maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
120,277 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

1238 Commits

Author SHA1 Message Date
Jordy Rose 63b84be6cb [analyzer] Fix handling of "copy zero bytes" for memcpy and friends. 
llvm-svn: 132607
 2011-06-04 00:04:22 +00:00
Jordy Rose aee7fb9e64 [analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker) 
llvm-svn: 132605
 2011-06-03 23:42:56 +00:00
Ted Kremenek f230198f15 Tighen analyzer diagnostics w.r.t ObjC/CF leaks. 
llvm-svn: 132130
 2011-05-26 18:45:44 +00:00
Ted Kremenek 4c5d2888f4 static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen. 
llvm-svn: 132100
 2011-05-25 23:57:29 +00:00
Ted Kremenek 86d49ce20c Teach analyzer about cf_returns_not_retained for C functions. 
llvm-svn: 132049
 2011-05-25 06:29:39 +00:00
Ted Kremenek 8e2c9b0180 Enhance retain/release checker to flag warnings when functions returning CG types do not follow the Core Foundation naming conventions. 
llvm-svn: 132048
 2011-05-25 06:19:45 +00:00
Ted Kremenek 3a60114085 Add explicit CFG support for ignoring static_asserts. 
llvm-svn: 132001
 2011-05-24 20:41:31 +00:00
Ted Kremenek 109b127e02 Fix regression in static analyzer's handling of prefix '--' operator. It was being treated as postfix '--' in C mode. 
llvm-svn: 131770
 2011-05-20 23:40:06 +00:00
Ted Kremenek f377cb82f9 Teach RegionStore not to symbolic array values whose indices it cannot reason about. 
llvm-svn: 131702
 2011-05-19 23:37:58 +00:00
Ted Kremenek 5f06955aa0 Teach static analyzer to analyze Objective-C methods in category implementations. 
llvm-svn: 131614
 2011-05-19 00:56:53 +00:00
Ted Kremenek 6878c36328 Elide __label__ declarations from the CFG. This resolves a crash in CFGRecStmtDeclVisitor (crash in static analyzer). 
llvm-svn: 131141
 2011-05-10 18:42:15 +00:00
Lenny Maiorani 5066858bcd Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated. 
llvm-svn: 130758
 2011-05-03 16:34:26 +00:00
Ted Kremenek e9f364f658 Tweak the retain/release checker to not stop tracking retained objects when calling C++ methods. This is a temporary solution to prune false positives until we have a general story using annotations. 
llvm-svn: 130726
 2011-05-02 21:21:42 +00:00
Ted Kremenek aa181174e7 Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. 
llvm-svn: 130711
 2011-05-02 19:42:42 +00:00
Lenny Maiorani 0b510279c6 Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower(). 
llvm-svn: 130708
 2011-05-02 19:05:49 +00:00
Ted Kremenek 8067746554 Move the SelfInit checker to the 'cocoa.experimental' package. 
llvm-svn: 130598
 2011-04-30 06:46:45 +00:00
Ted Kremenek e8e565ab81 Adjust test/Analysis/retain-release.m to also test the retain/release checker in Objective-C++ mode. 
llvm-svn: 130559
 2011-04-29 23:15:53 +00:00
Lenny Maiorani 4af23c8159 Implements strcasecmp() checker in Static Analyzer. 
llvm-svn: 130398
 2011-04-28 15:09:11 +00:00
Lenny Maiorani 005b5c1aee More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again. 
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks! 

llvm-svn: 130303
 2011-04-27 14:49:29 +00:00
Ted Kremenek 08b434f450 Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without 
resulting to lazy logic.  This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.

llvm-svn: 130292
 2011-04-27 05:34:09 +00:00
Argyrios Kyrtzidis a9b630e4d7 Emit a -Wnull-dereference warning for "*null" not just "*null = something". Addresses rdar://9269271. 
llvm-svn: 130207
 2011-04-26 17:41:22 +00:00
Lenny Maiorani e553e40467 Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582. 
llvm-svn: 130161
 2011-04-25 22:21:00 +00:00
Ted Kremenek 11e5c8b31a Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II. 
llvm-svn: 130003
 2011-04-22 18:01:30 +00:00
Anders Carlsson d1f65f61ee Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746. 
llvm-svn: 129741
 2011-04-19 01:16:46 +00:00
Richard Smith 0c502d2a62 Fix PR9741. The implicit declarations created for range-based for loops weren't being added to the DeclContext (nor were they being marked as implicit). Also, the declarations were being emitted in the wrong order when building the CFG. 
llvm-svn: 129700
 2011-04-18 15:49:25 +00:00
Chris Lattner 57540c5be0 fix a bunch of comment typos found by codespell. Patch by 
Luis Felipe Strano Moraes!

llvm-svn: 129559
 2011-04-15 05:22:18 +00:00
Ted Kremenek ced5feaec9 Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols. 
llvm-svn: 129395
 2011-04-12 21:47:05 +00:00
Ted Kremenek 8a4c760c20 ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset. 
llvm-svn: 129366
 2011-04-12 17:21:33 +00:00
Lenny Maiorani f3539ad5c7 This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. 
llvm-svn: 129364
 2011-04-12 17:08:43 +00:00
Ted Kremenek f52718899f static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression. 
llvm-svn: 129349
 2011-04-12 05:12:39 +00:00
Ted Kremenek 57a4a152b2 Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic. 
llvm-svn: 129348
 2011-04-12 03:49:37 +00:00
Ted Kremenek 4f939da02d RegionStoreManager::invalidateRegions: treat classes the same as structs. 
llvm-svn: 129333
 2011-04-12 00:44:31 +00:00
Ted Kremenek e0d2b8c58c Teach GRState::getSValAsScalarOrLoc() about C++ references. 
llvm-svn: 129329
 2011-04-12 00:28:12 +00:00
Ted Kremenek 8ef59e5c03 C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls. 
llvm-svn: 129308
 2011-04-11 22:22:05 +00:00
Lenny Maiorani 467dbd5f13 strcat() and strncat() model additions to CStringChecker. 
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.

