Commit Graph

3608 Commits

Author SHA1 Message Date
George Karpenkov 3cfa04e109 [analyzer] [RetainCountChecker] Do not invalidate references passed to constructors and operators
Differential Revision: https://reviews.llvm.org/D53660

llvm-svn: 345340
2018-10-25 23:38:41 +00:00
George Karpenkov 7cdccb1459 [analyzer] Remove custom rule for OSIterator in RetainCountChecker
Differential Revision: https://reviews.llvm.org/D53628

llvm-svn: 345339
2018-10-25 23:38:24 +00:00
George Karpenkov 3c2ed8f338 [analyzer] Correct modelling of OSDynamicCast: eagerly state split
Previously, OSDynamicCast was modeled as an identity.

This is not correct: the output of OSDynamicCast may be zero even if the
input was not zero (if the class is not of desired type), and thus the
modeling led to false positives.

Instead, we are doing eager state split:
in one branch, the returned value is identical to the input parameter,
and in the other branch, the returned value is zero.

This patch required a substantial refactoring of canEval infrastructure,
as now it can return different function summaries, and not just true/false.

rdar://45497400

Differential Revision: https://reviews.llvm.org/D53624

llvm-svn: 345338
2018-10-25 23:38:07 +00:00
Mikhail R. Gadelha 511c7d0cbe [analyzer] Move canReasonAbout from Z3ConstraintManager to SMTConstraintManager
Summary:
This patch moves the last method in `Z3ConstraintManager` to `SMTConstraintManager`: `canReasonAbout()`.

The `canReasonAbout()` method checks if a given `SVal` can be encoded in SMT. I've added a new method to the SMT API to return true if a solver can encode floating-point arithmetics and it was enough to make `canReasonAbout()` solver independent.

As an annoying side-effect, `Z3ConstraintManager` is pretty empty now and only (1) creates the Z3 solver object by calling `CreateZ3Solver()` and (2) instantiates `SMTConstraintManager`. Maybe we can get rid of this class altogether in the future: a `CreateSMTConstraintManager()` method that does (1) and (2) and returns the constraint manager object?

Reviewers: george.karpenkov, NoQ

Reviewed By: george.karpenkov

Subscribers: mehdi_amini, xazax.hun, szepet, a.sidorin, dexonsmith, Szelethus, donat.nagy, dkrupp

Differential Revision: https://reviews.llvm.org/D53694

llvm-svn: 345284
2018-10-25 17:27:42 +00:00
Mikhail R. Gadelha 5062532683 [analyzer] Fixed bitvector from model always being unsigned
Summary:
Getting an `APSInt` from the model always returned an unsigned integer because of the unused parameter.

This was not breaking any test case because no code relies on the actual value of the integer returned here, but rather it is only used to check if a symbol has more than one solution in `getSymVal`.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin, Szelethus, donat.nagy, dkrupp

Differential Revision: https://reviews.llvm.org/D53637

llvm-svn: 345283
2018-10-25 17:27:36 +00:00
George Karpenkov d3e7675331 [analyzer] [NFC] Change scanReachableSymbols to use ranges
Remove unused overload. Clean up some usages.

Differential Revision: https://reviews.llvm.org/D53615

llvm-svn: 345101
2018-10-23 23:12:12 +00:00
George Karpenkov 081c47760c [analyzer] Do not stop tracking CXX methods touching OSObject.
Trust generalized annotations for OSObject.

Differential Revision: https://reviews.llvm.org/D53550

llvm-svn: 345100
2018-10-23 23:11:50 +00:00
George Karpenkov 48de582f65 [analyzer] Trust summaries for OSObject::retain and OSObject::release
Refactor the way in which summaries are consumed for safeMetaCast

Differential Revision: https://reviews.llvm.org/D53549

llvm-svn: 345099
2018-10-23 23:11:30 +00:00
George Karpenkov b2cf0063d0 [analyzer] Rename trackNullOrUndefValue to trackExpressionValue
trackNullOrUndefValue is a long and confusing name,
and it does not actually reflect what the function is doing.
Give a function a new name, with a relatively clear semantics.

Also remove some dead code.

Differential Revision: https://reviews.llvm.org/D52758

llvm-svn: 345064
2018-10-23 18:24:53 +00:00
Leonard Chan b4ba467da8 [Fixed Point Arithmetic] Fixed Point to Boolean Cast
This patch is a part of https://reviews.llvm.org/D48456 in an attempt to split
the casting logic up into smaller patches. This contains the code for casting
from fixed point types to boolean types.

Differential Revision: https://reviews.llvm.org/D53308

llvm-svn: 345063
2018-10-23 17:55:35 +00:00
Andrew Savonichev b555b76ed3 [OpenCL][NFC] Unify ZeroToOCL* cast types
Reviewers: Anastasia, yaxunl

Reviewed By: Anastasia

Subscribers: asavonic, cfe-commits

Differential Revision: https://reviews.llvm.org/D52654

llvm-svn: 345038
2018-10-23 15:19:20 +00:00
Artem Dergachev 7e4edbdd1b [analyzer] Fix dumping for SymbolConjured conjured at no particular statement.
llvm-svn: 344944
2018-10-22 20:11:10 +00:00
Simon Pilgrim 6e924df28d Fix MSVC "not all control paths return a value" warning. NFCI.
llvm-svn: 344892
2018-10-22 10:46:37 +00:00
Kristof Umann dbabdfaca5 [analyzer][UninitializedObjectChecker] No longer using nonloc::LazyCompoundVal
As rightly pointed out by @NoQ, nonloc::LazyCompoundVals were only used to acquire a constructed object's region, which isn't what LazyCompoundVal was made for.

Differential Revision: https://reviews.llvm.org/D51300

llvm-svn: 344879
2018-10-21 23:30:01 +00:00
Kristof Umann ca8a05ac34 [analyzer][NFC] Fix inconsistencies in AnalyzerOptions
I'm in the process of refactoring AnalyzerOptions. The main motivation behind
here is to emit warnings if an invalid -analyzer-config option is given from the
command line, and be able to list them all.

This first NFC patch contains small modifications to make AnalyzerOptions.cpp a
little more consistent.

Differential Revision: https://reviews.llvm.org/D53274

llvm-svn: 344870
2018-10-21 18:19:32 +00:00
Aleksei Sidorin 0e912f3bc1 [NFC][Test commit] Fix typos in a comment
llvm-svn: 344847
2018-10-20 14:47:37 +00:00
Artem Dergachev 25dac79edf [analyzer] Be more plugin-friendly by moving static locals into .cpp files.
The GDMIndex functions return a pointer that's used as a key for looking up
data, but addresses of local statics defined in header files aren't the same
across shared library boundaries and the result is that analyzer plugins
can't access this data.

Event types are uniqued by using the addresses of a local static defined
in a header files, but it isn't the same across shared library boundaries
and plugins can't currently handle ImplicitNullDerefEvents.

Patches by Joe Ranieri!

Differential Revision: https://reviews.llvm.org/D52905
Differential Revision: https://reviews.llvm.org/D52906

llvm-svn: 344823
2018-10-20 00:29:24 +00:00
Artem Dergachev fcf107d411 [analyzer] Teach CallEvent about C++17 aligned operator new().
In C++17, when class C has large alignment value, a special case of
overload resolution rule kicks in for expression new C that causes the aligned
version of operator new() to be called. The aligned new has two arguments:
size and alignment. However, the new-expression has only one "argument":
the construct-expression for C(). This causes a false positive in
core.CallAndMessage's check for matching number of arguments and number
of parameters.

Update CXXAllocatorCall, which is a CallEvent sub-class for operator new calls
within new-expressions, so that the number of arguments always matched
the number of parameters.

rdar://problem/44738501

Differential Revision: https://reviews.llvm.org/D52957

llvm-svn: 344539
2018-10-15 17:53:18 +00:00
Artem Dergachev 65b4d7ddd9 [analyzer] NFC: RetainCountChecker: Don't dump() symbols into program point tags.
We don't need a separate node for every symbol, because whenever the first
symbol leaks, a bug is emitted, the analysis is sinked, and the checker
callback immediately returns due to State variable turning into null,
so we never get to see the second leaking symbol.

Additionally, we are no longer able to break normal analysis while experimenting
with debug dumps.

Differential Revision: https://reviews.llvm.org/D52804

llvm-svn: 344538
2018-10-15 17:47:56 +00:00
Leonard Chan 99bda375a1 [Fixed Point Arithmetic] FixedPointCast
This patch is a part of https://reviews.llvm.org/D48456 in an attempt to
split them up. This contains the code for casting between fixed point types
and other fixed point types.

The method for converting between fixed point types is based off the convert()
method in APFixedPoint.

