4b8eca88b0
Teach the CStringChecker and PthreadLockChecker about non-identifier
...
declaration names, from Jim Goodnow II!
llvm-svn: 117970
2010-11-01 23:16:05 +00:00
627a1868d2
Now initializer of C++ record type is visited as block-level expr.
...
Let the destination of AggExprVisitor be an explicit MemRegion.
Reenable the test case.
llvm-svn: 117908
2010-11-01 09:09:44 +00:00
0b51d4db8c
Make all CXXConstructExpr's block-level expressions. This is required by
...
method inlining. Temporarily fail a test case.
llvm-svn: 117907
2010-11-01 06:46:05 +00:00
e4f7df694d
Make Clang static analyzer skip function template definitions. This fixes Clang PR 8426, 8427, & 8433. Reviewed by Ted Kremenek and Doug Gregor.
...
llvm-svn: 117853
2010-10-31 04:22:34 +00:00
310c5a8e31
Don't flag idempotent '+' or '-' warnings for pointer arithmetic (typically false positives).
...
Fixes <rdar://problem/8601243>.
llvm-svn: 117635
2010-10-29 01:06:54 +00:00
eaae1adb94
Add test case for <rdar://problem/8356342>.
...
llvm-svn: 117525
2010-10-28 02:50:32 +00:00
0abd85c7ae
Don't warn about unamed bitfield ivars in the ObjCUnusedIvarsChecker. Fixes <rdar://problem/8481311>.
...
llvm-svn: 117521
2010-10-28 02:16:22 +00:00
d95ccd58a9
If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr
...
containing a DoStmt, and the LHS doesn't create a new block, then we should
return RBlock. Otherwise we'll incorrectly return NULL.
Also relax an assertion in VisitWhileStmt(). Reset 'Block' when it is finished.
llvm-svn: 117436
2010-10-27 03:23:10 +00:00
6348dac7a0
Fix lazy symbolication bug in RegionStore involving fields of global variables. When invalidated, the entire
...
globals memory space gets assigned a symbolic value, but that value was not being used for lazy symbolication
of fields of globals. This could result in cases where bogus null dereferences were being reported.
Fixes PR 8440.
llvm-svn: 117336
2010-10-26 00:06:17 +00:00
731310e13e
Tweak null dereference checker to give better diagnostics for null dereferences resulting from array accesses.
...
llvm-svn: 117334
2010-10-26 00:06:13 +00:00
c07d8353e1
Add check for UnknownVals for mutexes in ObjCAtSyncChecker. Fixes crash reported in PR 8458.
...
llvm-svn: 117300
2010-10-25 20:20:56 +00:00
01769904d3
Added generation of destructors for member constant size arrays.
...
There's only one destructor call generated for each not empty array (at least for now this should be enough).
llvm-svn: 117252
2010-10-25 07:05:54 +00:00
52e4bc1fed
Added generation of destructors for constant size arrays.
...
There's only one destructor call generated for each not empty array (at least for now this should be enough).
llvm-svn: 117251
2010-10-25 07:00:40 +00:00
73067a02db
Warn if a variable marked with the "unused" attribute is used. Patch by Darin Adler!
...
llvm-svn: 117184
2010-10-22 23:37:08 +00:00
5c97605c1d
Fix a horrible bug in all dataflow analyses that use CFGRecStmtVisitor (including live variables analysis).
...
We shouldn't recurse into CompoundStmts since they are already inlined in the CFG. This could result in
bogus dead stores warnings (among other things).
llvm-svn: 117162
2010-10-22 22:08:32 +00:00
c5644e1b97
Tweak the ObjCAtSyncChecker to assume that a mutex is non-nil after checking that it is
...
nil. Otherwise we can get false paths where a second @synchronized using the mutex
can have a bogus warning. Fixes <rdar://problem/8578650>.
llvm-svn: 117016
2010-10-21 15:38:55 +00:00
da8a79ac8d
"Fix" bogus idempotent operations warning due to loop unrolling not unrolling enough loops to show that an invariant
...
doesn't hold. This fix is to increase the loop unrolling count to 4, which experiments show doesn't typically impact
analysis time. The real fix is to modify the IdempotentOperationsChecker to suppress warnings where an analysis point
could be preceded by a point where we gave up due to loop unrolling.
llvm-svn: 116769
2010-10-18 23:36:05 +00:00
4f63ac7057
Tweak retain/release checker diagnostics to specify a leak occurs because an object is not referenced later in the path,
...
not that it isn't referenced later in the code. Fixes <rdar://problem/8527839>.
llvm-svn: 116636
2010-10-15 22:50:23 +00:00
271c9c7b6d
Add experimental chroot check which checks improper use of chroot(). Patch by
...
Lei Zhang.
llvm-svn: 116163
2010-10-10 05:45:30 +00:00
ea53e82c78
UnreachableCodeChecker cleanup and improvements
...
- Fixed some iterator style issues
- Don't process blocks that have been visited already
- Fixed a case where a unreachable block cycle was not reported
- Minor test case changes
- Added one test case from flow-sensitive version of the check. More coming.
llvm-svn: 115861
2010-10-06 23:02:25 +00:00
20b88739ed
Added support for base and member destructors in destructor.
...
llvm-svn: 115592
2010-10-05 05:37:00 +00:00
87b1bb6fd2
Added support for C++ initializers in CFG.
...
llvm-svn: 115493
2010-10-04 03:38:22 +00:00
3546b1aea1
Added generating CFGAutomaticObjDtors for exception variable in catch statement.
...
llvm-svn: 115266
2010-10-01 01:46:52 +00:00
6d5ee0c7f9
Added generating CFGAutomaticObjDtors for init statement, condition variable and implicit scope in for statement.
...
llvm-svn: 115265
2010-10-01 01:38:14 +00:00
e407a3ba1e
dded generating CFGAutomaticObjDtors for condition variable and implicit scopes in switch statement.
...
llvm-svn: 115264
2010-10-01 01:24:41 +00:00
1f4e15c56f
Added generating CFGAutomaticObjDtors for condition variable and implicit scopes in while and do statements.
...
llvm-svn: 115262
2010-10-01 01:14:17 +00:00
f883ade880
Added generating CFGAutomaticObjDtors for condition variable and implicit scopes in if statement.
...
llvm-svn: 115256
2010-10-01 00:52:17 +00:00
667ffecd9e
Added:
...
- Adding LocalScope for CompoundStmt,
- Adding CFGAutomaticObjDtors for end of scope, return, goto, break, continue,
- Regression tests for above cases.
llvm-svn: 115252
2010-10-01 00:23:17 +00:00
3d6c0c0091
Tweak nil receiver checker to not warning about 64-bit return values.
...
Fixes: <rdar://problem/7513117>
llvm-svn: 115113
2010-09-30 00:37:10 +00:00
40cec8326c
Revert r114316, -Wunused-value enabled by default was intended.
...
llvm-svn: 114318
2010-09-19 23:03:35 +00:00
3698bf1c6d
Make -Wunused-value off by default, matching GCC. Fixes rdar://7126194.
...
llvm-svn: 114316
2010-09-19 21:21:44 +00:00
7b31a61d10
Relax assertion in CFG builder when processing ForStmts. This fixes an assertion failure
...
on code containing GNU statement expressions reported in PR 8141.
llvm-svn: 113953
2010-09-15 07:01:20 +00:00
c4deb92316
Disallow the use of UnknownVal as the index for ElementRegions. UnknownVals can be used as
...
the index when the value evaluation isn't powerful enough. By creating ElementRegions with
UnknownVals as the index, this gives the false impression that they are the same element, when
they really aren't. This becomes really problematic when deriving symbols from these regions
(e.g., those representing the initial value of the index), since two different indices will
get the same symbol for their binding.