llvm-svn: 129215
 2011-04-09 15:12:58 +00:00
Ted Kremenek f603f3afbd Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs 
to be reworked to model CallEnter/CallExit (just like all other calls).  For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.

llvm-svn: 129166
 2011-04-08 22:42:35 +00:00
John McCall 3337ca5f95 When updating the retain summary based on {cf,ns}_consumed attributes, 
be sure to consume the argument index that actually had the attribute
rather than always the first.  rdar://problem/9234108

llvm-svn: 128998
 2011-04-06 09:02:12 +00:00
Lenny Maiorani de909e4946 Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119. 
Also, brings the security syntax checker more inline with coding standards.

llvm-svn: 128916
 2011-04-05 20:18:46 +00:00
Ted Kremenek 378819342e Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes: 
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.

The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.

llvm-svn: 128858
 2011-04-04 23:29:12 +00:00
Argyrios Kyrtzidis 3657c006cc Change test/Analysis/idempotent-operations.c to output the .plist file in the test output directory. 
llvm-svn: 128849
 2011-04-04 22:30:01 +00:00
Ted Kremenek 850d35be16 Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522. 
llvm-svn: 128783
 2011-04-03 04:09:15 +00:00
Ted Kremenek 8f89f7c893 Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type. 
llvm-svn: 128761
 2011-04-02 02:56:23 +00:00
Lenny Maiorani 6ffe738f24 Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. 
llvm-svn: 128679
 2011-03-31 22:09:14 +00:00
Lenny Maiorani 79d74141b1 Adding Static Analyzer checker for mempcpy(). 
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.

llvm-svn: 128677
 2011-03-31 21:36:53 +00:00
Ted Kremenek 40d16c0e75 Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead, 
recover some path-sensitivity by conjuring a symbol.

llvm-svn: 128612
 2011-03-31 04:46:53 +00:00
Ted Kremenek 61a4f6682a Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized. 
llvm-svn: 128611
 2011-03-31 04:04:48 +00:00
Ted Kremenek 98a24e37c5 Begin reworking static analyzer support for C++ method calls. The current logic was divorced 
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions.  This is a significant step into
making C++ analyzer support more useful.

llvm-svn: 128557
 2011-03-30 17:41:19 +00:00
Anders Carlsson 642b03413f Don't add a symbolic region for 'this' if the member function is static. 
llvm-svn: 128340
 2011-03-26 14:30:44 +00:00
Ted Kremenek 49c79790de Rework checker "packages" and groups to be more hierarchical. 
llvm-svn: 128187
 2011-03-24 00:28:47 +00:00
Ted Kremenek 70727343cf Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'. 
llvm-svn: 127798
 2011-03-17 04:10:25 +00:00
Ted Kremenek 6fa1daede5 Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods. 
llvm-svn: 127797
 2011-03-17 04:01:35 +00:00
Ted Kremenek 3e5ad5932e Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without 
invalidating the entire binding.  Fixes PR 9455.

llvm-svn: 127796
 2011-03-17 03:51:51 +00:00
Ted Kremenek 4ceebbf54d VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods. 
llvm-svn: 127719
 2011-03-16 00:22:51 +00:00
Ted Kremenek cdb2ae587a Remove bogus assertion in IdempotentOperationsChecker. 
llvm-svn: 127687
 2011-03-15 19:27:57 +00:00
Ted Kremenek 792798549f Remove old UninitializedValues analysis. 
llvm-svn: 127656
 2011-03-15 03:17:01 +00:00
Ted Kremenek 066b226daa Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression. 
Also add a test case showing that we correctly report multiple warnings for the same message expression.

llvm-svn: 127605
 2011-03-14 19:50:37 +00:00
Anders Carlsson d91d5f162f Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types. 
Ted or Argiris, I'd appreciate a review!

llvm-svn: 127572
 2011-03-13 20:35:21 +00:00
Ted Kremenek 53e6538fa8 Fix CFG assertion failure reported in PR 9467. This was due to recent changes in optimizing CFGs for switch statements. 
llvm-svn: 127563
 2011-03-13 03:48:04 +00:00
Jakob Stoklund Olesen 609e814a4a XFAIL this on windows where <vector> contains surprises. 
llvm-svn: 127559
 2011-03-13 00:55:43 +00:00
Ted Kremenek cd628393bb Tweak test to hopefully appease FreeBSD buildbot. 
llvm-svn: 127533
 2011-03-12 08:19:43 +00:00
Ted Kremenek 9997656600 Remove stray output file. 
llvm-svn: 127532
 2011-03-12 06:15:01 +00:00
Ted Kremenek a4a57c10da Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group. 
llvm-svn: 127531
 2011-03-12 06:14:28 +00:00
Ted Kremenek f89710b936 Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators. 
This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).

llvm-svn: 127525
 2011-03-12 02:49:15 +00:00
Ted Kremenek 4bb6c6b37e static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects. 
llvm-svn: 127288
 2011-03-08 23:18:00 +00:00
Anders Carlsson 3c50aea73f Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString. 
llvm-svn: 127268
 2011-03-08 20:05:26 +00:00
Carl Norum 58d489fc6e Fix tests to account for new warning "expected ';' at end of declaration list". Sorry, folks! 
llvm-svn: 127188
 2011-03-07 22:57:45 +00:00
Ted Kremenek eff9a7ff91 Teach CFGBuilder to prune trivially unreachable case statements. 
llvm-svn: 126797
 2011-03-01 23:12:55 +00:00
Argyrios Kyrtzidis 9eb02dfa89 [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award. 
llvm-svn: 126676
 2011-02-28 19:49:42 +00:00
Argyrios Kyrtzidis af181bb19b Move test/SemaObjC/method-arg-decay.m -> test/Analysis/method-arg-decay.m 
llvm-svn: 126675
 2011-02-28 19:49:21 +00:00
Argyrios Kyrtzidis 6a1c760760 [analyzer] Run the ExprEngine depending on the CheckerManager having path-sensitive checkers. 
llvm-svn: 126674
 2011-02-28 19:49:17 +00:00
Argyrios Kyrtzidis 20f5caa518 [analyzer] The current UninitializedValuesChecker will go away, remove '-warn-uninit-values'. 
llvm-svn: 126673
 2011-02-28 19:49:12 +00:00
Argyrios Kyrtzidis 2c49ec7f1d [analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2. 
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.