Differential Revision: https://reviews.llvm.org/D50616

llvm-svn: 344530
2018-10-15 16:07:02 +00:00
Benjamin Kramer c55e997556 Move some helpers from the global namespace into anonymous ones.
llvm-svn: 344468
2018-10-13 22:18:22 +00:00
Enrico Steffinlongo 11b6cedb8e [analyzer] Improved cmake configuration for Z3
Summary:
Enhanced support for Z3 in the cmake configuration of clang; now it is possible to specify any arbitrary Z3 install prefix (CLANG_ANALYZER_Z3_PREFIX) to cmake with lib (or bin) and include folders. Before the patch only in cmake default locations
were searched (https://cmake.org/cmake/help/v3.4/command/find_path.html).

Specifying any CLANG_ANALYZER_Z3_PREFIX will force also CLANG_ANALYZER_BUILD_Z3 to ON.

Removed also Z3 4.5 version requirement since it was not checked, and now Clang works with Z3 4.7

Reviewers: NoQ, george.karpenkov, mikhail.ramalho

Reviewed By: george.karpenkov

Subscribers: rnkovacs, NoQ, esteffin, george.karpenkov, delcypher, ddcc, mgorny, xazax.hun, szepet, a.sidorin, Szelethus

Tags: #clang

Differential Revision: https://reviews.llvm.org/D50818

llvm-svn: 344464
2018-10-13 19:45:48 +00:00
Enrico Steffinlongo a72a15a5c7 [analyzer] Small SMT API improvement
Summary: Removed const qualifier from reset method of SMTSolver and Z3Solver objects.

Reviewers: mikhail.ramalho, george.karpenkov, NoQ, ddcc

Reviewed By: NoQ

Subscribers: xazax.hun, szepet, a.sidorin, Szelethus

Differential Revision: https://reviews.llvm.org/D52031

llvm-svn: 344463
2018-10-13 19:42:10 +00:00
Sam McCall 5da4d75877 Remove top-level using declaration from header files, as these aliases leak.
Reviewers: ilya-biryukov

Subscribers: arphaman, cfe-commits

Differential Revision: https://reviews.llvm.org/D53135

llvm-svn: 344337
2018-10-12 12:21:29 +00:00
George Karpenkov fd6ccd83cd [analyzer] Fix a bug in unexplored_first_location_queue iteration order.
Pointed out by Artem in post-commit review for https://reviews.llvm.org/D53058

llvm-svn: 344322
2018-10-12 00:52:13 +00:00
George Karpenkov d1dd5c3a88 [analyzer] Experiment with an iteration order only based on location, and not using the stack frame
Differential Revision: https://reviews.llvm.org/D53058

llvm-svn: 344313
2018-10-11 22:59:59 +00:00
George Karpenkov ca7a23e761 [analyzer] Avoid unneeded invalidation in RetainCountChecker
Differential Revision: https://reviews.llvm.org/D53168

llvm-svn: 344312
2018-10-11 22:59:38 +00:00
George Karpenkov 41dc8de6ae [analyzer] Retain count checker for OSObject: recognize OSDynamicCast
For now, tresting the cast as a no-op, and disregarding the case where
the output becomes null due to the type mismatch.

rdar://45174557

Differential Revision: https://reviews.llvm.org/D53156

llvm-svn: 344311
2018-10-11 22:59:16 +00:00
Eric Liu 480a5075ad Revert "[Lex] TokenConcatenation now takes const Preprocessor"
This reverts commit r344262. This was an unintentional commit.

llvm-svn: 344267
2018-10-11 17:50:04 +00:00
Eric Liu c8ae649658 [Lex] TokenConcatenation now takes const Preprocessor
Differential Revision: https://reviews.llvm.org/D52502

llvm-svn: 344262
2018-10-11 17:35:29 +00:00
Kristof Umann 8e5328b6f0 [analyzer][UninitializedObjectChecker] Reports Loc fields pointing to themselves
I've added a new functionality, the checker is now able to
detect and report fields pointing to themselves. I figured
this would fit well into the checker as there's no reason
for a pointer to point to itself instead of being nullptr.

Differential Revision: https://reviews.llvm.org/D51305

llvm-svn: 344242
2018-10-11 11:58:53 +00:00
Gabor Horvath d1fd93ceea [analyzer] Support Reinitializes attribute in MisusedMovedObject check
Differential Revision: https://reviews.llvm.org/D52983

llvm-svn: 344017
2018-10-09 07:28:57 +00:00
George Karpenkov 0550dac3ed [analyzer] Do not crash if the assumption added in TrustNonNullChecker is enough to make the state unfeasible
rdar://43541814

Differential Revision: https://reviews.llvm.org/D52848

llvm-svn: 343735
2018-10-03 22:31:09 +00:00
Artem Dergachev d807f9065b [analyzer] Fix symbol discovery in nonloc::LocAsInteger values.
Doesn't do much despite sounding quite bad, but fixes an exotic test case where
liveness of a nonloc::LocAsInteger array index is now evaluated correctly.

Differential Revision: https://reviews.llvm.org/D52667

llvm-svn: 343631
2018-10-02 20:48:12 +00:00
Kristof Umann 40271e4fde [analyzer][NFC] Refactor functions in PlistDiagnostics to take AnalyzerOptions as parameter
I intend to add a new flag macro-expnasions-as-events, and unfortunately
I'll only be able to convert the macro piece into an event one once I'm
about to emit it, due to the lack of an avaible Preprocessor object in
the BugReporter.

Differential Revision: https://reviews.llvm.org/D52787

llvm-svn: 343620
2018-10-02 19:27:34 +00:00
Mikhail R. Gadelha 32ce136e80 [analyzer] Improvements to the SMT API
Summary:
Several improvements in preparation for the new backends.

Refactoring:

- Removed duplicated methods `fromBoolean`, `fromAPSInt`, `fromInt` and `fromAPFloat`. The methods `mkBoolean`, `mkBitvector` and `mkFloat` are now used instead.
- The names of the functions that convert BVs to FPs were swapped (`mkSBVtoFP`, `mkUBVtoFP`, `mkFPtoSBV`, `mkFPtoUBV`).
- Added a couple of comments in function calls.

Crosscheck encoding:

- Changed how constraints are encoded in the refutation manager so it doesn't start with (false OR ...). This change introduces one duplicated line (see file `BugReporterVisitors.cpp`, the `SMTConv::getRangeExpr is called twice, so I can remove this change if the duplication is a problem.

Reviewers: george.karpenkov, NoQ

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin, Szelethus

Differential Revision: https://reviews.llvm.org/D52365

llvm-svn: 343581
2018-10-02 12:55:48 +00:00
Eric Liu b9e17124ea Revert untintentionally commited changes
llvm-svn: 343574
2018-10-02 10:28:54 +00:00
Eric Liu 09c34d77e0 [Lex] TokenConcatenation now takes const Preprocessor
Differential Revision: https://reviews.llvm.org/D52502

llvm-svn: 343573
2018-10-02 10:28:50 +00:00
Kristof Umann 4f9fdba4f6 [analyzer][NFC] Refactor functions in PlistDiagnostics to take Preproc as parameter
This is patch is a preparation for the proposed inclusion of macro expansions in the plist output.

Differential Revision: https://reviews.llvm.org/D52735

llvm-svn: 343511
2018-10-01 18:11:51 +00:00
George Karpenkov c82d457db5 [analyzer] [NFC] Remove unused parameters, as found by -Wunused-parameter
Differential Revision: https://reviews.llvm.org/D52640

llvm-svn: 343353
2018-09-28 18:49:41 +00:00
George Karpenkov c704f4fbd0 [analyzer] Provide an option to dump generated exploded graphs to a given file.
Dumping graphs instead of opening them is often very useful,
e.g. for transfer or converting to SVG.

Basic sanity check for generated exploded graphs.

Differential Revision: https://reviews.llvm.org/D52637

llvm-svn: 343352
2018-09-28 18:49:21 +00:00
George Karpenkov 6d229be5ec [analyzer] Hotfix for the bug in exploded graph printing
llvm-svn: 343276
2018-09-27 22:31:13 +00:00
George Karpenkov 2b7682d1b4 [analyzer] Highlight nodes which have error reports in them in red in exploded graph
Differential Revision: https://reviews.llvm.org/D52584

llvm-svn: 343239
2018-09-27 17:26:41 +00:00
Kristof Umann e4f81ec366 Revert untintentionally commited changes
llvm-svn: 343205
2018-09-27 12:46:37 +00:00
Kristof Umann b416dbfb04 [Lex] TokenConcatenation now takes const Preprocessor
Differential Revision: https://reviews.llvm.org/D52502

llvm-svn: 343204
2018-09-27 12:40:16 +00:00
George Karpenkov 27ec210fbd [analyzer] [NFC] Move the code for dumping the program point to ProgramPoint
So we can dump them outside of viewing the exploded grpah.

Differential Revision: https://reviews.llvm.org/D52583

llvm-svn: 343160
2018-09-27 01:46:18 +00:00
George Karpenkov 4b9bb7cebb [analyzer] [NFC] Heavy refactoring of trackNullOrUndefValue
Differential Revision: https://reviews.llvm.org/D52519

llvm-svn: 343159
2018-09-27 01:45:57 +00:00
Fangrui Song 55fab260ca llvm::sort(C.begin(), C.end(), ...) -> llvm::sort(C, ...)
Summary: The convenience wrapper in STLExtras is available since rL342102.

