- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
llvm-svn: 70565
applied to ObjCMethodDecls, not just parameters. This allows one to specific
side-effects on the receiver of a message expression. No checker support yet.
llvm-svn: 70505
appear between the return type and the selector. This is a separate code path
from regular attribute processing, as we only want to (a) accept only a specific
set of attributes in this place and (b) want to distinguish to clients the
context in which an attribute was added to an ObjCMethodDecl.
Currently, the attribute 'objc_ownership_returns' is the only attribute that
uses this new feature. Shortly I will add a warning for 'objc_ownership_returns'
to be placed at the end of a method declaration.
llvm-svn: 70504
This fixes <rdar://problem/6839489> 10A345: Clang does not warm about mismatched returns (void return from a bool function)
Will implement -Wreturn-type, -Wno-return-type in another commit.
llvm-svn: 70492
as 'objc_ownership_cfretain' except that the method acts like a CFRetain instead
of a [... retain] (important in GC modes). Checker support is wired up, but
currently only for Objective-C message expressions (not function calls).
llvm-svn: 70218
to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function increments the reference count of a passed
object.
llvm-svn: 70005
up to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function returns an owned an Objective-C object.
llvm-svn: 70001
- Fix summary lookup for class methods to now use the (optional)
ObjCInterfaceDecl associated with a message expression. This removes a
long-standing FIXME.
- Partial fix for <rdar://problem/6062730> by stop tracking objects that
are passed to [NSObject performSelector]. These methods are often used
for delegates, which the analyzer doesn't reason about well yet.
llvm-svn: 69982
extend the number of objects tracked by the retain/release checker by assuming
that all class and instance methods should follow Cocoa object "getter" and
"alloc/new" conventions.
llvm-svn: 69908
When the StoreManager doesn't reason well about pointer-arithmetic, propagate
the non-nullness constraint on a pointer value when performing pointer
arithmetic uisng ++/--.
llvm-svn: 69741
ProgramPoints all the way through to GRCoreEngine.
NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.
llvm-svn: 68845
clients of the analyzer to designate custom assertion routines as "noreturn"
functions from the analyzer's perspective but not the compiler's.
llvm-svn: 68746
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718. The patch also includes test cases."
llvm-svn: 68585
<rdar://problem/6704930> involving SimpleConstraintManager not reasoning well
about symbolic constraint values involving arithmetic operators.
llvm-svn: 67534
SVal::GetRValueSymbolVal do the checking if we can symbolicate a type instead of
having BasicStoreManager do it (which wasn't always doing the check
consistently). Having this check in SVal::GetRValueSymbolVal keeps the check in
one centralized place.
llvm-svn: 67245
conditions. Currently the analyzer does not reason well about
promotions/truncations of symbolic values, so at branch conditions when we see:
if (condition)
and condition is something like a 'short' or 'char', essentially ignore the
promotion to 'int' so that we track constraints on the original symbolic value.
We only ignore the casts if the underlying type has the same or fewer bits as
the converted type.
This fixes:
<rdar://problem/6619921>
llvm-svn: 66899
expressions of the form: 'short x = (y != 10);' While we handle 'int x = (y !=
10)' lazily, the cast to another integer type currently loses the symbolic
constraint. Eager evaluation of the constraint causes the paths to bifurcate and
eagerly evaluate 'y != 10' to a constant of 1 or 0. This should address
<rdar://problem/6619921> until we have a better (more lazy approach) for
handling promotions/truncations of symbolic integer values.
llvm-svn: 65480
analyzer for array subscript expressions involving bases that are vectors. This
solution is probably a hack: it gets the lvalue of the vector instead of an
rvalue like all other types. This should be reviewed (big FIXME in
GRExprEngine).
llvm-svn: 65366
handle method names that contain 'new', 'copy', etc., but those words might be
the substring of larger words such as 'newsgroup' and 'photocopy' that do not
indicate the allocation of objects. This should address the issues discussed in
<rdar://problem/6552389>.
llvm-svn: 65224
Fariborz Jahanian