Commit Graph

47 Commits

Author SHA1 Message Date
Eugene Zelenko adcb3f520b [Documentation] Use HTTPS whenever possible
Differential revision: https://reviews.llvm.org/D56946

llvm-svn: 351976
2019-01-23 20:39:07 +00:00
Artem Dergachev dda42164ec [analyzer] Fix some expressions staying live too long. Add a debug checker.
StaticAnalyzer uses the CFG-based RelaxedLiveVariables analysis in order to,
in particular, figure out values of which expressions are still needed.
When the expression becomes "dead", it is garbage-collected during
the dead binding scan.

Expressions that constitute branches/bodies of control flow statements,
eg. `E1' in `if (C1) E1;' but not `E2' in `if (C2) { E2; }', were kept alive
for too long. This caused false positives in MoveChecker because it relies
on cleaning up loop-local variables when they go out of scope, but some of those
live-for-too-long expressions were keeping a reference to those variables.

Fix liveness analysis to correctly mark these expressions as dead.

Add a debug checker, debug.DumpLiveStmts, in order to test expressions liveness.

Differential Revision: https://reviews.llvm.org/D55566

llvm-svn: 349320
2018-12-16 23:44:06 +00:00
Artem Dergachev e527df03c4 [analyzer] Add a testing facility for testing relationships between symbols.
Tests introduced in r329780 was disabled in r342317 because these tests
were accidentally testing dump infrastructure, when all they cared about was
how symbols relate to each other. So when dump infrastructure changed,
tests became annoying to maintain.

Add a new feature to ExprInspection: clang_analyzer_denote() and
clang_analyzer_explain(). The former adds a notation to a symbol, the latter
expresses another symbol in terms of previously denoted symbols.

It's currently a bit wonky - doesn't print parentheses and only supports
denoting atomic symbols. But it's even more readable that way.

Differential Revision: https://reviews.llvm.org/D52133

llvm-svn: 343048
2018-09-25 23:50:53 +00:00
Henry Wong d97b6101d7 [analyzer] Fix a typo in `RegionStore.txt`.
Summary: The typo of the description for default bindings can be confusing.

Reviewers: NoQ, george.karpenkov

Reviewed By: NoQ, george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin, mikhail.ramalho, cfe-commits, MTC

Differential Revision: https://reviews.llvm.org/D50382

llvm-svn: 339244
2018-08-08 13:37:28 +00:00
Alexander Kornienko 2a8c18d991 Fix typos in clang
Found via codespell -q 3 -I ../clang-whitelist.txt
Where whitelist consists of:

  archtype
  cas
  classs
  checkk
  compres
  definit
  frome
  iff
  inteval
  ith
  lod
  methode
  nd
  optin
  ot
  pres
  statics
  te
  thru

Patch by luzpaz! (This is a subset of D44188 that applies cleanly with a few
files that have dubious fixes reverted.)

Differential revision: https://reviews.llvm.org/D44188

llvm-svn: 329399
2018-04-06 15:14:32 +00:00
Gabor Horvath 5cfada60b4 [analyzer] Document the issue hash debugging facility
Differential Revision: https://reviews.llvm.org/D39543

llvm-svn: 318030
2017-11-13 11:13:02 +00:00
Artem Dergachev 4388ffa91d [analyzer] Keep track of design discusions as part of analyzer documentation.
Create a directory to store discussions on potentially useful features that are
not yet implemented in the analyzer.

Fill it with a discussion on representing checker-specific parts of the program
state for C++ object modeling, that occured in D35216.

Differential Revision: https://reviews.llvm.org/D36737

llvm-svn: 314218
2017-09-26 15:49:53 +00:00
George Karpenkov 09f613df69 [NFC] [Analyzer] Fix RST markup in documentation.
llvm-svn: 313219
2017-09-14 00:04:56 +00:00
Hans Wennborg 825c37e4fe Bump docs version to 6.0
llvm-svn: 308466
2017-07-19 13:50:27 +00:00
Anna Zaks 37faed97c1 [analyzer] Improve usability of ExprInspectionChecker
Some of the magic functions take arguments of arbitrary type. However,
for semantic correctness, the compiler still requires a declaration
of these functions with the correct type. Since C does not have
argument-type-overloaded function, this made those functions hard to
use in C code. Improve this situation by allowing arbitrary suffixes
in the affected magic functions' names, thus allowing the user to
create different declarations for different types.

A patch by Keno Fischer!