Reviewers: rsmith, #clang, dblaikie

Reviewed By: rsmith, #clang

Subscribers: mgrang, arphaman, kadircet, cfe-commits

Differential Revision: https://reviews.llvm.org/D52576

llvm-svn: 343147
2018-09-26 22:16:28 +00:00
Simon Pilgrim 8d5f101e94 Removed extra semicolon to fix Wpedantic. (NFCI).
llvm-svn: 343085
2018-09-26 09:12:55 +00:00
Artem Dergachev 69ece336b8 [analyzer] Fix a crash on casting symbolic pointers to derived classes.
Commit r340984 causes a crash when a pointer to a completely unrelated type
UnrelatedT (eg., opaque struct pattern) is being casted from base class BaseT to
derived class DerivedT, which results in an ill-formed region
Derived{SymRegion{$<UnrelatedT x>}, DerivedT}.

Differential Revision: https://reviews.llvm.org/D52189

llvm-svn: 343051
2018-09-26 00:17:14 +00:00
Artem Dergachev e527df03c4 [analyzer] Add a testing facility for testing relationships between symbols.
Tests introduced in r329780 was disabled in r342317 because these tests
were accidentally testing dump infrastructure, when all they cared about was
how symbols relate to each other. So when dump infrastructure changed,
tests became annoying to maintain.

Add a new feature to ExprInspection: clang_analyzer_denote() and
clang_analyzer_explain(). The former adds a notation to a symbol, the latter
expresses another symbol in terms of previously denoted symbols.

It's currently a bit wonky - doesn't print parentheses and only supports
denoting atomic symbols. But it's even more readable that way.

Differential Revision: https://reviews.llvm.org/D52133

llvm-svn: 343048
2018-09-25 23:50:53 +00:00
Artem Dergachev 0b7fdca640 [analyzer] NFC: CallDescription: Improve array management.
Combine the two constructor overrides into a single ArrayRef constructor
to allow easier brace initializations and simplify how the respective field
is used internally.

Differential Revision: https://reviews.llvm.org/D51390

llvm-svn: 343037
2018-09-25 22:13:31 +00:00
Artem Dergachev 579cf90367 [analyzer] NFC: Legalize state manager factory injection.
When a checker maintains a program state trait that isn't a simple list/set/map, but is a combination of multiple lists/sets/maps (eg., a multimap - which may be implemented as a map from something to set of something), ProgramStateManager only contains the factory for the trait itself. All auxiliary lists/sets/maps need a factory to be provided by the checker, which is annoying.

So far two checkers wanted a multimap, and both decided to trick the
ProgramStateManager into keeping the auxiliary factory within itself
by pretending that it's some sort of trait they're interested in,
but then never using this trait but only using the factory.

Make this trick legal. Define a convenient macro.

One thing that becomes apparent once all pieces are put together is that
these two checkers are in fact using the same factory, because the type that
identifies it, ImmutableMap<const MemRegion *, ImmutableSet<SymbolRef>>,
is the same. This situation is different from two checkers registering similar
primitive traits.

Differential Revision: https://reviews.llvm.org/D51388

llvm-svn: 343035
2018-09-25 22:10:12 +00:00
George Karpenkov 2a6deeb928 [analyzer] Prevent crashes in FindLastStoreBRVisitor
This patch is a band-aid. A proper solution would be too change
trackNullOrUndefValue to only try to dereference the pointer when it is
relevant to the problem.

Differential Revision: https://reviews.llvm.org/D52435

llvm-svn: 342920
2018-09-24 21:20:30 +00:00
Kristof Umann 82eeca363a [analyzer][UninitializedObjectChecker] Using the new const methods of ImmutableList
Differential Revision: https://reviews.llvm.org/D51886

llvm-svn: 342834
2018-09-23 09:16:27 +00:00
David Carlier 75cb0dd5ed [CStringSyntaxChecker] Check strlcat sizeof check
Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer.
Advising the proper usual pattern.

Reviewers: george.karpenkov, NoQ, MaskRay

Reviewed By: MaskRay

Differential Revision: https://reviews.llvm.org/D49722

llvm-svn: 342832
2018-09-23 08:30:17 +00:00
George Karpenkov 04553e530f [analyzer] Process state in checkEndFunction in RetainCountChecker
Modify the RetainCountChecker to perform state "adjustments" in
checkEndFunction, as performing work in PreStmt<ReturnStmt> does not
work with destructors.
The previous version made an implicit assumption that no code runs
after the return statement is executed.

rdar://43945028

Differential Revision: https://reviews.llvm.org/D52338

llvm-svn: 342770
2018-09-21 20:37:20 +00:00
George Karpenkov 200e809dbd [analyzer] Highlight sink nodes in red
Differential Revision: https://reviews.llvm.org/D52337

llvm-svn: 342769
2018-09-21 20:37:01 +00:00
George Karpenkov 33e5a15896 [analyzer] Associate diagnostics created in checkEndFunction with a return statement, if possible
If not possible, use the last line of the declaration, as before.

Differential Revision: https://reviews.llvm.org/D52326

llvm-svn: 342768
2018-09-21 20:36:41 +00:00
George Karpenkov 6babf2ae16 [analyzer] [NFC] Prefer make_unique over "new"
Differential Revision: https://reviews.llvm.org/D52336

llvm-svn: 342767
2018-09-21 20:36:21 +00:00
George Karpenkov a31c224bb4 [analyzer] Fix bug in isInevitablySinking
If the non-sink report is generated at the exit node, it will be
suppressed by the current functionality in isInevitablySinking, as it
only checks the successors of the block, but not the block itself.

The bug shows up in RetainCountChecker checks.

Differential Revision: https://reviews.llvm.org/D52284

llvm-svn: 342766
2018-09-21 20:36:01 +00:00
George Karpenkov 649e013241 [analyzer] [NFC] Dead code removal
Differential Revision: https://reviews.llvm.org/D52269

llvm-svn: 342765
2018-09-21 20:35:39 +00:00
George Karpenkov 8639c5d565 [analyzer] ExplodedGraph printing fixes
Fixes a number of issues:

 - Global variables are not used for communication
 - Trait should be defined on a graph, not on a node
 - Defining the trait on a graph allows us to use a correct allocator,
   no longer crashing while printing trimmed graphs

Differential Revision: https://reviews.llvm.org/D52183

llvm-svn: 342413
2018-09-17 20:46:53 +00:00
George Karpenkov 64c431c900 [analyzer] Further printing improvements: use declarations,
skip pointers whenever redundant, use unique prefixes.

Differential Revision: https://reviews.llvm.org/D52114

llvm-svn: 342316
2018-09-15 02:34:45 +00:00
George Karpenkov 6bde7a015f [analyzer] Generate and use stable identifiers for LocationContext
Those are not created in the allocator.
Since they are created fairly rarely, a counter overhead should not
affect the memory consumption.

Differential Revision: https://reviews.llvm.org/D51827

llvm-svn: 342314
2018-09-15 02:03:36 +00:00
George Karpenkov fc042f95e2 [analyzer] Dump reproducible identifiers for statements in exploded graph in store
Differential Revision: https://reviews.llvm.org/D51826

llvm-svn: 342313
2018-09-15 02:03:17 +00:00
George Karpenkov 141b448ee9 [analyzer] Use correct end-of-line character when printing statements for exploded graph
Prevents bad centering.

Differential Revision: https://reviews.llvm.org/D51825

llvm-svn: 342312
2018-09-15 02:02:56 +00:00
George Karpenkov 439652363a [analyzer] Dump unique identifiers for statements in exploded graph
Differential Revision: https://reviews.llvm.org/D51823

llvm-svn: 342310
2018-09-15 02:02:09 +00:00
George Karpenkov 40cbde9ce2 [analyzer] Skip printing duplicate nodes, even if nodes have multiple predecessors/successors
Still generate a node, but leave the redundant field empty.

Differential Revision: https://reviews.llvm.org/D51821

llvm-svn: 342308
2018-09-15 02:01:26 +00:00
Ilya Biryukov 88ad9cf7f3 [analyzer] Restore final on NeedsCastLocField. NFC
To fix compiler warning about non-virtual dtor introduced in r342221.

llvm-svn: 342225
2018-09-14 11:28:48 +00:00
Kristof Umann f051379fbc [analyzer][UninitializedObjectChecker] Support for nonloc::LocAsInteger
Differential Revision: https://reviews.llvm.org/D49437

llvm-svn: 342221
2018-09-14 10:18:26 +00:00
Kristof Umann d6145d9849 [analyzer][UninitializedObjectChecker] New flag to ignore records based on it's fields
Based on a suggestion from @george.karpenkov.

