417d566775
Remove dead code.
...
llvm-svn: 138183
2011-08-20 01:15:28 +00:00
071a89c39f
Static Analyzer Diagnostics: Switch CFRefCount to using the new visitor API. BugReport no longer needs to inherit from BugReporterVisitor.
...
llvm-svn: 138142
2011-08-19 23:21:56 +00:00
f86615ca5c
Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) API in favor of addVisitor(BugReporterVisitor*).
...
1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well.
2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor.
3) Modify all the checkers to use the new API.
llvm-svn: 138126
2011-08-19 22:33:38 +00:00
be28d6c66d
Fix a memory leak in the analyzer - BugReports didn't get freed. Plus, remove invalid assert from the destructor which wasn't called previously due to the leak.
...
llvm-svn: 138027
2011-08-19 01:57:09 +00:00
f4dd4ae7cc
Static Analyzer Diagnostics: Move custom diagnostic visitors from BugReporterContext to BugReport.
...
One API change: I added BugReporter as an additional parameter to the BugReporterVisitor::VisitNode() method to allow visitors register other visitors with the report on the fly (while processing a node). This functionality is used by NilReceiverVisitor, which registers TrackNullOrUndefValue when the receiver is null.
llvm-svn: 138001
2011-08-18 22:37:56 +00:00
525cfe7d28
Remove DiagBugReport by pulling it into its parent BugReport.
...
llvm-svn: 137899
2011-08-17 23:21:23 +00:00
3a6bdf8f82
Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.
...
llvm-svn: 137894
2011-08-17 23:00:25 +00:00
217eb9043f
[analyzer] Migrate assumption and binding handling from CFRefCount to RetainReleaseChecker. This is mostly a textual move and required no supporting changes. No functionality change intended.
...
llvm-svn: 137874
2011-08-17 21:27:39 +00:00
c14efa7122
Fix a handful of dead stores found by Clang's static analyzer. There's a bunch of others I haven't touched.
...
llvm-svn: 137867
2011-08-17 21:04:19 +00:00
9c09ce48b4
Fix typo.
...
llvm-svn: 137814
2011-08-17 05:00:56 +00:00
075d73bcce
[analyzer] Add a warning for an incompatible plugin version.
...
llvm-svn: 137813
2011-08-17 04:56:03 +00:00
8b3929d956
Silence compiler warnings by casting object pointers to function pointers via intptr_t.
...
This is ugly but ISO C++ doesn't allow direct casts.
llvm-svn: 137812
2011-08-17 04:22:25 +00:00
93b86e494d
[analyzer] Add basic support for pluggable checkers.
...
llvm-svn: 137802
2011-08-17 01:30:59 +00:00
e1962328f5
[analyzer] teach ExprEngine about loads from static C++ class fields. Fixes <rdar://problem/9948787>.
...
llvm-svn: 137760
2011-08-16 21:37:52 +00:00
59cce71af6
[analyzer] Overhaul of checker registration in preparation for basic plugin support. Removes support for checker groups (we can add them back in later if we decide they are still useful), and -analyzer-checker-help output is a little worse for the time being (no packages).
...
llvm-svn: 137758
2011-08-16 21:24:21 +00:00
a06421a02c
MacOSKeychainAPIChecker: Turn it on by default.
...
llvm-svn: 137740
2011-08-16 20:02:05 +00:00
01ae1e1197
MacOSKeychainAPIChecker: Do not report double allocation if first allocation returned an error.
...
llvm-svn: 137720
2011-08-16 16:30:24 +00:00
31fdb61618
[analyzer] Enhance ConditionVisitor to handle arbitrary ValueDecls in binary expressions, and also handle inverting the order of comparison when the named decl appears on the RHS.
...
llvm-svn: 137714
2011-08-16 10:57:37 +00:00
01401a54f8
[analyzer] fix operation inversion calculation in ConditionVisitor.
...
llvm-svn: 137708
2011-08-16 03:44:38 +00:00
667417ef9c
[analyzer] Enhance ConditionVisitor to understand eagerly evaluated (simple) binary conditions, and teach it to only focus on constraint changes.
...
llvm-svn: 137705
2011-08-16 01:53:41 +00:00
b1bf2680f5
[analyzer] add ExprEngine::getEagerlyAssumedTags() to allow externally querying of "eagerly assumed" expressions.
...
llvm-svn: 137704
2011-08-16 01:53:39 +00:00
9815709cd2
[analyzer] Remove PostStmtCustom ProgramPoint. It can be represented using tagged PostStmts.
...
llvm-svn: 137697
2011-08-16 00:49:19 +00:00
5443a6497b
MacOSKeychainAPIChecker: The security API/memory leak checker should always generate regular nodes instead of sink nodes.
...
llvm-svn: 137681
2011-08-15 23:23:15 +00:00
32b9e234fe
Add ProgramState.cpp.
...
llvm-svn: 137677
2011-08-15 23:05:22 +00:00
001fd5b498
Rename GRState to ProgramState, and cleanup some code formatting along the way.
...
llvm-svn: 137665
2011-08-15 22:09:50 +00:00
29f9b7adc3
MacOSKeychainAPIChecker: Use llvm::SmallString instead of std::string (as per code review for r137523).
...
llvm-svn: 137633
2011-08-15 18:42:00 +00:00
5ef32dbf2a
Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
...
llvm-svn: 137537
2011-08-12 23:37:29 +00:00
e8f7316fee
[analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*.
...
Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner.
llvm-svn: 137529
2011-08-12 23:04:46 +00:00
59d741fec6
MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.
...
llvm-svn: 137526
2011-08-12 22:47:22 +00:00
fdd0aca0a5
MacOSKeychainAPIChecker:
...
Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope.
Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.
llvm-svn: 137523
2011-08-12 21:56:43 +00:00
add45b78dd
[analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't in
...
time. One is cleanup, the other is me being OCD about enum group nesting.
llvm-svn: 137517
2011-08-12 21:41:07 +00:00
c94894fbc2
MacOSKeychainAPIChecker: There is no need to use SymbolMetadata to represent the allocated data symbol, we can just use the symbol corresponding to the SymbolicRegion. This simplifies tracking of the symbol, for example, SymbolMetadata needs to go through extra hoops to stay alive.
...
Make AllocationState internal to the MacOSKeychainAPIChecker class.
llvm-svn: 137514
2011-08-12 21:14:26 +00:00
8df44b2632
[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't.
...
Patch by Olaf Krzikalla!
llvm-svn: 137498
2011-08-12 20:02:48 +00:00
9b25cee36f
Optimizations for Dependent Symbol tracking (as per Ted's code review for r137309):
...
1) Change SymbolDependTy map to keep pointers as data. And other small tweaks like making the DenseMap smaller 64->16 elements; remove removeSymbolDependencies() as it will probably not be used.
2) Do not mark dependents live more then once.
llvm-svn: 137401
2011-08-12 00:34:56 +00:00
22a9d0f316
Analyzer Core: Adding support for user-defined symbol dependencies. (For example, the allocated resource symbol only needs to be freed if no error has been returned by the allocator, so a checker might want to make the lifespan of the error code symbol depend on the allocated resource symbol.) Note, by default, the map that holds the dependencies will get destroyed along with the SymbolManager at the end of function exploration.
...
llvm-svn: 137309
2011-08-11 16:43:28 +00:00
173864b36c
Cleanup: remove CleanedSate member and GetState() wrapper from StmtNodeBuilder, not needed as of r137273.
...
llvm-svn: 137284
2011-08-11 00:11:21 +00:00
e309e05603
Cleanup: remove GetState() wrapper from ExprEngine, not needed as of r137273.
...
llvm-svn: 137279
2011-08-10 23:34:53 +00:00
5a56a6653f
Analyzer Core: In checkDeadSymbols checker callback, provide the state in which the symbols are not yet deleted so that checkers could inspect them. Since we are now always creating a transition in ProcessStmt(), remove the logic for adding a transition when none was generated. TODO: the extra transitions will have to be removed; more cleanups; a checker that tests teh new fucntionality.
...
llvm-svn: 137273
2011-08-10 23:14:54 +00:00
54d456758e
[analyzer] Start sketching out a new BugReporterVisitor that inspects branches and other expressions to generate interesting path events in diagnostics.
...
llvm-svn: 137012
2011-08-06 06:54:45 +00:00
84a1ca5280
[analyzer] Simplify logic for ExprEngine::VisitUnaryExprOrTypeTraitExpr to avoid recursion to subexpression.
...
This exposed bugs in the live variables analysis, and a latent analyzer bug in the SymbolReaper.
llvm-svn: 137006
2011-08-06 00:30:00 +00:00
c91ca30b4c
[analyzer] Change SymbolReaper to store region roots implied by the Environment, allowing it be queried when
...
determining if symbols derived from regions are still live.
llvm-svn: 137005
2011-08-06 00:29:57 +00:00
177ecfac21
KeychainAPI checker: Track SymbolMetadata instead of MemRegion in checker state so that we could clear the state on evalDeadSymbols; also track the return value.
...
llvm-svn: 137003
2011-08-05 23:52:45 +00:00
c52bed1814
KeychainAPI checker: Generate an error on double allocation. Pull out getAsPointeeMemoryRegion so that it could be reused.
...
llvm-svn: 136952
2011-08-05 00:37:00 +00:00
c686177555
KeychainAPI checker: Track additional pair of SecKeychain APIs. Also, keep exploring the transition on which a call to allocator function failed (to be able to find errors in examples like ErrorCodesFromDifferentAPISDoNotInterfere).
...
llvm-svn: 136930
2011-08-04 21:53:01 +00:00
08be9b99e3
KeychainAPI checker: Refactor to make it easier to add more allocator/deallocator API pairs. Add the allocator function ID to the checker state. Better comments.
...
llvm-svn: 136889
2011-08-04 17:28:06 +00:00
4aa34a5325
KeychainAPI checker: refactor to use early exit.
...
llvm-svn: 136852
2011-08-04 00:31:38 +00:00
388c18ec7f
KeychainAPI checker: Add basic diagnostics. Track MemoryRegion istead of SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.
...
llvm-svn: 136851
2011-08-04 00:26:57 +00:00
907377e303
[analyzer] Remove 'all-experimental' checker group.
...
llvm-svn: 136849
2011-08-04 00:25:50 +00:00
3f955e6d89
[analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
...
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
1c2fb270ce
[analyzer] Introduce MallocOverflowSecurityChecker, a simple flow-sensitive checker that may be useful for security auditing. This checker is currently too noisy to be on by default.
...
llvm-svn: 136804
2011-08-03 20:17:43 +00:00
59546b8f79
Static Analyzer diagnostics visualization: when the last location on a path is end of the function, the arrow should point to the closing brace, not the statement before it. Patch by Ted Kremenek.
...
llvm-svn: 136761
2011-08-03 01:57:49 +00:00
9a2001a817
[analyzer] Drastically simplify ExprEngine::VisitInitListExpr() by assuming all initializer expressions have already been evaluated.
...
llvm-svn: 136706
2011-08-02 18:27:05 +00:00
9ab728bb05
KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)
...
llvm-svn: 136694
2011-08-02 17:11:03 +00:00
15f496c118
Add a skeleton for the Keychain Services API Checker. Register it as OSX experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting..
...
llvm-svn: 136659
2011-08-01 22:40:01 +00:00
558e37858b
Remove dead code flagged by GCC's -Wunused-but-set-variable.
...
llvm-svn: 136581
2011-07-31 01:06:41 +00:00
67d7136f26
[analyzer] Remove recursive visitation in ExprEngine::VisitDeclStmt because it isn't needed anymore.
...
llvm-svn: 136522
2011-07-29 21:18:41 +00:00
e905c68cbd
[analyzer] Remove recursive visitation in ExprEngine::VisitCompoundLiteralExpr because it isn't needed anymore.