Differential Revision: https://reviews.llvm.org/D30589

llvm-svn: 297325
2017-03-09 00:01:10 +00:00
Hans Wennborg bdc3c87307 Update docs/conf.py version
llvm-svn: 291831
2017-01-12 21:41:38 +00:00
Artem Dergachev 30ed5467a4 [analyzer] Minor fixes and improvements to debug.ExprInspection
- Fix the bug with transition handling in ExprInspectionChecker's
  checkDeadSymbols implementation.

- Test this bug by adding a new function clang_analyzer_numTimesReached() to
  catch number of passes through the code, which should be handy for testing
  against unintended state splits.

- Add two more functions should help debugging issues quickly without running
  the debugger or dumping exploded graphs - clang_analyzer_dump() which dump()s
  an SVal argument to a warning message, and clang_analyzer_printState(), which
  dump()s the current program state to stderr.

Differential Revision: https://reviews.llvm.org/D26835

llvm-svn: 288257
2016-11-30 17:57:18 +00:00
Sylvestre Ledru 61122c4fd0 Fix a typo in the doc: overriden -> overridden
llvm-svn: 279942
2016-08-28 20:22:34 +00:00
Hans Wennborg 7e8f01adff docs/conf.py: update version to 4.0
llvm-svn: 275848
2016-07-18 18:13:08 +00:00
Paul Robinson 1c898c9e8c Docs: keep copyright years up-to-date.
llvm-svn: 264941
2016-03-30 22:24:57 +00:00
Chris Bieneman 2bf68c6c1c Remove autoconf support
Summary:
This patch is provided in preparation for removing autoconf on 1/26. The proposal to remove autoconf on 1/26 was discussed on the llvm-dev thread here: http://lists.llvm.org/pipermail/llvm-dev/2016-January/093875.html

    "This is the way [autoconf] ends
    Not with a bang but a whimper."
    -T.S. Eliot

Reviewers: chandlerc, grosbach, bob.wilson, echristo

Subscribers: klimek, cfe-commits

Differential Revision: http://reviews.llvm.org/D16472

llvm-svn: 258862
2016-01-26 21:30:40 +00:00
Artem Dergachev 895242f9fb [analyzer] Provide .def-files and visitors for SVal/SymExpr/MemRegion, v2.
Provide separate visitor templates for the three hierarchies, and also
the `FullSValVisitor' class, which is a union of all three visitors.

Additionally, add a particular example visitor, `SValExplainer', in order to
test the visitor templates. This visitor is capable of explaining the SVal,
SymExpr, or MemRegion in a natural language.

Compared to the reverted r257605, this fixes the test that used to fail
on some triples, and fixes build failure under -fmodules.

Differential Revision: http://reviews.llvm.org/D15448

llvm-svn: 257893
2016-01-15 15:22:05 +00:00
Artem Dergachev 26ec8acc84 Revert "[analyzer] Provide .def-files and visitors for SVal/SymExpr/MemRegion."
This reverts commit r257605.

The test fails on architectures that use unsigned int as size_t.
SymbolManager.h fails with compile errors on some platforms.

llvm-svn: 257608
2016-01-13 15:52:25 +00:00
Artem Dergachev beb02b5b8f [analyzer] Provide .def-files and visitors for SVal/SymExpr/MemRegion.
Provide separate visitor templates for the three hierarchies, and also
the `FullSValVisitor' class, which is a union of all three visitors.

Additionally, add a particular example visitor, `SValExplainer', in order to
test the visitor templates. This visitor is capable of explaining the SVal,
SymExpr, or MemRegion in a natural language.

Differential Revision: http://reviews.llvm.org/D15448

llvm-svn: 257605
2016-01-13 15:13:48 +00:00
Artem Dergachev 733e71b73b [analyzer] Fix symbolic element index lifetime.
SymbolReaper was destroying the symbol too early when it was referenced only
from an index SVal of a live ElementRegion.

In order to test certain aspects of this patch, extend the debug.ExprInspection
checker to allow testing SymbolReaper in a direct manner.

Differential Revision: http://reviews.llvm.org/D12726

llvm-svn: 255236
2015-12-10 09:28:06 +00:00
Gabor Horvath 28690925ed [Static Analyzer] Checks to catch nullability related issues.
Differential Revision: http://reviews.llvm.org/D11468

llvm-svn: 246105
2015-08-26 23:17:43 +00:00
NAKAMURA Takumi d40d387fb1 Update the copyright credits -- Happy new year 2014!
FIXME: Dragonegg may be updated at non-trivial changes.
llvm-svn: 198274
2014-01-01 08:27:31 +00:00
Jordan Rose 9db2d9adef [analyzer] Add new debug helper clang_analyzer_warnIfReached.
This will emit a warning if a call to clang_analyzer_warnIfReached is
executed, printing REACHABLE. This is a more explicit way to declare
expected reachability than using clang_analyzer_eval or triggering
a bug (divide-by-zero or null dereference), and unlike the former will
work the same in inlined functions and top-level functions. Like the
other debug helpers, it is part of the debug.ExprInspection checker.