llvm-svn: 126659
 2011-02-28 17:36:18 +00:00
Argyrios Kyrtzidis 6d6801c5c7 [analzyer] Migrate CallAndMessageChecker to CheckerV2. 
llvm-svn: 126626
 2011-02-28 01:28:13 +00:00
Argyrios Kyrtzidis 6fff2e3d36 [analyzer] Migrate AttrNonNullChecker to CheckerV2. 
llvm-svn: 126623
 2011-02-28 01:28:01 +00:00
Argyrios Kyrtzidis 4dc7fb37cb [analyzer] Migrate ReturnUndefChecker to CheckerV2. 
llvm-svn: 126619
 2011-02-28 01:27:46 +00:00
Argyrios Kyrtzidis 098874a2f8 [analyzer] Migrate UndefinedAssignmentChecker to CheckerV2. 
llvm-svn: 126617
 2011-02-28 01:27:37 +00:00
Argyrios Kyrtzidis 753b3ca32f [analyzer] Migrate UndefBranchChecker to CheckerV2. 
llvm-svn: 126616
 2011-02-28 01:27:33 +00:00
Argyrios Kyrtzidis 60b6da721f [analyzer] Migrate UndefCapturedBlockVarChecker to CheckerV2. 
llvm-svn: 126615
 2011-02-28 01:27:26 +00:00
Argyrios Kyrtzidis d4d3cee6e4 [analyzer] Migrate UndefResultChecker to CheckerV2. 
llvm-svn: 126614
 2011-02-28 01:27:22 +00:00
Argyrios Kyrtzidis 142dbbfcd8 [analyzer] Migrate NoReturnFunctionChecker to CheckerV2. 
llvm-svn: 126613
 2011-02-28 01:27:17 +00:00
Argyrios Kyrtzidis 3e7ab19863 [analyzer] Move the DeadStores checker out of the 'core' package. 
-Now it gets enabled with '-analyzer-checker=DeadStores'.
-The driver passes the above flag by default.

llvm-svn: 126612
 2011-02-28 01:27:12 +00:00
Argyrios Kyrtzidis f3ed8b631d [analyzer] Migrate BuiltinFunctionChecker to CheckerV2. 
llvm-svn: 126611
 2011-02-28 01:27:07 +00:00
Argyrios Kyrtzidis b2cf708395 [analyzer] Migrate OSAtomicChecker to CheckerV2. 
llvm-svn: 126610
 2011-02-28 01:27:02 +00:00
Argyrios Kyrtzidis 0a9ce3ec8f [analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2. 
Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow

llvm-svn: 126609
 2011-02-28 01:26:57 +00:00
Argyrios Kyrtzidis 560bbb1241 [analyzer] Turn -analyzer-stats into -analyzer-checker=debug.Stats 
llvm-svn: 126608
 2011-02-28 01:26:50 +00:00
Argyrios Kyrtzidis 21c9423ef4 [analyzer] Remove '-analyzer-experimental-checks' flag. 
llvm-svn: 126607
 2011-02-28 01:26:43 +00:00
Argyrios Kyrtzidis 183f0fb4cf [analyzer] Migrate MallocChecker to CheckerV2. 
llvm-svn: 126606
 2011-02-28 01:26:35 +00:00
Anders Carlsson 6774b1f1c1 Add -fcxx-exceptions to all tests that use C++ exceptions. 
llvm-svn: 126599
 2011-02-28 00:40:07 +00:00
Ted Kremenek e925322f41 Update test cases. 
llvm-svn: 126523
 2011-02-25 22:19:14 +00:00
Argyrios Kyrtzidis b388f77ad9 [analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't have any checkers associated with it anymore. 
llvm-svn: 126440
 2011-02-24 21:43:08 +00:00
Argyrios Kyrtzidis 8b08906411 [analyzer] Migrate CastSizeChecker to CheckerV2. 
llvm-svn: 126438
 2011-02-24 21:42:49 +00:00
Argyrios Kyrtzidis c08d89e6c2 Allow passing a list of comma separated checker names to -analyzer-checker, e.g: 
-analyzer-checker=cocoa,unix

llvm-svn: 126372
 2011-02-24 08:42:20 +00:00
Argyrios Kyrtzidis dd407f423b [analyzer] Migrate ArrayBoundChecker to CheckerV2. 
llvm-svn: 126371
 2011-02-24 08:42:12 +00:00
Argyrios Kyrtzidis 7bc0141043 [analyzer] Migrate ReturnPointerRangeChecker to CheckerV2. 
llvm-svn: 126369
 2011-02-24 08:41:57 +00:00
Ted Kremenek d813801384 Fix tiny error in CFG construction for BinaryConditionalOperators, making sure the branch always has two successors. Also teach Environment::getSVal() about OpaqueValueExprs. 
This fixes a crash reported in PR9287, and also fixes a false positive involving the value of such ternary
expressions not properly getting propagated.

llvm-svn: 126362
 2011-02-24 03:09:15 +00:00
Chandler Carruth 4c6fdca035 Implement a warning for known shift overflows on constant shift 
expressions. Consider the code:

  int64_t i = 10 << 30;

This compiles fine, but most developers expect it to produce the value
for 10 gigs, not -2 gigs. This is actually undefined behavior because
the LHS is a signed integer type.

The warning is currently gated behind -Wshift-overflow.