...
llvm-svn: 136521
2011-07-29 21:18:39 +00:00
dc492c29f7
[analyzer] Remove recursive visitation in ExprEngine::VisitCastExpr because it isn't needed anymore.
...
llvm-svn: 136520
2011-07-29 21:18:37 +00:00
cf36b0c64d
[analyzer] Remove recursive visitation in ExprEngine::VisitObjCForCollectionStmt because it isn't needed anymore.
...
llvm-svn: 136519
2011-07-29 21:18:35 +00:00
65eefed6c6
[analyzer] Remove explicit argument processing from ExprEngine::VisitObjCMessage() since it is no longer needed.
...
llvm-svn: 136518
2011-07-29 21:18:31 +00:00
4e577fae2c
[analyzer] Remove recursive visitation in ExprEngine::VisitLValObjCIvarRefExpr because it isn't needed anymore.
...
llvm-svn: 136517
2011-07-29 21:18:28 +00:00
003ec6ff83
[analyzer] tighten up ExprEngine::VisitObjCAtSynchronizationStmt().
...
llvm-svn: 136516
2011-07-29 21:18:26 +00:00
f8c0bcf101
[analyzer] Remove recursive visitation in ExprEngine::VisitObjCPropertyRefExpr because it isn't needed anymore.
...
llvm-svn: 136515
2011-07-29 21:18:24 +00:00
298e5cc7f4
[analyzer] Remove recursive visitation in ExprEngine::VisitCallExpr because it isn't needed anymore.
...
llvm-svn: 136514
2011-07-29 21:18:22 +00:00
22a1e65532
[analyzer] Remove recursive visitation in ExprEngine::VisitMemberExpr because it isn't needed anymore.
...
llvm-svn: 136513
2011-07-29 21:18:19 +00:00
db835cc213
[analyzer] Remove recursive visitation in ExprEngine::VisitLvalArraySubscriptExpr() because it is no longer needed.
...
llvm-svn: 136512
2011-07-29 21:18:17 +00:00
605415923f
Remove an unused function (found by Clang's -Wunused-function)
...
llvm-svn: 136434
2011-07-29 00:15:44 +00:00
73665188fc
Really remove FlatStoreManager and BasicStoreManager, this time from the driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
...
llvm-svn: 136422
2011-07-28 23:08:16 +00:00
e2e37b9afc
Remove FlatStoreManager and BasicStoreManager. The latter has long been obsolete and the former has no had development in a long time.
...
llvm-svn: 136420
2011-07-28 23:08:02 +00:00
e9fda1e48a
[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
...
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.
Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.
llvm-svn: 136419
2011-07-28 23:07:59 +00:00
e227f49302
[analyzer] fix bug in malloc checker where the tracked symbol would not properly be removed from the state.
...
llvm-svn: 136418
2011-07-28 23:07:51 +00:00
ae16d1cc67
[analyzer] Add StoreManager::includedInBindings() to to query whether a region is used in any bindings.
...
llvm-svn: 136416
2011-07-28 23:07:46 +00:00
6b1a761f3e
[analyzer] Add safety checking in RegionStoreManager for string literal underruns.
...
llvm-svn: 136415
2011-07-28 23:07:43 +00:00
47fc816b96
[analyzer] Teach Environment to not look through MaterializeTemporaryExprs.
...
llvm-svn: 136414
2011-07-28 23:07:41 +00:00
3b446215d1
[analyzer] Fix bug in ObjCMessage where casts were being incorrectly ignored.
...
llvm-svn: 136413
2011-07-28 23:07:38 +00:00
a644668193
[analyzer] fix handling of MaterializeTemporaryExpr by binding the result value to
...
the proper expression.
llvm-svn: 136412
2011-07-28 23:07:36 +00:00
d48db2115a
Rename getInstantiationLineNumber to getExpansionLineNumber in both
...
SourceManager and FullSourceLoc.
llvm-svn: 135969
2011-07-25 21:09:52 +00:00
42f35f9cd2
Rename getInstantiationColumnNumber to getExpansionColumnNumber in both
...
SourceManager and FullSourceLoc.
llvm-svn: 135965
2011-07-25 20:57:57 +00:00
c7ca5218b6
Rename getDecomposedInstantiationLoc to getDecomposedExpansionLoc.
...
llvm-svn: 135962
2011-07-25 20:52:32 +00:00
35f5320d8e
Mechanically rename SourceManager::getInstantiationLoc and
...
FullSourceLoc::getInstantiationLoc to ...::getExpansionLoc. This is part
of the API and documentation update from 'instantiation' as the term for
macros to 'expansion'.
llvm-svn: 135914
2011-07-25 16:49:02 +00:00
0e62c1cc0b
remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
...
them into the clang namespace.
llvm-svn: 135852
2011-07-23 10:55:15 +00:00
d2930c2100
In Objective-C, pull arbitrary attributes from overridden
...
methods, including indirectly overridden methods like those
declared in protocols and categories. There are mismatches
that we would like to diagnose but aren't yet, but this
is fine for now.
I looked at approaches that avoided doing this lookup
unless we needed it, but the infer-related-result-type
checks were doing it anyway, so I left it with the same
fast-path check for no previous declartions of that
selector.
llvm-svn: 135743
2011-07-22 02:45:48 +00:00
86070b9c0f
Move AnalysisManager constructor out of line. No functionality change (yet).
...
llvm-svn: 135667
2011-07-21 05:22:52 +00:00
189ecec4db
Simplify passing of CFGBuildOptions around for AnalysisContext. No functionality change.
...
llvm-svn: 135666
2011-07-21 05:22:47 +00:00
a39e10fd7c
[analyzer] Very minor cleanup in PthreadLockChecker. No functionality change.