Patch by Jared Grubb!

llvm-svn: 191909
2013-10-03 16:57:03 +00:00
Jordan Rose 8dddf8ff20 [analyzer] Fix copy-paste error in internal docs.
Patch by Jared Grubb!

llvm-svn: 190651
2013-09-13 00:44:57 +00:00
Anna Zaks 7925e3db63 [analyzer] Add a debug checker that prints Exploded Graph
Add a debug checker that is useful to understand how the ExplodedGraph is
built; it can be triggered using the following command:

 clang -cc1 -analyze -analyzer-checker=debug.ViewExplodedGraph my_program.c

A patch by Béatrice Creusillet!

llvm-svn: 184768
2013-06-24 18:12:12 +00:00
Bill Wendling 3067ec8777 We're in 3.4 land now.
llvm-svn: 181351
2013-05-07 20:31:37 +00:00
Jordan Rose 2de3daa0a2 [analyzer] Enable destructor inlining by default (c++-inlining=destructors).
This turns on not only destructor inlining, but inlining of constructors
for types with non-trivial destructors. Per r178516, we will still not
inline the constructor or destructor of anything that looks like a
container unless the analyzer-config option 'c++-container-inlining' is
set to 'true'.

In addition to the more precise path-sensitive model, this allows us to
catch simple smart pointer issues:

  #include <memory>

  void test() {
    std::auto_ptr<int> releaser(new int[4]);
  } // memory allocated with 'new[]' should not be deleted with 'delete'

<rdar://problem/12295363>

llvm-svn: 178805
2013-04-04 23:10:29 +00:00
Jordan Rose 4587b28758 [analyzer] Turn on C++ constructor inlining by default.
This enables constructor inlining for types with non-trivial destructors.
The plan is to enable destructor inlining within the next month, but that
needs further verification.

<rdar://problem/12295329>

llvm-svn: 176200
2013-02-27 18:49:43 +00:00
Jordan Rose 1f25dcb167 [analyzer] Add a doc describing the internals of RegionStore.
This is a text file with Markdown-ish formatting because we haven't decided
where analyzer internal documents should go, but it's probably better to
have this in source control than sitting on my local drive forever.

llvm-svn: 174398
2013-02-05 17:31:34 +00:00
Anna Zaks 70aa53180d [analyzer] Remove further references to analyzer-ipa.
Thanks Jordan!

llvm-svn: 173955
2013-01-30 19:12:26 +00:00
Daniel Dunbar 5cfa4aeee5 [docs/analyzer] Test commit (for auto-update).
llvm-svn: 171788
2013-01-07 20:44:37 +00:00
Daniel Dunbar 48f8bc895b [docs/analyzer] Convert existing debug-checks document to Sphinx and link into doctree.
llvm-svn: 171786
2013-01-07 20:38:55 +00:00
Sean Silva cd61d28c4a analyzer: add initial Sphinx configuration
This is just the output of sphinx-quickstart. Now all that is needed
to begin converting the analyzer docs to reST is the server-side setup.

The analyzer folks have asked me to keep this segregated from the other
clang docs since the analyzer is a logically separate project (and has
its own separate web page) even though it resides in the clang tree.

llvm-svn: 171425
2013-01-02 23:07:22 +00:00
Sean Silva 62737b65b1 docs: Nuke AnalyzerRegions.rst.
As per Ted's advice. It can be brought back from version control if
needed.

This also fixes a Sphinx warning.

llvm-svn: 170401
2012-12-18 02:15:05 +00:00
Jordan Rose ba8307d2e5 Remove old description of analyzer internals from public docs.
The file still exists in docs/analyzer/, but it won't be linked to from
clang.llvm.org or processed as part of the default Sphinx doc-build.
RegionStore has changed a lot from what Ted and Zhongxing describe here!

llvm-svn: 170260
2012-12-15 00:36:53 +00:00
Jordan Rose c6fcbf06a6 [analyzer] Make the defaults explicit for each of the new config options.
Also, document both new inlining options in IPA.txt.

llvm-svn: 163551
2012-09-10 21:54:24 +00:00
Jordan Rose 219c9d0dd3 [analyzer] Though C++ inlining is enabled, don't inline ctors and dtors.
More generally, this adds a new configuration option 'c++-inlining', which
controls which C++ member functions can be considered for inlining. This
uses the new -analyzer-config table, so the cc1 arguments will look like this:

... -analyzer-config c++-inlining=[none|methods|constructors|destructors]

Note that each mode implies that all the previous member function kinds
will be inlined as well; it doesn't make sense to inline destructors
without inlining constructors, for example.

