Commit Graph

2757 Commits

Author SHA1 Message Date
Ted Kremenek bf27dc9659 Reenable using the PathDiagnosticClient for BugReports without paths.
llvm-svn: 49934
2008-04-18 22:11:59 +00:00
Ted Kremenek 31484b2477 Generalize caching mechanism for bugs reports. Now individual BugTypes
can decide the policy on how to cache related bugs.  This allows us to
properly to handle warning about multiple leaks in the same location in the
ref count checker (not yet done).

llvm-svn: 49918
2008-04-18 20:54:29 +00:00
Ted Kremenek c072b820cf Fixed more caching bugs related to the one fixed in r49914. Silence
compiler warning introduced by a recent patch of mine.

llvm-svn: 49917
2008-04-18 20:35:30 +00:00
Ted Kremenek acefba896c Fixed elusive caching bug that led to false positives.
llvm-svn: 49914
2008-04-18 19:34:16 +00:00
Ted Kremenek 4d83728a57 Added "GetErrorNodes()" to BugType so that -trim-egraph can recognize errors
from registered BugTypes.  This helps with debugging.

Add detection of NULL values in ref count checker; this suppresses false positives.

llvm-svn: 49912
2008-04-18 19:23:43 +00:00
Ted Kremenek 3388381993 Added "EvalAssume" virtual method to GRTransferFuncs; this is for evaluating
the checker-specific logic of symbolic assumptions.

llvm-svn: 49910
2008-04-18 17:20:23 +00:00
Ted Kremenek d004c418b6 Fixed bug in GREndPathNodeBuilder: only return a node if it wasn't in the node cache.
llvm-svn: 49907
2008-04-18 16:30:14 +00:00
Ted Kremenek f03e07c34d More grammar fixes.
llvm-svn: 49895
2008-04-18 05:32:44 +00:00
Ted Kremenek ca8892b456 Fix plurality debacle.
llvm-svn: 49894
2008-04-18 05:13:26 +00:00
Ted Kremenek 40d601f958 Added path diagnostics for reference counts.
llvm-svn: 49892
2008-04-18 04:55:01 +00:00
Ted Kremenek 396f43620f BugReport::VisitNode now takes BugReporter& instead of ASTContext&.
Shuffled around code in CFRefCount to better pair classes with implementation,
and started adding subclasses of RangedBugReport to handle better diagnostics
for reference count bugs.

llvm-svn: 49889
2008-04-18 03:39:05 +00:00
Ted Kremenek 89e6a9b98c Added null check.
llvm-svn: 49887
2008-04-18 02:24:50 +00:00
Ted Kremenek cffe635699 Simplified internal logic of BugReporter, consolidating EmitWarning and
EmitPathWarning into one method.  We now properly handle emitting warnings
without a PathDiagnosticClient when the warning does not involve a particular
statement.

llvm-svn: 49884
2008-04-18 01:56:37 +00:00
Ted Kremenek 69049c272f Modified BugReport::getEndPath() to handle the case where end path is at
the exit block of the CFG.

llvm-svn: 49880
2008-04-17 23:44:37 +00:00
Ted Kremenek cc0951bde1 Hook up reporting reference count memory leaks to the BugReporter mechanism.
llvm-svn: 49879
2008-04-17 23:43:50 +00:00
Ted Kremenek a506fec90a Added transfer function support for ReturnStmt to support detecting leaks
involving objects that are returned but have an excessive reference count.

llvm-svn: 49861
2008-04-17 18:12:53 +00:00
Argyrios Kyrtzidis fc2f058230 Fix MSVC compiler error: "initialization of 'VD' is skipped by 'case' label"
llvm-svn: 49853
2008-04-17 13:52:22 +00:00
Ted Kremenek 9c375158a0 Handle ReturnStmts by dispatching to "EvalReturn" in the transfer function object.
llvm-svn: 49826
2008-04-16 23:05:51 +00:00
Ted Kremenek cbf4c6134e CF ref. count checker: Register memory leaks at the end of a path.
llvm-svn: 49824
2008-04-16 22:32:20 +00:00
Ted Kremenek 86051690ea Bug fix in GREndPathNodeBuilderImpl: Use the specified state to construct
a node, not the state of the predecessor.

llvm-svn: 49823
2008-04-16 22:30:40 +00:00
Ted Kremenek c1f9a28e4d Added CFGBlock::getTerminatorCondition() to get the Expr* of the condition a block's terminator.
Refactored LiveVariables to use getTerminatorCondition() in VisitTerminator().

