maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
94,091 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

461 Commits

Author SHA1 Message Date
Daniel Dunbar 56df97761d StringRef'ication of lots stuff, patch by Peter Davies! 
llvm-svn: 111314
 2010-08-17 22:39:59 +00:00
Ted Kremenek 5c3cea7b09 Remove dead code. 
llvm-svn: 111304
 2010-08-17 22:05:33 +00:00
Benjamin Kramer 35b077e674 Convert all uses of StringLiteral::getStrData() to StringLiteral::getString() 
and remove getStrData().  Patch by Peter Davies (with some tweaks).

llvm-svn: 111229
 2010-08-17 12:54:38 +00:00
Zhongxing Xu a66d1694f4 Generate a node instead of a sink. A leak is not a fatal error. 
llvm-svn: 111217
 2010-08-17 00:36:37 +00:00
Jordy Rose 5ccde8593f Allow the "size" of a buffer access check to be either signed or unsigned. Fixes PR7925. 
llvm-svn: 111205
 2010-08-16 23:25:19 +00:00
Tom Care c129cc18f0 Added basic psuedoconstant checking in IdempotentOperationChecker and fixed some test cases. 
llvm-svn: 111190
 2010-08-16 21:43:52 +00:00
Jordy Rose 63a38a1b94 Instead of using operator bool() for testing if a BindingKey is valid, use an explicit isValid() method. 
llvm-svn: 111181
 2010-08-16 20:53:01 +00:00
Jordy Rose 4a57ec86bb Move GRState::AssumeInBound out of its header file -- it's not really inline-friendly anymore. 
llvm-svn: 111179
 2010-08-16 20:34:06 +00:00
Jordy Rose 722f558f07 Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes: 
- Fix memcpy() and friends to actually invalidate the destination buffer.
- Emit a different message for out-of-bounds buffer accesses if the buffer is being written to.
- When conjuring symbols, let ValueManager figure out the type.

llvm-svn: 111120
 2010-08-16 07:51:42 +00:00
Jordy Rose df28e8ec41 - Allow making ElementRegions with complex offsets (expressions or symbols) for the purpose of bounds-checking. 
- Rewrite GRState::AssumeInBound to actually do that checking, and to use the normal constraint path.
- Remove ConstraintManager::AssumeInBound.
- Teach RegionStore and FlatStore to ignore those regions for now.

llvm-svn: 111116
 2010-08-16 01:15:17 +00:00
Jordy Rose d2b777a409 Move GRState's bind* methods out of its header file -- they're too big for inlining now. 
llvm-svn: 111113
 2010-08-15 22:19:33 +00:00
Zhongxing Xu ee770d40fd StoreManager::RemoveDeadBindings() can take a Store instead of an entire GRState now. 
llvm-svn: 111103
 2010-08-15 12:45:09 +00:00
Zhongxing Xu 0ba9fd6c47 Remove redundant method. 
llvm-svn: 111099
 2010-08-15 10:08:38 +00:00
Zhongxing Xu bce831f7e0 Implement MallocChecker::EvalDeadSymbols() with the new API. This time we 
iterate over symbols being tracked, instead of symbols being dead.

llvm-svn: 111097
 2010-08-15 08:19:57 +00:00
Argyrios Kyrtzidis 1cec2cc798 Remove dead code, caught by unused function warnings. 
llvm-svn: 111091
 2010-08-15 01:15:58 +00:00
Jordy Rose 2a2e21c902 Update CStringChecker to take advantage of the new metadata symbols and region change callback. Now does basic tracking of string length for general regions. Currently this is still only used for modeling strlen(). 
llvm-svn: 111081
 2010-08-14 21:02:52 +00:00
Jordy Rose ac0ab20e3b Add a callback for when region changes occur. Still somewhat of a work-in-progress, but working! Effect on clients: all changes to a store now go through GRState. 
llvm-svn: 111078
 2010-08-14 20:44:32 +00:00
Jordy Rose 1f3a553b9b Another metadata symbol change (missed a file) 
llvm-svn: 111077
 2010-08-14 20:22:12 +00:00
Jordy Rose 7fa9bf05bc Add a new metadata symbol type for checkers to use. Metadata symbols must be associated with a region and will be collected if the region dies or its checker fails to mark it as in use. 
llvm-svn: 111076
 2010-08-14 20:18:45 +00:00
Eli Friedman a2622dd266 Zap unused UnaryOperator::OffsetOf. 
llvm-svn: 110996
 2010-08-13 01:36:11 +00:00
Tom Care af9bbad718 Small changes to UnreachableCodeChecker 
- Added detection of Empty CFGBlocks (artificial blocks)
- Relaxed an assertion based on an incorrect assumption until further investigation