This fixes an issue with the idempotent operations checker that would cause two indices that
are clearly not the same to make it appear as if they always had the same value.
Fixes <rdar://problem/8431728>.
llvm-svn: 113920
2010-09-15 03:13:30 +00:00
c95589d2e6
Don't divide-by-zero in RegionStoreManager::getSizeInElements() when getting the size of a VLA. We don't track VLA extents yet,
...
but we should at least not crash. Fixes <rdar://problem/8424269>.
llvm-svn: 113888
2010-09-14 23:08:34 +00:00
8abff774aa
Fix CFGBuilder crash reported in PR 8141.
...
llvm-svn: 113826
2010-09-14 01:13:32 +00:00
0a3f523614
Polish diagnostics for null dereferences via ObjC ivar accesses. Finishes up <rdar://problem/6352035>.
...
llvm-svn: 113612
2010-09-10 20:20:49 +00:00
e495c99055
Implement: <rdar://problem/6351970> rule request: warn if @synchronized mutex can be nil
...
llvm-svn: 113573
2010-09-10 03:05:40 +00:00
4545b2df42
Added AnalyzerStatsChecker, a path sensitive check that reports visitation statistics about analysis. Running clang with the -analyzer-stats flag will emit warnings containing the information. We can then run a postanalysis script to take this data and give useful information about how much the analyzer missed in a project.
...
llvm-svn: 113568
2010-09-10 00:44:44 +00:00
5cdaeaaa1d
Clean up obtuse wording of checker diagnostic of using an uninitialized value in a function call.
...
Fixes: <rdar://problem/8409480> “warning: Pass-by-value argument in function call is undefined” message can be improved
llvm-svn: 113554
2010-09-09 22:51:55 +00:00
ff3a4ff6e9
Use FindReportInEquivalenceClass to identify all the nodes used for the trimmed graph (in BugReporter). This fixes a problem where a leak that happened to occur on both an exit() path and a non-exit() path was getting reported with the exit() path (which users don't care about).
...
This fixes:
<rdar://problem/8331641> leak reports should not show paths that end with exit() (but ones that don't end with exit())
llvm-svn: 113524
2010-09-09 19:05:34 +00:00
5f256da834
Rename GRState::getSVal() -> getRawSVal() and getSimplifiedSVal() -> getSVal().
...
The end result is now we eagarly constant-fold symbols in the analyzer that are perfectly constrained
to be a constant value. This allows us to recover some path-sensitivity in some cases by lowering
the required level of reasoning power needed to evaluate some expressions.
The net win from this change is that the false positive in PR 8015 is fixed, and we also
find more idempotent operations bugs.
We do, however, regress with the BugReporterVisitors, which need to be modified to understand
this constant folding (and look past it). This causes some diagnostic regressions in plist-output.m
which will get addressed in a future patch. plist-output.m is now marked XFAIL, while
plist-output-alternate.m now tests that the plist output is working, but with the suboptimal
diagnostics. This second test file will eventually be removed.
llvm-svn: 113477
2010-09-09 07:13:00 +00:00
5ebb6156d8
Include test case for <rdar://problem/5880430>.
...
llvm-svn: 113458
2010-09-09 00:40:43 +00:00
83556c1a80
Put the tautological-comparison-of-unsigned-against-zero warnings in
...
-Wtautological-compare instead of -Wsign-compare, which also implies turning
them on by default.
Restoration of r112877.
llvm-svn: 113334
2010-09-08 02:01:27 +00:00
53c9ac30f9
tests: Use -ffreestanding when including stdint.h, to avoid platform dependencies.
...
llvm-svn: 113301
2010-09-07 22:54:28 +00:00
aba4958db2
Fix null pointer dereference in StreamChecker::Fseek (reported in PR 8081) and simplify surrounding checking logic.
...
llvm-svn: 113282
2010-09-07 20:45:26 +00:00
bc9eaef24c
Re-enabled truncation/extension checking in IdempotentOperationChecker and added a test case.
...
llvm-svn: 113269
2010-09-07 20:27:56 +00:00
53fa04909c
make clang print types as "const int *" instead of "int const*",
...
which is should have done from the beginning. As usual, the most
fun with this sort of change is updating all the testcases.
llvm-svn: 113090
2010-09-05 00:04:01 +00:00
af7534f084
Get rid of the "functions declared 'noreturn' should have a 'void' result type" warning.
...
The rationale behind this is that it is normal for callback functions to have a non-void return type
and it should still be possible to mark them noreturn. (JavaScriptCore is a good example of this).
llvm-svn: 112918
2010-09-03 00:25:02 +00:00
310083c3e3
sabre points out that the timing here is pretty pessimal; I'll retry the
...
experiment in a few days.
llvm-svn: 112882
2010-09-02 22:27:38 +00:00
25f7aa8158
Experimentally move the tautological comparison warnings from -Wsign-compare
...
to -Wtautological-compare. This implies that they're now on by default.
If this causes chaos, I'll figure something else out.
llvm-svn: 112877
2010-09-02 22:18:59 +00:00
ef94284f2f
Tweak test case. 'int' would introduce out-of-bound issues. We focus on array
...
index constraints in this case.
llvm-svn: 112794
2010-09-02 01:42:44 +00:00
07343c02be
For GRExprEngine::EvalBind() (and called visitors), unifiy StoreE and AssignE. Now StoreE (const Stmt*) represents the expression where the store took place, which is the assignment expression if it takes place in an assignment. This removes some conceptual dissidence as well as removes an extra parameter from the Checker::PreVisitBind() visitor. It also improves ranges and source location information in analyzer diagnostics.
...
llvm-svn: 112789
2010-09-02 00:56:20 +00:00
f3a734d8ee
Add yet another test case for PR 8015, showing how reasoning over symbolic indices should exactly resolve over multiple index possibilities (and thus suppress the false positive in the test).
...
llvm-svn: 112770
2010-09-01 23:37:38 +00:00
121ddd6a5c
Add another test case for PR 8015, here with the array index being within a valid range and not just a single constant.
...
llvm-svn: 112769
2010-09-01 23:37:36 +00:00
0e12f9cc7b
Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work). This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values.
...
llvm-svn: 112766
2010-09-01 23:27:26 +00:00
d588e78b95
Don't assert in the analyzer when analyze code does a byte load from a function's address. Fixes PR 8052.
...
llvm-svn: 112761
2010-09-01 23:00:46 +00:00
026cb58a44
Don't assert in CastSizeChecker when the casted-to pointee is an incomplete type. Fixes PR 8050.
...
llvm-svn: 112738
2010-09-01 20:35:38 +00:00
128d04dfe8
Explicitly handle CXXOperatorCallExpr when building CFGs. We should treat it the same as CallExprs.
...
Fixes: <rdar://problem/8375510> [Boost] CFGBuilder crash in Boost.Graph
llvm-svn: 112618
2010-08-31 18:47:34 +00:00
79a2788512
Revert my lame attempt at appeasing the CFGBuilder
...
llvm-svn: 112580
2010-08-31 05:36:56 +00:00
f5d453d067
Teach the CFGBuilder not do die on CXXBindTemporaryExpr, CXXOperatorCallExpr. Fixes a Boost.Graph crasher.