There is a special case where only the sign bit is overridden that gets
a custom error message and is by default ignored. This case is much less
likely to cause observed buggy behavior, it's just undefined behavior
according to the spec. This warning can be enabled with
-Wshift-sign-overflow.

Original patch by Oleg Slezberg, with style tweaks and some correctness
fixes by me.

llvm-svn: 126342
 2011-02-23 23:34:11 +00:00
Ted Kremenek fb1a79af7a Add CStringChecker support for strncpy. Patch by Lenny Maiorani! 
llvm-svn: 126188
 2011-02-22 04:58:34 +00:00
Ted Kremenek 280a01fa1b Add CStringChecker support for strnlen. Patch by Lenny Maiorani! 
llvm-svn: 126187
 2011-02-22 04:55:05 +00:00
Ted Kremenek 828f631af1 Fix a CFGBuilder bug exposed on convoluted control-flow in the Linux kernel. 
llvm-svn: 126149
 2011-02-21 22:11:26 +00:00
Anders Carlsson 479d6f51e3 Pass -fexceptions to all tests that use try/catch/throw. 
llvm-svn: 126037
 2011-02-19 19:23:03 +00:00
Argyrios Kyrtzidis eb8357c1d8 [analyzer] Fix crash when analyzing C++ code. 
llvm-svn: 126025
 2011-02-19 08:03:18 +00:00
John McCall 8377967543 Warn about code that uses variables and functions with internal linkage 
without defining them.  This should be an error, but I'm paranoid about
"uses" that end up not actually requiring a definition.  I'll revisit later.

Also, teach IR generation to not set internal linkage on variable
declarations, just for safety's sake.  Doing so produces an invalid module
if the variable is not ultimately defined.

Also, fix several places in the test suite where we were using internal
functions without definitions.

llvm-svn: 126016
 2011-02-19 02:53:41 +00:00
Argyrios Kyrtzidis 21f347e729 [analyzer] Fix crash when analyzing C++ code. 
llvm-svn: 126013
 2011-02-19 01:59:41 +00:00
Argyrios Kyrtzidis e34245b30b [analyzer] Fix crash when analyzing C++ code. 
llvm-svn: 126007
 2011-02-19 01:08:41 +00:00
Argyrios Kyrtzidis 1227f3afca [analyzer] Disable a test until inlining CXXConstructExprs is fully investigated. 
llvm-svn: 126006
 2011-02-19 01:08:37 +00:00
Argyrios Kyrtzidis ec016464ca [analyzer] Fix crash when analyzing C++ code. 
llvm-svn: 125963
 2011-02-18 21:24:56 +00:00
Argyrios Kyrtzidis 32d1040519 [analyzer] Fix a crash when analyzing C++ code. 
llvm-svn: 125958
 2011-02-18 20:55:19 +00:00
Argyrios Kyrtzidis 57d736fd46 [analyzer] Use the new registration mechanism for the debugging info "checks". 
The relative checker package is 'debug':

'-dump-live-variables' is replaced by '-analyzer-checker=debug.DumpLiveVars'
'-cfg-view' is replaced by '-analyzer-checker=debug.ViewCFG'
'-cfg-dump' is replaced by '-analyzer-checker=debug.DumpCFG'

llvm-svn: 125780
 2011-02-17 21:39:39 +00:00
Argyrios Kyrtzidis af45aca670 [analyzer] Use the new registration mechanism on the non-path-sensitive-checkers: 
DeadStoresChecker
  ObjCMethSigsChecker
  ObjCUnusedIvarsChecker
  SizeofPointerChecker
  ObjCDeallocChecker
  SecuritySyntaxChecker

llvm-svn: 125779
 2011-02-17 21:39:33 +00:00
Chandler Carruth 1af88f12a3 Enhance the array bounds checking to work for several other constructs, 
especially C++ code, and generally expand the test coverage.

Logic adapted from a patch by Kaelyn Uhrain <rikka@google.com> and
another Googler.

llvm-svn: 125775
 2011-02-17 21:10:52 +00:00
John McCall c07a0c7e48 Change the representation of GNU ?: expressions to use a different expression 
class and to bind the shared value using OpaqueValueExpr.  This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait;  or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.

Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.

This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here.  In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.

I've tried to update the analyzer to deal with this in at least some          
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.

llvm-svn: 125744
 2011-02-17 10:25:35 +00:00
Ted Kremenek 64699befcd Add trivial buffer overflow checking in Sema. 
llvm-svn: 125640
 2011-02-16 01:57:07 +00:00
Argyrios Kyrtzidis 9d4d4f9104 [analyzer] Use the new registration mechanism on the apple checkers: 
NilArgChecker
  CFNumberCreateChecker
  NSAutoreleasePoolChecker
  CFRetainReleaseChecker
  ClassReleaseChecker

llvm-svn: 125636
 2011-02-16 01:40:52 +00:00
Argyrios Kyrtzidis a9215281de [analyzer] Use the new registration mechanism on some of the experimental internal checkers: 
CastToStructChecker
  FixedAddressChecker
  PointerArithChecker
  PointerSubChecker

llvm-svn: 125612
 2011-02-15 22:55:20 +00:00
Argyrios Kyrtzidis b2400924d9 [analyzer] Use the new registration mechanism on the IdempotentOperationChecker. 
llvm-svn: 125611
 2011-02-15 22:55:14 +00:00
Argyrios Kyrtzidis 2d3905ffac [analyzer] Use the new registration mechanism on some of the experimental checks. These are: 
CStringChecker
   ChrootChecker
   MallocChecker
   PthreadLockChecker
   StreamChecker
   UnreachableCodeChecker

MallocChecker creates implicit dependencies between checkers and needs to be handled differently.

llvm-svn: 125598
 2011-02-15 21:25:03 +00:00
Argyrios Kyrtzidis a6d04d541d [analyzer] Use the new registration mechanism on some of the internal checks. These are: 
StackAddrLeakChecker
ObjCAtSyncChecker
UnixAPIChecker
MacOSXAPIChecker