llvm-svn: 110974
 2010-08-12 23:01:06 +00:00
Tom Care f8a9863df9 Improved IdempotentOperationChecker false positives and false negatives. 
- Unfinished analysis may still report valid warnings if the path was completely analyzed
- New 'CanVary' heuristic to recursively determine if a subexpression has a varying element
- Updated test cases, including one known bug
- Exposed GRCoreEngine through GRExprEngine

llvm-svn: 110970
 2010-08-12 22:45:47 +00:00
Jordy Rose 5af0e3cbba Remove OwnershipAttr::Kind, since it's essentially redundant with attr::Kind the way it's being used. Also fix isa<OwnershipAttr> support, break more-than-80-char lines, and other miscellaneous ownership attr cleanup. 
llvm-svn: 110908
 2010-08-12 08:54:03 +00:00
Jordy Rose 2f7ee3ca40 Actually use reduced set of checkers in EvalAssume. 
llvm-svn: 110904
 2010-08-12 04:05:07 +00:00
Zhongxing Xu 8de0a3d8c3 MemRegion can refer to ASTContext without external help. 
llvm-svn: 110784
 2010-08-11 06:10:55 +00:00
Ted Kremenek 2b4adffa16 Have GRCoreEngine record the blocks where analysis was aborted because we visited a block too many times along a given path. This is to support the unreachable code analysis. 
llvm-svn: 110755
 2010-08-11 00:03:02 +00:00
Jordy Rose c6c0fc9164 Allow EvalBinOpNN to handle expressions of the form $a+$b if $b can be reduced to a constant. 
llvm-svn: 110592
 2010-08-09 20:31:57 +00:00
Douglas Gregor 8b2d2fe234 Allow reference binding of a reference of Objective-C object type to 
an lvalue of another, compatible Objective-C object type (e.g., a
subclass). Introduce a new initialization sequence step kind to
describe this binding, along with a new cast kind. Fixes PR7741.

llvm-svn: 110513
 2010-08-07 11:51:51 +00:00
Tom Care 925501c548 Removed IdempotentOperationChecker from default analysis and returned back to a flag (-analyzer-check-idempotent-operations) 
- Added IdempotentOperationChecker to experimental analyses for testing purposes
- Updated test cases to explictly call the checker

llvm-svn: 110482
 2010-08-06 22:23:07 +00:00
Ted Kremenek 0bbf24d579 Fix 80 col. violations. 
llvm-svn: 110473
 2010-08-06 21:12:55 +00:00
Ted Kremenek 63dc1f4694 Nest variable declaration into into 'if' condition, thus restricting the scope of the variable and condensing the code. 
llvm-svn: 110472
 2010-08-06 21:12:53 +00:00
Ted Kremenek b0c67c85db Use 'GenerateNode()' instead of 'GenerateSink()' when reporting a leak. A leak is not a hard enough bug to stop analyzing a path. 
llvm-svn: 110471
 2010-08-06 21:12:49 +00:00
Zhongxing Xu 44207a9e9f If all nodes are sunk, bail out early. This make the later check for checkersEvaluated really meaningful. 
llvm-svn: 110430
 2010-08-06 04:20:59 +00:00
Zhongxing Xu cf61a0639d Don't assert on a file stream if its state is not tracked. Fix pr7831. 
llvm-svn: 110392
 2010-08-05 23:24:13 +00:00
Jordy Rose afdb053618 When checking if a buffer access is valid, first make sure the buffer has a valid Loc. Fixes PR7830. 
llvm-svn: 110390
 2010-08-05 23:11:30 +00:00
Tom Care 16ba7c652e Fixed logic error in UnreachableCodeChecker's marking algorithm that would sometimes allow for multiple sequential statements to be flagged. 
llvm-svn: 110353
 2010-08-05 17:53:44 +00:00
Ted Kremenek 9c22219d9c Revert r110317, and add a comment why the assertion is not an invariant. 
llvm-svn: 110330
 2010-08-05 15:03:30 +00:00
Eli Friedman 0cdda02f44 Make checker recognize OffsetOfExpr as a form of __builtin_offsetof. 
llvm-svn: 110320
 2010-08-05 09:43:11 +00:00
Zhongxing Xu 478fdb16db Turn the predicate into an assertion. When could the unequal case happen? 
llvm-svn: 110317
 2010-08-05 07:38:23 +00:00
Jordy Rose 28041c29af Tweak GRState::unbindLoc to use makeWithStore, and make sure it's only called for non-region locations. 
llvm-svn: 110310
 2010-08-05 03:33:56 +00:00
Jordy Rose c88c74cb2f Remove InvalidateRegion from stores, since it's no longer called from outside. 
llvm-svn: 110309
 2010-08-05 03:28:45 +00:00
Ted Kremenek 1d08fd9b79 Correctly handle 'Class<...>' when examining Cocoa conventions in the static analyzer. Fixes a crash reported in <rdar://problem/8272168>. Patch by Henry Mason! 
llvm-svn: 110289
 2010-08-05 00:19:24 +00:00
Jordy Rose c36df4d0b7 Change the checker callback cache in GRExprEngine to be more compact (and IMHO a little easier to understand), and add the same sort of caching for EvalAssume (tied for least-used callback), mostly as proof-of-concept. 
Before we go further with these, we should figure out a way to reuse the visit-and-cache code in CheckerVisit.