Bug fix: CFG now computes Block-level expression numbers using information
from block terminators.  This fixes <rdar://problem/5868189>.

llvm-svn: 49818
2008-04-16 21:10:48 +00:00
Ted Kremenek 7145489c37 Small tweaks to EvalStore: pass an "RVal" instead of "LVal" for the TargetLV to
represent possible stores to "Unknown."

llvm-svn: 49811
2008-04-16 20:40:59 +00:00
Ted Kremenek 673b5c1e42 Add missing file.
llvm-svn: 49805
2008-04-16 18:39:25 +00:00
Ted Kremenek 90c7cb6810 Hook up "EvalStore" from GRTransferFuncs to GRExprEngine.
llvm-svn: 49804
2008-04-16 18:39:06 +00:00
Ted Kremenek 2044a5183d Take first step to migrating handling of "stores" to values from GRExprEngine
to the plug-in GRTransferFuncs object.

llvm-svn: 49801
2008-04-16 18:21:25 +00:00
Ted Kremenek ed30e8da56 LiveVariables now updates the liveness state of block-level expressions that
are referenced by CFGBlock terminators.

llvm-svn: 49798
2008-04-16 17:07:59 +00:00
Ted Kremenek 08e562d3c8 In ExplodedGraphImpl::Trim, prioritize for paths that don't span loops by using
two worklists: for nodes whose locations are block edges with loop terminators
and another for nodes with all other locations.  We only dequeue from the loop
worklist when the other is empty.  Exploration of the graph is still in
reverse-BFS.

llvm-svn: 49791
2008-04-16 15:51:26 +00:00
Ted Kremenek 8cb96e92a1 Implemented toll-free bridging support for CF Reference count checker.
llvm-svn: 49771
2008-04-16 04:28:53 +00:00
Ted Kremenek e556f9e39c Simplify some code.
llvm-svn: 49763
2008-04-16 02:59:55 +00:00
Ted Kremenek 748c7ce4ba Added initial boilerplate to support toll-free bridging in the ref-count checker.
llvm-svn: 49756
2008-04-15 23:44:31 +00:00
Ted Kremenek 667cacb2ff Added some comments to GRExprEngine. Reorder some of the method definitions
to start logically organizing them.

Added initial plug-in transfer function support for Objective-C message expressions.

llvm-svn: 49752
2008-04-15 23:06:53 +00:00
Ted Kremenek 6204498aad Change "VisitBlockVarDecl" to "VisitVarDecl". UninitializedValues now works
as before r49748 (where BlockVarDecl was removed).

llvm-svn: 49749
2008-04-15 23:02:18 +00:00
Steve Naroff 08899ff85d Remove FileVarDecl and BlockVarDecl. They are replaced by VarDecl::isBlockVarDecl() and VarDecl::isFileVarDecl().
This is a fairly mechanical/large change. As a result, I avoided making any changes/simplifications that weren't directly related. I did break two Analysis tests. I also have a couple FIXME's in UninitializedValues.cpp. Ted, can you take a look? If the bug isn't obvious, I am happy to dig in and fix it (since I broke it).

llvm-svn: 49748
2008-04-15 22:42:06 +00:00
Ted Kremenek 82ff6d65bc Fix bug in terminator processing for uninitialized-values: simply ignore the terminator, don't reprocess it.
LiveVariables analysis now does a flow-insensitive analysis to determine what variables have their address taken; these variables are now always treated as being live.

