Commit Graph

1310 Commits

Author SHA1 Message Date
Anna Zaks 87b6ff09f9 [analyzer] Add checks for common anti-patterns in strncat.
(Since this is syntax only, might be a good candidate for turning into a
compiler warning.)

llvm-svn: 149407
2012-01-31 19:33:39 +00:00
Anna Zaks ee5e8ae845 [analyzer] Change the warning to suggest 'strlcat/strlcpy' as
replacements for 'starcat/strcpy' instead of 'strncat/strncpy'.

llvm-svn: 149406
2012-01-31 19:33:31 +00:00
Anna Zaks 58cc6cabe5 [analyzer] Rename the checker as per Ted's comment. Remove the reference
from the driver.

llvm-svn: 149276
2012-01-30 21:14:16 +00:00
Anna Zaks 6523e46941 [analyzer] Make osx.cocos.CFContainersSyntax a default checker.
llvm-svn: 149258
2012-01-30 19:12:37 +00:00
Anna Zaks 4f870e652a [analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.
llvm-svn: 149228
2012-01-30 06:42:48 +00:00
Jean-Daniel Dupas 400dd1c3d0 Remove the "C" in "implicitly declaring C library function" diagnostic
because all functions are not C functions (i.e. NSLog).

llvm-svn: 149150
2012-01-27 23:21:02 +00:00
Anna Zaks 60835eb11e [analyzer] The CFContainer test should only be run on x86_64.
llvm-svn: 149042
2012-01-26 04:00:23 +00:00
Anna Zaks 06f10bf05a [analyzer] Add an AST checker that checks for a common pitfall when
using CFArrayCreate & family.

Specifically, CFArrayCreate's input should be:
'A C array of the pointer-sized values to be in the new array.'

(radar://10717339)

llvm-svn: 149008
2012-01-26 01:05:43 +00:00
Ted Kremenek 8e4c4266de Rework flushing of diagnostics to PathDiagnosticConsumer. Now all the reports are batched up before being flushed
to the underlying consumer implementation.  This allows us to unique reports across analyses to multiple functions (which
shows up with inlining).

llvm-svn: 148997
2012-01-25 23:47:14 +00:00
Eli Friedman 946b7b5bc8 Switch PerformImplicitConversion over to use DefaultLvalueConversion for lvalue-to-rvalue conversion.
llvm-svn: 148874
2012-01-24 22:51:26 +00:00
Anna Zaks bf740512ec [analyzer] Add more C taint sources/sinks.
llvm-svn: 148844
2012-01-24 19:32:25 +00:00
Anna Zaks 97bef5642e [analyzer] It's possible to have a non PointerType expression evaluate to a Loc value. When this happens, use the default type.
llvm-svn: 148631
2012-01-21 06:59:01 +00:00
Anna Zaks b7eac9fbef [analyzer] Make VLA checker taint aware.
Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later).

llvm-svn: 148626
2012-01-21 05:07:33 +00:00
Ted Kremenek e7b9d4342b Tighten format string diagnostic and make it a bit clearer (and a bit closer to GCC's).
llvm-svn: 148579
2012-01-20 21:52:58 +00:00
Anna Zaks 8298af85a6 [analyzer] Add taint awareness to DivZeroChecker.
llvm-svn: 148566
2012-01-20 20:28:31 +00:00
Ted Kremenek b9ff6b2302 Reenable DeadStoresChecker under --analyze, and move the IdempotentOperationsChecker to the 'experimental' category. Fixes <rdar://problem/10146347>.
llvm-svn: 148533
2012-01-20 06:00:17 +00:00
Ted Kremenek 89eaf8d531 Implement checker that looks for calls to mktemps and friends that have fewer than 6 Xs. Implements <rdar://problem/6336672>.
llvm-svn: 148531
2012-01-20 05:35:06 +00:00
Ted Kremenek c54dc9515d Turn 'SecuritySyntaxChecker' into a "meta" security checker for insecure APIs. Now
multiple checks are exposed as separate checkers, but CheckerManager only creates
one Checker object.

llvm-svn: 148525
2012-01-20 01:44:29 +00:00
Anna Zaks 3b754b25bd [analyzer] Add socket API as a source of taint.
llvm-svn: 148518
2012-01-20 00:11:19 +00:00
Fariborz Jahanian 28324b0066 objc: deprecate direct usage of 'isa' of objc objects
in favor of usage of api's intended for.
// rdar://8290002

llvm-svn: 148404
2012-01-18 19:08:56 +00:00
Anna Zaks 560dbe9ac9 [analyzer] Taint: warn when tainted data is used to specify a buffer
size (Ex: in malloc, memcpy, strncpy..)