...
llvm-svn: 135518
2011-07-19 20:31:42 +00:00
d9c522100e
[analysis] Add checks for double-locking and lock order reversal bugs for
...
pthread and XNU locks. Patch by Rui Paulo!
llvm-svn: 135515
2011-07-19 20:21:41 +00:00
c85964ed90
[analyzer] Place checking for Core Foundation "Create" rule into a proper API. No functionality change.
...
llvm-svn: 135349
2011-07-16 19:50:32 +00:00
43426f8fcb
Add tests for CFRefReport's path notes, and fix a few typos and non-standard terminology ('+0 retain counts') caught by the tests.
...
llvm-svn: 135310
2011-07-15 22:17:54 +00:00
b72bd53f7d
[analyzer] GNU __null is a pointer-sized integer, not a pointer. Fixes PR10372.
...
llvm-svn: 135294
2011-07-15 20:29:02 +00:00
f3dd00a26c
Clean up UnixAPIChecker, including switching its array of BugTypes to llvm::OwningPtr<BugType> vars (the new convention). No functionality change.
...
llvm-svn: 135255
2011-07-15 06:28:59 +00:00
ede26958bf
Clean up MacOSXAPIChecker, including switching its array of BugTypes to a single llvm::OwningPtr<BugType> (the new convention). No functionality change.
...
llvm-svn: 135250
2011-07-15 06:02:19 +00:00
7c454bb8ce
Create a new expression node, SubstNonTypeTemplateParmExpr,
...
to represent a fully-substituted non-type template parameter.
This should improve source fidelity, as well as being generically
useful for diagnostics and such.
llvm-svn: 135243
2011-07-15 05:09:51 +00:00
4db5c3c83a
In ARC, reclaim all return values of retainable type, not just those
...
where we have an immediate need of a retained value.
As an exception, don't do this when the call is made as the immediate
operand of a __bridge retain. This is more in the way of a workaround
than an actual guarantee, so it's acceptable to be brittle here.
rdar://problem/9504800
llvm-svn: 134605
2011-07-07 06:58:02 +00:00
5c70b06feb
Teach the static analyzer's interpretation of Cocoa conventions to
...
obey the objc_method_family attribute when provided. Fixes
<rdar://problem/9726279>.
llvm-svn: 134493
2011-07-06 16:00:34 +00:00
bf15d2b311
Update for llvm commit r134291.
...
Fixes rdar://9714064
llvm-svn: 134292
2011-07-02 00:20:22 +00:00
4d3c1511ac
[analyzer] Use UnknownVal when default-initializing arrays whose element types we don't model, to distinguish them from uninitialized arrays (PR10163).
...
llvm-svn: 133937
2011-06-27 20:36:38 +00:00
fe31481f68
Introduce a new AST node describing reference binding to temporaries.
...
MaterializeTemporaryExpr captures a reference binding to a temporary
value, making explicit that the temporary value (a prvalue) needs to
be materialized into memory so that its address can be used. The
intended AST invariant here is that a reference will always bind to a
glvalue, and MaterializeTemporaryExpr will be used to convert prvalues
into glvalues for that binding to happen. For example, given
const int& r = 1.0;
The initializer of "r" will be a MaterializeTemporaryExpr whose
subexpression is an implicit conversion from the double literal "1.0"
to an integer value.
IR generation benefits most from this new node, since it was
previously guessing (badly) when to materialize temporaries for the
purposes of reference binding. There are likely more refactoring and
cleanups we could perform there, but the introduction of
MaterializeTemporaryExpr fixes PR9565, a case where IR generation
would effectively bind a const reference directly to a bitfield in a
struct. Addresses <rdar://problem/9552231>.
llvm-svn: 133521
2011-06-21 17:03:29 +00:00
b41f7c55f5
[analyzer] Finish size argument checking for strncat (and strncpy).
...
llvm-svn: 133472
2011-06-20 21:55:40 +00:00
789adbb3ed
[analyzer] Replace stream-built error message with constant string. No functionality change.
...
llvm-svn: 133410
2011-06-20 03:51:53 +00:00
328deeed7f
[analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
...
llvm-svn: 133408
2011-06-20 03:49:16 +00:00
dceb0cf3f3
[analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
...
llvm-svn: 133406
2011-06-20 02:06:40 +00:00
640767fff6
Initialize a couple of variables to shut GCC up.
...
llvm-svn: 133246
2011-06-17 06:50:50 +00:00
c026370858
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
...
llvm-svn: 133154
2011-06-16 07:13:34 +00:00
0585a61821
[analyzer] Fix trivial errors in previous commit.
...
I will not commit without building first.
I will not commit without building first.
I will not commit without building first...
llvm-svn: 133150
2011-06-16 05:56:50 +00:00
455bd58d4e
[analyzer] Cleanup: mainly 80-char violations and preferring SValBuilder::getComparisonType() to just referencing IntTy.
...
llvm-svn: 133149
2011-06-16 05:51:02 +00:00
31168b077c
Automatic Reference Counting.
...
Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.
Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.
llvm-svn: 133103
2011-06-15 23:02:42 +00:00
634c12d23f
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
...
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
llvm-svn: 133046
2011-06-15 05:52:56 +00:00
0e9fb28e95
[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
...
llvm-svn: 133044
2011-06-15 05:14:03 +00:00
b891bd8a3c
[analyzer] When performing a binary operation on symbolic operands, we convert the symbol values to a common type. But in a relational operation, the result is an 'int' or 'bool', which may not be the appropriate type to convert the operands to. In these cases, use the left-hand operand's type as the conversion type.
...
There's no associated test for this because fully-constrained symbolic values are evaluated ahead of time in normal expressions. This can only come up in checker-constructed expressions (like the ones in an upcoming patch to CStringChecker).
llvm-svn: 133041
2011-06-15 04:55:49 +00:00
bc7483f505
[analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.
...
llvm-svn: 132958
2011-06-14 01:40:43 +00:00
45d8c12b68
[analyzer] Change large if body to early return. No functionality change.
...
llvm-svn: 132956
2011-06-14 01:26:48 +00:00
d359289669
[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.