In some cases, structs are used as unions with a help of a tag/kind field.
This patch adds a new string flag (a pattern), that is matched against the
fields of a record, and should a match be found, the entire record is ignored.

For more info refer to http://lists.llvm.org/pipermail/cfe-dev/2018-August/058906.html
and to the responses to that, especially http://lists.llvm.org/pipermail/cfe-dev/2018-August/059215.html.

Differential Revision: https://reviews.llvm.org/D51680

llvm-svn: 342220
2018-09-14 10:10:09 +00:00
Kristof Umann 6cec6c467c [analyzer][UninitializedObjectChecker] Refactored checker options
Since I plan to add a number of new flags, it made sense to encapsulate
them in a new struct, in order not to pollute FindUninitializedFields's
constructor with new boolean options with super long names.

This revision practically reverts D50508, since FindUninitializedFields
now accesses the pedantic flag anyways.

Differential Revision: https://reviews.llvm.org/D51679

llvm-svn: 342219
2018-09-14 09:39:26 +00:00
Kristof Umann 3ef3dd7c8c [analyzer][UninitializedObjectChecker] Correct dynamic type is acquired for record pointees
Differential Revision: https://reviews.llvm.org/D50892

llvm-svn: 342217
2018-09-14 09:13:36 +00:00
Kristof Umann ceb5f6540f [analyzer][UninitializedObjectChecker] Updated comments
Some of the comments are incorrect, imprecise, or simply nonexistent.
Since I have a better grasp on how the analyzer works, it makes sense
to update most of them in a single swoop.

I tried not to flood the code with comments too much, this amount
feels just right to me.

Differential Revision: https://reviews.llvm.org/D51417

llvm-svn: 342215
2018-09-14 09:07:40 +00:00
Kristof Umann f0dd1016da [analyzer][UninitializedObjectChecker] Fixed dereferencing
iThis patch aims to fix derefencing, which has been debated for months now.

Instead of working with SVals, the function now relies on TypedValueRegion.

Differential Revision: https://reviews.llvm.org/D51057

llvm-svn: 342213
2018-09-14 08:58:21 +00:00
Adam Balogh 2e7cb34d0f [Analyzer] Iterator Checker - Part 8: Support for assign, clear, insert, emplace and erase operations
This patch adds support for the following operations in the iterator checkers: assign, clear, insert, insert_after, emplace, emplace_after, erase and erase_after. This affects mismatched iterator checks ("this" and parameter must match) and invalidation checks (according to the standard).

Differential Revision: https://reviews.llvm.org/D32904

llvm-svn: 341794
2018-09-10 09:07:47 +00:00
Adam Balogh 9a48ba6b4a [Analyzer] Iterator Checker - Part 7: Support for push and pop operations
This patch adds support for the following operations in the iterator checkers: push_back, push_front, emplace_back, emplace_front, pop_back and pop_front. This affects iterator range checks (range is extended after push and emplace and reduced after pop operations) and invalidation checks (according to the standard).

Differential Revision: https://reviews.llvm.org/D32902

llvm-svn: 341793
2018-09-10 09:06:31 +00:00
Adam Balogh 3659f7a8a9 [Analyzer] Iterator Checker - Part 6: Mismatched iterator checker for constructors and comparisons
Extension of the mismatched iterator checker for constructors taking range of first..last (first and last must be iterators of the same container) and also for comparisons of iterators of different containers (one does not compare iterators of different containers, since the set of iterators is partially ordered, there are no relations between iterators of different containers, except that they are always non-equal).

Differential Revision: https://reviews.llvm.org/D32860

llvm-svn: 341792
2018-09-10 09:05:31 +00:00
Adam Balogh 6b23b1a74f [Analyzer] Iterator Checker - Part 5: Move Assignment of Containers
If a container is moved by its move assignment operator, according to the standard all their iterators except the past-end iterators remain valid but refer to the new container. This patch introduces support for this case in the iterator checkers.

Differential Revision: https://reviews.llvm.org/D32859

llvm-svn: 341791
2018-09-10 09:04:27 +00:00
Adam Balogh 21583b733a [Analyzer] Iterator Checker - Part 4: Mismatched iterator checker for function parameters
New check added to the checker which checks whether iterator parameters of template functions typed by the same template parameter refer to the same container.

Differential Revision: https://reviews.llvm.org/D32845

llvm-svn: 341790
2018-09-10 09:03:22 +00:00
George Karpenkov 3310893288 [analyzer] [NFC] Move methods for dumping the coverage in HTMLDiagnostics into the class
Differential Revision: https://reviews.llvm.org/D51513

llvm-svn: 341724
2018-09-07 22:13:35 +00:00
George Karpenkov e4707e7a4a [analyzer] [NFC] Use StringRef when returning a large string literal in HTMLDiagnostics
(NB: could be a clang-tidy / analyzer check)

Differential Revision: https://reviews.llvm.org/D51512

llvm-svn: 341723
2018-09-07 22:13:15 +00:00
George Karpenkov 5577cb70e1 [analyzer] Remove the "postponed" hack, deal with derived symbols using an extra map
The "derived" symbols indicate children fields of a larger symbol.
As parents do not have pointers to their children, the garbage
collection algorithm the analyzer currently uses adds such symbols into
a "postponed" category, and then keeps running through the worklist
until the fixed point is reached.

The current patch rectifies that by instead using a helper map which
stores pointers from parents to children, so that no fixed point
calculation is necessary.

The current patch yields ~5% improvement in running time on sqlite.

Differential Revision: https://reviews.llvm.org/D51397

llvm-svn: 341722
2018-09-07 22:07:57 +00:00
George Karpenkov 8a88c83593 Revert "Revert "Revert "Revert "[analyzer] Add coverage information to plist output, update tests""""
This reverts commit 2f5d71d9fa135be86bb299e7d773036e50bf1df6.

Hopefully fixing tests on Windows.

llvm-svn: 341719
2018-09-07 21:58:24 +00:00
Simon Pilgrim b746df0b0a Revert "Revert "Revert "[analyzer] Add coverage information to plist output, update tests"""
Reverts analyzer tests from rL341627 again as they still broke windows buildbots

llvm-svn: 341648
2018-09-07 10:27:16 +00:00
George Karpenkov d7acacab94 Revert "Revert "[analyzer] Add coverage information to plist output, update tests""
This reverts commit a39bcab414dd7ace7e490363ecdf01ecce7743fc.

Reverting the revert, fixing tests.

llvm-svn: 341627
2018-09-07 02:02:35 +00:00
George Karpenkov 4762fb5d11 Revert "[analyzer] Add coverage information to plist output, update tests"
This reverts commit 03d183b6b94eda27ce66a4f9b87a00b0a148cf9e.

Temporary revert until the tests are fixed.

llvm-svn: 341626
2018-09-07 01:39:23 +00:00
George Karpenkov bb313b797d [analyzer] Add coverage information to plist output, update tests
Split tests which were still using FileCheck to compare plists.

Differential Revision: https://reviews.llvm.org/D51515

llvm-svn: 341621
2018-09-07 00:44:17 +00:00
George Karpenkov 784c60ac81 [analyzer] [NFC] Prefer passing around reference to std::unique_ptr&
When object is owned elsewhere

Differential Revision: https://reviews.llvm.org/D51669

llvm-svn: 341620
2018-09-07 00:43:55 +00:00
George Karpenkov a3fdd17907 [analyzer] Executed lines: store file IDs, not hashes.
Raw FileIDs are needed for the PlistDiagnostics to produce stable filenames.

Differential Revision: https://reviews.llvm.org/D51668

llvm-svn: 341619
2018-09-07 00:43:37 +00:00
George Karpenkov 55e3d1ec35 [analyzer] Do not add invalid source location to the coverage information
Invalid source locations may arise from generated code.

Differential Revision: https://reviews.llvm.org/D51761

llvm-svn: 341618
2018-09-07 00:43:17 +00:00
George Karpenkov 5f8d361c9c [analyzer] Push updating-the-executed-lines logic into the BugReporter.
So it can be reused across different consumers.

Differential Revision: https://reviews.llvm.org/D51514

llvm-svn: 341617
2018-09-07 00:42:53 +00:00
George Karpenkov 98bee02297 [analyzer] Skip printing trivial nodes in exploded graph
A node is considered to be trivial if it only has one successor, one
predecessor, and a state equal to the predecessor.
Can drastically (> 2x) reduce the size of the generated exploded
graph.

Differential Revision: https://reviews.llvm.org/D51665

llvm-svn: 341616
2018-09-07 00:42:32 +00:00
George Karpenkov d0d0cb38be [analyzer] [NFC] Move dumping program point into a separate function
Differential Revision: https://reviews.llvm.org/D51666

llvm-svn: 341603
2018-09-06 23:08:27 +00:00
George Karpenkov 84a2b30ba3 [analyzer] Dump stable identifiers for exploded nodes
Differential Revision: https://reviews.llvm.org/D51667

llvm-svn: 341602
2018-09-06 23:08:07 +00:00
George Karpenkov 95363e378a [analyzer] Remove traces of ubigraph visualization
Ubigraph project has been dead since about 2008, and to the best of my
knowledge, no one was using it.
Previously, I wasn't able to launch the existing binary at all.