(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)

llvm-svn: 148371
2012-01-18 02:45:11 +00:00
Anna Zaks 5d324e509c [analyzer] Taint: add taint propagation rules for string and memory copy
functions.

llvm-svn: 148370
2012-01-18 02:45:07 +00:00
Anna Zaks 0244cd7450 [analyzer] Taint: add system and popen as undesirable sinks for taint
data.

llvm-svn: 148176
2012-01-14 02:48:40 +00:00
Anna Zaks cb6d4ee793 [analyzer] Unwrap the pointers when ignoring the const cast.
radar://10686991

llvm-svn: 148081
2012-01-13 00:56:55 +00:00
Anna Zaks 6228130099 [analyzer] RegionStoreManager::getBinding() should not crash when
looking up value at a CodeTextRegion even when the type is not provided.

llvm-svn: 148079
2012-01-13 00:56:48 +00:00
Ted Kremenek 52acee87f4 Adjust set of default checkers.
llvm-svn: 148055
2012-01-12 22:41:10 +00:00
Ted Kremenek 3d3aea9374 [analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths.
llvm-svn: 148036
2012-01-12 19:25:46 +00:00
Anna Zaks b3fa8d7dd1 [analyzer] Add taint transfer by strcpy & others (part 1).
To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.

Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.

llvm-svn: 148010
2012-01-12 02:22:34 +00:00
Ted Kremenek 940e00f299 "This change adds alloca/valloc checks to UnixAPIChecker. It includes a small refactoring for
the common *alloc functions as well as a few tiny wibbles (adds a note
to CWE/CERT advisory numbers in the bug output, and fixes a couple
80-column-wide violations.)"

Patch by Austin Seipp!

llvm-svn: 147931
2012-01-11 08:13:21 +00:00
Zhongxing Xu f0cb43f561 Add elidable CXXConstructExpr as block-level expr. It converts an lvalue to a rvalue, which is a useful step during AST evaluation.
llvm-svn: 147918
2012-01-11 02:39:07 +00:00
Ted Kremenek 3f406ba4bf Remove '#if 0' from ExprEngine::InlineCall(), and start fresh by wiring up inlining for straight C calls.
My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders
and re-evaluating how C++ calls are handled in the CFG.  The hope is to turn inlining "on-by-default" as soon as possible
with a core set of things working well, and then expand over time.

llvm-svn: 147904
2012-01-11 01:06:27 +00:00
Anna Zaks 126a2ef920 [analyzer] Add basic format string vulnerability checking.
We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.

llvm-svn: 147714
2012-01-07 02:33:10 +00:00
Anna Zaks e04dadc248 [analyzer] Add another tests to taint tester.
llvm-svn: 147570
2012-01-04 23:54:04 +00:00
Anna Zaks 8158ef0dec [analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
     A :  Most system globals and const scalars

* invalidated by functions defined in system headers:
     B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
     B: errno
     C: all other globals (which are not in A nor B)

llvm-svn: 147569
2012-01-04 23:54:01 +00:00
Ted Kremenek 5799cddde0 Extend ConditionBRVisitor to handle condition variable assignments.
llvm-svn: 147526
2012-01-04 08:18:09 +00:00
Ted Kremenek 990464cb30 Teach the static analyzer to not treat XPC types as CF types.
llvm-svn: 147506
2012-01-04 00:35:48 +00:00
Ted Kremenek 134a83a799 Enhance UnixAPIChecker to also warn about zero-sized allocations to calloc() and realloc(). Patch by Cyril Roelandt!
llvm-svn: 147500
2012-01-03 23:43:13 +00:00
Ted Kremenek b3512d3a48 Add initial version of checker to check if virtual member functions are called transitively
from C++ constructors or destructors.  Checker by Lei Zhang with a few tweaks by Ted Kremenek.