llvm-svn: 110191
 2010-08-04 07:10:57 +00:00
Tom Care be633d91d0 Improved false positive detection and numerous small issues in UnreachableCodeChecker 
- Reporting now uses getUnreachableStmt which returns the Stmt* we should report
- Indexing of reachable and visited blocks now use CFGBlock ID's instead of pointers
- The CFG used in the unreachable search is now the unoptimized CFG
- Added 'Dead code' category to warnings
- Removed obsolete function getCondition
- Simplified false positive detection based on properties of FindUnreachableEntryPoints

llvm-svn: 110148
 2010-08-03 21:24:13 +00:00
Jordy Rose ddec092641 Makes GRState::makeWithStore private, to encourage clients to make store changes through GRState instead of directly accessing the StoreManager. Also adds cover methods for InvalidateRegion(s) and EnterStackFrame to GRState. 
This is in preparation for proposed region change notifications. No functionality change.

llvm-svn: 110137
 2010-08-03 20:44:35 +00:00
Zhongxing Xu 42b8c30de6 Allow offsets to be negative. Out-of-bound cases are checked elsewhere. We 
shouldn't put restrictions in store manager.

llvm-svn: 110106
 2010-08-03 06:34:25 +00:00
Zhongxing Xu 83734e46ce Pull the region offset computation logic into a single method. 
llvm-svn: 110102
 2010-08-03 04:52:05 +00:00
Tom Care 44081fbc6c Changed GRExprEngine to pass down a reference to itself when checkers are doing postanalysis. This allows the checker to gather information about the state of the engine when it has finished. 
- Exposed the worklist and BlockAborted flag in GRCoreEngine
- Changed postanalysis checkers to use the new infrastructure

llvm-svn: 110095
 2010-08-03 01:55:07 +00:00
Ted Kremenek 4a2b237967 Add -cc1 option '-unoptimized-cfg' to toggle using a CFG (for static analysis) that doesn't prune CFG edges. 
llvm-svn: 110087
 2010-08-03 00:09:51 +00:00
Ted Kremenek 297e2e5bf6 Fix idempotent operations false positive caused by ivars not being invalidated in function 
calls when the enclosing object had retain/release state.  Fixes <rdar://problem/8261992>.

llvm-svn: 110068
 2010-08-02 21:59:12 +00:00
John McCall 8b0f4ff317 Further adjustments to -Wglobal-constructors; works for references and direct 
initializations now.

llvm-svn: 110063
 2010-08-02 21:13:48 +00:00
Ted Kremenek 8a4a2b14e8 'Assumption &A' gets default initialized to 'Possible' if it doesn't exist; no need to two 
lookups in the hashtable.

llvm-svn: 110059
 2010-08-02 20:33:02 +00:00
Zhongxing Xu fd91d27630 Improve flat store: MemRegion::getAsOffset() computes a region's offset within 
the top-level object. FlatStore now can bind and retrieve element and field
regions.
PR7297 is fixed by flat store.

