llvm-project

Commit Graph

Author	SHA1	Message	Date
Jordy Rose	c026370858	[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function. llvm-svn: 133154	2011-06-16 07:13:34 +00:00
Jordy Rose	0585a61821	[analyzer] Fix trivial errors in previous commit. I will not commit without building first. I will not commit without building first. I will not commit without building first... llvm-svn: 133150	2011-06-16 05:56:50 +00:00
Jordy Rose	455bd58d4e	[analyzer] Cleanup: mainly 80-char violations and preferring SValBuilder::getComparisonType() to just referencing IntTy. llvm-svn: 133149	2011-06-16 05:51:02 +00:00
John McCall	31168b077c	Automatic Reference Counting. Language-design credit goes to a lot of people, but I particularly want to single out Blaine Garst and Patrick Beard for their contributions. Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself, in no particular order. llvm-svn: 133103	2011-06-15 23:02:42 +00:00
Jordy Rose	634c12d23f	[analyzer] Revise CStringChecker's modelling of strcpy() and strcat(): - (bounded copies) Be more conservative about how much is being copied. - (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it. - (stpcpy) Fix the conjured return value at the end to actually be returned. This requires these supporting changes: - C string metadata symbols are still live even when buried in a SymExpr. - "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.) - The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never actually happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager. This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list! llvm-svn: 133046	2011-06-15 05:52:56 +00:00
Jordy Rose	0e9fb28e95	[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway. llvm-svn: 133044	2011-06-15 05:14:03 +00:00
Jordy Rose	bc7483f505	[analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString. llvm-svn: 132958	2011-06-14 01:40:43 +00:00
Jordy Rose	45d8c12b68	[analyzer] Change large if body to early return. No functionality change. llvm-svn: 132956	2011-06-14 01:26:48 +00:00
Jordy Rose	d359289669	[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c. llvm-svn: 132955	2011-06-14 01:15:31 +00:00
Jordy Rose	fb5e8c2814	[analyzer] Change an indent-if to an early return. No functionality change. llvm-svn: 132618	2011-06-04 01:50:25 +00:00
Jordy Rose	097c5397a8	[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside. llvm-svn: 132617	2011-06-04 01:47:27 +00:00
Jordy Rose	64ae92e5c5	[analyzer] Remove extra assignment that actually lost a few of the assumptions. llvm-svn: 132614	2011-06-04 01:22:21 +00:00
Jordy Rose	4451cd4511	[analyzer] Fix comment for (still-disabled) evalStrncpy llvm-svn: 132608	2011-06-04 00:05:23 +00:00
Jordy Rose	63b84be6cb	[analyzer] Fix handling of "copy zero bytes" for memcpy and friends. llvm-svn: 132607	2011-06-04 00:04:22 +00:00
Jordy Rose	aee7fb9e64	[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker) llvm-svn: 132605	2011-06-03 23:42:56 +00:00
Alexis Hunt	4a8ea1092a	Modify some deleted function methods to better reflect reality: - New isDefined() function checks for deletedness - isThisDeclarationADefinition checks for deletedness - New doesThisDeclarationHaveABody() does what isThisDeclarationADefinition() used to do - The IsDeleted bit is not propagated across redeclarations - isDeleted() now checks the canoncial declaration - New isDeletedAsWritten() does what it says on the tin. - isUserProvided() now correct (thanks Richard!) This fixes the bug that we weren't catching void foo() = delete; void foo() {} as being a redefinition. llvm-svn: 131013	2011-05-06 20:44:56 +00:00
Lenny Maiorani	5066858bcd	Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated. llvm-svn: 130758	2011-05-03 16:34:26 +00:00
Ted Kremenek	aa181174e7	Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. llvm-svn: 130711	2011-05-02 19:42:42 +00:00
Lenny Maiorani	0b510279c6	Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower(). llvm-svn: 130708	2011-05-02 19:05:49 +00:00
Ted Kremenek	8067746554	Move the SelfInit checker to the 'cocoa.experimental' package. llvm-svn: 130598	2011-04-30 06:46:45 +00:00
Lenny Maiorani	18470e3287	Use StringRef::substr() and unbounded StringRef::compare() instead of bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed. llvm-svn: 130425	2011-04-28 19:31:12 +00:00