...
llvm-svn: 112578
2010-08-31 05:10:27 +00:00
9026d4b488
Adjusted the semantics of assign checking in IdempotentOperationChecker
...
- Fixed a regression where assigning '0' would be reported
- Changed the way self assignments are filtered to allow constant testing
- Added a test case for assign ops
- Fixed one test case where a function pointer was not considered constant
- Fixed test cases relating to 0 assignment
llvm-svn: 112501
2010-08-30 19:25:43 +00:00
71cc9d886a
Added checking of (x == x) and (x != x) to IdempotentOperationChecker and updated test cases flagged by it.
...
llvm-svn: 112313
2010-08-27 22:50:47 +00:00
98e679508d
Enabled relaxed LiveVariables analysis in the path-sensitive engine to increase the coverage of bugs. Primarily affects IdempotentOperationChecker.
...
- Migrated a temporarily separated test back to its original file (bug has been fixed, null-deref-ps-temp.c -> null-deref-ps.c)
- Changed SymbolManager to use relaxed LiveVariables
- Updated several test cases that the IdempotentOperationChecker class now flags
- Added test case to test relaxed LiveVariables use by the IdempotentOperationChecker
llvm-svn: 112312
2010-08-27 22:46:32 +00:00
036223bdcf
Fix horrible GRExprEngine bug where switch statements with no 'case:' statements would cause the path to get prematurely aborted. Fixes <rdar://problem/8360854>.
...
llvm-svn: 112233
2010-08-26 22:19:33 +00:00
82b2a1dada
Improved the handling of blocks and block variables in PseudoConstantAnalysis
...
- Removed the assumption that __block vars are all non-constant
- Simplified some repetitive code in RunAnalysis
- Added block walking support
- Code/comments cleanup
- Separated out test for block pseudoconstants
llvm-svn: 112098
2010-08-25 22:37:26 +00:00
a460311710
Improvements to IdempotentOperationChecker and its use of PseudoConstantAnalysis
...
- Added wasReferenced function to PseudoConstantAnalysis to determine if a variable was ever referenced in a function (outside of a self-assignment)
- BlockDeclRefExpr referenced variables are now explicitly added to the non-constant list
- Remove unnecessary ignore of implicit casts
- Generalized parameter self-assign detection to detect deliberate self-assigns of variables to avoid unused variable warnings
- Updated test cases with deliberate self-assignments
- Fixed bug with C++ references and pseudoconstants
- Added test case for C++ references and pseudoconstants
llvm-svn: 111965
2010-08-24 21:09:07 +00:00
905c051e47
Modified pseudoconstant test case to make it a bit clearer and fix a missing line
...
llvm-svn: 111833
2010-08-23 19:57:25 +00:00
e332c3b762
Several small changes to PseudoConstantAnalysis and the way IdempotentOperationChecker uses it.
...
- Psuedo -> Pseudo (doh...)
- C++ reference support
- Added pseudoconstant test case for __block vars
- Separated out static local checking from pseudoconstant analysis and generalized to non-local checking
- Added missing test cases for storage false positives
llvm-svn: 111832
2010-08-23 19:51:57 +00:00
796b5122d9
Handle nested compound values in BindArray for multidimensional arrays. Fixes PR7945.
...
llvm-svn: 111602
2010-08-20 01:05:59 +00:00
50e0105f1c
Add warning for functions/blocks that have attribute 'noreturn' but return a non-void result. (<rdar://problem/7562925>)
...
llvm-svn: 111492
2010-08-19 00:52:13 +00:00
b9933f365e
Added psuedo-constant analysis and integrated it into the false positive reduction stage in IdempotentOperationChecker.
...
- Renamed IdempotentOperationChecker::isConstant to isConstantOrPseudoConstant to better reflect the function
- Changed IdempotentOperationChecker::PreVisitBinaryOperator to only run 'CanVary' once on undefined assumptions
- Created new PsuedoConstantAnalysis class and added it to AnalysisContext
- Changed IdempotentOperationChecker to exploit the new analysis
- Updated tests with psuedo-constants
- Added check to IdempotentOperationChecker to see if a Decl is const qualified
llvm-svn: 111426
2010-08-18 21:17:24 +00:00
4f2ab5a549
Fix horrible CFG bug caused by a series of NullStmts appearing at the beginning of a do...while loop. This would cause
...
the body of the DoStmt to be disconnected from the preceding code.
llvm-svn: 111283
2010-08-17 21:00:06 +00:00
c129cc18f0
Added basic psuedoconstant checking in IdempotentOperationChecker and fixed some test cases.
...
llvm-svn: 111190
2010-08-16 21:43:52 +00:00
722f558f07
Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes:
...
- Fix memcpy() and friends to actually invalidate the destination buffer.
- Emit a different message for out-of-bounds buffer accesses if the buffer is being written to.
- When conjuring symbols, let ValueManager figure out the type.
llvm-svn: 111120
2010-08-16 07:51:42 +00:00
df28e8ec41
- Allow making ElementRegions with complex offsets (expressions or symbols) for the purpose of bounds-checking.
...
- Rewrite GRState::AssumeInBound to actually do that checking, and to use the normal constraint path.
- Remove ConstraintManager::AssumeInBound.
- Teach RegionStore and FlatStore to ignore those regions for now.
llvm-svn: 111116
2010-08-16 01:15:17 +00:00
2a2e21c902
Update CStringChecker to take advantage of the new metadata symbols and region change callback. Now does basic tracking of string length for general regions. Currently this is still only used for modeling strlen().
...
llvm-svn: 111081
2010-08-14 21:02:52 +00:00
a797475712
Add a test for alloca region extents.
...
llvm-svn: 111079
2010-08-14 20:46:10 +00:00
f8a9863df9
Improved IdempotentOperationChecker false positives and false negatives.
...
- Unfinished analysis may still report valid warnings if the path was completely analyzed
- New 'CanVary' heuristic to recursively determine if a subexpression has a varying element
- Updated test cases, including one known bug
- Exposed GRCoreEngine through GRExprEngine
llvm-svn: 110970
2010-08-12 22:45:47 +00:00
c6c0fc9164
Allow EvalBinOpNN to handle expressions of the form $a+$b if $b can be reduced to a constant.
...
llvm-svn: 110592
2010-08-09 20:31:57 +00:00
925501c548
Removed IdempotentOperationChecker from default analysis and returned back to a flag (-analyzer-check-idempotent-operations)
...
- Added IdempotentOperationChecker to experimental analyses for testing purposes
- Updated test cases to explictly call the checker
llvm-svn: 110482
2010-08-06 22:23:07 +00:00
396e041f5e
add test case.
...
llvm-svn: 110408
2010-08-06 00:04:40 +00:00
afdb053618
When checking if a buffer access is valid, first make sure the buffer has a valid Loc. Fixes PR7830.
...
llvm-svn: 110390
2010-08-05 23:11:30 +00:00
16ba7c652e
Fixed logic error in UnreachableCodeChecker's marking algorithm that would sometimes allow for multiple sequential statements to be flagged.
...
llvm-svn: 110353
2010-08-05 17:53:44 +00:00
1d08fd9b79
Correctly handle 'Class<...>' when examining Cocoa conventions in the static analyzer. Fixes a crash reported in <rdar://problem/8272168>. Patch by Henry Mason!