llvm-svn: 110020
 2010-08-02 04:56:14 +00:00
Ted Kremenek d21139a34f After a lengthy design discussion, add support for "ownership attributes" for malloc/free checking. Patch by Andrew McGregor! 
llvm-svn: 109939
 2010-07-31 01:52:11 +00:00
Tom Care 18f67e669f Uncomment unfinished work bailout in IdempotentOperationsChecker. 
llvm-svn: 109893
 2010-07-30 21:14:15 +00:00
Jordy Rose daa1c83413 Use a LazyCompoundVal to handle initialization with a string literal, rather than copying each character. 
llvm-svn: 109734
 2010-07-29 06:40:33 +00:00
Ted Kremenek 8bedb7dd3f Teach GRExprEngine::VisitLValue() about FloatingLiteral, ImaginaryLiteral, and CharacterLiteral. Fixes an assertion failure reported in PR 7675. 
llvm-svn: 109719
 2010-07-29 01:31:59 +00:00
Ted Kremenek 385f71b1f4 Augment RegionStore::BindStruct() to bind symbolicated struct values. This fixes a false path issue reported in <rdar://problem/8243408> and also spurs another cause where the idempotent operations checker fires. 
llvm-svn: 109710
 2010-07-29 00:28:47 +00:00
Ted Kremenek 7f904e8ad5 Change SymbolManager::canSymbolicate() to return true for RecordTypes. 
llvm-svn: 109709
 2010-07-29 00:28:43 +00:00
Ted Kremenek ab178fa678 Explicitly guard in BasicStore from storing to non-scalars. 
llvm-svn: 109708
 2010-07-29 00:28:40 +00:00
Ted Kremenek 1008a2a3d5 Remove extraneous guards around the call to getConjuredSymbolVal(). These checks are already done within getConjuredSymbolVal() itself. 
llvm-svn: 109707
 2010-07-29 00:28:33 +00:00
Tom Care 29a6250bf0 Added some false positive checking to UnreachableCodeChecker 
- Allowed reporting of dead macros
- Added path walking function to search for false positives in conditional statements
- Updated some affected tests
- Added some false positive test cases

llvm-svn: 109561
 2010-07-27 23:30:21 +00:00
Tom Care 76bdd685c2 Extracted out some useful common functions in IdempotentOperationChecker to their own CheckerHelpers file. 
llvm-svn: 109560
 2010-07-27 23:26:07 +00:00
Ted Kremenek 83b598c14f Finesse 'idempotent operations' analyzer issues to include the opcode of the binary operator for clearer error reporting. Also remove the 'Idempotent operation' prefix in messages; it's redundant since the bug type is the same. 
llvm-svn: 109527
 2010-07-27 18:49:08 +00:00
Ted Kremenek e5cc6a858a Put 'Idempotent operations' static analyzer issues in the 'Dead code' category. 
llvm-svn: 109517
 2010-07-27 17:52:52 +00:00
Jordy Rose 55442abee6 Don't warn about unreachable code if the block starts with __builtin_unreachable(). 
The next step is to warn if a block labeled unreachable is, in fact, reachable. Somewhat related to PR810.

llvm-svn: 109487
 2010-07-27 03:39:53 +00:00
Jordy Rose b052e8f436 Groundwork for C string length tracking. Currently only handles the length of constant string literals, which is not too helpful, and only calls to strlen() are checked. 
llvm-svn: 109480
 2010-07-27 01:37:31 +00:00
Tom Care cba9f517ac Added an path-sensitive unreachable code checker to the experimental analyzer checks. 
- Created a new class to do post-analysis
- Updated several test cases with unreachable code to expect a warning
- Added some general tests

llvm-svn: 109286
 2010-07-23 23:04:53 +00:00
Zhongxing Xu 5e6ef6d957 Add FILE* leak check to StreamChecker. Patch by Lei Zhang. 
llvm-svn: 109225
 2010-07-23 14:14:59 +00:00
Zhongxing Xu 73ede01cad Change arg type. 
llvm-svn: 109218
 2010-07-23 05:55:01 +00:00
Zhongxing Xu 692ac46a70 Delete unnecessary const_cast. 
llvm-svn: 109211
 2010-07-23 02:54:53 +00:00
Zhongxing Xu cabfb72654 AnalysisContext is not const. 
llvm-svn: 109210
 2010-07-23 02:49:07 +00:00
Zhongxing Xu f0c133fe88 This patch adds support for tmpfile in StreamChecker. Patch by Lei Zhang. 
llvm-svn: 109106
 2010-07-22 14:01:01 +00:00
Zhongxing Xu adf644d05e Make a bunch of new data structures for the new analysis 
engine of the new translation unit. State marshal is there but no real
work is done. End nodes are passed back.