Lenny Maiorani	ed2cc6ccbb	Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced. This fixes Bugzilla #9806. llvm-svn: 130422	2011-04-28 18:59:43 +00:00
Lenny Maiorani	4af23c8159	Implements strcasecmp() checker in Static Analyzer. llvm-svn: 130398	2011-04-28 15:09:11 +00:00
Lenny Maiorani	005b5c1aee	More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again. Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks! llvm-svn: 130303	2011-04-27 14:49:29 +00:00
Ted Kremenek	08b434f450	Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression. llvm-svn: 130292	2011-04-27 05:34:09 +00:00
Lenny Maiorani	e553e40467	Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582. llvm-svn: 130161	2011-04-25 22:21:00 +00:00
Jay Foad	1a180156b6	Remove unused STL header includes. llvm-svn: 130068	2011-04-23 19:53:52 +00:00
Anders Carlsson	d1f65f61ee	Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746. llvm-svn: 129741	2011-04-19 01:16:46 +00:00
Richard Smith	dda56e4b4a	Support for C++11 (non-template) alias declarations. llvm-svn: 129567	2011-04-15 14:24:37 +00:00
Chris Lattner	57540c5be0	fix a bunch of comment typos found by codespell. Patch by Luis Felipe Strano Moraes! llvm-svn: 129559	2011-04-15 05:22:18 +00:00
Ted Kremenek	ced5feaec9	Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols. llvm-svn: 129395	2011-04-12 21:47:05 +00:00
Ted Kremenek	905a602e0c	Fix another IdempotentOperationsChecker corner case when determining if an active block on the worklist impacts the results of the check. llvm-svn: 129394	2011-04-12 21:47:02 +00:00
Ted Kremenek	8a4c760c20	ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset. llvm-svn: 129366	2011-04-12 17:21:33 +00:00
Lenny Maiorani	f3539ad5c7	This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. llvm-svn: 129364	2011-04-12 17:08:43 +00:00
Lenny Maiorani	467dbd5f13	strcat() and strncat() model additions to CStringChecker. Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value. llvm-svn: 129215	2011-04-09 15:12:58 +00:00
Lenny Maiorani	de909e4946	Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119. Also, brings the security syntax checker more inline with coding standards. llvm-svn: 128916	2011-04-05 20:18:46 +00:00
Lenny Maiorani	fca2e9618a	Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later. llvm-svn: 128785	2011-04-03 05:07:11 +00:00
Zhongxing Xu	af2371e368	Remove a redundant method. We have a const version. llvm-svn: 128762	2011-04-02 03:20:45 +00:00
Ted Kremenek	8f89f7c893	Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type. llvm-svn: 128761	2011-04-02 02:56:23 +00:00
Ted Kremenek	c703a666f7	static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times. llvm-svn: 128760	2011-04-02 02:56:17 +00:00
Lenny Maiorani	6ffe738f24	Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. llvm-svn: 128679	2011-03-31 22:09:14 +00:00
Lenny Maiorani	79d74141b1	Adding Static Analyzer checker for mempcpy(). Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied. llvm-svn: 128677	2011-03-31 21:36:53 +00:00
Lenny Maiorani	70568c2be7	Fix spelling in a comment. (test commit) llvm-svn: 128670	2011-03-31 21:26:55 +00:00
Argyrios Kyrtzidis	84d7907797	[analyzer] Allow all checkers of a group to be enabled. llvm-svn: 128512	2011-03-29 23:57:41 +00:00
Argyrios Kyrtzidis	437758cbe6	[analyzer] For -analyzer-checker-help show all the info about groups, packages, and which packages/checkers are hidden. llvm-svn: 128511	2011-03-29 23:57:38 +00:00
Argyrios Kyrtzidis	4ee039647a	[analyzer] Checker Packages can now belong to a group. This requires llvm commit r128474. llvm-svn: 128475	2011-03-29 18:54:02 +00:00
Ted Kremenek	104f6dfd1f	Tweak grammar in checker description. llvm-svn: 128310	2011-03-26 00:25:42 +00:00
Ted Kremenek	49c79790de	Rework checker "packages" and groups to be more hierarchical. llvm-svn: 128187	2011-03-24 00:28:47 +00:00
Ted Kremenek	ddc06d0bd0	Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'. This rename serves two purposes: - It reflects the actual functionality of this analysis. - We will have more than one reachability analysis. llvm-svn: 127930	2011-03-19 01:00:33 +00:00
Ted Kremenek	70727343cf	Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'. llvm-svn: 127798	2011-03-17 04:10:25 +00:00

1 2 3 4 5

209 Commits