...
llvm-svn: 110289
2010-08-05 00:19:24 +00:00
b786156b01
Teach SemaChecking::CheckReturnStackAddr about ImplicitCastExprs that convert values to an lvalue. This allows us to warn (again) about returning references to stack variables. (fixes PR 7812).
...
llvm-svn: 110242
2010-08-04 20:01:07 +00:00
297e2e5bf6
Fix idempotent operations false positive caused by ivars not being invalidated in function
...
calls when the enclosing object had retain/release state. Fixes <rdar://problem/8261992>.
llvm-svn: 110068
2010-08-02 21:59:12 +00:00
4b83f753a1
Add test case for <rdar://problem/8258814>.
...
llvm-svn: 110058
2010-08-02 20:33:00 +00:00
fd91d27630
Improve flat store: MemRegion::getAsOffset() computes a region's offset within
...
the top-level object. FlatStore now can bind and retrieve element and field
regions.
PR7297 is fixed by flat store.
llvm-svn: 110020
2010-08-02 04:56:14 +00:00
a95172baa0
Only run the jump-checker if there's a branch-protected scope *and* there's
...
a switch or goto somewhere in the function. Indirect gotos trigger the
jump-checker regardless, because the conditions there are slightly more
elaborate and it's too marginal a case to be worth optimizing.
Turns off the jump-checker in a lot of cases in C++. rdar://problem/7702918
llvm-svn: 109962
2010-08-01 00:26:45 +00:00
d21139a34f
After a lengthy design discussion, add support for "ownership attributes" for malloc/free checking. Patch by Andrew McGregor!
...
llvm-svn: 109939
2010-07-31 01:52:11 +00:00
fe1a4944b1
Test case for PR7763.
...
llvm-svn: 109895
2010-07-30 21:42:31 +00:00
23f0f4b7ae
Move new test (that requires RegionStore) into its own file.
...
llvm-svn: 109736
2010-07-29 07:11:59 +00:00
daa1c83413
Use a LazyCompoundVal to handle initialization with a string literal, rather than copying each character.
...
llvm-svn: 109734
2010-07-29 06:40:33 +00:00
8bedb7dd3f
Teach GRExprEngine::VisitLValue() about FloatingLiteral, ImaginaryLiteral, and CharacterLiteral. Fixes an assertion failure reported in PR 7675.
...
llvm-svn: 109719
2010-07-29 01:31:59 +00:00
385f71b1f4
Augment RegionStore::BindStruct() to bind symbolicated struct values. This fixes a false path issue reported in <rdar://problem/8243408> and also spurs another cause where the idempotent operations checker fires.
...
llvm-svn: 109710
2010-07-29 00:28:47 +00:00
29a6250bf0
Added some false positive checking to UnreachableCodeChecker
...
- Allowed reporting of dead macros
- Added path walking function to search for false positives in conditional statements
- Updated some affected tests
- Added some false positive test cases
llvm-svn: 109561
2010-07-27 23:30:21 +00:00
83b598c14f
Finesse 'idempotent operations' analyzer issues to include the opcode of the binary operator for clearer error reporting. Also remove the 'Idempotent operation' prefix in messages; it's redundant since the bug type is the same.
...
llvm-svn: 109527
2010-07-27 18:49:08 +00:00
55442abee6
Don't warn about unreachable code if the block starts with __builtin_unreachable().
...
The next step is to warn if a block labeled unreachable is, in fact, reachable. Somewhat related to PR810.
llvm-svn: 109487
2010-07-27 03:39:53 +00:00
b052e8f436
Groundwork for C string length tracking. Currently only handles the length of constant string literals, which is not too helpful, and only calls to strlen() are checked.
...
llvm-svn: 109480
2010-07-27 01:37:31 +00:00
cba9f517ac
Added an path-sensitive unreachable code checker to the experimental analyzer checks.
...
- Created a new class to do post-analysis
- Updated several test cases with unreachable code to expect a warning
- Added some general tests
llvm-svn: 109286
2010-07-23 23:04:53 +00:00
5e6ef6d957
Add FILE* leak check to StreamChecker. Patch by Lei Zhang.
...
llvm-svn: 109225
2010-07-23 14:14:59 +00:00
f0c133fe88
This patch adds support for tmpfile in StreamChecker. Patch by Lei Zhang.
...
llvm-svn: 109106
2010-07-22 14:01:01 +00:00
cf144c6322
fix test case.
...
llvm-svn: 108671
2010-07-19 02:06:14 +00:00
ec5623570e
Add double close check to StreamChecker. Patch by Lei Zhang.
...
llvm-svn: 108669
2010-07-19 01:52:29 +00:00
b32964d02d
Fix '<rdar://problem/8202272> __imag passed non-complex should not crash' by removing a bogus assertion.
...
llvm-svn: 108602
2010-07-17 01:28:55 +00:00
8b9fd890e3
Fix APFloat assertion failure in IdempotentOperationChecker resulting in having
...
an APFloat with different "float semantics" than the compared float literal.
llvm-svn: 108590
2010-07-17 00:40:32 +00:00
826e6b4023
Improved false positive rate for the idempotent operations checker and moved it into the default path-sensitive analysis options.
...
- Added checks for static local variables, self assigned parameters, and truncating/extending self assignments
- Removed command line option (now default with --analyze)
- Updated test cases to pass with idempotent operation warnings
llvm-svn: 108550
2010-07-16 20:41:41 +00:00
33919e7450
fix PR7280 by making the warning on code like this:
...
int test1() {
return;
}
default to an error.
llvm-svn: 108108
2010-07-11 23:34:02 +00:00
d5d2e50f3e
Cleanup in CStringChecker. Now properly bifurcates the state for zero/nonzero sizes.
...
llvm-svn: 107935
2010-07-08 23:57:29 +00:00
65136fb669
Add memcmp() and bcmp() to CStringChecker. These check for valid access to the buffer arguments and have a special-case for when the buffer arguments are known to be the same address, or when the size is zero.
...
llvm-svn: 107761
2010-07-07 08:15:01 +00:00
33c829a6fd
Cleanup on CStringChecker and its associated tests. Also check for null arguments...which are allowed if the access length is 0!
...
llvm-svn: 107759
2010-07-07 07:48:06 +00:00
3956106543
implement PR7569, warning about assignment to null, which
...
people seem to write when they want a deterministic trap.
Suggest instead that they use a volatile pointer or
__builtin_trap.
llvm-svn: 107756
2010-07-07 06:14:23 +00:00
49f1e908b2
Fix idempotent operations test command line arguments.
...
llvm-svn: 107735
2010-07-06 23:47:26 +00:00
134a236a14
Add a new path-sensitive checker for functions in <string.h>, for both null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon.
...
llvm-svn: 107722
2010-07-06 23:11:01 +00:00
3ff08a8e76
Added a path-sensitive idempotent operation checker (-analyzer-idempotent-operation). Finds idempotent and/or tautological operations in a path sensitive context, flagging operations that have no effect or a predictable effect.
...
Example:
{
int a = 1;
int b = 5;
int c = b / a; // a is 1 on all paths
}
- New IdempotentOperationChecker class
- Moved recursive Stmt functions in r107675 to IdempotentOperationChecker
- Minor refactoring of SVal to allow checking for any integer
- Added command line option for check
- Added basic test cases
llvm-svn: 107706
2010-07-06 21:43:29 +00:00
4c0a919732
Oops, tabs --> spaces in test.