llvm-svn: 109105
 2010-07-22 13:52:13 +00:00
Zhongxing Xu 2e01b80356 Move some methods inline. 
llvm-svn: 108988
 2010-07-21 05:21:41 +00:00
Zhongxing Xu edb77fe8b4 Constify all references to Stmt* and CFGBlock* in libChecker. 
llvm-svn: 108811
 2010-07-20 06:22:24 +00:00
Zhongxing Xu 6694255306 Constify. 
llvm-svn: 108804
 2010-07-20 02:56:49 +00:00
Zhongxing Xu 70856f7986 remove const_cast. 
llvm-svn: 108803
 2010-07-20 02:53:15 +00:00
Zhongxing Xu 3e02548d22 constify. 
llvm-svn: 108801
 2010-07-20 02:46:11 +00:00
Zhongxing Xu c2acbe0f45 Constify. 
llvm-svn: 108800
 2010-07-20 02:41:28 +00:00
Zhongxing Xu a74af93eaf remove CallInliner.cpp. 
llvm-svn: 108670
 2010-07-19 01:55:38 +00:00
Zhongxing Xu ec5623570e Add double close check to StreamChecker. Patch by Lei Zhang. 
llvm-svn: 108669
 2010-07-19 01:52:29 +00:00
Zhongxing Xu 84f65e0692 Reapply r108617. 
llvm-svn: 108668
 2010-07-19 01:31:21 +00:00
Chris Lattner ad4f38b1a9 BUILD_ARCHIVE is the default for libraries, no need to set it. 
llvm-svn: 108633
 2010-07-18 00:14:47 +00:00
Benjamin Kramer e2e031ed6f Revert r108617, it broke the build. 
llvm-svn: 108621
 2010-07-17 13:51:58 +00:00
Zhongxing Xu 4ca4a999b1 Prepare the analyzer for the callee in another translation unit: 
Let AnalysisContext contain a TranslationUnit.
  Let CallEnter refer to an AnalysisContext instead of a FunctionDecl.

llvm-svn: 108617
 2010-07-17 11:12:42 +00:00
Ted Kremenek b32964d02d Fix '<rdar://problem/8202272> __imag passed non-complex should not crash' by removing a bogus assertion. 
llvm-svn: 108602
 2010-07-17 01:28:55 +00:00
Ted Kremenek 8b9fd890e3 Fix APFloat assertion failure in IdempotentOperationChecker resulting in having 
an APFloat with different "float semantics" than the compared float literal.

llvm-svn: 108590
 2010-07-17 00:40:32 +00:00
Tom Care 826e6b4023 Improved false positive rate for the idempotent operations checker and moved it into the default path-sensitive analysis options. 
- Added checks for static local variables, self assigned parameters, and truncating/extending self assignments
- Removed command line option (now default with --analyze)
- Updated test cases to pass with idempotent operation warnings

llvm-svn: 108550
 2010-07-16 20:41:41 +00:00
Benjamin Kramer 8d5609b604 Pass StringRefs by value. 
llvm-svn: 108375
 2010-07-14 23:19:41 +00:00
Douglas Gregor 51954276cc Introduce a new cast kind for an "lvalue bitcast", which handles 
reinterpret_casts (possibly indirectly via C-style/functional casts)
on values, e.g., 

  int i;
  reinterpret_cast<short&>(i);

The IR generated for this is essentially the same as for

  *reinterpret_cast<short*>(&i).

Fixes PR6437, PR7593, and PR7344. 

llvm-svn: 108294
 2010-07-13 23:17:26 +00:00
Jordy Rose d5d2e50f3e Cleanup in CStringChecker. Now properly bifurcates the state for zero/nonzero sizes. 
llvm-svn: 107935
 2010-07-08 23:57:29 +00:00
Douglas Gregor 747eb7840a Reinstate the fix for PR7556. A silly use of isTrivial() was 
suppressing copies of objects with trivial copy constructors.

llvm-svn: 107857
 2010-07-08 06:14:04 +00:00
Douglas Gregor e182370eda Revert r107828 and r107827, the fix for PR7556, which seems to be 
breaking bootstrap on Linux.

llvm-svn: 107837
 2010-07-07 23:37:33 +00:00
Douglas Gregor 6df2b8c3ac Rename CXXZeroInitValueExpr to CXXScalarValueInitExpr, to reflect its 
newly-narrowed scope. No functionality change.

llvm-svn: 107828
 2010-07-07 22:43:56 +00:00
Argyrios Kyrtzidis 0b6a06a335 Simplify code and remove comment that is no longer relevant. 
llvm-svn: 107772
 2010-07-07 12:24:14 +00:00
Argyrios Kyrtzidis 568bc84562 Remove Decl::getCompoundBody(). 
This has 2 (slight) advantages:
-Make explicit at getBody()'s callsite that we expect/handle only CompoundStmt and not CXXTryStmt.
-Better tracking of Decl::getBody()'s callsites.