The rest have/create implicit dependencies between checkers and need to be handled differently.

llvm-svn: 125559
 2011-02-15 07:42:33 +00:00
Argyrios Kyrtzidis 556c45e9c5 [analyzer] Overhauling of the checker registration mechanism. 
-Checkers will be defined in the tablegen file 'Checkers.td'.
-Apart from checkers, we can define checker "packages" that will contain a collection of checkers.
-Checkers can be enabled with -analyzer-checker=<name> and disabled with -analyzer-disable-checker=<name> e.g:
	Enable checkers from 'cocoa' and 'corefoundation' packages except the self-initialization checker:
	-analyzer-checker=cocoa -analyzer-checker=corefoundation -analyzer-disable-checker=cocoa.SelfInit
-Introduces CheckerManager and CheckerProvider. CheckerProviders get the set of checker names to enable/disable and
 register them with the CheckerManager which will be the entry point for all checker-related functionality.

Currently only the self-initialization checker takes advantage of the new mechanism.

llvm-svn: 125503
 2011-02-14 18:13:31 +00:00
Ted Kremenek 5794ef6950 Fix edge case where we don't cull warnings in IdempotentOperationsChecker due to incomplete analysis of loops. 
llvm-svn: 125495
 2011-02-14 17:59:23 +00:00
Ted Kremenek 9909df3b3a Handle 'UsingDirective' in CFGRecStmtDeclVisitor. 
llvm-svn: 125491
 2011-02-14 17:00:16 +00:00
Ted Kremenek c059798756 Teach the IdempotentOperations checker to ignore property setters. 
llvm-svn: 125443
 2011-02-12 18:50:03 +00:00
Ted Kremenek 70aeefa17e Weaken the ObjCSelfInitChecker to only warn when one calls an 'init' method within an 'init' method. This is a temporary stop gap to avoid false positives while we investigate how to make it smarter. 
llvm-svn: 125427
 2011-02-12 03:03:54 +00:00
Ted Kremenek 395f1ac038 Add test case for <rdar://problem/6888289>. 
llvm-svn: 125424
 2011-02-12 01:25:04 +00:00
Ted Kremenek 10b5926e29 static analyzer: Also invalidate instance variables of a receiver in a message expression, just as we do with parameters. 
Fixes <rdar://problem/8725041>.

llvm-svn: 125422
 2011-02-12 01:01:31 +00:00
Ted Kremenek b1c392aa56 Don't emit a dead store for '++' operations unless it occurs with a return statement. We've never seen any other cases that were real bugs. 
Fixes <rdar://problem/6962292>.

llvm-svn: 125419
 2011-02-12 00:17:19 +00:00
Ted Kremenek 9865d7f0e6 Don't report dead stores on unreachable code paths. Fixes <rdar://problem/8405222>. 
llvm-svn: 125415
 2011-02-11 23:24:26 +00:00
Ted Kremenek 6cc8f5d83c Add test case for PR 8646. 
llvm-svn: 125401
 2011-02-11 20:13:27 +00:00
Ted Kremenek 1953f97ac9 analyzer, retain/release checker: Remove hack where objects passed in message to 'self' are no longer tracked. 
llvm-svn: 125130
 2011-02-08 22:54:26 +00:00
Argyrios Kyrtzidis dd03d8ddaa [analyzer] Fix a false positive of the 'self' initialization checker. 
A common pattern in classes with multiple initializers is to put the
subclass's common initialization bits into a static function that receives
the value of 'self', e.g:

   if (!(self = [super init]))
     return nil;
   if (!(self = _commonInit(self)))
     return nil;

It was reported that 'self' was not set to the result of [super init].
Until we can use inter-procedural analysis, in such a call, transfer the
ObjCSelfInitChecker flags associated with 'self' to the result of the call.

Fixes rdar://8937441 & http://llvm.org/PR9094

llvm-svn: 124940
 2011-02-05 05:54:53 +00:00
Argyrios Kyrtzidis 58f8b590e1 [analyzer] Fix a crash until we can handle temporary struct objects properly. 
llvm-svn: 124822
 2011-02-03 22:01:32 +00:00
Ted Kremenek e57d88c6a3 Add test case for dead stores checker to not flag dead assignments to 'self' within a nested assignment. 
llvm-svn: 124681
 2011-02-01 20:45:26 +00:00
Argyrios Kyrtzidis 8b6ec6870f Warn for "if ((a == b))" where the equality expression is needlessly wrapped inside parentheses. 
It's highly likely that the user intended an assignment used as condition.

Addresses rdar://8848646.

llvm-svn: 124668
 2011-02-01 18:24:22 +00:00
Ted Kremenek afe348ea43 Wire up attributes 'ns_consumed' and 'cf_consumed' in the static analyzer's ObjC retain/release checker. 
llvm-svn: 124386
 2011-01-27 18:43:03 +00:00
Argyrios Kyrtzidis add754a02e [analyzer] Fix crash when handling dot syntax on 'super'. 
llvm-svn: 124376
 2011-01-27 16:17:11 +00:00
Ted Kremenek 0e89838ced Hook up attribute ns_consumes_self in the ObjC retain/release checker in the static analyzer. 
llvm-svn: 124360
 2011-01-27 06:54:14 +00:00
Argyrios Kyrtzidis c7ffd35cb7 [analyzer] Enable the self-init checker under command-line option '-analyzer-check-objc-self-init' which by default 
is enabled by the driver for '--analyze'.

llvm-svn: 124266
 2011-01-26 01:26:50 +00:00
Argyrios Kyrtzidis 8781b7dded [analyzer] Improve the diagnostic for the self-init checker. Suggestion by Ted! 
llvm-svn: 124263
 2011-01-26 01:26:41 +00:00
Argyrios Kyrtzidis 3ae681eb12 [analyzer] Do the self-init check only on NSObject subclasses. Patch by Jean-Daniel Dupas! 
llvm-svn: 124249
 2011-01-25 23:54:44 +00:00
Ted Kremenek fedad3c668 Don't try and symbolicate unions; we don't reason 
about them yet.  Fixes crash reported in PR 9049.