Differential Revision: https://reviews.llvm.org/D51655

llvm-svn: 341601
2018-09-06 23:07:47 +00:00
George Karpenkov e40d4053ba [analyzer] Dump a reproducible, deterministic ID of program state to exploded graph
Differential Revision: https://reviews.llvm.org/D51395

llvm-svn: 341600
2018-09-06 23:07:26 +00:00
Artem Dergachev 73b38668ce [analyzer] InnerPointerChecker: Fix a segfault when checking symbolic strings.
Return value of dyn_cast_or_null should be checked before use.
Otherwise we may put a null pointer into the map as a key and eventually
crash in checkDeadSymbols.

Differential Revision: https://reviews.llvm.org/D51385

llvm-svn: 341092
2018-08-30 18:45:05 +00:00
George Karpenkov 574d78e78e [analyzer] Improve tracing for uninitialized struct fields
rdar://13729267

Differential Revision: https://reviews.llvm.org/D51323

llvm-svn: 340986
2018-08-29 22:48:50 +00:00
Artem Dergachev 4e864b8329 [analyzer] Support modeling no-op BaseToDerived casts in ExprEngine.
Introduce a new MemRegion sub-class, CXXDerivedObjectRegion, which is
the opposite of CXXBaseObjectRegion, to represent such casts. Such region is
a bit weird because it is by design bigger than its super-region.
But it's not harmful when it is put on top of a SymbolicRegion
that has unknown extent anyway.

Offset computation for CXXDerivedObjectRegion and proper modeling of casts
still remains to be implemented.

Differential Revision: https://reviews.llvm.org/D51191

llvm-svn: 340984
2018-08-29 22:43:31 +00:00
Artem Dergachev 5a3beea0e3 [analyzer] CFRetainReleaseChecker: Don't check C++ methods with the same name.
Don't try to understand what's going on when there's a C++ method called eg.
CFRetain().

Refactor the checker a bit, to use more modern APIs.

Differential Revision: https://reviews.llvm.org/D50866

llvm-svn: 340982
2018-08-29 22:39:20 +00:00
Artem Dergachev ed19831f63 [CFG] [analyzer] Disable argument construction contexts for variadic functions.
The analyzer doesn't make use of them anyway and they seem to have
pretty weird AST from time to time, so let's just skip them for now.

Fixes a crash reported as pr37769.

Differential Revision: https://reviews.llvm.org/D50855

llvm-svn: 340977
2018-08-29 22:05:35 +00:00
George Karpenkov 9ff67a9dda [analyzer] Resolve the crash in ReturnUndefChecker
By making sure the returned value from getKnownSVal is consistent with
the value used inside expression engine.

PR38427

Differential Revision: https://reviews.llvm.org/D51252

llvm-svn: 340965
2018-08-29 20:29:59 +00:00
George Karpenkov eae57a2b13 [analyzer] [NFC] Move class definition out of the function
Differential Revision: https://reviews.llvm.org/D51322

llvm-svn: 340964
2018-08-29 20:29:39 +00:00
George Karpenkov a393e68b27 [analyzer] Move analyzer-eagerly-assume to AnalyzerOptions, enable by default
Differential Revision: https://reviews.llvm.org/D51251

llvm-svn: 340963
2018-08-29 20:29:17 +00:00
George Karpenkov bd3e5dbf41 [analyzer] [NFC] Remove unused "state" argument from makeSymExprValNN
Differential Revision: https://reviews.llvm.org/D51250

llvm-svn: 340962
2018-08-29 20:28:54 +00:00
George Karpenkov d5ef0d2a4b [analyzer] Better retain count rules for OSObjects
Differential Revision: https://reviews.llvm.org/D51184

llvm-svn: 340961
2018-08-29 20:28:33 +00:00
George Karpenkov cf0b9cbd5f [analyzer] [NFC] Follow the convention when naming classes
Renames InvalidateRegionsWorker and RemoveDeadBindingsWorker

Differential Revision: https://reviews.llvm.org/D51324

llvm-svn: 340960
2018-08-29 20:28:13 +00:00
Adam Balogh 2cfbe933a1 [Analyzer] Iterator Checker - Part 3: Invalidation check, first for (copy) assignments
We add check for invalidation of iterators. The only operation we handle here
is the (copy) assignment.

Differential Revision: https://reviews.llvm.org/D32747

llvm-svn: 340805
2018-08-28 08:41:15 +00:00
Nico Weber 5946e5be17 fix comment typo
llvm-svn: 340743
2018-08-27 14:23:50 +00:00
Mikhail R. Gadelha 766a189dfd [analyzer] Moved all CSA code from the SMT API to a new header, `SMTConv.h`. NFC.
Summary:
With this patch, the SMT backend is almost completely detached from the CSA.

Unfortunate consequence is that we missed the `ConditionTruthVal` from the CSA and had to use `Optional<bool>`.

The Z3 solver implementation is still in the same file as the `Z3ConstraintManager`, in `lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp` though, but except for that, the SMT API can be moved to anywhere in the codebase.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin, Szelethus

Differential Revision: https://reviews.llvm.org/D50772

llvm-svn: 340534
2018-08-23 13:21:31 +00:00
Mikhail R. Gadelha b0670d349c [analyzer] Templatefy SMTConstraintManager so more generic code can be moved from solver specific implementations. NFC.
Summary:
By making SMTConstraintManager a template and passing the SMT constraint type and expr, we can further move code from the Z3ConstraintManager class to the generic SMT constraint Manager.

Now, each SMT specific constraint manager only needs to implement the method `bool canReasonAbout(SVal X) const`.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: mgorny, xazax.hun, szepet, a.sidorin, Szelethus

Differential Revision: https://reviews.llvm.org/D50770

llvm-svn: 340533
2018-08-23 13:21:00 +00:00
Mikhail R. Gadelha 2420ee9b91 [analyzer] Delete SMTContext. NFC.
Summary: There is no reason to have a base class for a context anymore as each SMT object carries a reference to the specific solver context.

Reviewers: NoQ, george.karpenkov, hiraditya

Reviewed By: hiraditya

Subscribers: hiraditya, xazax.hun, szepet, a.sidorin, Szelethus

Differential Revision: https://reviews.llvm.org/D50768

llvm-svn: 340532
2018-08-23 13:20:18 +00:00
Mikael Holmen b4a7546c5c Change dyn_cast<CXXMethodDecl>(FD) to isa<CXXMethodDecl>(FD) [NFC]
The result of the dyn_cast wasn't used to we can just check isa.

llvm-svn: 340531
2018-08-23 13:18:27 +00:00
Mikael Holmen 9f356ddec8 Removed unused variable [NFC]
The compiler warned:
../tools/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp:329:19: error: unused variable 'MD' [-Werror,-Wunused-variable]
  if (const auto *MD = dyn_cast<CXXMethodDecl>(FD)) {
                  ^
1 error generated.

llvm-svn: 340524
2018-08-23 10:59:49 +00:00
George Karpenkov ab0011ebc0 [analyzer] Preliminary version of retain count checking for OSObjects
Has quite a lot of false positives, disabled behind the flag.

Differential Revision: https://reviews.llvm.org/D50880

llvm-svn: 340502
2018-08-23 00:26:59 +00:00
George Karpenkov c433011e02 Revert "[CStringSyntaxChecker] Check strlcat sizeof check"
This reverts commit 3073790e87378fea9a68fb052185fec9596ef135.

The check is not correct, strlact(dest, "mystr", sizeof(dest)) is fine.

llvm-svn: 340501
2018-08-23 00:02:35 +00:00
George Karpenkov b45bf3bb8b Revert "[CStringSyntaxChecker] Reduces space around error message for strlcat."
This reverts commit 6b43b80320722da41ca6ef7a3b57cc300fb83094.

llvm-svn: 340500
2018-08-23 00:02:12 +00:00
George Karpenkov baa78cc6d3 [analyzer] Track non-zero values in ReturnVisitor
Tracking those can help to provide much better diagnostics in many cases.

In general, most of the visitor machinery should be refactored to allow
tracking the origin of arbitrary values.

rdar://36039765

Differential Revision: https://reviews.llvm.org/D51131

llvm-svn: 340475
2018-08-22 23:17:25 +00:00
George Karpenkov 09c6b509fe [analyzer] Track the problematic subexpression in UndefResultChecker
This is tested in a subsequent commit, which allows tracking those values.

Differential Revision: https://reviews.llvm.org/D51139

llvm-svn: 340474
2018-08-22 23:17:02 +00:00
George Karpenkov a97914243a [analyzer] [NFC] Minor refactoring of BugReporterVisitors
Differential Revision: https://reviews.llvm.org/D51130

llvm-svn: 340473
2018-08-22 23:16:44 +00:00
Henry Wong 2ca72e03c3 [analyzer] Improve `CallDescription` to handle c++ method.
Summary:
`CallDecription` can only handle function for the time being. If we want to match c++ method, we can only use method name to match and can't improve the matching accuracy through the qualifiers. 