llvm-svn: 107771
 2010-07-07 11:31:34 +00:00
Argyrios Kyrtzidis 36ea322579 Introduce Decl::hasBody() and FunctionDecl::hasBody() and use them instead of getBody() when we are just checking the existence of a body, to avoid de-serialization of the body from PCH. 
Makes de-serialization of the function body even more "lazier".

llvm-svn: 107768
 2010-07-07 11:31:19 +00:00
Jordy Rose 65136fb669 Add memcmp() and bcmp() to CStringChecker. These check for valid access to the buffer arguments and have a special-case for when the buffer arguments are known to be the same address, or when the size is zero. 
llvm-svn: 107761
 2010-07-07 08:15:01 +00:00
Jordy Rose 33c829a6fd Cleanup on CStringChecker and its associated tests. Also check for null arguments...which are allowed if the access length is 0! 
llvm-svn: 107759
 2010-07-07 07:48:06 +00:00
Tom Care ca1f871ff8 Change explicit handling of impossible condition to call llvm_unreachable in IdempotentOperationChecker::PreVisitBinaryOperator. 
llvm-svn: 107748
 2010-07-07 01:27:17 +00:00
Chandler Carruth 509a9ce9da Silence an annoying GCC warning about use of an uninitialized variable. Even 
making the other switch case unreachable, or sinking the 'continue' into it
doesn't silence this.

llvm-svn: 107745
 2010-07-07 00:36:56 +00:00
Chandler Carruth dce439d11d Use 'llvm_unreachable' to mark impossible code paths so that GCC doesn't 
consider them for warnings.

llvm-svn: 107741
 2010-07-07 00:07:37 +00:00
Ted Kremenek da534381f8 Fix casts in RegionStore to not always assume that bindings are only to SubRegions. Fixes assertion failure 
reported in PR 7572.

llvm-svn: 107738
 2010-07-06 23:53:29 +00:00
Ted Kremenek 0fc6354f2f Implement dumpToStream() for NonStaticGlobalSpaceRegion and StaticGlobalSpaceRegion. 
llvm-svn: 107731
 2010-07-06 23:37:21 +00:00
Jordy Rose cf781e5430 Add comment noting VLASizeChecker's duty in defining a VLA's extent. 
llvm-svn: 107728
 2010-07-06 23:33:54 +00:00
Jordy Rose 134a236a14 Add a new path-sensitive checker for functions in <string.h>, for both null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon. 
llvm-svn: 107722
 2010-07-06 23:11:01 +00:00
Ted Kremenek 128bfb7643 Sort CMake file. 
llvm-svn: 107709
 2010-07-06 22:03:19 +00:00
Tom Care 3ff08a8e76 Added a path-sensitive idempotent operation checker (-analyzer-idempotent-operation). Finds idempotent and/or tautological operations in a path sensitive context, flagging operations that have no effect or a predictable effect. 
Example:
{
int a = 1;
int b = 5;
int c = b / a; // a is 1 on all paths
}

- New IdempotentOperationChecker class
- Moved recursive Stmt functions in r107675 to IdempotentOperationChecker
- Minor refactoring of SVal to allow checking for any integer
- Added command line option for check
- Added basic test cases

llvm-svn: 107706
 2010-07-06 21:43:29 +00:00
Zhongxing Xu 5b488b1e6c Add an assertion. 
llvm-svn: 107645
 2010-07-06 07:08:47 +00:00
Jordy Rose c7c8c3d66b Remove the now-unused GRState::isEqual method. Instead of asking if an expression equals a certain value, use SValuator::EvalEQ and GRState::Assume to see if it can, must, or must not equal that value. 
llvm-svn: 107638
 2010-07-06 04:12:24 +00:00
Jordy Rose 40c5c24c06 Improve NULL-checking for CFRetain/CFRelease. We now remember that the argument was non-NULL, and we report where the null assumption came from (like AttrNonNullChecker already did). 
llvm-svn: 107633
 2010-07-06 02:34:42 +00:00
Jordy Rose 0704a7fe43 Support sizeof for VLA expressions (sizeof(someVLA)). sizeof(int[n]) still unimplemented. A VLA region's sizeof value matches its extent. 
llvm-svn: 107611
 2010-07-05 04:42:43 +00:00
Jordy Rose e6b999bf9a Track extents for VLAs. 
llvm-svn: 107603
 2010-07-05 00:50:15 +00:00
Jordy Rose 674bd55f02 Add a new symbol type, SymbolExtent, to represent the extents of memory regions that may not be known at compile-time (such as those created by malloc). This replaces the old setExtent/getExtent API on Store, which used the GRState's GDM to store SVals. 
Also adds a getKnownValue() method to SValuator, which gets the integer value of an SVal if it is known to only have one possible value. There are more places in the code that could be using this, but in general we want to be dealing entirely in SVals, so its usefulness is limited.