...
llvm-svn: 132955
2011-06-14 01:15:31 +00:00
1734737d9f
[analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary.
...
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.
llvm-svn: 132840
2011-06-10 08:49:37 +00:00
ab8a668849
[analyzer] Look through __extension__ expressions in a GRState's Environment. Fixes PR8962.
...
llvm-svn: 132762
2011-06-08 22:47:39 +00:00
fb5e8c2814
[analyzer] Change an indent-if to an early return. No functionality change.
...
llvm-svn: 132618
2011-06-04 01:50:25 +00:00
097c5397a8
[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
...
llvm-svn: 132617
2011-06-04 01:47:27 +00:00
64ae92e5c5
[analyzer] Remove extra assignment that actually lost a few of the assumptions.
...
llvm-svn: 132614
2011-06-04 01:22:21 +00:00
55808c1026
Add support for builtin astype:
...
__builtin_astype(): Used to reinterpreted as another data type of the same size using for both scalar and vector data types.
Added test case.
llvm-svn: 132612
2011-06-04 00:47:47 +00:00
4451cd4511
[analyzer] Fix comment for (still-disabled) evalStrncpy
...
llvm-svn: 132608
2011-06-04 00:05:23 +00:00
63b84be6cb
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
...
llvm-svn: 132607
2011-06-04 00:04:22 +00:00
aee7fb9e64
[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)
...
llvm-svn: 132605
2011-06-03 23:42:56 +00:00
f230198f15
Tighen analyzer diagnostics w.r.t ObjC/CF leaks.
...
llvm-svn: 132130
2011-05-26 18:45:44 +00:00
4c5d2888f4
static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen.
...
llvm-svn: 132100
2011-05-25 23:57:29 +00:00
86d49ce20c
Teach analyzer about cf_returns_not_retained for C functions.
...
llvm-svn: 132049
2011-05-25 06:29:39 +00:00
8e2c9b0180
Enhance retain/release checker to flag warnings when functions returning CG types do not follow the Core Foundation naming conventions.
...
llvm-svn: 132048
2011-05-25 06:19:45 +00:00
61b6e49ee1
A few more is(Un)signedIntegerType/is(Un)signedOrEnumerationType cleanups.
...
llvm-svn: 131793
2011-05-21 16:28:01 +00:00
109b127e02
Fix regression in static analyzer's handling of prefix '--' operator. It was being treated as postfix '--' in C mode.
...
llvm-svn: 131770
2011-05-20 23:40:06 +00:00
6ab2fa8f78
Introduce Type::isSignedIntegerOrEnumerationType() and
...
Type::isUnsignedIntegerOrEnumerationType(), which are like
Type::isSignedIntegerType() and Type::isUnsignedIntegerType() but also
consider the underlying type of a C++0x scoped enumeration type.
Audited all callers to the existing functions, switching those that
need to also handle scoped enumeration types (e.g., those that deal
with constant values) over to the new functions. Fixes PR9923 /
<rdar://problem/9447851>.
llvm-svn: 131735
2011-05-20 16:38:50 +00:00
f377cb82f9
Teach RegionStore not to symbolic array values whose indices it cannot reason about.
...
llvm-svn: 131702
2011-05-19 23:37:58 +00:00
5f06955aa0
Teach static analyzer to analyze Objective-C methods in category implementations.
...
llvm-svn: 131614
2011-05-19 00:56:53 +00:00
4a8ea1092a
Modify some deleted function methods to better reflect reality:
...
- New isDefined() function checks for deletedness
- isThisDeclarationADefinition checks for deletedness
- New doesThisDeclarationHaveABody() does what
isThisDeclarationADefinition() used to do
- The IsDeleted bit is not propagated across redeclarations
- isDeleted() now checks the canoncial declaration
- New isDeletedAsWritten() does what it says on the tin.
- isUserProvided() now correct (thanks Richard!)
This fixes the bug that we weren't catching
void foo() = delete;
void foo() {}
as being a redefinition.
llvm-svn: 131013
2011-05-06 20:44:56 +00:00
e69ab05f6e
Add Checker callback for running a checker at the end of processing an entire TranslationUnit. Patch by Lei Zhang.
...
llvm-svn: 130913
2011-05-05 03:41:17 +00:00
5066858bcd
Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
...
llvm-svn: 130758
2011-05-03 16:34:26 +00:00
e9f364f658
Tweak the retain/release checker to not stop tracking retained objects when calling C++ methods. This is a temporary solution to prune false positives until we have a general story using annotations.
...
llvm-svn: 130726
2011-05-02 21:21:42 +00:00
aa181174e7
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.
...
llvm-svn: 130711
2011-05-02 19:42:42 +00:00
0b510279c6
Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
...
llvm-svn: 130708
2011-05-02 19:05:49 +00:00
8067746554
Move the SelfInit checker to the 'cocoa.experimental' package.
...
llvm-svn: 130598
2011-04-30 06:46:45 +00:00
18470e3287
Use StringRef::substr() and unbounded StringRef::compare() instead of bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed.
...
llvm-svn: 130425
2011-04-28 19:31:12 +00:00
ed2cc6ccbb
Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.
...
This fixes Bugzilla #9806 .
llvm-svn: 130422
2011-04-28 18:59:43 +00:00
4af23c8159
Implements strcasecmp() checker in Static Analyzer.
...
llvm-svn: 130398
2011-04-28 15:09:11 +00:00
1c0675e155
Parsing/AST support for Structured Exception Handling
...
Patch authored by Sohail Somani.
Provide parsing and AST support for Windows structured exception handling.
llvm-svn: 130366
2011-04-28 01:08:34 +00:00
6242b6a688
Implementation of Embarcadero array type traits
...
Patch authored by John Wiegley.
These are array type traits used for parsing code that employs certain
features of the Embarcadero C++ compiler: __array_rank(T) and
__array_extent(T, Dim).
llvm-svn: 130351
2011-04-28 00:16:57 +00:00
005b5c1aee
More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.