llvm-svn: 124228
 2011-01-25 21:08:47 +00:00
Ted Kremenek 7fd987de23 Tweak wording of static analyzer diagnostic 
for a block capturing the value of an uninitialized
variable.

llvm-svn: 124212
 2011-01-25 19:13:42 +00:00
John McCall 4bb483629f Change the wording of the bad-decl-for-attribute warning and error 
to make it clear that we're talking about the declarations and not the types.

llvm-svn: 124175
 2011-01-25 03:51:08 +00:00
John McCall ed433937c2 Add the ns_consumes_self, ns_consumed, cf_consumed, and ns_returns_autoreleased 
attributes for the benefit of the static analyzer.

llvm-svn: 124174
 2011-01-25 03:31:58 +00:00
Argyrios Kyrtzidis ffb08c46fa [analyzer] Handle the dot syntax for properties in the ExprEngine. 
We translate property accesses to obj-c messages by simulating "loads" or "stores" to properties
using a pseudo-location SVal kind (ObjCPropRef).

Checkers can now reason about obj-c messages for both explicit message expressions and implicit
messages due to property accesses.

llvm-svn: 124161
 2011-01-25 00:04:03 +00:00
Ted Kremenek a1ec4f39f4 Enhance AnalysisConsumer to also visit functions 
and methods defined within 'namespace X { ... }'.

llvm-svn: 123921
 2011-01-20 17:09:48 +00:00
Ted Kremenek 95d874fa5d Teach RegionStore::EnterStackFrame() to handle 
the case where the called function has fewer
formal arguments than actual arguments.  This
fixes a crash in the analyzer when doing
function call inlining.

Patch by Zhenbo Xu!

llvm-svn: 123458
 2011-01-14 20:29:43 +00:00
Ted Kremenek f224820b45 Remove warning in dead stores checker for 
dead stores within nested assignments.  I have
never seen an actual bug found by this specific
warning, and it can lead to many false positives.

llvm-svn: 123394
 2011-01-13 20:58:56 +00:00
Zhongxing Xu 3a3c0fd2d1 CXXBaseObjectRegion is like FieldRegion. Need to blast through it when 
getting the base region. This makes the RemoveDeadBindings() correct.

llvm-svn: 123375
 2011-01-13 12:46:31 +00:00
Zhongxing Xu 0d87e0c65b Support inlining base initializers. We still haven't got it completely right, 
since the bindings are purged after they are set up. Need to investigate
RemoveDeadBindings algorithm.

llvm-svn: 123374
 2011-01-13 12:30:12 +00:00
Ted Kremenek 304b6e4aa1 Fix a corner case in RegionStore where we assign 
a struct value to a symbolic index into array.
RegionStore can't actually reason about this,
so we were getting bogus warnings about loading
uninitialized values from the array.  The solution
is invalidate the entire array when we cannot
represent the binding explicitly.

Fixes <rdar://problem/8848957>

llvm-svn: 123368
 2011-01-13 06:58:15 +00:00
Argyrios Kyrtzidis 4b7433fab2 [analyzer] Introduce ObjCSelfInitChecker, which checks initialization methods to verify that they assign 'self' to the 
result of an initialization call (e.g. [super init], or [self initWith..]) before using any instance variable or
returning 'self'.

llvm-svn: 123264
 2011-01-11 19:45:25 +00:00
Ted Kremenek a00bccc0c5 Rework ExprEngine::processCFGBlockEntrance() 
to use a node builder.  This paves the way
for Checkers to interpose (via a "visit" method)
at the entrance to blocks.

llvm-svn: 123217
 2011-01-11 06:37:47 +00:00
Zhongxing Xu 5609e21337 In C++, assignment and compound assignment operators return an lvalue. 
llvm-svn: 123158
 2011-01-10 03:54:19 +00:00
Fariborz Jahanian 3aa19e9a70 Fold -fobjc-nonfragile-abi2 into -fobjc-nonfragile-abi. 
// rdar://8818375

llvm-svn: 122831
 2011-01-04 20:05:20 +00:00
Ted Kremenek 5614c46fcf Add basic support for pointer arithmetic in 
SimpleSValBuilder.  This clears up some
false positives emitted by ArrayBoundCheckerV2
due to the lack of support for pointer arithmetic.

llvm-svn: 122546
 2010-12-24 08:39:33 +00:00
Ted Kremenek bd5fcdf803 It's amazing what you find when you actually 
set the RUN line correctly in a test file!

Mark a bunch of tests for ArrayBoundCheckerV2
as FIXME's, as our current lack of pointer
arithmetic handling causes these to be all
false positives/negatives.

llvm-svn: 122471
 2010-12-23 02:42:49 +00:00
Ted Kremenek e73571b9cc Add WIP prototype of a new buffer overflow 
checker based on using raw (symbolic) byte offsets
from a base region.

llvm-svn: 122469
 2010-12-23 02:42:43 +00:00
Zhongxing Xu 6f8a8f92b8 If the unary operator is prefix and an lvalue (in C++), bind 
the location (l-value) to it.

llvm-svn: 122396
 2010-12-22 08:38:13 +00:00
Zhongxing Xu 7089250f5a After inlining the CXXConstructExpr, bind the temporary object region to it. 
This change is necessary when the variable is a const reference and we need
the l-value of the construct expr.  After that, when binding the variable,
recover the lazy compound value when the variable is not a reference.