The DataflowSolver now uses "SetTopValue()" when getting the initial value for the entry/exit block.

llvm-svn: 49734
2008-04-15 18:35:30 +00:00
Argyrios Kyrtzidis 45887902b6 Fix a compiler error on MSVC (variable name 'E' clash).
llvm-svn: 49727
2008-04-15 16:30:10 +00:00
Ted Kremenek 6d41b82ea4 Improve dead store diagnostic.
llvm-svn: 49711
2008-04-15 05:31:00 +00:00
Ted Kremenek 8adeebb274 Added initial support into the flow-sensitive dataflow solver to visit the Block-level expression
in a block's terminator.  This expression is visited within a block, but it is accessed by the
terminator.  This is important to observe because for live-variables analysis the block-level
expression is live between the terminator and where the expression occurs in the block.  So far
this hasn't been an issue to not observe this because the block-level expression used in the
terminator is always the last one in the block, and we have never queried the liveness information
about this point (but before the terminator).

llvm-svn: 49709
2008-04-15 04:39:08 +00:00
Ted Kremenek 66279073f7 Bug fix in dead stores: don't always check the liveness of the first decl
in a DeclStmt.

llvm-svn: 49708
2008-04-15 04:11:48 +00:00
Ted Kremenek cd76f95dd0 ++/-- makes a variable live since it is used; thus the liveness state is
"Alive" as opposed to staying the same.

llvm-svn: 49707
2008-04-15 04:08:54 +00:00
Ted Kremenek f4212bdbc3 Bug fix in LiveVariables: Operators ++/-- may kill a value, but the variable
is still live.

llvm-svn: 49705
2008-04-15 03:47:30 +00:00
Ted Kremenek 87bfc03f4a Don't flag dead stores that occur in macros.
llvm-svn: 49672
2008-04-14 18:28:25 +00:00
Ted Kremenek bae225d57a Have BugReporter::EmitWarning use the PathDiagnosticClient if it is available.
llvm-svn: 49668
2008-04-14 18:06:42 +00:00
Ted Kremenek 75ff623e2e Bug fix in dead-store checker when walking the Decls in a DeclStmt: don't
assume that DeclStmts only have VarDecls; they can have TypedefDecls.

llvm-svn: 49662
2008-04-14 17:52:13 +00:00
Ted Kremenek 12e721a728 Treat calls to unresolved functions in the CF-ref count checker as calls
to functions with NULL summaries.

llvm-svn: 49660
2008-04-14 17:45:13 +00:00
Ted Kremenek 7e15130dc9 Hooked up the dead-store checker to the BugReporter interface. Now dead-store
warnings are emitted as part of the warnings registered by GRSimpleVals.

llvm-svn: 49658
2008-04-14 17:39:48 +00:00
Ted Kremenek 8784a7c006 Add some boilerplate to report memory leaks at the end of an analyzed function.
Still need some boilerplate in BugReporter to report bugs at the end
of a function (not associated with a particular statement).

llvm-svn: 49564
2008-04-11 22:25:11 +00:00
Ted Kremenek 811c2b4edb Added "GREndPathNodeBuilder", a new node builder that will be used for
evaluating transfer functions at the end-of-path.

llvm-svn: 49561
2008-04-11 22:03:04 +00:00
Ted Kremenek 0a86fdb1ff Added FIXME
llvm-svn: 49558
2008-04-11 20:51:02 +00:00
Ted Kremenek 831f327568 Fix regression introduced by my last commit.
llvm-svn: 49556
2008-04-11 20:23:24 +00:00
Ted Kremenek a7c44113bc Changed behavior of how we handle "NULL" summaries: just call
GRSimpleVals::EvalCal(), and don't change reference counts.

Remove "getDoNothingSummary()", as a NULL summary does the same thing.

Added temporary hack for the "Get" rule for objects that return a pointer type:
treat them as non-owned CF objects.