...
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!
llvm-svn: 130303
2011-04-27 14:49:29 +00:00
08b434f450
Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without
...
resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.
llvm-svn: 130292
2011-04-27 05:34:09 +00:00
e553e40467
Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
...
llvm-svn: 130161
2011-04-25 22:21:00 +00:00
f9f6584e95
t/clang/expr-traits
...
Patch authored by David Abrahams.
These two expression traits (__is_lvalue_expr, __is_rvalue_expr) are used for
parsing code that employs certain features of the Embarcadero C++ compiler.
llvm-svn: 130122
2011-04-25 06:54:41 +00:00
1a180156b6
Remove unused STL header includes.
...
llvm-svn: 130068
2011-04-23 19:53:52 +00:00
11e5c8b31a
Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.
...
llvm-svn: 130003
2011-04-22 18:01:30 +00:00
d1f65f61ee
Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746.
...
llvm-svn: 129741
2011-04-19 01:16:46 +00:00
dda56e4b4a
Support for C++11 (non-template) alias declarations.
...
llvm-svn: 129567
2011-04-15 14:24:37 +00:00
57540c5be0
fix a bunch of comment typos found by codespell. Patch by
...
Luis Felipe Strano Moraes!
llvm-svn: 129559
2011-04-15 05:22:18 +00:00
9114759641
C1X: implement generic selections
...
As an extension, generic selection support has been added for all
supported languages. The syntax is the same as for C1X.
llvm-svn: 129554
2011-04-15 00:35:48 +00:00
02e85f3bc5
Add support for C++0x's range-based for loops, as specified by the C++11 draft standard (N3291).
...
llvm-svn: 129541
2011-04-14 22:09:26 +00:00
ced5feaec9
Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols.
...
llvm-svn: 129395
2011-04-12 21:47:05 +00:00
905a602e0c
Fix another IdempotentOperationsChecker corner case when determining if an active block on the worklist
...
impacts the results of the check.
llvm-svn: 129394
2011-04-12 21:47:02 +00:00
8a4c760c20
ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset.
...
llvm-svn: 129366
2011-04-12 17:21:33 +00:00
f3539ad5c7
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
...
llvm-svn: 129364
2011-04-12 17:08:43 +00:00
f52718899f
static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression.
...
llvm-svn: 129349
2011-04-12 05:12:39 +00:00
57a4a152b2
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic.
...
llvm-svn: 129348
2011-04-12 03:49:37 +00:00
4f939da02d
RegionStoreManager::invalidateRegions: treat classes the same as structs.
...
llvm-svn: 129333
2011-04-12 00:44:31 +00:00
2979fe01da
After some discussion with Doug, we decided that it made a lot more sense
...
for __unknown_anytype resolution to destructively modify the AST. So that's
what it does now, which significantly simplifies some of the implementation.
Normal member calls work pretty cleanly now, and I added support for
propagating unknown-ness through &.
llvm-svn: 129331
2011-04-12 00:42:48 +00:00
8ef59e5c03
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls.
...
llvm-svn: 129308
2011-04-11 22:22:05 +00:00
2d2e870745
More __unknown_anytype work.
...
llvm-svn: 129269
2011-04-11 07:02:50 +00:00
8a01a751c9
Remove CK_DynamicToNull.
...
llvm-svn: 129265
2011-04-11 02:03:26 +00:00
c602006638
As a first step towards fixing PR9641, add a CK_DynamicToNull cast kind which
...
represents a dynamic cast where we know that the result is always null.
For example:
struct A {
virtual ~A();
};
struct B final : A { };
struct C { };
bool f(B* b) {
return dynamic_cast<C*>(b);
}
llvm-svn: 129256
2011-04-10 20:33:22 +00:00
467dbd5f13
strcat() and strncat() model additions to CStringChecker.
...
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
llvm-svn: 129215
2011-04-09 15:12:58 +00:00
f603f3afbd
Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs
...
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
llvm-svn: 129166
2011-04-08 22:42:35 +00:00
319963434c
Basic, untested implementation for an "unknown any" type requested by LLDB.
...
The idea is that you can create a VarDecl with an unknown type, or a
FunctionDecl with an unknown return type, and it will still be valid to
access that object as long as you explicitly cast it at every use. I'm
still going back and forth about how I want to test this effectively, but
I wanted to go ahead and provide a skeletal implementation for the LLDB
folks' benefit and because it also improves some diagnostic goodness for
placeholder expressions.
llvm-svn: 129065
2011-04-07 08:22:57 +00:00
3337ca5f95
When updating the retain summary based on {cf,ns}_consumed attributes,
...
be sure to consume the argument index that actually had the attribute
rather than always the first. rdar://problem/9234108
llvm-svn: 128998
2011-04-06 09:02:12 +00:00
de909e4946
Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
...
Also, brings the security syntax checker more inline with coding standards.
llvm-svn: 128916
2011-04-05 20:18:46 +00:00
378819342e
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
...
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
llvm-svn: 128858
2011-04-04 23:29:12 +00:00
fca2e9618a
Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.
...
llvm-svn: 128785
2011-04-03 05:07:11 +00:00
a95594416e
static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge.
...
Patch by Lei Zhang!
llvm-svn: 128784
2011-04-03 04:34:49 +00:00
850d35be16
Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.
...
llvm-svn: 128783
2011-04-03 04:09:15 +00:00
af2371e368
Remove a redundant method. We have a const version.
...
llvm-svn: 128762
2011-04-02 03:20:45 +00:00
8f89f7c893
Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.
...
llvm-svn: 128761
2011-04-02 02:56:23 +00:00
c703a666f7
static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times.
...
llvm-svn: 128760
2011-04-02 02:56:17 +00:00
6ffe738f24
Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
...
llvm-svn: 128679
2011-03-31 22:09:14 +00:00
79d74141b1
Adding Static Analyzer checker for mempcpy().
...