In Environment, use the value of a no-op cast expression when it has one.
Otherwise, blast-through it.

llvm-svn: 122388
 2010-12-22 07:20:27 +00:00
Zhongxing Xu 7e2a9fd620 If the initializer is an rvalue and the variable is a const reference, 
create a temporary object for it.

llvm-svn: 122161
 2010-12-19 02:26:37 +00:00
Ted Kremenek b44f0f9abe Fix assertion failure in cocoa::deriveNamingConvention() 
when the selector is the string 'mutable'.

llvm-svn: 122046
 2010-12-17 07:11:57 +00:00
Ted Kremenek edb1cdff77 Revise Cocoa conventions detection: 'copy' and 'mutableCopy' 
only indicates the create rule if it starts
at the beginning of the method name, not
within the method name.

llvm-svn: 122036
 2010-12-17 04:44:43 +00:00
John McCall 57cdd88897 Do lvalue-to-rvalue conversions on the LHS of a shift operator. 
Fixes rdar://problem/8776586.

llvm-svn: 121992
 2010-12-16 19:28:59 +00:00
Ted Kremenek 8219b82125 Start migration of static analyzer to using the 
implicit lvalue-to-rvalue casts that John McCall
recently introduced.  This causes a whole bunch
of logic in the analyzer for handling lvalues
to vanish.  It does, however, raise a few issues
in the analyzer w.r.t to modeling various constructs
(e.g., field accesses to compound literals).

The .c/.m analysis test cases that fail are
due to a missing lvalue-to-rvalue cast that
will get introduced into the AST.  The .cpp
failures were more than I could investigate in
one go, and the patch was already getting huge.
I have XFAILED some of these tests, and they
should obviously be further investigated.

Some highlights of this patch include:

- CFG no longer requires an lvalue bit for
  CFGElements
- StackFrameContext doesn't need an 'asLValue'
  flag
- The "VisitLValue" path from GRExprEngine has
  been eliminated.

Besides the test case failures (XFAILed), there
are surely other bugs that are fallout from
this change.

llvm-svn: 121960
 2010-12-16 07:46:53 +00:00
Ted Kremenek f9f944166a Add test case for r120795. 
llvm-svn: 120796
 2010-12-03 06:53:12 +00:00
Argyrios Kyrtzidis e72f7154f1 Follow through references to catch returned stack addresses, local blocks, label addresses or references to temporaries, e.g: 
const int& g2() {
  int s1;
  int &s2 = s1; // expected-note {{binding reference variable 's2' here}}
  return s2; // expected-warning {{reference to stack memory associated with local variable 's1' returned}}
}

llvm-svn: 120483
 2010-11-30 22:57:32 +00:00
Argyrios Kyrtzidis 091d97c709 Revert r120331 since it causes spurious warnings and a possible assertion hit when self-host. 
llvm-svn: 120351
 2010-11-29 23:42:03 +00:00
Argyrios Kyrtzidis 569cad9734 Emit warnings if we are returning a reference to a local temporary. 
The issue was brought to our attention by Matthieu Monrocq.

llvm-svn: 120331
 2010-11-29 22:32:08 +00:00
Zhongxing Xu ec0b8e32ee Regionstore: support derived-to-base cast by creating a CXXBaseObjectRegion. 
llvm-svn: 120173
 2010-11-26 08:21:53 +00:00
Zhongxing Xu 33f13595c9 handle CXXFunctionalCastExpr in visitLValue and Environment. 
llvm-svn: 120143
 2010-11-25 03:18:57 +00:00
Zhongxing Xu 8be65a792f When getting CXXThisRegion from CXXMethodDecl, use the qualifiers. This is 
to be consistent with the type of 'this' expr in the method.
此行及以下内容将会被忽略--

M    test/Analysis/method-call.cpp
M    include/clang/Checker/PathSensitive/GRExprEngine.h
M    lib/Checker/GRCXXExprEngine.cpp

llvm-svn: 120094
 2010-11-24 13:48:50 +00:00
Zhanyong Wan 6dace61730 Fix PR8419. Reviewed by kremenek and xuzhongxing. 
llvm-svn: 119960
 2010-11-22 08:45:56 +00:00
Zhongxing Xu 2c966716ff Handle CFGAutomaticObjDtor. 
llvm-svn: 119897
 2010-11-20 06:53:12 +00:00
Ted Kremenek 0c27bcfd05 Static analyzer: Catch calls to malloc() with 
allocation sizes of 0 bytes.

Fixes PR 2899.

llvm-svn: 119364
 2010-11-16 18:47:04 +00:00
Zhongxing Xu 1ade3267d7 Handle member initializer in C++ ctor. 
- Add a new Kind of ProgramPoint: PostInitializer.
 - Still use GRStmtNodeBuilder. But special handling PostInitializer in 
   GRStmtNodeBuilder::GenerateAutoTransition().
 - Someday we should clean up the interface of GRStmtNodeBuilder.

llvm-svn: 119335
 2010-11-16 07:52:17 +00:00
Ted Kremenek 18fb1665bf Remove invalid assertion from CFG builder. When building the CFG pieces for a ternary '?' expression, 
it is possible for the confluence block to only have a single predecessor due to calls to 'noreturn'
functions.  Fixes assertion failure reported in PR 8619.

llvm-svn: 119284
 2010-11-15 22:59:22 +00:00
Ted Kremenek db73d599b7 Relax assertion in SValuator so that we don't crash when analyzing a call via a function pointer that 
casts the return value to something completely different.  While we need better reasoning here,
we should definately not crash.

llvm-svn: 119177
 2010-11-15 20:09:42 +00:00
Zhongxing Xu fee455fcf5 Revert r118991. 
Elidable CXXConstructExpr should inhibit calling destructor for temporary 
that is copied, not the one created. This is because eliding copy constructor 
means that the object that was to be copied will be constructed directly in 
memory the copy would be constructed in.

llvm-svn: 119044
 2010-11-14 15:23:50 +00:00
Zhongxing Xu 1b038fa00f Do not add implicit dtors for CXXBindTemporaryExpr with elidable 
CXXConstructExpr.

llvm-svn: 118991
 2010-11-13 07:30:59 +00:00
Ted Kremenek 843c53828f RegionStore/BasicStore: do not return UndefinedVal for accesses to concrete addresses; instead return UnknownVal. This 
leads it up to checkers (e.g., DereferenceChecker) to guard against illegal accesses (e.g., null dereferences).