llvm-svn: 147494
2012-01-03 23:18:57 +00:00
Ted Kremenek 72be32af88 Colorize and condense CFG pretty-printing.
llvm-svn: 147203
2011-12-22 23:33:52 +00:00
Ted Kremenek 5586354d7d Fix typos in analyzer diagnostics pointed out by Matt Beaumont-Gay and Robert Purves.
llvm-svn: 147139
2011-12-22 06:35:52 +00:00
Ted Kremenek c177d9faf5 Fix regression in LiveVariables when reasoning about variables captured by blocks.
llvm-svn: 147116
2011-12-22 00:46:32 +00:00
Anna Zaks 5f847144d1 [analyzer] Do not invalidate arguments when the parameter's
type is a pointer to const. (radar://10595327)

The regions corresponding to the pointer and reference arguments to
a function get invalidated by the calls since a function call can
possibly modify the pointed to data. With this change, we are not going
to invalidate the data if the argument is a pointer to const. This
change makes the analyzer more optimistic in reporting errors.
(Support for C, C++ and Obj C)

llvm-svn: 147002
2011-12-20 22:35:30 +00:00
Ted Kremenek a1745c24c4 Fix inversion of static analyzer path diagnostics for path conditions.
llvm-svn: 146993
2011-12-20 22:00:25 +00:00
Dylan Noblesmith fb75874697 test/Analysis: fix error message
llvm-svn: 146848
2011-12-18 18:07:42 +00:00
Anna Zaks 79b5c26014 [analyzer] Fixup for r146793. Add tests for atol and atoll.
llvm-svn: 146794
2011-12-17 00:30:16 +00:00
Anna Zaks 3b0ab206d2 [analyzer] Add support for taint flowing through a function (atoi).
Check if the input parameters are tainted (or point to tainted data) on
a checkPreStmt<CallExpr>. If the output should be tainted, record it in
the state. On post visit (checkPostStmt<CallExpr>), use the state to
make decisions (in addition to the existing logic). Use this logic for
atoi and fscanf.

llvm-svn: 146793
2011-12-17 00:26:34 +00:00
Anna Zaks e48ee50324 [analyzer] Better stdin support.
llvm-svn: 146748
2011-12-16 18:28:50 +00:00
Anna Zaks a2510070ee Add support for matching one or more (aka regex +) diagnostic messages with -verify.
Ex:
// expected-warning + {{tainted}

llvm-svn: 146633
2011-12-15 02:28:16 +00:00
Anna Zaks 30373150a1 [analyzer] Ensure that the order in which checker callbacks are called
is deterministic.

Non-determinism was the reason for the test which caused the earlier
buildbot failures, so re-enable the test.

llvm-svn: 146628
2011-12-15 01:36:04 +00:00
Richard Trieu 553b2b2e5d Modify how the -verify flag works. Currently, the verification string and
diagnostic message are compared.  If either is a substring of the other, then
no error is given.  This gives rise to an unexpected case:

  // expect-error{{candidate function has different number of parameters}}

will match the following error messages from Clang:

  candidate function has different number of parameters (expected 1 but has 2)
  candidate function has different number of parameters

It will also match these other error messages:

  candidate function
  function has different number of parameters
  number of parameters

This patch will change so that the verification string must be a substring of
the diagnostic message before accepting.  Also, all the failing tests from this
change have been corrected.  Some stats from this cleanup:

87 - removed extra spaces around verification strings
70 - wording updates to diagnostics
40 - extra leading or trailing characters (typos, unmatched parens or quotes)
35 - diagnostic level was included (error:, warning:, or note:)
18 - flag name put in the warning (-Wprotocol)

llvm-svn: 146619
2011-12-15 00:38:15 +00:00
Anna Zaks 93237e4808 [analyzer] Disable verification step on the failing test.
I need to keep the test itself in the repository since it's the only way I can currently reproduce the issue.

