek
5451c60f5a
Enhance analyzer reasoning about sending messages to nil. A nil receiver returns 0 for scalars of size <= sizeof(void*).
...
llvm-svn: 68629
2009-04-08 18:51:08 +00:00
Ted Kremenek
605fee8445
New static analyzer check by Nikita Zhuk!
...
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718. The patch also includes test cases."
llvm-svn: 68585
2009-04-08 03:07:17 +00:00
Ted Kremenek
4d947facad
Remove hack from LiveVariables analysis where variables whose address are taken
...
are considered 'live'. This hack isn't needed anymore because we have a
separation in the path-sensitive analyzer between variable names and bindings;
the analyzer can continue to reason about the storage of a variable after its
name is no longer directly referenced. Now the live variables analysis literally means "is this name live".
Along this line, update the dead stores checker to explicitly look for variables
whose values have escaped.
llvm-svn: 68504
2009-04-07 05:25:24 +00:00
Ted Kremenek
aed74642cb
Remove GetLeakNode. This isn't the right approach.
...
llvm-svn: 68502
2009-04-07 05:07:44 +00:00
Ted Kremenek
8928d74e19
Remove period.
...
llvm-svn: 68497
2009-04-07 04:54:31 +00:00
Ted Kremenek
e2f5a9f8e3
Eagerly compute the leak location when a leak occurs at the end of a path.
...
llvm-svn: 68496
2009-04-07 04:54:20 +00:00
Ted Kremenek
3cb8a84924
Removed some commented code.
...
llvm-svn: 68495
2009-04-07 04:53:35 +00:00
Ted Kremenek
86d52c4c02
PathDiagnostic generation: experiment with avoiding generation of control-flow
...
pieces between block entrance and block end unless necessary.
llvm-svn: 68483
2009-04-07 01:34:17 +00:00
Ted Kremenek
6fd0921bdb
retain/release checker: When hunting for the leak location, don't walk the
...
ExplodedGraph backwards. That may inadvertently result in reverse control-flow
edges in the PathDiagostic.
llvm-svn: 68477
2009-04-07 00:12:43 +00:00
Ted Kremenek
d7c1aaa6c5
Don't overguard to adding a control-flow piece when "alwaysAdd" is true.
...
llvm-svn: 68476
2009-04-07 00:11:40 +00:00
Ted Kremenek
c4c9ed0f9b
Rewrite control-flow diagnostic generation "extensive" algorithm using "edge
...
contexts". This allows us to use a stack of contexts to keep track of what control-flow pieces to include when exiting blocks like 'if', 'for', etc.
llvm-svn: 68473
2009-04-06 23:06:54 +00:00
Ted Kremenek
92820d2d3d
PathDiagnosticLocation now also wraps Decls.
...
llvm-svn: 68470
2009-04-06 22:33:35 +00:00