Added test case to detect the release of a non-owned object.

llvm-svn: 49555
2008-04-11 20:11:19 +00:00
Ted Kremenek 988990f842 Use RangedBugReport to report better ranges for reference count errors.
llvm-svn: 49552
2008-04-11 18:40:51 +00:00
Ted Kremenek 6e38ffa517 Added "RangedBugReport".
llvm-svn: 49551
2008-04-11 18:40:29 +00:00
Ted Kremenek 4b77209694 Fixed some logic errors in the CF ref count checker; we now can detect simple
use-after-release errors.  Added test case.

llvm-svn: 49509
2008-04-10 23:44:06 +00:00
Ted Kremenek 3c03d52d6e Simplify CF ref. count checker state machine.
llvm-svn: 49505
2008-04-10 23:09:18 +00:00
Ted Kremenek 22bd628056 Fix some bonehead bugs in summary generation in CFRefCount.
llvm-svn: 49503
2008-04-10 22:58:08 +00:00
Ted Kremenek 4a78c3ae11 Refactored all logic to run the GRSimpleVals and CFRef checker into a common
code path in the clang driver.

Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.

llvm-svn: 49500
2008-04-10 22:16:52 +00:00
Ted Kremenek ea1bc3bec6 CFRefCount analysis now properly calls "EmitWarnings" after analyzing a function.
llvm-svn: 49488
2008-04-10 16:21:09 +00:00
Ted Kremenek 42d9db75f0 When not emitting path diagnostics in BugReporter::EmitWarning(), use the
BugReport-specific SourceRanges (when available).

llvm-svn: 49486
2008-04-10 16:12:38 +00:00
Ted Kremenek 83744ddbd9 Fixed regressions in error reporting due to copy-paste errors (using the "begin"
iterator instead of "end") and not implementing "getDescription()" for Nil
argument checks.

llvm-svn: 49485
2008-04-10 16:05:13 +00:00
Ted Kremenek c8bef6a076 Hooked up initial reference-count checks to the BugReporter interface.
llvm-svn: 49455
2008-04-09 23:49:11 +00:00
Ted Kremenek 7acc3a36ef Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter.
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.

GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.

ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.

llvm-svn: 49453
2008-04-09 21:41:14 +00:00
Ted Kremenek ce8e881dc3 Added some boilerplate for emitting warnings from the CF-reference count checker.
llvm-svn: 49414
2008-04-09 01:10:13 +00:00
Ted Kremenek 3cef454e2e Added new "BugReporterHelper" class which is used by BugReporter to emit
checker-specific diagnostics.

llvm-svn: 49412
2008-04-09 00:20:43 +00:00
Ted Kremenek e73006ee45 Improve BugReport diagnostics for loops and ? operator.
llvm-svn: 49356
2008-04-07 23:35:17 +00:00
Chris Lattner 1e830c07a2 templates can't be static.
llvm-svn: 49258
2008-04-06 04:22:39 +00:00
Ted Kremenek d1a2efadba Added investigate patch for an occasionally failing assertion (heisenbug?)
llvm-svn: 49193
2008-04-03 21:44:24 +00:00
Ted Kremenek 10569cdd87 Better range highlight for undefined-argument checks.
llvm-svn: 49184
2008-04-03 18:52:25 +00:00
Ted Kremenek 5f5592062b When reporting "bad receiver" warnings, highlight the receiver.
llvm-svn: 49183
2008-04-03 18:46:16 +00:00
Ted Kremenek 89575b7bcb Use "getRanges" in default implementation of "getEndPath" to determine
the ranges of highlighted elements in the source code.

llvm-svn: 49181
2008-04-03 18:00:37 +00:00
Ted Kremenek cb2dc8eca5 Hooked up GRSimpleAPICheck and the simple Objective-C Foundation checks to use
the new BugReporter interface.

llvm-svn: 49180
2008-04-03 17:57:38 +00:00
Ted Kremenek ca40664275 Handle the case when getEndPath() returns NULL.
llvm-svn: 49155
2008-04-03 07:33:55 +00:00
Ted Kremenek e4c029e7aa Add back bug name to PathDiagnostic.
llvm-svn: 49139
2008-04-03 05:23:19 +00:00
Ted Kremenek 4e9cc3f272 When creating PathDiagnostics, created a trimmed graph first and report the
BFS path to the root.  This also avoids problems with loops in the ExplodedGraph.

llvm-svn: 49133
2008-04-03 04:59:14 +00:00
Ted Kremenek 505a36afc6 Created new path-sensitive bug-reporting scheme based on the classes
"BugReporter" and "BugDescription".  BugDescription is used to describe
a bug and provide pieces of the PathDiagnostic, and BugReporter creates
the actual PathDiagnostic by crawling through the ExplodedGraph.