llvm-svn: 146582
2011-12-14 19:39:46 +00:00
Anna Zaks 72e90d54ae [analyzer] Re-enable the test which was failing on one of the bots.
I cannot reproduce the failures neither on my machine nor on the same buildbot machine (with the clang binary built on it). Let's see if it fails again..

llvm-svn: 146574
2011-12-14 18:34:17 +00:00
Anna Zaks 87ebe63542 [analyzer] Revert the taint test, which is failing on one of the bots for time being.
llvm-svn: 146541
2011-12-14 02:00:54 +00:00
Anna Zaks 099fe3fb28 [analyzer] Treat stdin as a source of taint.
Some of the test cases do not currently work because the analyzer core
does not seem to call checkers for pre/post DeclRefExpr visits.
(Opened radar://10573500. To be fixed later on.)

llvm-svn: 146536
2011-12-14 00:56:18 +00:00
Anna Zaks eefc0e9342 [analyzer] Mark output of fscanf and fopen as tainted.
llvm-svn: 146533
2011-12-14 00:56:02 +00:00
Anna Zaks d6bb3227de [analyzer] Mark getenv output as tainted.
Also, allow adding taint to a region (not only a symbolic value).

llvm-svn: 146532
2011-12-14 00:55:58 +00:00
Anna Zaks 7c96b7db96 [analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about. 

In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)

This patch also contains 2 small bug fixes:
 - swap the order of operators inside SValBuilder::makeGenericVal.
 - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.

llvm-svn: 146343
2011-12-11 18:43:40 +00:00
Hans Wennborg b1a5e09f6f Check that arguments to a scanf call match the format specifier,
and offer fixits when there is a mismatch.

llvm-svn: 146326
2011-12-10 13:20:11 +00:00
Anna Zaks 6af472aa3b [analyzer] Fix inconsistency on when SValBuilder assumes that 2
types are equivalent.

+ A taint test which tests bitwise operations and which was
triggering an assertion due to presence of the integer to integer cast.

llvm-svn: 146240
2011-12-09 03:34:02 +00:00
Anna Zaks 394256cc0d [analyzer] If memory region is tainted mark data as tainted.
+ random comments

llvm-svn: 146199
2011-12-08 22:38:43 +00:00
Peter Collingbourne 266e3dda17 Add an experimental MallocSizeofChecker, which reports inconsistencies
between the casted type of the return value of a malloc/calloc/realloc
call and the operand of any sizeof expressions contained within
its argument(s).

llvm-svn: 146144
2011-12-08 08:31:14 +00:00
Anna Zaks b86fdbe7e3 [analyzer] Propagate taint through MemRegions.
SVal can be not only a symbol, but a MemRegion. Add support for such
cases.

llvm-svn: 146006
2011-12-07 01:09:52 +00:00
Anna Zaks c25efccc8b [analyzer] Propagate taint through NonLoc to NonLoc casts.
- Created a new SymExpr type - SymbolCast.
 - SymbolCast is created when we don't know how to simplify a NonLoc to
NonLoc casts.
 - A bit of code refactoring: introduced dispatchCast to have better
code reuse, remove a goto.
 - Updated the test case to showcase the new taint flow.

llvm-svn: 145985
2011-12-06 23:12:27 +00:00
Anna Zaks d624f60a89 [analyzer] Simplify the expected-warning statement.
llvm-svn: 145855
2011-12-05 21:32:58 +00:00
Anna Zaks 004695b56e [analyzer] Add a missing taint tester warning.
llvm-svn: 145834
2011-12-05 18:58:33 +00:00
Anna Zaks a636fbe73f [analyzer] Remove all uses of ConstraintManager::canResonAbout() from
ExprEngine.

Teach SimpleConstraintManager::assumeSymRel() to propagate constraints
to symbolic expressions.