Fixes PR 5272 and <rdar://problem/6839683>.

llvm-svn: 118852
 2010-11-11 23:10:10 +00:00
Ted Kremenek dcf85a8d18 Teach AttrNonNullChecker about transparent unions. Fixes crash reported in <rdar://problem/8642434>. 
llvm-svn: 118473
 2010-11-09 02:11:43 +00:00
Zhongxing Xu 0806da8f28 fix test case. 
llvm-svn: 118166
 2010-11-03 11:24:56 +00:00
Marcin Swiderski 3ab17ad8ec Added generating destructors for temporary objects. Two cases I know of, that are not handled properly: 
1. For statement: const C& c = C(0) ?: C(1) destructors generated for condition will not differ from those generated for case without prolonged lifetime of temporary,
2. There will be no destructor for constant reference member bound to temporary at the exit from constructor.

llvm-svn: 118158
 2010-11-03 06:19:35 +00:00
Douglas Gregor e5a6fed7dc Make my test case test what it meant to 
llvm-svn: 117974
 2010-11-01 23:33:11 +00:00
Douglas Gregor 4b8eca88b0 Teach the CStringChecker and PthreadLockChecker about non-identifier 
declaration names, from Jim Goodnow II!

llvm-svn: 117970
 2010-11-01 23:16:05 +00:00
Zhongxing Xu 627a1868d2 Now initializer of C++ record type is visited as block-level expr. 
Let the destination of AggExprVisitor be an explicit MemRegion. 
Reenable the test case.

llvm-svn: 117908
 2010-11-01 09:09:44 +00:00
Zhongxing Xu 0b51d4db8c Make all CXXConstructExpr's block-level expressions. This is required by 
method inlining. Temporarily fail a test case.

llvm-svn: 117907
 2010-11-01 06:46:05 +00:00
Zhanyong Wan e4f7df694d Make Clang static analyzer skip function template definitions. This fixes Clang PR 8426, 8427, & 8433. Reviewed by Ted Kremenek and Doug Gregor. 
llvm-svn: 117853
 2010-10-31 04:22:34 +00:00
Ted Kremenek 310c5a8e31 Don't flag idempotent '+' or '-' warnings for pointer arithmetic (typically false positives). 
Fixes <rdar://problem/8601243>.

llvm-svn: 117635
 2010-10-29 01:06:54 +00:00
Ted Kremenek eaae1adb94 Add test case for <rdar://problem/8356342>. 
llvm-svn: 117525
 2010-10-28 02:50:32 +00:00
Ted Kremenek 0abd85c7ae Don't warn about unamed bitfield ivars in the ObjCUnusedIvarsChecker. Fixes <rdar://problem/8481311>. 
llvm-svn: 117521
 2010-10-28 02:16:22 +00:00
Zhongxing Xu d95ccd58a9 If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr 
containing a DoStmt, and the LHS doesn't create a new block, then we should
return RBlock.  Otherwise we'll incorrectly return NULL.

Also relax an assertion in VisitWhileStmt(). Reset 'Block' when it is finished.

llvm-svn: 117436
 2010-10-27 03:23:10 +00:00
Ted Kremenek 6348dac7a0 Fix lazy symbolication bug in RegionStore involving fields of global variables. When invalidated, the entire 
globals memory space gets assigned a symbolic value, but that value was not being used for lazy symbolication
of fields of globals.  This could result in cases where bogus null dereferences were being reported.

Fixes PR 8440.

llvm-svn: 117336
 2010-10-26 00:06:17 +00:00
Ted Kremenek 731310e13e Tweak null dereference checker to give better diagnostics for null dereferences resulting from array accesses. 
llvm-svn: 117334
 2010-10-26 00:06:13 +00:00
Ted Kremenek c07d8353e1 Add check for UnknownVals for mutexes in ObjCAtSyncChecker. Fixes crash reported in PR 8458. 
llvm-svn: 117300
 2010-10-25 20:20:56 +00:00
Marcin Swiderski 01769904d3 Added generation of destructors for member constant size arrays. 
There's only one destructor call generated for each not empty array (at least for now this should be enough).

llvm-svn: 117252
 2010-10-25 07:05:54 +00:00
Marcin Swiderski 52e4bc1fed Added generation of destructors for constant size arrays. 
There's only one destructor call generated for each not empty array (at least for now this should be enough).

llvm-svn: 117251
 2010-10-25 07:00:40 +00:00
Anders Carlsson 73067a02db Warn if a variable marked with the "unused" attribute is used. Patch by Darin Adler! 
llvm-svn: 117184
 2010-10-22 23:37:08 +00:00
Ted Kremenek 5c97605c1d Fix a horrible bug in all dataflow analyses that use CFGRecStmtVisitor (including live variables analysis). 
We shouldn't recurse into CompoundStmts since they are already inlined in the CFG.  This could result in
bogus dead stores warnings (among other things).

llvm-svn: 117162
 2010-10-22 22:08:32 +00:00
Ted Kremenek c5644e1b97 Tweak the ObjCAtSyncChecker to assume that a mutex is non-nil after checking that it is 
nil.  Otherwise we can get false paths where a second @synchronized using the mutex
can have a bogus warning.  Fixes <rdar://problem/8578650>.

llvm-svn: 117016
 2010-10-21 15:38:55 +00:00
Ted Kremenek da8a79ac8d "Fix" bogus idempotent operations warning due to loop unrolling not unrolling enough loops to show that an invariant 
doesn't hold.  This fix is to increase the loop unrolling count to 4, which experiments show doesn't typically impact
analysis time.  The real fix is to modify the IdempotentOperationsChecker to suppress warnings where an analysis point
could be preceded by a point where we gave up due to loop unrolling.

llvm-svn: 116769
 2010-10-18 23:36:05 +00:00