...
llvm-svn: 107634
2010-07-06 02:42:09 +00:00
40c5c24c06
Improve NULL-checking for CFRetain/CFRelease. We now remember that the argument was non-NULL, and we report where the null assumption came from (like AttrNonNullChecker already did).
...
llvm-svn: 107633
2010-07-06 02:34:42 +00:00
0704a7fe43
Support sizeof for VLA expressions (sizeof(someVLA)). sizeof(int[n]) still unimplemented. A VLA region's sizeof value matches its extent.
...
llvm-svn: 107611
2010-07-05 04:42:43 +00:00
e6b999bf9a
Track extents for VLAs.
...
llvm-svn: 107603
2010-07-05 00:50:15 +00:00
674bd55f02
Add a new symbol type, SymbolExtent, to represent the extents of memory regions that may not be known at compile-time (such as those created by malloc). This replaces the old setExtent/getExtent API on Store, which used the GRState's GDM to store SVals.
...
Also adds a getKnownValue() method to SValuator, which gets the integer value of an SVal if it is known to only have one possible value. There are more places in the code that could be using this, but in general we want to be dealing entirely in SVals, so its usefulness is limited.
The only visible functionality change is that extents are now honored for any DeclRegion, such as fields and Objective-C ivars, rather than just variables. This shows up in bounds-checking and cast-size-checking.
llvm-svn: 107577
2010-07-04 00:00:41 +00:00
bd862711fd
Fix PR 7475 by enhancing the static analyzer to also invalidate bindings for non-static global variables
...
when calling a function/method whose impact on global variables we cannot accurately estimate.
This change introduces two new MemSpaceRegions that divide up the memory space of globals, and causes
RegionStore and BasicStore to consult a binding to the NonStaticGlobalsMemSpaceRegion when lazily
determining the value of a global.
llvm-svn: 107423
2010-07-01 20:16:50 +00:00
639ffb0c07
Fix rdar://8139785 "implement warning on dead expression in comma operator"
...
As a bonus, fix the warning for || and && operators; it was emitted even if one of the operands had side effects, e.g:
x || test_logical_foo1();
emitted a bogus "expression result unused" for 'x'.
llvm-svn: 107274
2010-06-30 10:53:14 +00:00
dc48471861
Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.
...
llvm-svn: 107236
2010-06-30 01:35:20 +00:00
61176897ba
Pointer comparisons (and pointer-pointer subtraction). Basically filling in SimpleSValuator::EvalBinOpLL().
...
llvm-svn: 106992
2010-06-28 08:26:15 +00:00
7f8ea4d677
Implicitly compare symbolic expressions to zero when they're being used as constraints. Part of PR7491.
...
llvm-svn: 106972
2010-06-27 01:20:56 +00:00
c3bcc36a0b
When a constant size array is casted to another type, its length should be scaled as well.
...
llvm-svn: 106911
2010-06-25 23:23:04 +00:00
da42d523cf
Add dead stores C++ test case that was previously asserting due to an
...
invalid source range for CXXNewExpr.
llvm-svn: 106904
2010-06-25 22:48:52 +00:00
76abf19ea6
Fix -analyze-display-progress (once again), this time with an additional regression test.
...
llvm-svn: 106883
2010-06-25 20:59:24 +00:00
9aa0d39443
A bug I've introduced in STDIN handling surfaced a few broken tests, fix them.
...
Lexer/hexfloat.cpp is now XFAIL'd, I'd appreciate if someone could look into it.
llvm-svn: 106840
2010-06-25 12:48:07 +00:00
facf8a8e74
Add check for illegal whence argument of fseek.
...
llvm-svn: 106742
2010-06-24 13:36:41 +00:00
322ab26387
Don't depend on system headers in clang -cc1 tests.
...
The constant was copied from clang's limits.h.
llvm-svn: 106732
2010-06-24 11:06:12 +00:00
b016d6c3d8
Revert "Tweak tests to hopefully fix include of limits.h on win32.", tweak fails on linux.
...
llvm-svn: 106661
2010-06-23 18:31:33 +00:00
08748457b9
Tweak tests to hopefully fix include of limits.h on win32.
...
llvm-svn: 106639
2010-06-23 18:06:20 +00:00
2a33a0deef
Correctly construct an ElementRegion for alloca() + pointer arithmetic. Fixes analyzer
...
crash reported in PR 7450.
llvm-svn: 106609
2010-06-22 23:58:31 +00:00
79404afc1c
When folding additive operations, convert the values to the same type. When assuming relationships, convert the integers to the same type as the symbol, at least for now.
...
llvm-svn: 106458
2010-06-21 20:15:15 +00:00
3d85888d4e
If a nonnull argument evaluates to UnknownVal, don't warn (and don't crash).
...
llvm-svn: 106456
2010-06-21 20:08:28 +00:00
895c899142
Adds analyzer support for idempotent and tautological binary operations such as "a*0" and "a+0". This is not very powerful, but does make the analyzer look a little smarter than it actually is.
...
llvm-svn: 106402
2010-06-20 04:56:29 +00:00
2dd9b02cc8
Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.
...
llvm-svn: 106401
2010-06-20 04:30:57 +00:00
c0fe8429f2
Fold additive constants, and support comparsions of the form $sym+const1 <> const2
...
llvm-svn: 106339
2010-06-18 22:49:11 +00:00
e96a9132b8
Add null stream check for more APIs.
...
llvm-svn: 106274
2010-06-18 02:47:46 +00:00
5df037e808
Tweak stack address checker to report multiple cases where globals may reference stack memory.
...
Also refactor the diagnostics so that we print out the kind of stack memory returned.
llvm-svn: 106210
2010-06-17 04:21:37 +00:00
17504bea33
Rework StackAddrLeakChecker to find stores of stack memory addresses to global variables
...
by inspecting the Store bindings instead of iterating over all the global variables
in a translation unit. By looking at the store directly, we avoid cases where we cannot
directly load from the global variable, such as an array (which can result in an assertion failure)
and it also catches cases where we store stack addresses to non-scalar globals.
Also, but not iterating over all the globals in the translation unit, we maintain cache
locality, and the complexity of the checker becomes restricted to the complexity of the
analyzed function, and doesn't scale with the size of the translation unit.
This fixes PR 7383.
llvm-svn: 106184
2010-06-17 00:24:44 +00:00
0fa7cddbab
Add StreamChecker. This checker models and checks stream manipulation functions.
...
This is the start.
llvm-svn: 106082
2010-06-16 05:38:05 +00:00
4c721bf892
Change AnalysisConsumer to analyze functions created by instantiantiating a macro. Fixes PR 7361.
...
llvm-svn: 105984
2010-06-15 00:55:40 +00:00
1225aacacf
Merge StackAddrLeakChecker and ReturnStackAddressChecker.
...
llvm-svn: 105687
2010-06-09 06:08:24 +00:00
4200be5e76
Directly compare the StackFrameContext. This greatly simplifies logic and
...
improves generality. Thanks Ted.
llvm-svn: 105686
2010-06-09 05:50:38 +00:00
87e7fc5dc2
Add a checker check if a global variable holds a local variable's address after
...
the function call is left where the local variable is declared.
llvm-svn: 105602
2010-06-08 10:00:00 +00:00
3597b21f20
Catch free()s on non-regions and regions known to be not from malloc(), by checking the symbol type and memory space.