This patch add the support for `QualifiedName` matching to improve the matching accuracy.

Reviewers: xazax.hun, NoQ, george.karpenkov, rnkovacs

Reviewed By: xazax.hun, NoQ, rnkovacs

Subscribers: Szelethus, szepet, rnkovacs, a.sidorin, mikhail.ramalho, cfe-commits, MTC

Differential Revision: https://reviews.llvm.org/D48027

llvm-svn: 340407
2018-08-22 13:30:46 +00:00
George Karpenkov 6e9fd1377d [analyzer] [NFC] Fix minor formatting issues in RetainCountChecker
Differential Revision: https://reviews.llvm.org/D51072

llvm-svn: 340378
2018-08-22 01:17:09 +00:00
George Karpenkov 80c9e78e3b [analyzer] [NFC] Extract a method for creating RefVal from RetEffect in RetainCountChecker
Differential Revision: https://reviews.llvm.org/D51071

llvm-svn: 340377
2018-08-22 01:16:49 +00:00
Kristof Umann 06209cb466 [analyzer] Correctly marked a virtual function 'override'
llvm-svn: 340280
2018-08-21 15:09:22 +00:00
Kristof Umann b59b45e7f1 [analyzer][UninitializedObjectChecker] Explicit namespace resolution for inherited data members
For the following example:

  struct Base {
    int x;
  };

  // In a different translation unit

  struct Derived : public Base {
    Derived() {}
  };

For a call to Derived::Derived(), we'll receive a note that
this->x is uninitialized. Since x is not a direct field of Derived,
it could be a little confusing. This patch aims to fix this, as well
as the case when the derived object has a field that has the name as
an inherited uninitialized data member:

  struct Base {
    int x; // note: uninitialized field 'this->Base::x'
  };

  struct Derived : public Base {
    int x = 5;
    Derived() {}
  };

Differential Revision: https://reviews.llvm.org/D50905

llvm-svn: 340272
2018-08-21 12:16:59 +00:00
Kristof Umann 2e4067226b [analyzer][UninitializedObjectChecker] Added documentation to the checker list
Differential Revision: https://reviews.llvm.org/D50904

llvm-svn: 340266
2018-08-21 10:47:19 +00:00
Kristof Umann 646019655c [analyzer][UninitializedObjectChecker] Refactoring p6.: Move dereferencing to a function
Now that it has it's own file, it makes little sense for
isPointerOrReferenceUninit to be this large, so I moved
dereferencing to a separate function.

Differential Revision: https://reviews.llvm.org/D50509

llvm-svn: 340265
2018-08-21 10:45:21 +00:00
George Karpenkov efef49cd2f [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker - try #2
Turns out it can't be removed from the analyzer since it relies on CallEvent.

Moving to staticAnalyzer/core

Differential Revision: https://reviews.llvm.org/D51023

llvm-svn: 340247
2018-08-21 03:09:02 +00:00
Richard Smith e43e2b3667 Model type attributes as regular Attrs.
Specifically, AttributedType now tracks a regular attr::Kind rather than
having its own parallel Kind enumeration, and AttributedTypeLoc now
holds an Attr* instead of holding an ad-hoc collection of Attr fields.

Differential Revision: https://reviews.llvm.org/D50526

This reinstates r339623, reverted in r339638, with a fix to not fail
template instantiation if we instantiate a QualType with no associated
type source information and we encounter an AttributedType.

llvm-svn: 340215
2018-08-20 21:47:29 +00:00
Andrei Elovikov 7d408ff662 [NFC] Don't define static function in header (UninitializedObject.h)
Summary:
See also http://lists.llvm.org/pipermail/cfe-users/2016-January/000854.html for
the reasons why it's bad.

Reviewers: Szelethus, erichkeane

Reviewed By: Szelethus

Subscribers: cfe-commits

Differential Revision: https://reviews.llvm.org/D50963

llvm-svn: 340174
2018-08-20 13:45:38 +00:00
Bruno Cardoso Lopes bb3b7cff96 Revert "[analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker"
This reverts commit a786521fa66c72edd308baff0c08961b6d964fb1.

Bots haven't caught up yet, but broke modules build with:

../tools/clang/include/clang/StaticAnalyzer/Checkers/MPIFunctionClassifier.h:18:10:
fatal error: cyclic dependency in module 'Clang_StaticAnalyzer_Core':
Clang_StaticAnalyzer_Core -> Clang_Analysis ->
Clang_StaticAnalyzer_Checkers -> Clang_StaticAnalyzer_Core
         ^

llvm-svn: 340117
2018-08-18 03:22:11 +00:00
George Karpenkov 0ac54fad53 [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker
ARCMigrator is using code from RetainCountChecker, which is a layering
violation (and it also does it badly, by using a different header, and
then relying on implementation being present in a header file).

This change splits up RetainSummaryManager into a separate library in
lib/Analysis, which can be used independently of a checker.

Differential Revision: https://reviews.llvm.org/D50934

llvm-svn: 340114
2018-08-18 01:45:50 +00:00
George Karpenkov b1b791b9b1 [analyzer] [NFC] Minor refactoring of ISL-specific code in RetainCountChecker
Differential Revision: https://reviews.llvm.org/D50879

llvm-svn: 340098
2018-08-17 21:43:27 +00:00
George Karpenkov bc0cddf0c8 [analyzer] Re-instate support for MakeCollectable is RetainCountChecker
Differential Revision: https://reviews.llvm.org/D50872

llvm-svn: 340097
2018-08-17 21:42:59 +00:00
George Karpenkov 03011b2d98 [analyzer] [NFC] Move ObjCRetainCount to include/Analysis
Differential Revision: https://reviews.llvm.org/D50869

llvm-svn: 340096
2018-08-17 21:42:32 +00:00
George Karpenkov c4d6b93dc7 [analyzer] [NFC] Move canEval function from RetainCountChecker to RetainCountSummaries
Differential Revision: https://reviews.llvm.org/D50863

llvm-svn: 340094
2018-08-17 21:42:05 +00:00
George Karpenkov cab604e9c7 [analyzer] [NFC] Split up summary generation in RetainCountChecker in two methods
Differential Revision: https://reviews.llvm.org/D50830

llvm-svn: 340093
2018-08-17 21:41:37 +00:00
George Karpenkov 70c2ee30bc [analyzer] [NFC] Split up RetainCountChecker
At some point, staring at 4k+ LOC file becomes a bit hard.

Differential Revision: https://reviews.llvm.org/D50821

llvm-svn: 340092
2018-08-17 21:41:07 +00:00
George Karpenkov 7390ddc968 [analyzer] Drop support for GC mode in RetainCountChecker
A lot of code in RetainCountChecker deals with GC mode.
Given that GC mode is deprecated, Apple does not ship runtime for it,
and modern compiler toolchain does not support it, it makes sense to
remove the code dealing with it in order to aid understanding of
RetainCountChecker.

Differential Revision: https://reviews.llvm.org/D50747

llvm-svn: 340091
2018-08-17 21:40:38 +00:00
David Carlier 6a691a0b7c [CStringSyntaxChecker] Reduces space around error message for strlcat.
llvm-svn: 339808
2018-08-15 20:09:52 +00:00
Richard Smith 33d8b95ef6 Silence "unused variable" warning.
llvm-svn: 339747
2018-08-15 01:06:30 +00:00
Artem Dergachev 3ccf14eb8e [analyzer] Add support for constructors of arguments.
Once CFG-side support for argument construction contexts landed in r338436,
the analyzer could make use of them to evaluate argument constructors properly.

When evaluated as calls, constructors of arguments now use the variable region
of the parameter as their target. The corresponding stack frame does not yet
exist when the parameter is constructed, and this stack frame is created
eagerly.

Construction of functions whose body is unavailable and of virtual functions
is not yet supported. Part of the reason is the analyzer doesn't consistently
use canonical declarations o identify the function in these cases, and every
re-declaration or potential override comes with its own set of parameter
declarations. Also it is less important because if the function is not
inlined, there's usually no benefit in inlining the argument constructor.