+ One extra warning (real bug) is now generated due to enhanced
assumeSymRel().

llvm-svn: 145832
2011-12-05 18:58:25 +00:00
Anna Zaks 1c215d0a11 [analyzer] Add a debug checker to test for tainted data.
llvm-svn: 145827
2011-12-05 18:58:01 +00:00
Anna Zaks 719051e1c6 [analyzer] Make KeychainAPI checker less aggressive. radar://10508828
We trigger an error if free is called after a possibly failed allocation. Do not trigger the error if we know that the buffer is not null.

llvm-svn: 145584
2011-12-01 16:41:58 +00:00
Ted Kremenek dc6fb77d35 Fix typo.
llvm-svn: 145577
2011-12-01 07:39:23 +00:00
Ted Kremenek 24fc93a940 When analyzing a C++ method (without a specific caller), assume 'this' is non-null. Fixes <rdar://problem/10508787>.
llvm-svn: 145575
2011-12-01 05:29:42 +00:00
Ted Kremenek f551f326fc Per an offline conversation with John McCall, have StmtPrinter actually print out the source expression for OpaqueValueExpr.
llvm-svn: 145524
2011-11-30 22:08:08 +00:00
Ted Kremenek cfe4ff9725 Relax RegionStore to allow loads from CodeTextRegions. Apparently you can actually write code that does this. This seems worthy of a checker, but the StoreManager should handle the memory abstraction without crashing. Fixes PR 11450.
llvm-svn: 145424
2011-11-29 19:39:29 +00:00
Anna Zaks ff029b6953 [analyzer] Add more simple taint tests.
llvm-svn: 145275
2011-11-28 20:43:40 +00:00
Anna Zaks 457c68726c [analyzer] Warn when non pointer arguments are passed to scanf (only when running taint checker).
There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case.

llvm-svn: 144964
2011-11-18 02:26:36 +00:00
Anna Zaks 1df54a8bc8 [analyzer] The compiler warning was disabling the analyzer in this test.
llvm-svn: 144946
2011-11-18 00:45:20 +00:00
Anna Zaks 040ddfedc0 [analyzer] Do not conjure a symbol when we need to propagate taint.
When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation.

With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted.

Also added some comments and asserts.

llvm-svn: 144932
2011-11-17 23:07:28 +00:00
Abramo Bagnara b0cf297654 Added missing ImplicitCastExpr around conversion operator call.
llvm-svn: 144850
2011-11-16 22:46:05 +00:00
Jim Goodnow II 8d21fc8239 Fixed crash with initializer lists and unnamed bitfields in the RegionStore
Manager. Added test to ensure proper binding of initialized values.
This patch fixes PR11249.

llvm-svn: 144831
2011-11-16 20:29:27 +00:00
Anna Zaks 20829c90be [analyzer] Catch the first taint propagation implied buffer overflow.
Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.

+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...

llvm-svn: 144826
2011-11-16 19:58:17 +00:00
Douglas Gregor 4123a86fae Use Sema::RequireCompleteType to check for the completeness of
Objective-C classes. This has two purposes: to consistently provide
"forward declaration here" notes when we hit an incomplete type, and
to give LLDB a chance to complete the type.

RequireCompleteType bits from Sean Callanan!

llvm-svn: 144573
2011-11-14 22:10:01 +00:00
Ted Kremenek 8e7fbcc3e4 [static analyzer] Tweak RetainCountChecker's diagnostics to correctly indicate if a message was due to a property access. This can
potentially be refactored for other clients, and this is a regression from the refactoring of property acceses.

llvm-svn: 144571
2011-11-14 21:59:21 +00:00
Ted Kremenek 731607fab2 [analyzer;Regionstore] handle loads from StringLiteral elements for StringLiterals representing wide strings. Fixes PR 11294.
llvm-svn: 144563
2011-11-14 20:05:54 +00:00
Ted Kremenek b39fcfaa19 [analyzer] teach AnalysisDeclContext::getSelfDecl() about blocks that capture the 'self' variable of the enclosing ObjC method decl. Fixes <rdar://problem/10380300>.
llvm-svn: 144556
2011-11-14 19:36:08 +00:00
John McCall fe96e0b6be Change the AST representation of operations on Objective-C
property references to use a new PseudoObjectExpr
expression which pairs a syntactic form of the expression
with a set of semantic expressions implementing it.
This should significantly reduce the complexity required
elsewhere in the compiler to deal with these kinds of
expressions (e.g. IR generation's special l-value kind,
the static analyzer's Message abstraction), at the lower
cost of specifically dealing with the odd AST structure
of these expressions.  It should also greatly simplify
efforts to implement similar language features in the
future, most notably Managed C++'s properties and indexed
properties.