The default mode is 'methods'.

llvm-svn: 163004
2012-08-31 17:06:49 +00:00
Anna Zaks e9b0231152 [analyzer] Make analyzer-ipa=dynamic-bifurcate the default.
There are two tests regressions that come from the fact that the Retain
Count checker does not cancel out inlining of ObjC methods.

llvm-svn: 162950
2012-08-30 22:42:59 +00:00
Jordan Rose 561919e5bd [analyzer] Don't inline constructors for objects allocated with operator new.
Because the CXXNewExpr appears after the CXXConstructExpr in the CFG, we don't
actually have the correct region to construct into at the time we decide
whether or not to inline. The long-term fix (discussed in PR12014) might be to
introduce a new CFG node (CFGAllocator) that appears before the constructor.

Tracking the short-term fix in <rdar://problem/12180598>.

llvm-svn: 162689
2012-08-27 18:39:22 +00:00
Jordan Rose 39fbb023d3 [analyzer] Update inlining design notes for r162681.
llvm-svn: 162688
2012-08-27 18:39:16 +00:00
Jordan Rose 40dd4d9bf3 [analyzer] Restructure discussion of DynamicTypeInfo and RuntimeDefinition.
Since DynamicTypeInfo is not inherently related to inlining or to dynamic
calls, it makes more sense (to me) to discuss it first.

Also fix some typos, massage some grammar, and (hopefully) improve precision
and clarity.

llvm-svn: 162365
2012-08-22 17:13:27 +00:00
Jordan Rose d3d6ac65f8 [analyzer] Per feedback, re-structure the docs for ExprInspection checks.
Also, remove the FIXME about merging -analyzer-stats and the debug.Stats
checker. This would be a bad idea because simply running debug.Stats can
affect the output of -analyzer-stats.

llvm-svn: 162364
2012-08-22 17:13:22 +00:00
Anna Zaks 545588f9ed [analyzer] IPA document: address Ted's review comments (path
bifurcation)

llvm-svn: 162343
2012-08-22 05:38:38 +00:00
Ted Kremenek 98b771ecc2 Review, comment, and reformat IPA.txt, including feedback comments.
Formatting includes:

- removing line wraps (Emacs Cmd-Q), to make text easier to read
- provide useful indentation
- call out caveats and notes more explictly

Stylistically, I prefer the document talk in 3rd person instead of "we".  The
term "we" is unambiguous, and sometimes refers to different things.  I've passed
over the existing paragraphs and made them speak more about specific entities
that compose the analyzer and what they do (e.g., ExprEngine) instead of "we"
referring to the analyzer.

Further, I have substituted some vague concepts such as "state" or "program
state" and replaced them with their precise implementation counterparts (e.g.,
ProgramState).  This makes the document more technically precise throughout the
entire narrative, which would sometimes use vague terms and other times precise
terms.

I've placed several comments within the document, which can be seen with
***TMK/COMMENT***, which indicate places that need to be enhanced or clarified,
or called out as questions about intended bheavior.

llvm-svn: 162338
2012-08-22 01:20:05 +00:00
Jordan Rose 6faff2e7bd [analyzer] Document our debug checkers and ExprInspection's "builtins".
llvm-svn: 162336
2012-08-22 01:03:39 +00:00
Jordan Rose e3e95cdf27 [analyzer] Set the default IPA mode to 'basic-inlining', which excludes C++.
Under -analyzer-ipa=basic-inlining, only C functions, blocks, and C++ static
member functions are inlined -- essentially, the calls that behave like simple
C function calls. This is essentially the behavior in Xcode 4.4.

C++ support still has some rough edges, and we don't want users to be worried
about them if they download and run their own checker. (In particular, the
massive number of false positives for analyzing LLVM comes from inlining
defensively-written code in contexts where more aggressive assumptions are
implicitly made. This problem is not unique to C++, but it is exacerbated by
the higher proportion of code that lives in header files in C++.)

The eventual goal is to be comfortable enough with C++ support (and simple
Objective-C support) to advance to -analyzer-ipa=inlining as the default
behavior. See the IPA design notes for more details.

llvm-svn: 162318
2012-08-21 21:44:21 +00:00
Jordan Rose 0564c75e7b [analyzer] Add an internal reference document describing IPA and CallEvent.
This attempts to be a higher-level description of our inlining heuristics
and decision trees than the source, where the work is spread out between
ExprEngine (mostly in ExprEngineCallAndReturn.cpp) and CallEvent, with a
few other classes participating as well.

llvm-svn: 162073
2012-08-17 02:11:35 +00:00