Differential Revision: https://reviews.llvm.org/D49443

llvm-svn: 339745
2018-08-15 00:33:55 +00:00
Kristof Umann 3e3f7552eb [analyzer] Made a buildbot happy.
llvm-svn: 339655
2018-08-14 08:38:35 +00:00
Kristof Umann 5a42441d81 [analyzer][UninitializedObjectChecker] Void pointers are casted back to their dynamic type in note message
Differential Revision: https://reviews.llvm.org/D49228

llvm-svn: 339653
2018-08-14 08:20:51 +00:00
David Carlier 54fc3767fc [CStringSyntaxChecker] Check strlcat sizeof check
- Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer.
- Advising the proper usual pattern.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Differential Revision: https://reviews.llvm.org/D49722

llvm-svn: 339641
2018-08-14 05:12:53 +00:00
Reid Kleckner 11f9f8acde Revert r339623 "Model type attributes as regular Attrs."
This breaks compiling atlwin.h in Chromium. I'm sure the code is invalid
in some way, but we put a lot of work into accepting it, and I'm sure
rejecting it was not an intended consequence of this refactoring. :)

llvm-svn: 339638
2018-08-14 01:55:37 +00:00
George Karpenkov e3b1d96218 [analyzer] Fix UninitializedObjectChecker to not crash on uninitialized "id" fields
Differential Revision: https://reviews.llvm.org/D50673

llvm-svn: 339631
2018-08-13 23:32:15 +00:00
Richard Smith 651d683ee3 Fix Clang warnings and bad #include filenames in r339595 and r339599.
llvm-svn: 339624
2018-08-13 22:07:11 +00:00
Richard Smith f79178635a Model type attributes as regular Attrs.
Specifically, AttributedType now tracks a regular attr::Kind rather than
having its own parallel Kind enumeration, and AttributedTypeLoc now
holds an Attr* instead of holding an ad-hoc collection of Attr fields.

Differential Revision: https://reviews.llvm.org/D50526

llvm-svn: 339623
2018-08-13 22:07:09 +00:00
Kristof Umann 23ca9660bf [analyzer][UninitializedObjectChecker] Refactoring p5.: Handle pedantic mode in the checker class only
Differential Revision: https://reviews.llvm.org/D50508

llvm-svn: 339601
2018-08-13 18:48:34 +00:00
Kristof Umann 015b059569 [analyzer][UninitializedObjectChecker] Refactoring p4.: Wrap FieldRegions and reduce weight on FieldChainInfo
Before this patch, FieldChainInfo used a spaghetti: it took care of way too many cases,
even though it was always meant as a lightweight wrapper around
ImmutableList<const FieldRegion *>.
This problem is solved by introducing a lightweight polymorphic wrapper around const
FieldRegion *, FieldNode. It is an interface that abstracts away special cases like
pointers/references, objects that need to be casted to another type for a proper note
messages.

Changes to FieldChainInfo:

  * Now wraps ImmutableList<const FieldNode &>.
  * Any pointer/reference related fields and methods were removed
  * Got a new add method. This replaces it's former constructors as a way to create a
    new FieldChainInfo objects with a new element.

Changes to FindUninitializedField:

  * In order not to deal with dynamic memory management, when an uninitialized field is
    found, the note message for it is constructed and is stored instead of a
    FieldChainInfo object. (see doc around addFieldToUninits).

Some of the test files are changed too, from now on uninitialized pointees of references
always print "uninitialized pointee" instead of "uninitialized field" (which should've
really been like this from the beginning).

I also updated every comment according to these changes.

Differential Revision: https://reviews.llvm.org/D50506

llvm-svn: 339599
2018-08-13 18:43:08 +00:00
Kristof Umann a37bba4727 [analyzer][UninitializedObjectChecker] Refactoring p3.: printTail moved out from FieldChainInfo
This is a standalone part of the effort to reduce FieldChainInfos inteerface.

Differential Revision: https://reviews.llvm.org/D50505

llvm-svn: 339596
2018-08-13 18:22:22 +00:00
Kristof Umann 56963aec8b [analyzer][UninitializedObjectChecker] Refactoring p2.: Moving pointer chasing to a separate file
In this patch, the following classes and functions have been moved to a header file:

    FieldChainInfo
    FindUninitializedFields
    isPrimitiveType

This also meant that they moved from anonymous namespace to clang::ento.

Code related to pointer chasing now relies in its own file.

There's absolutely no functional change in this patch -- its literally just copy pasting.

Differential Revision: https://reviews.llvm.org/D50504

llvm-svn: 339595
2018-08-13 18:17:05 +00:00
Kristof Umann ea7cb67581 [analyzer][UninitializedObjectChecker] Refactoring p1.: ImmutableList factory is no longer static
This patch is the first part of a series of patches to refactor UninitializedObjectChecker. The goal of this effort is to

    Separate pointer chasing from the rest of the checker,
    Increase readability and reliability,
    Don't impact performance (too bad).

In this one, ImmutableList's factory is moved to FindUninitializedFields.

Differential Revision: https://reviews.llvm.org/D50503

llvm-svn: 339591
2018-08-13 17:55:52 +00:00
George Karpenkov b3fff18638 [analyzer] Fix keyboard navigation for .msgNote events
Does not go to msgNote's.

Differential Revision: https://reviews.llvm.org/D50595

llvm-svn: 339493
2018-08-11 01:47:41 +00:00
Reka Kovacs bb2749a594 [analyzer] InnerPointerChecker: improve warning messages and notes.
Differential Revision: https://reviews.llvm.org/D49570

llvm-svn: 339489
2018-08-10 23:56:57 +00:00
George Karpenkov e99ba6e1f9 [analyzer] Record nullability implications on getting items from NSDictionary
If we get an item from a dictionary, we know that the item is non-null
if and only if the key is non-null.

This patch is a rather hacky way to record this implication, because
some logic needs to be duplicated from the solver.
And yet, it's pretty simple, performant, and works.

Other possible approaches:

 - Record the implication, in future rely on Z3 to pick it up.
 - Generalize the current code and move it to the constraint manager.

rdar://34990742

Differential Revision: https://reviews.llvm.org/D50124

llvm-svn: 339482
2018-08-10 22:27:04 +00:00
George Karpenkov b5dd3ccdbd [analyzer] Fix tracking expressions through negation operator
Differential Revision: https://reviews.llvm.org/D50537

llvm-svn: 339476
2018-08-10 21:42:19 +00:00
George Karpenkov 088adbfa16 Invalidate static locals when escaping lambdas
Lambdas can affect static locals even without an explicit capture.

rdar://39537031

Differential Revision: https://reviews.llvm.org/D50368

llvm-svn: 339459
2018-08-10 18:28:04 +00:00
Stephen Kelly 1c301dcbc4 Port getLocEnd -> getEndLoc
Reviewers: teemperor!

Subscribers: cfe-commits

Differential Revision: https://reviews.llvm.org/D50351

llvm-svn: 339386
2018-08-09 21:09:38 +00:00
Stephen Kelly f2ceec4811 Port getLocStart -> getBeginLoc
Reviewers: teemperor!

Subscribers: jholewinski, whisperity, jfb, cfe-commits

Differential Revision: https://reviews.llvm.org/D50350

llvm-svn: 339385
2018-08-09 21:08:08 +00:00
Stephen Kelly a6e4358f07 Port getStartLoc -> getBeginLoc
Reviewers: teemperor!

Subscribers: cfe-commits

Differential Revision: https://reviews.llvm.org/D50349

llvm-svn: 339384
2018-08-09 21:05:56 +00:00
George Karpenkov cf40ba8284 [analyzer] Fix the bug in UninitializedObjectChecker caused by not handling block pointers
Differential Revision: https://reviews.llvm.org/D50523

llvm-svn: 339369
2018-08-09 19:03:12 +00:00
Kristof Umann ef9af05539 [analyzer][UninitializedObjectChecker] Pointer/reference objects are dereferenced according to dynamic type
This patch fixed an issue where the dynamic type of pointer/reference
object was known by the analyzer, but wasn't obtained in the checker,
which resulted in false negatives. This should also increase reliability
of the checker, as derefencing is always done now according to the
dynamic type (even if that happens to be the same as the static type).

Special thanks to Artem Degrachev for setting me on the right track.

Differential Revision: https://reviews.llvm.org/D49199

llvm-svn: 339240
2018-08-08 13:18:53 +00:00
Kristof Umann 0735cfbd84 [analyzer][UninitializedObjectChecker] Fixed a false negative by no longer filtering out certain constructor calls
As of now, all constructor calls are ignored that are being called
by a constructor. The point of this was not to analyze the fields
of an object, so an uninitialized field wouldn't be reported
multiple times.

This however introduced false negatives when the two constructors
were in no relation to one another -- see the test file for a neat
example for this with singletons. This patch aims so fix this issue.

Differential Revision: https://reviews.llvm.org/D48436

llvm-svn: 339237
2018-08-08 12:23:02 +00:00
Matt Davis 95dd80c2e8 [analyzer] Avoid querying this-pointers for static-methods.
Summary:
The loop-widening code processes c++ methods looking for `this` pointers.  In
the case of static methods (which do not have `this` pointers), an assertion
was triggering.   This patch avoids trying to process `this` pointers for
static methods, and thus avoids triggering the assertion .