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
llvm-svn: 128677
2011-03-31 21:36:53 +00:00
70568c2be7
Fix spelling in a comment. (test commit)
...
llvm-svn: 128670
2011-03-31 21:26:55 +00:00
40d16c0e75
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
...
recover some path-sensitivity by conjuring a symbol.
llvm-svn: 128612
2011-03-31 04:46:53 +00:00
61a4f6682a
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
...
llvm-svn: 128611
2011-03-31 04:04:48 +00:00
98a24e37c5
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
...
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
llvm-svn: 128557
2011-03-30 17:41:19 +00:00
84d7907797
[analyzer] Allow all checkers of a group to be enabled.
...
llvm-svn: 128512
2011-03-29 23:57:41 +00:00
437758cbe6
[analyzer] For -analyzer-checker-help show all the info about groups, packages, and which packages/checkers are hidden.
...
llvm-svn: 128511
2011-03-29 23:57:38 +00:00
4ee039647a
[analyzer] Checker Packages can now belong to a group. This requires llvm commit r128474.
...
llvm-svn: 128475
2011-03-29 18:54:02 +00:00
642b03413f
Don't add a symbolic region for 'this' if the member function is static.
...
llvm-svn: 128340
2011-03-26 14:30:44 +00:00
104f6dfd1f
Tweak grammar in checker description.
...
llvm-svn: 128310
2011-03-26 00:25:42 +00:00
49c79790de
Rework checker "packages" and groups to be more hierarchical.
...
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
ddc06d0bd0
Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.
...
This rename serves two purposes:
- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.
llvm-svn: 127930
2011-03-19 01:00:33 +00:00
70727343cf
Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.
...
llvm-svn: 127798
2011-03-17 04:10:25 +00:00
6fa1daede5
Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.
...
llvm-svn: 127797
2011-03-17 04:01:35 +00:00
3e5ad5932e
Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without
...
invalidating the entire binding. Fixes PR 9455.
llvm-svn: 127796
2011-03-17 03:51:51 +00:00
4ceebbf54d
VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.
...
llvm-svn: 127719
2011-03-16 00:22:51 +00:00
cdb2ae587a
Remove bogus assertion in IdempotentOperationsChecker.
...
llvm-svn: 127687
2011-03-15 19:27:57 +00:00
161f9a3829
Sort
...
llvm-svn: 127624
2011-03-14 21:20:46 +00:00
066b226daa
Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.
...
Also add a test case showing that we correctly report multiple warnings for the same message expression.
llvm-svn: 127605
2011-03-14 19:50:37 +00:00
d91d5f162f
Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.
...
Ted or Argiris, I'd appreciate a review!
llvm-svn: 127572
2011-03-13 20:35:21 +00:00
a4a57c10da
Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.
...
llvm-svn: 127531
2011-03-12 06:14:28 +00:00
e5a89ac52a
Don't have side-effects (or rather non-trivial computation) in StringSwitch "cases."
...
llvm-svn: 127528
2011-03-12 04:08:07 +00:00
f89710b936
Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators.
...
This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).
llvm-svn: 127525
2011-03-12 02:49:15 +00:00
52d264cda5
Fix comments, and force auto progagation in VisitAggExpr.
...
llvm-svn: 127524
2011-03-12 02:49:11 +00:00
97474f7414
static analyzer: Handle 'ExprWithCleanups' in ExprEngine by essentially ignoring them.
...
llvm-svn: 127523
2011-03-12 02:49:09 +00:00
e190dee7a5
Add support for the OpenCL vec_step operator, by generalising and
...
extending the existing support for sizeof and alignof. Original
patch by Guy Benyei.
llvm-svn: 127475
2011-03-11 19:24:49 +00:00
2f1f023283
#include Store.h into BasicValueFactory.cpp to provide definitions of StoreRef constructor.
...
llvm-svn: 127291
2011-03-08 23:39:37 +00:00
4bb6c6b37e
static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects.
...
llvm-svn: 127288
2011-03-08 23:18:00 +00:00
3c50aea73f
Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString.
...
llvm-svn: 127268
2011-03-08 20:05:26 +00:00
b4526252db
Move some of the logic about classifying Objective-C methods into
...
conventional categories into Basic and AST. Update the self-init checker
to use this logic; CFRefCountChecker is complicated enough that I didn't
want to touch it.
llvm-svn: 126817
2011-03-02 01:50:55 +00:00
eff9a7ff91
Teach CFGBuilder to prune trivially unreachable case statements.
...
llvm-svn: 126797
2011-03-01 23:12:55 +00:00
96a7a59119
In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.
...
- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.
llvm-svn: 126738
2011-03-01 03:15:10 +00:00
a9a0f5d206
[analyzer] Also make sure that the parameter is coming from the current stack frame.
...
llvm-svn: 126735
2011-03-01 01:59:41 +00:00
456b18c279
[analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted!
...
llvm-svn: 126734
2011-03-01 01:47:48 +00:00
918c847890
[analyzer] Move lib/StaticAnalyzer/Checkers/ExprEngine.cpp -> lib/StaticAnalyzer/Core
...
and hope the wrath of the buildbots will not descend upon me.
llvm-svn: 126728
2011-03-01 01:24:23 +00:00
6a5674ffa6
[analyzer] Rename CheckerV2 -> Checker.
...
llvm-svn: 126726
2011-03-01 01:16:21 +00:00
0036b19abd
[analyzer] Remove Checker V1.
...
llvm-svn: 126725
2011-03-01 01:16:08 +00:00
d665807901
[analyzer] Remove checker V1 registration and running from ExprEngine.
...
llvm-svn: 126724
2011-03-01 01:16:03 +00:00
5ad574c096
Improves the coding style in SValBuilder. This patch:
...
- renames evalCastNL and evalCastL to evalCastFromNonLoc and
evalCastFromLoc (avoid abbreviations that aren't well known).
- makes all function parameter names start with a lower case letter
for consistency and distinction from member variables.
- avoids abbreviations in function parameter names.