The only visible functionality change is that extents are now honored for any DeclRegion, such as fields and Objective-C ivars, rather than just variables. This shows up in bounds-checking and cast-size-checking.

llvm-svn: 107577
 2010-07-04 00:00:41 +00:00
Ted Kremenek bd862711fd Fix PR 7475 by enhancing the static analyzer to also invalidate bindings for non-static global variables 
when calling a function/method whose impact on global variables we cannot accurately estimate.
This change introduces two new MemSpaceRegions that divide up the memory space of globals, and causes
RegionStore and BasicStore to consult a binding to the NonStaticGlobalsMemSpaceRegion when lazily
determining the value of a global.

llvm-svn: 107423
 2010-07-01 20:16:50 +00:00
Jordy Rose f7488ec6dc Add an ivar to SymbolReaper for the current statement, and then stop passing the current statement around everywhere. Preparation for symbolic extents. 
llvm-svn: 107422
 2010-07-01 20:09:55 +00:00
Zhongxing Xu bf81ed1fcf ExplodedGraph never uses ASTContext, remove it. 
llvm-svn: 107388
 2010-07-01 07:10:59 +00:00
Ted Kremenek 169e43c4cf Correctly implement the CheckerVisit optimization introduced in r106884, but this time actually used the cached checker list when calling back to Checker visit methods. This reduces the analysis time for sqlite3.c by 8%. 
llvm-svn: 107259
 2010-06-30 07:28:52 +00:00
Jordy Rose dc48471861 Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527. 
llvm-svn: 107236
 2010-06-30 01:35:20 +00:00
Ted Kremenek 090d62e7cc Tweaker Checker::VisitEndAnalysis to have 'hasWorkRemaining' also 
be true if some paths were aborted because they exceeded
the maximum loop unrolling count.

llvm-svn: 107209
 2010-06-29 21:58:54 +00:00
Dan Gohman 3bc1b0c882 llvm::errs() is non-buffered, so it doesn't need to be flushed. 
llvm-svn: 107012
 2010-06-28 15:56:07 +00:00
Jordy Rose 61176897ba Pointer comparisons (and pointer-pointer subtraction). Basically filling in SimpleSValuator::EvalBinOpLL(). 
llvm-svn: 106992
 2010-06-28 08:26:15 +00:00
Jordy Rose 7f8ea4d677 Implicitly compare symbolic expressions to zero when they're being used as constraints. Part of PR7491. 
llvm-svn: 106972
 2010-06-27 01:20:56 +00:00
Ted Kremenek f00eac5cff Allow '__extension__' to be analyzed in a lvalue context. 
llvm-svn: 106964
 2010-06-26 22:40:52 +00:00
Ted Kremenek 58f61ec1de Relax assertion since non-pod C++ classes are not aggregates, but still can appear in this context. 
llvm-svn: 106919
 2010-06-25 23:51:38 +00:00
Jordy Rose c3bcc36a0b When a constant size array is casted to another type, its length should be scaled as well. 
llvm-svn: 106911
 2010-06-25 23:23:04 +00:00
Ted Kremenek fe97a1ac65 Add "checker caching" to GRExprEngine::CheckerVisit to progressively build 
a winowed list of checkers that actually do something for a given StmtClass.
As the number of checkers grows, this may potentially significantly reduce
the number of checkers called at any one time.  My own measurements show that
for the ~20 registered Checker objects, only ~5 of them respond at any one time
to a give statement.  While this isn't a net performance win right now (there
is a minor slowdown on sqlite.3) this improvement does greatly improve debugging
when stepping through the checkers used to evaluate a given statement.