...
llvm-svn: 105547
2010-06-07 19:32:37 +00:00
2e22268904
Assignments to reference variables shouldn't kill the variable.
...
llvm-svn: 105452
2010-06-04 01:14:56 +00:00
41cdf585c2
CFG: add all LHS of assingments as lvalue. This improves support for C++ reference. Patch by Jordy.
...
llvm-svn: 105383
2010-06-03 06:23:18 +00:00
527ff6d1dc
Add support for calloc() in MallocChecker. Patch by Jordy Rose, with my
...
modification.
llvm-svn: 105264
2010-06-01 03:01:33 +00:00
4708f5a89b
After conversations with Zhongxing Xu and Jordy Rose, refine the logic in
...
RegionStoreManager::RetrieveElement() that handles indexing into a larger scalar
object to only consult the direct binding of a super region if it is a scalar.
This isn't perfect yet, and a big FIXME is attached to the code. This causes
the test case for PR 7218 now to pass.
llvm-svn: 105195
2010-05-31 01:22:04 +00:00
94aec9381d
Revert r105097. Thinking about a better fix.
...
llvm-svn: 105099
2010-05-29 06:49:04 +00:00
928a190a8e
Fix PR7218. Patch by Jordy Rose.
...
llvm-svn: 105097
2010-05-29 06:23:24 +00:00
15a0abd399
Discard qualifiers for ElementRegions so that a 'const' doesn't change the lookup semantics
...
in the symbol store. We may wish to push this down into the StoreManager itself.
llvm-svn: 104788
2010-05-27 00:29:00 +00:00
34ddec630c
Predefine the '__clang_analyzer__' macro when using '-analyze'.
...
llvm-svn: 104742
2010-05-26 21:36:54 +00:00
658dd8b176
CastSizeChecker checks when casting a malloc'ed symbolic region to type T,
...
whether the size of the symbolic region is a multiple of the size of T.
Fixes PR6123 and PR7217.
llvm-svn: 104584
2010-05-25 04:59:19 +00:00
a2448b85be
Update retain-release checker to understand changes to how 'super' is represented
...
in the ASTs. Fixes <rdar://problem/8015556>.
llvm-svn: 104389
2010-05-21 21:57:00 +00:00
304a9537e1
Fix crash in CFG construction for 'break' statements appearing in statement expressions
...
within the increment code of a for loop.
llvm-svn: 104375
2010-05-21 20:30:15 +00:00
ecc31c93c2
Don't add a null successor to a CFGBlock when the contents of an @synchronized statement is empty.
...
Fixes <rdar://problem/7979430>.
llvm-svn: 103717
2010-05-13 16:38:08 +00:00
1a56a488ed
Turn -analyzer-inline-call on for C functions. This also fixed a bug that
...
after inlining post-call checking shouldn't be done.
llvm-svn: 103161
2010-05-06 03:38:27 +00:00
9174b2c2f9
Make -analyzer-inline-call not a separate analysis. Instead it's a boolean
...
flag now, and can be used with other analyses. Only turned it on for C++
methods for now.
llvm-svn: 103160
2010-05-06 02:59:29 +00:00
685a1d818d
Refactor the AnalysisConsumer to analyze functions after the whole
...
translation unit is parsed. This enables us to inline some calls when still
analyzing one function at a time.
Actions are classified into Function, CXXMethod, ObjCMethod,
ObjCImplementation.
This does not hurt performance much. The analysis time for sqlite3.c:
before:
real 17m52.440s
user 17m49.460s
sys 0m2.010s
after:
real 18m0.500s
user 17m56.900s
sys 0m2.330s
DisplayProgress option is broken now. -inine-call action is removed. It
will be reenabled in another form, perhaps as an indenpendant option.
llvm-svn: 102689
2010-04-30 04:14:20 +00:00
989da5eeff
Fix CFG crasher involving statement expressions reported in PR 6938.
...
llvm-svn: 102576
2010-04-29 01:10:26 +00:00
f29231ece0
The second check point in the old test case was invalid.
...
llvm-svn: 101983
2010-04-21 02:22:25 +00:00
52c28fe61a
Add test cases.
...
llvm-svn: 101878
2010-04-20 05:48:57 +00:00
ef55dd17ec
Static analyzer: Don't crash when casting a symbolic region address to a float. Fixes PR 6854.
...
llvm-svn: 101499
2010-04-16 17:54:33 +00:00
8db54ff1de
Fix PR 6844, a regression caused by the introduction of llvm_unreachable for the default
...
case in GRExprEngine::Visit (in r101129). Instead, enumerate all Stmt cases and have
no 'default' case in the switch statement. When we encounter a Stmt we don't handle,
we should explicitly add it to the switch statement.
llvm-svn: 101378
2010-04-15 17:33:31 +00:00
5868ec6e3d
Fix CFG bug where bases of member expressions were not always evaluated in a lvalue context. Fixes <rdar://problem/7813989>.
...
llvm-svn: 100966
2010-04-11 17:02:10 +00:00
c68e140657
Improve diagnostics when we fail to convert from a source type to a
...
destination type for initialization, assignment, parameter-passing,
etc. The main issue fixed here is that we used rather confusing
wording for diagnostics such as
t.c:2:9: warning: initializing 'char const [2]' discards qualifiers,
expected 'char *' [-pedantic]
char *name = __func__;
^ ~~~~~~~~
We're not initializing a 'char const [2]', we're initializing a 'char
*' with an expression of type 'char const [2]'. Similar problems
existed for other diagnostics in this area, so I've normalized them all
with more precise descriptive text to say what we're
initializing/converting/assigning/etc. from and to. The warning for
the code above is now:
t.c:2:9: warning: initializing 'char *' from an expression of type
'char const [2]' discards qualifiers [-pedantic]
char *name = __func__;
^ ~~~~~~~~
Fixes <rdar://problem/7447179>.
llvm-svn: 100832
2010-04-09 00:35:39 +00:00
ea4a5abf61
Add static analyzer check for calls to 'pthread_once()' where the control-flow has
...
automatic storage. This matches the corresponding check for 'dispatch_once()'.
llvm-svn: 100803
2010-04-08 19:53:31 +00:00
198cb4df6e
Instead of counting totally diagnostics, split the count into a count
...
of errors and warnings. This allows us to emit something like this:
2 warnings and 1 error generated.
instead of:
3 diagnostics generated.
This also stops counting 'notes' because they are just follow-on information
about the previous diag, not a diagnostic in themselves.
llvm-svn: 100675
2010-04-07 18:47:42 +00:00
6e95bfc6a5
Fix crash in StoreManager::CastRegion() when the base region is a type with 0 size.
...
llvm-svn: 100594
2010-04-07 00:46:49 +00:00
f969841a1a
Teach MemRegion::getBaseRegion() about ObjCIvarRegions. We want to treat
...
them the same way as fields. This fixes a regression in RegionStore::RemoveDeadbindings()
that emerged from going to the cluster-based analysis.
llvm-svn: 100570
2010-04-06 22:06:03 +00:00
faa4905e0c
Always assume block-level expressions in the caller are alive when analyzing
...
the callee.
llvm-svn: 100429
2010-04-05 13:16:29 +00:00
640aad7667
Use the element type to compute the array size when the base region is a VarRegion.
...