Most of the effort here is in dealing with the various
clients of the AST.  I've gone ahead and simplified the
ObjC rewriter's use of properties;  other clients, like
IR-gen and the static analyzer, have all the old
complexity *and* all the new complexity, at least
temporarily.  Many thanks to Ted for writing and advising
on the necessary changes to the static analyzer.

I've xfailed a small diagnostics regression in the static
analyzer at Ted's request.

llvm-svn: 143867
2011-11-06 09:01:30 +00:00
Chandler Carruth e3fcb6981f Switch these two tests to use the Clang driver instead of CC1. They want
to do "realistic" includes, and so need the header search logic now in
the driver. This in turn requires switching the CC1 options to the
actual driver options, and passing -Xclang where there is no analogy.

llvm-svn: 143805
2011-11-05 10:15:30 +00:00
Ted Kremenek 04268232df Per discussion with John McCall, don't add OpaqueValueExprs to the CFG.
llvm-svn: 143766
2011-11-05 00:10:15 +00:00
Anna Zaks 9e82c62222 [analyzer] Fix PR11282 - an assert in markAsSink
This is another fallout from the refactoring. We were
calling MarkAsSink on a cached out node.
(Fixes radar://10376675)

llvm-svn: 143516
2011-11-01 22:41:14 +00:00
Anna Zaks 6d319489df [analyzer] BranchNodeBuilder should not generate autotransitions.
This fixes radar://10367606

llvm-svn: 143514
2011-11-01 22:41:06 +00:00
Ted Kremenek a98358ea13 [analyzer] ObjC message sends to nil receivers that return structs are now okay (compiler zeroes out the data). Fixes <rdar://problem/9151319>.
llvm-svn: 143215
2011-10-28 19:05:10 +00:00
Ted Kremenek 0062e74961 Add source-level dominators analysis. Patch by Guoping Long!
llvm-svn: 142885
2011-10-25 00:25:24 +00:00
Ted Kremenek 81ce1c8a99 Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.
llvm-svn: 142782
2011-10-24 01:32:45 +00:00
Ted Kremenek 77a0eb20ab Add test case for analyzer crash reported in <rdar://problem/10308201> (which is already fixed in mainline).
llvm-svn: 142606
2011-10-20 19:33:06 +00:00
Rafael Espindola 5450f218a6 Fix the signatures of vfork, __sigsetjmp and sigsetjmp.
Patch by Dimitry Andric.

llvm-svn: 142531
2011-10-19 14:50:34 +00:00
Richard Smith 9ca5c42582 Update all tests other than Driver/std.cpp to use -std=c++11 rather than
-std=c++0x. Patch by Ahmed Charles!

llvm-svn: 141900
2011-10-13 22:29:44 +00:00
Rafael Espindola 2d21ab024e Add returns_twice to functions that are known to return twice. This implements
the same behavior of gcc by keeping the attribute out of the function type.

llvm-svn: 141803
2011-10-12 19:51:18 +00:00
Anna Zaks fedf5dfc71 [analyzer] Warn about the use of insecure, deprecated vfork() function PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053).
A patch by Graham Lee!

llvm-svn: 141643
2011-10-11 04:34:54 +00:00
Ted Kremenek 8f34b6999c [analyzer] Teach the static analyzer about CXXForRangeStmt. Patch by Jim Goodnow II!
llvm-svn: 141587
2011-10-10 22:36:31 +00:00
Ted Kremenek d79719b144 Provide basic static analyzer support for CXXTemporaryObjectExpr. Patch by Jim Goodnow II.
llvm-svn: 141433
2011-10-07 22:48:13 +00:00
Ted Kremenek b7531d622d [static analyzer] Fix crash in LiveVariables and Environment::getSVal() when analyzing C++ pointer-to-member calls. Fixes <rdar://problem/10243398>.
llvm-svn: 141312
2011-10-06 20:53:28 +00:00
Ted Kremenek f3e3f6645e Fix major regression in RetainCountChecker. DefaultSummaries were not being used when they were meant to be. Fixes <rdar://problem/10241614>.
llvm-svn: 141250
2011-10-05 23:54:29 +00:00