llvm-svn: 106884
 2010-06-25 20:59:31 +00:00
Ted Kremenek 76abf19ea6 Fix -analyze-display-progress (once again), this time with an additional regression test. 
llvm-svn: 106883
 2010-06-25 20:59:24 +00:00
Tom Care 375387d1f8 Change RegionStoreManager::Retrieve to infer the type of a symbolic region from the context when it is not already available. 
llvm-svn: 106868
 2010-06-25 18:22:31 +00:00
Ted Kremenek 87f475a329 Return null pointer instead of 'false' (fixes clang warning). 
llvm-svn: 106755
 2010-06-24 16:26:12 +00:00
Zhongxing Xu facf8a8e74 Add check for illegal whence argument of fseek. 
llvm-svn: 106742
 2010-06-24 13:36:41 +00:00
Zhongxing Xu a7e5dd6c3a Should return stateNotNull. 
llvm-svn: 106741
 2010-06-24 13:09:02 +00:00
Zhongxing Xu ae45144d81 Let StreamChecker::CheckNullStream() return a GRState after successful check. 
llvm-svn: 106738
 2010-06-24 12:52:28 +00:00
Ted Kremenek 574f304631 Add 'VisitEndAnalysis' callback to Checker class. This callback is called by GRExprEngine 
when the worklist algorithm has terminated.  This allows some checkers to do a post-analysis
phase after all paths have been analyzed.

llvm-svn: 106689
 2010-06-23 22:08:00 +00:00
Zhongxing Xu 2213aa360a add comments. 
llvm-svn: 106617
 2010-06-23 02:12:00 +00:00
Zhongxing Xu 93cef8665c add comments. 
llvm-svn: 106616
 2010-06-23 02:06:56 +00:00
Ted Kremenek 2a33a0deef Correctly construct an ElementRegion for alloca() + pointer arithmetic. Fixes analyzer 
crash reported in PR 7450.

llvm-svn: 106609
 2010-06-22 23:58:31 +00:00
Douglas Gregor 49b4d73451 Type Type::isRealFloatingType() that vectors are not floating-point 
types, updating callers of both isFloatingType() and
isRealFloatingType() accordingly. Caught at least one issue where we
allowed one to declare a vector of vectors (!), along with cleaning up
the standard-conversion logic for C++.

llvm-svn: 106595
 2010-06-22 23:07:26 +00:00
Ted Kremenek 55081f9317 Don't assert on C++ casts that are currently not handled by the static analyzer. 
Instead, halt the analysis of the current path, which is what we do in GRExprEngine::ProcessStmt
for all other C++ constructs not currently handled by the analyzer.

llvm-svn: 106561
 2010-06-22 19:05:10 +00:00
Zhongxing Xu 4505747979 Add a bunch of stream APIs to SteamChecker. 
llvm-svn: 106530
 2010-06-22 07:50:21 +00:00
Jordy Rose 79404afc1c When folding additive operations, convert the values to the same type. When assuming relationships, convert the integers to the same type as the symbol, at least for now. 
llvm-svn: 106458
 2010-06-21 20:15:15 +00:00
Jordy Rose 3d85888d4e If a nonnull argument evaluates to UnknownVal, don't warn (and don't crash). 
llvm-svn: 106456
 2010-06-21 20:08:28 +00:00
Benjamin Kramer 22a544bc82 Add braces to avoid an ambiguous else, fixing a GCC warning. 
llvm-svn: 106403
 2010-06-20 10:20:36 +00:00
Jordy Rose 895c899142 Adds analyzer support for idempotent and tautological binary operations such as "a*0" and "a+0". This is not very powerful, but does make the analyzer look a little smarter than it actually is. 
llvm-svn: 106402
 2010-06-20 04:56:29 +00:00
Jordy Rose 2dd9b02cc8 Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is. 
llvm-svn: 106401
 2010-06-20 04:30:57 +00:00
Jordy Rose c0fe8429f2 Fold additive constants, and support comparsions of the form $sym+const1 <> const2 
llvm-svn: 106339
 2010-06-18 22:49:11 +00:00
Chris Lattner ed8b6b799d introduce a new CharSourceRange class, and enhance the diagnostics routines 
to use them instead of SourceRange.  CharSourceRange is just a SourceRange
plus a bool that indicates whether the range has the end character resolved
or whether the end location is the start of the end token.  While most of
the compiler wants to think of ranges that have ends that are the start of
the end token, the printf diagnostic stuff wants to highlight ranges within
tokens.

This is transparent to the diagnostic stuff.  To start taking advantage of
the new capabilities, you can do something like this:
  Diag(..) << CharSourceRange::getCharRange(Begin,End)

llvm-svn: 106338
 2010-06-18 22:45:06 +00:00
Zhongxing Xu e96a9132b8 Add null stream check for more APIs. 
llvm-svn: 106274
 2010-06-18 02:47:46 +00:00
Ted Kremenek 5df037e808 Tweak stack address checker to report multiple cases where globals may reference stack memory. 
Also refactor the diagnostics so that we print out the kind of stack memory returned.

llvm-svn: 106210
 2010-06-17 04:21:37 +00:00