Patch by Jordy Rose.
llvm-svn: 100099
2010-04-01 08:20:27 +00:00
c3e1f2f9ba
Fix a bug (PR 6699) in RegionStore::RemoveDeadBindings() where
...
array values with a non-zero offset would get prematurely pruned from the store.
llvm-svn: 100067
2010-04-01 00:15:55 +00:00
2d107f9d1d
RegionStore: specially handle loads from integer global variables declared 'const'.
...
Fixes a false positive reported in PR 6288.
llvm-svn: 99922
2010-03-30 20:31:04 +00:00
4be6a75884
Change the analyzer to recognize (but ignore) assignments to isa. Fixes PR 6302.
...
llvm-svn: 99904
2010-03-30 18:24:54 +00:00
97752f7c95
Improve diagnostics on incomplete implementation
...
of objc classes; including which methods
need be implemented and where they come from.
WIP.
llvm-svn: 99724
2010-03-27 19:02:17 +00:00
0f250e4c5b
Fix NoReturnFunctionChecker to properly look at a function's type
...
when determining if it returns. Fixes <rdar://problem/7796563>.
llvm-svn: 99663
2010-03-26 22:57:13 +00:00
bb6f5af4a4
Tweak null dereference diagnostics to give clearer diagnostics when
...
a null dereference results from a field access.
llvm-svn: 99236
2010-03-23 01:11:38 +00:00
28ec56d7dd
Improve the diagnostics for the UndefinedAssignmentChecker when an
...
uninitialized value is used in the LHS of a compound assignment.
llvm-svn: 99221
2010-03-22 22:16:26 +00:00
c517974e9e
Add test case for <rdar://problem/7770737>.
...
llvm-svn: 98979
2010-03-19 19:45:03 +00:00
c342c9c001
Refactor argument checking in CallAndMessageChecker to be the same
...
for both CallExprs and ObjCMessageExprs.
llvm-svn: 98800
2010-03-18 03:22:29 +00:00
9c05f4ef69
Detect pass-by-value arguments that are structs that contain
...
uninitialized data.
llvm-svn: 98796
2010-03-18 02:17:27 +00:00
e174fda979
Tweak dead stores checker to not emit a warning when initialization
...
a scalar variable with a scalar parameter. This is a
form of defensive programming. If the variable is unused,
it will be caused by -Wunused-variable.
llvm-svn: 98795
2010-03-18 01:22:39 +00:00
1bb6a1a593
Add use-after-free check to MallocChecker.
...
llvm-svn: 98136
2010-03-10 04:58:55 +00:00
575398e29b
When computing in AnalysisContext the variables referenced
...
by a block, also look at the contained blocks.
llvm-svn: 98111
2010-03-10 00:18:11 +00:00
5cb8d9d40f
When profiling Environment, also profile with AnalysisContext*, bacause
...
we now may have identical states with different analysis context.
Set the right AnalysisContext in state when entering and leaving a callee.
With both of the above changes, we can pass the test case.
llvm-svn: 97724
2010-03-04 09:04:52 +00:00
6b11b4e050
Add comments to test case.
...
llvm-svn: 97619
2010-03-03 01:02:48 +00:00
d497e126cb
Register all parameters even if they didn't occur in the function body.
...
We may query their liveness because they are added to store when passing
argument values.
llvm-svn: 97562
2010-03-02 10:08:30 +00:00
e334bb1a66
Add test case for inlining call analysis.
...
llvm-svn: 97300
2010-02-27 02:44:37 +00:00
d98d22b9af
Enhance the unused ivar checker to not consider an ivar to be accidentally unused
...
when it is explicitly marked as unused via __attribute__((unused)).
llvm-svn: 97104
2010-02-25 03:26:55 +00:00
8cf9eeb519
Remove test case dependancy on platform headers.
...
llvm-svn: 97088
2010-02-25 01:16:07 +00:00
d55522f02e
Add UnixAPIChecker, a meta checker to include various precondition checks for calls
...
to various unix/posix functions, e.g. 'open()'.
As a first check, check that when 'open()' is passed 'O_CREAT' that it has
a third argument.
llvm-svn: 97086
2010-02-25 00:20:35 +00:00
b4331a9908
Dead emit dead store warnings when assigning nil to an ObjC object
...
pointer (for defensive programming). This matches the behavior with
assigning NULL to a regular pointer. Fixes <rdar://problem/7631278>.
llvm-svn: 96985
2010-02-23 21:19:33 +00:00
e3c26d8f7e
Add test case for <rdar://problem/7242010>, which appears to have been fixed
...
in the recent changes to RegionStore::InvalidateRegions(). Note that we
are still not yet modeling 'memcpy()' explicitly.
llvm-svn: 96902
2010-02-23 07:17:57 +00:00
1fcc56c57a
Recognize attributes ns_returns_not_retained and cf_returns_not_retained
...
in the static analyzer.
llvm-svn: 96539
2010-02-18 00:06:12 +00:00
3eac2454dc
Add test case showing that a recursive block that captures a block pointer that
...
isn't marked '__block' is bad.
llvm-svn: 96357
2010-02-16 16:55:10 +00:00
228639746a
Add simpler checker to check if variables captured by a block are uninitialized.
...
llvm-svn: 96341
2010-02-16 08:33:59 +00:00
be36ecbb60
Fix pr6293. If ptr is NULL, no operation is preformed.
...
llvm-svn: 96154
2010-02-14 06:49:48 +00:00
1a6672a3d4
Enhance RegionStore::InvalidateRegions() to correctly invalidate bindings
...
by scanning through the values of LazyCompoundVals.
llvm-svn: 96067
2010-02-13 01:52:33 +00:00
499b4e3387
Fix lookup of fields from lazy bindings to check if the region is
...
NULL, not the store, to determine if a lookup succeeded. The store
can be null if it contained no bindings. This fixes a false positive
reported to me by a user of the analyzer.
llvm-svn: 95679
2010-02-09 19:11:53 +00:00
000a859f05
Add support for binding and retrieving VarRegions in flat store.
...
llvm-svn: 95529
2010-02-08 05:40:07 +00:00
bdfcacbe8f
Also teach RegionStore::RetrieveVar() to handle 'static' pointers that are implicitly initialized to NULL.
...
llvm-svn: 95479
2010-02-06 04:04:46 +00:00
30fe9ecac2
Fix regression in RegionStore (from BasicStore) where static variables were not treated as being implicitly initialized to 0 (and instead were getting symbolicated).
...
llvm-svn: 95478
2010-02-06 03:57:59 +00:00
5abd69d946
Teach RegionStore::InvalidateRegions() to also invalidate static variables referenced by blocks.
...
llvm-svn: 95459
2010-02-06 00:30:00 +00:00
94e6d98cae
Add test case showing the analyzer invalidates '__block' variables when the block is passed as an argument to an ObjC method.
...
llvm-svn: 95366
2010-02-05 06:10:46 +00:00
2f2692f8ca
Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.
...
llvm-svn: 95348
2010-02-05 02:06:54 +00:00
b6e400c87c
Rename -cc1 option '-warn-objc-missing-dealloc' to '-analyzer-check-objc-missing-dealloc'.
...
llvm-svn: 95347
2010-02-05 01:59:21 +00:00
61b506aa8f
Rename -cc1 option '-warn-objc-methodsigs' to '-analyzer-check-objc-methodsigs'.
...
llvm-svn: 95346
2010-02-05 01:57:44 +00:00
2d8ef71ae6
Rename -cc1 option '-warn-objc-unused-ivars' to '-analyzer-check-objc-unused-ivars'.