Migrated checks done by GRSimpleVals to be reported using the new BugReporter
mechanism.

llvm-svn: 49127
2008-04-03 04:42:52 +00:00
Ted Kremenek 33d03a52f0 80 col violation
llvm-svn: 49120
2008-04-02 22:08:09 +00:00
Ted Kremenek 744fb6d9e7 Added more PathDiagnostic rendering for terminators: switch, goto, loops.
llvm-svn: 49119
2008-04-02 22:03:53 +00:00
Ted Kremenek 383bfd27d0 Shorted bug-description.
llvm-svn: 49102
2008-04-02 18:02:54 +00:00
Chris Lattner 182f660d8d simplify some code by using PointerLikeType.
llvm-svn: 49101
2008-04-02 17:45:06 +00:00
Ted Kremenek d12d21c000 Beginning of some cleanups; start generating path diagnostics using objects
that describe a bug.

llvm-svn: 49086
2008-04-02 07:05:46 +00:00
Ted Kremenek 2c71d51513 Added initial hacked support for display path diagnostics with
GRSimpleVals warnings.  Cleaning up, but now we get multiple bubbles (branches are annotated).

llvm-svn: 49077
2008-04-02 05:15:22 +00:00
Ted Kremenek 94896e17bb Patch by Argiris Kirtzidis: Fix a dangling pointer error!
llvm-svn: 49057
2008-04-01 22:35:58 +00:00
Ted Kremenek e9f2a90d1f Do not prepend the keyword "[CHECKER]" to checker messages when using
a PathDiagnosticClient.

llvm-svn: 48996
2008-03-31 20:42:43 +00:00
Ted Kremenek bb7f03f926 Include ranges in GRSimpleVals diagnostics.
llvm-svn: 48990
2008-03-31 18:44:32 +00:00
Ted Kremenek c27815ca82 Inlined clang/Analysis/Analyses/GRSimpleVals.h into LocalCheckers.h and removed
GRSimpleVals.h

Added a PathDiagnosticClient option to the driver functions for the
CFRefCountChecker and the GRSimpleVals analysis. Both analyses now accept a "-o"
argument from the driver that specifies where HTML reports should be dumped.

llvm-svn: 48989
2008-03-31 18:26:32 +00:00
Ted Kremenek f646774f32 Added path-sensitive check for return statements that return the address
of a stack variable.  This is the path-sensitive version of a check that
is already done during semantic analysis.

llvm-svn: 48980
2008-03-31 15:02:58 +00:00
Ted Kremenek c719424caa Added skeleton checking for NSString's method initWithFormat: (do not pass nil). This won't be useful in most cases right now
because the analyzer isn't tracking expected types for an object, and [NSString alloc] just runs "id".

llvm-svn: 48917
2008-03-28 16:09:38 +00:00
Ted Kremenek 276278e5d2 Expanded NSString checking to check for nil for a few more methods.
llvm-svn: 48898
2008-03-27 22:05:32 +00:00
Ted Kremenek 2e4e7ccb22 Add line SourceLocation to NSString checks.
Added test case to test warning about passing 'nil' to NSString's compare: method.

llvm-svn: 48896
2008-03-27 21:23:57 +00:00
Ted Kremenek 27156c8c9f Hooked up initial NSString interface checking to GRSimpleVals.
llvm-svn: 48895
2008-03-27 21:15:17 +00:00
Ted Kremenek a4d60b6de3 Add creation of BasicObjCFoundationChecks when running GRSimpleVals from the driver.
llvm-svn: 48886
2008-03-27 17:17:22 +00:00
Ted Kremenek c04149299c Added "GRAuditor" and "GRSimpleAPICheck" interface to allow simple stateless checkers to be injected into the analyzer.
Added "AnnotatedPath" class to record an annotated path that will be useful for inspecting paths.
Added some boilerplate code for simple checks of Apple's Foundation API.