Reviewed by kremenek@apple.com .
llvm-svn: 126722
2011-03-01 00:45:32 +00:00
29b8656935
[analyzer] Remove unused checker stuff from AnalysisConsumer and some unused headers.
...
llvm-svn: 126690
2011-02-28 22:30:38 +00:00
9eb02dfa89
[analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
...
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
6a1c760760
[analyzer] Run the ExprEngine depending on the CheckerManager having path-sensitive checkers.
...
llvm-svn: 126674
2011-02-28 19:49:17 +00:00
20f5caa518
[analyzer] The current UninitializedValuesChecker will go away, remove '-warn-uninit-values'.
...
llvm-svn: 126673
2011-02-28 19:49:12 +00:00
2c49ec7f1d
[analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
...
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.
llvm-svn: 126659
2011-02-28 17:36:18 +00:00
a15dfec3f5
[analyzer] Introduce "event" mechanism in CheckerManager.
...
A checker can register as receiver/listener of "events" (basically it registers a callback
with a function getting called with an argument of the event type) and other checkers can
register as "dispatchers" and can pass an event object to all the listeners.
This allows cooperation amongst checkers but with very loose coupling.
llvm-svn: 126658
2011-02-28 17:36:09 +00:00
98b570ecad
[analyzer] Run AST checkers for ObjCMethodDecls.
...
llvm-svn: 126657
2011-02-28 17:36:04 +00:00
64965ad75d
Fix CMake build.
...
llvm-svn: 126629
2011-02-28 02:13:22 +00:00
4b45f6628e
[analyzer] Introduce SVal::getAsVarDecl().
...
llvm-svn: 126627
2011-02-28 01:28:18 +00:00
6d6801c5c7
[analzyer] Migrate CallAndMessageChecker to CheckerV2.
...
llvm-svn: 126626
2011-02-28 01:28:13 +00:00
64fe456a6b
[analyzer] ExprEngine should not depend on checkers for not crashing.
...
llvm-svn: 126625
2011-02-28 01:28:08 +00:00
0a5a41d799
[analyzer] Migrate AdjustedReturnValueChecker to CheckerV2.
...
llvm-svn: 126624
2011-02-28 01:28:05 +00:00
6fff2e3d36
[analyzer] Migrate AttrNonNullChecker to CheckerV2.
...
llvm-svn: 126623
2011-02-28 01:28:01 +00:00
4f7745a3b1
[analyzer] ExprEngine should not depend on checkers for not crashing.
...
llvm-svn: 126622
2011-02-28 01:27:57 +00:00
68ed625bd3
[analyzer] Migrate VLASizeChecker to CheckerV2.
...
llvm-svn: 126621
2011-02-28 01:27:54 +00:00
ae468f77fa
[analyzer] Migrate DivZeroChecker to CheckerV2.
...
llvm-svn: 126620
2011-02-28 01:27:50 +00:00
4dc7fb37cb
[analyzer] Migrate ReturnUndefChecker to CheckerV2.
...
llvm-svn: 126619
2011-02-28 01:27:46 +00:00
da6c7568e2
[analyzer] Migrate UndefinedArraySubscriptChecker to CheckerV2.
...
llvm-svn: 126618
2011-02-28 01:27:41 +00:00
098874a2f8
[analyzer] Migrate UndefinedAssignmentChecker to CheckerV2.
...
llvm-svn: 126617
2011-02-28 01:27:37 +00:00
753b3ca32f
[analyzer] Migrate UndefBranchChecker to CheckerV2.
...
llvm-svn: 126616
2011-02-28 01:27:33 +00:00
60b6da721f
[analyzer] Migrate UndefCapturedBlockVarChecker to CheckerV2.
...
llvm-svn: 126615
2011-02-28 01:27:26 +00:00
d4d3cee6e4
[analyzer] Migrate UndefResultChecker to CheckerV2.
...
llvm-svn: 126614
2011-02-28 01:27:22 +00:00
142dbbfcd8
[analyzer] Migrate NoReturnFunctionChecker to CheckerV2.
...
llvm-svn: 126613
2011-02-28 01:27:17 +00:00
3e7ab19863
[analyzer] Move the DeadStores checker out of the 'core' package.
...
-Now it gets enabled with '-analyzer-checker=DeadStores'.
-The driver passes the above flag by default.
llvm-svn: 126612
2011-02-28 01:27:12 +00:00
f3ed8b631d
[analyzer] Migrate BuiltinFunctionChecker to CheckerV2.
...
llvm-svn: 126611
2011-02-28 01:27:07 +00:00
b2cf708395
[analyzer] Migrate OSAtomicChecker to CheckerV2.
...
llvm-svn: 126610
2011-02-28 01:27:02 +00:00
0a9ce3ec8f
[analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.
...
Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow
llvm-svn: 126609
2011-02-28 01:26:57 +00:00
560bbb1241
[analyzer] Turn -analyzer-stats into -analyzer-checker=debug.Stats
...
llvm-svn: 126608
2011-02-28 01:26:50 +00:00
21c9423ef4
[analyzer] Remove '-analyzer-experimental-checks' flag.
...
llvm-svn: 126607
2011-02-28 01:26:43 +00:00
183f0fb4cf
[analyzer] Migrate MallocChecker to CheckerV2.
...
llvm-svn: 126606
2011-02-28 01:26:35 +00:00
e925322f41
Update test cases.
...
llvm-svn: 126523
2011-02-25 22:19:14 +00:00
5eb4b60734
Tidy up help text in Checkers.td, and rename StackAddrLeakChecker to StackAddrEscapeChecker.
...
llvm-svn: 126522
2011-02-25 22:00:43 +00:00
17bee3e70a
Intoduce '-analyzer-checker-help' flag which outputs a list of all available static analyzer checkers.
...
This is pretty basic for now, eventually checkers should be grouped according to package, hidden checkers should be indicated etc.
llvm-svn: 126454
2011-02-25 00:09:51 +00:00
Ted Kremenek