...
llvm-svn: 95345
2010-02-05 01:55:01 +00:00
d519b83757
Rename -cc1 option '-warn-dead-stores' to '-analyzer-check-dead-stores'.
...
llvm-svn: 95343
2010-02-05 01:52:40 +00:00
ec5b3d45c1
Rename -cc1 option '-warn-security-syntactic' to '-analyzer-check-security-syntactic'.
...
llvm-svn: 95342
2010-02-05 01:50:36 +00:00
fc8dbdf3c7
Add assorted test cases from PR 4172.
...
llvm-svn: 95297
2010-02-04 07:25:56 +00:00
49f878524c
Specially handle casts to 'void' in AdjustedReturnValueChecker.
...
llvm-svn: 95287
2010-02-04 04:18:55 +00:00
1e3b95580c
static analyzer: handle casts of a function to a function pointer with
...
a different return type. While we don't emit any errors (yet), at
least we avoid cases where we might crash because of an assertion
failure later on (when the return type differs from what is expected).
llvm-svn: 95268
2010-02-04 00:47:48 +00:00
d960564b76
Fix regression in RegionStore due to recent changes in
...
RegionStoreManager::InvalidateRegions() by adjusting the worklist to
iterate over BindingKeys instead of MemRegions. We also only need to
do the actual invalidation work on base regions, and for non-base
regions just blow away their bindings.
llvm-svn: 95200
2010-02-03 04:16:00 +00:00
416b923786
Explicitly check for casts to double or complex types instead of possibly asserting in SValuator.
...
llvm-svn: 95128
2010-02-02 21:11:40 +00:00
fab459fc95
Fix bug in GRExprEngine::VisitSizeOfAlignOfExpr() where we do not add
...
'Pred' to 'Dst' for cases we currently don't handle. This fixes
<rdar://problem/7593875>.
llvm-svn: 95048
2010-02-02 02:01:51 +00:00
e36bceb97d
Teach RegionStore to handle initialization of incomplete arrays in structures using a compound value. Fixes <rdar://problem/7515938>.
...
llvm-svn: 94622
2010-01-26 23:51:00 +00:00
0978af83b3
Insulate these from changes to the default for -Wunreachable-code.
...
llvm-svn: 94326
2010-01-23 20:12:18 +00:00
7872d4df93
Add test case.
...
llvm-svn: 93874
2010-01-19 12:11:55 +00:00
228b0d4def
Add support for computing size in elements for symbolic regions obtained from
...
malloc().
llvm-svn: 93722
2010-01-18 08:54:31 +00:00
5fcd99b10f
Add test case for pr6069.
...
llvm-svn: 93708
2010-01-18 04:01:40 +00:00
abf6ba1612
Don't suggest the developer use 'arc4random' instead of 'rand' when that function is not available. Fixes PR 6012.
...
llvm-svn: 93508
2010-01-15 08:20:31 +00:00
d74cc397c8
Teach BugReporter to "escape" the occurance of '%' characters in diagnostic messages when emitted results to the standard Diagnostics output. Fixes PR 6033.
...
llvm-svn: 93507
2010-01-15 07:56:51 +00:00
91df0ec92c
Simplify test case. This test case also applies to PR 6013.
...
llvm-svn: 93444
2010-01-14 19:47:50 +00:00
b9ad45ab60
Associate test case with Bugzilla PR.
...
llvm-svn: 93440
2010-01-14 19:38:41 +00:00
803ade2532
Fix pr6035.
...
llvm-svn: 93422
2010-01-14 03:45:06 +00:00
faa5417264
implement PR6004, warning about divide and remainder by zero.
...
llvm-svn: 93256
2010-01-12 21:23:57 +00:00
e47550e452
Enhance ScanReachableSymbols::scan(). Now another OSAtomic test case passes.
...
The old test case has a little mistake.
llvm-svn: 93148
2010-01-11 07:40:00 +00:00
cbbf855432
Enhance SVals::getAsRegion: get the region that is converted to an integer.
...
This with previous patch fixes a OSAtomic test case.
llvm-svn: 93146
2010-01-11 06:52:53 +00:00
be909b5eff
Switch RegionStore over to using <BaseRegion+raw offset> to store
...
value bindings. Along with a small change to OSAtomicChecker, this
resolves <rdar://problem/7527292> and resolves some long-standing
issues with how values can be bound to the same physical address by
not have the same "key". This change is only a beginning; logically
RegionStore needs to better handle loads from addresses where the
stored value is larger/smaller/different type than the loaded value.
We handle these cases in an approximate fashion now (via
CastRetrievedVal and help in SimpleSValuator), but it could be made
much smarter.
llvm-svn: 93137
2010-01-11 02:33:26 +00:00
ec144538ae
Make sure this test case tests analyzing both x86_64 and i386 archs.
...
llvm-svn: 93133
2010-01-10 22:31:25 +00:00
9635f6f5ef
Enhance test case.
...
llvm-svn: 93101
2010-01-10 02:52:56 +00:00
c6aa800eb3
Fix overzealous assertion in GRExprEngine::VisitLValue(). A
...
CallExpr/ObjCMessageExpr can be visited in an "lvalue" context if it
returns a struct temporary. Currently the analyzer doesn't reason
about struct temporary returned by function calls, but we shouldn't
crash here either.
llvm-svn: 93081
2010-01-09 22:58:54 +00:00
f9895c48fd
add a bunch of missing prototypes to tests
...
llvm-svn: 93072
2010-01-09 20:43:19 +00:00
9aa01441c3
Fix broken diagnostic when returning the address of a stack-allocated array.
...
llvm-svn: 93071
2010-01-09 20:05:00 +00:00
f1eeb78ffc
When binding an rvalue to a reference, create a temporary object. Use
...
CXXObjectRegion to represent it.
In Environment, lookup a literal expression before make up a value for it.
llvm-svn: 93047
2010-01-09 09:16:47 +00:00
b92304b42f
Fix handling in GRExprEngine of 'default' branch in switch statements
...
when the default case is winnowed down to be infeasible. When all
cases were ruled out (and the analysis state for the default case
would be infeasible) we would still consider the default case
possible. This fixes PR 5969.
llvm-svn: 93017
2010-01-08 18:54:04 +00:00
f22afe32f9
Move test case to a more appropriate file.
...
llvm-svn: 92725
2010-01-05 11:49:21 +00:00
e6a238b1df
Add test case.
...
llvm-svn: 92724
2010-01-05 11:47:58 +00:00
acd71a4562
Make static analysis support for C++ 'this' expression context-sensitive. Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
...
llvm-svn: 92675
2010-01-05 02:18:06 +00:00
b0e15df36b
Let constraint manager inform checkers that some assumption logic has happend.
...
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
llvm-svn: 92342
2009-12-31 06:13:07 +00:00
fd97ce6573
Add analyzer test case for 'ForStmt' with condition variable.
...
llvm-svn: 92120
2009-12-24 02:41:19 +00:00
1ce53c4320
CFG tweak: in a WhileStmt, the condition variable initializer is evaluated every time the condition is checked.
...
llvm-svn: 92111
2009-12-24 01:34:10 +00:00
09bc3b7df6
Teach GRExprEngine to handle the initialization of the condition variable of a WhileStmt.
...
llvm-svn: 92106
2009-12-24 00:54:56 +00:00
284d764418
Add test case for PR 4358.
...
llvm-svn: 92103
2009-12-24 00:48:11 +00:00
Douglas Gregor