llvm-svn: 48867
2008-03-27 07:25:52 +00:00
Ted Kremenek 710714c365 PathDiagnosticPiece no longer contains a vector of strings; just one string.
PathDiagnostic no longer contains a diagnostic ID or diagnostic level.

llvm-svn: 48864
2008-03-27 06:16:40 +00:00
Ted Kremenek 4fa20c9bba Added classes "PathDiagnosticPiece", "PathDiagnostic", and "PathDiagnosticClient", which encapsulate diagnostic reporting for paths.
llvm-svn: 48861
2008-03-27 03:49:32 +00:00
Ted Kremenek ea128437b3 Bug fix: use GetRVal instead of GetLVal (were getting the value of a DeclRefExpr, not it's address).
llvm-svn: 48846
2008-03-26 22:21:58 +00:00
Ted Kremenek cb047289a8 Bug fix in transfer function for ObjCMessageExpr: Visit the receiver expression as an ordinary expression, not using VisitLVal.
llvm-svn: 48842
2008-03-26 21:36:08 +00:00
Ted Kremenek 4b55badc39 GRSimple analysis now outputs additional diagnostic warnings about
passing an uninitialized value to a message expresion.

llvm-svn: 48776
2008-03-25 16:40:05 +00:00
Ted Kremenek 3335120f69 Tweak to transfer function for ObjCMessageExpr: handle both instance methods
and message expressions with a specified receiver.

llvm-svn: 48773
2008-03-25 16:07:41 +00:00
Ted Kremenek 945a246ad8 Added logic to check for uninitialized values as the receivers for message expressions
and uninitialized values passed-by-value as arguments to message expressions.

llvm-svn: 48760
2008-03-25 02:10:28 +00:00
Ted Kremenek 64100da427 Added initial transfer function support for ObjCMessageExpr.
llvm-svn: 48757
2008-03-25 00:34:37 +00:00
Ted Kremenek fb475ec504 Changed merge operation for uninitialized values analysis to "intersect" (previous union).
The effect is that if a variable is uninitialized along a branch (but initialized along another), at merge points it is considered uninitialized.  Previously we had the opposite behavior.  The new behavior is more conservative, and more in line with gcc's behavior.

llvm-svn: 48689
2008-03-22 20:11:00 +00:00
Ted Kremenek 181f72369f Rename "Nodify" to "MakeNode"
llvm-svn: 48659
2008-03-21 21:30:14 +00:00
Ted Kremenek b7151c7ca8 LiveVariables analysis now uses intersect for the merge of block-level expression liveness information.
The rationale is that a block-level expression cannot be live in a parent block unless it is live in all of the successor blocks.

llvm-svn: 48618
2008-03-20 21:46:49 +00:00
Ted Kremenek a9b30c0651 Fix assertion.
llvm-svn: 48470
2008-03-17 22:18:22 +00:00
Ted Kremenek 9eae403cde Fix integer overflow bug when processing switch statements.
llvm-svn: 48469
2008-03-17 22:17:56 +00:00
Ted Kremenek 58021a617b Properly hook up inline asm transfer function logic to the main GRExprEngine logic.
llvm-svn: 48468
2008-03-17 21:31:48 +00:00
Ted Kremenek 7c7a331f74 Added initial transfer function support for inline asm.
llvm-svn: 48466
2008-03-17 21:11:24 +00:00
Chris Lattner 7a51313d8a Make a major restructuring of the clang tree: introduce a top-level
lib dir and move all the libraries into it.  This follows the main
llvm tree, and allows the libraries to be built in parallel.  The
top level now enforces that all the libs are built before Driver,
but we don't care what order the libs are built in.  This speeds
up parallel builds, particularly incremental ones.

llvm-svn: 48402
2008-03-15 23:59:48 +00:00