Reviewers: dcoughlin, george.karpenkov, NoQ

Reviewed By: NoQ

Subscribers: NoQ, xazax.hun, szepet, a.sidorin, mikhail.ramalho, cfe-commits

Differential Revision: https://reviews.llvm.org/D50408

llvm-svn: 339201
2018-08-07 23:13:28 +00:00
Kristof Umann a3f7b58742 [analyzer][UninitializedObjectChecker] New flag to turn off dereferencing
Even for a checker being in alpha, some reports about pointees held so little
value to the user that it's safer to disable pointer/reference chasing for now.
It can be enabled with a new flag, in which case checker should function as it
has always been. This can be set with `CheckPointeeInitialization`.

Differential Revision: https://reviews.llvm.org/D49438

llvm-svn: 339135
2018-08-07 12:55:26 +00:00
George Karpenkov 4ece68a0a8 [analyzer] Add ASTContext to CheckerManager
Some checkers require ASTContext. Having it in the constructor saves a
lot of boilerplate of having to pass it around.

Differential Revision: https://reviews.llvm.org/D50111

llvm-svn: 339079
2018-08-06 23:09:07 +00:00
Reka Kovacs d9f66ba340 [analyzer] InnerPointerChecker: fix displayed checker name.
For InnerPointerChecker to function properly, both the checker itself
and parts of MallocChecker that handle relevant use-after-free problems
need to be turned on. So far, the latter part has been developed within
MallocChecker's NewDelete sub-checker, often causing warnings to appear
under that name. This patch defines a new CheckKind within MallocChecker
for the inner pointer checking functionality, so that the correct name
is displayed in warnings and in the ExplodedGraph.

Tested on clang-tidy.

Differential Review: https://reviews.llvm.org/D50211

llvm-svn: 339067
2018-08-06 22:03:42 +00:00
George Karpenkov 09c31b1c99 [analyzer] Do not crash in NoStoreFuncVisitor notes if an unexpected region is found.
Just do not generate the note at all in that case.

llvm-svn: 338935
2018-08-03 23:19:07 +00:00
Reka Kovacs bfd9cfdeeb [analyzer] Add test for a crash fixed in r338775.
Do not crash if a CXXRecordDecl cannot be obtained for an object.

Special thanks for the reproduction to Alexander Kornienko.

llvm-svn: 338918
2018-08-03 20:42:02 +00:00
Reka Kovacs 122171e235 [analyzer] Detect pointers escaped after ReturnStmt execution in MallocChecker.
Objects local to a function are destroyed right after the statement returning
(part of) them is executed in the analyzer. This patch enables MallocChecker to
warn in these cases.

Differential Revision: https://reviews.llvm.org/D49361

llvm-svn: 338780
2018-08-02 23:02:08 +00:00
Reka Kovacs 38679fd630 [analyzer] Obtain a ReturnStmt from a CFGAutomaticObjDtor.
The CoreEngine only gives us a ReturnStmt if the last element in the
CFGBlock is a CFGStmt, otherwise the ReturnStmt is nullptr.
This patch adds support for the case when the last element is a
CFGAutomaticObjDtor, by returning its TriggerStmt as a ReturnStmt.

Differential Revision: https://reviews.llvm.org/D49811

llvm-svn: 338777
2018-08-02 22:31:03 +00:00
Reka Kovacs 7d36e92c9c [analyzer] Add a safety check to InnerPointerChecker.
Do not crash if the CXXRecordDecl of an object is not available.

llvm-svn: 338775
2018-08-02 22:19:57 +00:00
Fangrui Song 98768e40fe [analyzer] Make RegionVector use const reference
llvm-svn: 338732
2018-08-02 16:29:36 +00:00
George Karpenkov 1d08c51ee5 [analyzer] Extend NoStoreFuncVisitor to follow fields.
rdar://39701823

Differential Revision: https://reviews.llvm.org/D49901

llvm-svn: 338667
2018-08-02 02:02:40 +00:00
Simon Pilgrim 080b8709d0 Add missing semicolon.
llvm-svn: 338510
2018-08-01 10:34:13 +00:00
Simon Pilgrim 3c6cb40598 Replace 'FALL-THROUGH' comment with LLVM_FALLTHROUGH to silence warning. NFCI.
llvm-svn: 338508
2018-08-01 10:26:04 +00:00
Artem Dergachev b21b479653 [analyzer] CallEvent: Add helper methods for obtaining the callee stack frame.
Newly added methods allow reasoning about the stack frame of the call (as
opposed to the stack frame on which the call was made, which was always
available) - obtain the stack frame context, obtain parameter regions - even if
the call is not going to be (or was not) inlined, i.e. even if the analysis
has never actually entered the stack frame.

Differential Revision: https://reviews.llvm.org/D49715

llvm-svn: 338474
2018-08-01 01:58:15 +00:00
Artem Dergachev 67d393f3d1 [analyzer] Fix eliding the same destructor twice due to buggy default arguments.
Because of incomplete support for CXXDefaultArgExpr, we cannot yet commit to
asserting that the same destructor won't be elided twice.

Suppress the assertion failure for now. Proper support is still an open problem.

Differential Revision: https://reviews.llvm.org/D49213

llvm-svn: 338441
2018-07-31 21:17:40 +00:00
Artem Dergachev 1f8cb3a65e [CFG] [analyzer] NFC: Enumerate construction context layer kinds.
This is a refactoring patch; no functional change intended.

The common part of ConstructionContextLayer and ConstructedObjectKey is
factored out into a new structure, ConstructionContextItem.

Various sub-kinds of ConstructionContextItem are enumerated in order to
provide richer information about construction contexts.

Differential Revision: https://reviews.llvm.org/D49210.

llvm-svn: 338439
2018-07-31 21:12:42 +00:00
Artem Dergachev a657a32cc8 [CFG] [analyzer] Implement function argument construction contexts.
In r330377 and r338425 we have already identified what constitutes function
argument constructors and added stubs in order to prevent confusing them
with other temporary object constructors.

Now we implement a ConstructionContext sub-class to carry all the necessary
information about the construction site, namely call expression and argument
index.

On the analyzer side, the patch interacts with the recently implemented
pre-C++17 copy elision support in an interesting manner. If on the CFG side we
didn't find a construction context for the elidable constructor, we build
the CFG as if the elidable constructor is not elided, and the non-elided
constructor within it is a simple temporary. But the same problem may occur
in the analyzer: if the elidable constructor has a construction context but
the analyzer doesn't implement such context yet, the analyzer should also
try to skip copy elision and still inline the non-elided temporary constructor.
This was implemented by adding a "roll back" mechanism: when elision fails,
roll back the changes and proceed as if it's a simple temporary. The approach
is wonky, but i'm fine with that as long as it's merely a defensive mechanism
that should eventually go away once all construction contexts become supported.

Differential Revision: https://reviews.llvm.org/D48681.

llvm-svn: 338436
2018-07-31 20:45:53 +00:00
Artem Dergachev 9fe9a95f65 [analyzer] Reuse some code in simplifySVal().
No functional change intended.

Differential Revision: https://reviews.llvm.org/D49826

llvm-svn: 338422
2018-07-31 19:29:25 +00:00
Artem Dergachev 05220a900c [analyzer] Don't try to simplify mixed Loc/NonLoc expressions.
This fix is similar to r337769 and addresses a regression caused by r337167.

When an operation between a nonloc::LocAsInteger and a non-pointer symbol
is performed, the LocAsInteger-specific part of information is lost.
When the non-pointer symbol is collapsing into a constant, we cannot easily
re-evaluate the result, because we need to recover the missing
LocAsInteger-specific information (eg., integer type, or the very fact that
this pointer was at some point converted to an integer).

Add one more defensive check to prevent crashes on trying to simplify a
SymSymExpr with different Loc-ness of operands.

Differential Revision: 

llvm-svn: 338420
2018-07-31 19:26:34 +00:00
Artem Dergachev 67fdf81f0c [analyzer] CStringChecker: Remember to highlight the argument expression range.
When emitting a bug report, it is important to highlight which argument of the
call-expression is causing the problem.

Before:
warning: Null pointer argument in call to string comparison function
  strcmp(a, b);
  ^~~~~~~~~~~~

After:
warning: Null pointer argument in call to string comparison function
  strcmp(a, b);
  ^      ~

Affects other output modes as well, not just text.

Differential Revision: https://reviews.llvm.org/D50028

llvm-svn: 338333
2018-07-30 23:44:37 +00:00
George Karpenkov 8a0f890e29 [analyzer] [NFC] Simplify some visitors by giving a convenient getter from state to analysis manager
Differential Revision: https://reviews.llvm.org/D49772

llvm-svn: 338315
2018-07-30 22:18:47 +00:00
George Karpenkov 81c84a9755 [analyzer] Bugfix for autorelease + main run loop leak checker
Do not warn when the other message-send-expression is correctly wrapped
in a different autorelease pool.

Differential Revision: https://reviews.llvm.org/D49921

llvm-svn: 338314
2018-07-30 22:18:21 +00:00
George Karpenkov f44b9070b9 [analyzer] Fix crash in RunLoopAutoreleaseChecker on empty children
Differential Revision: https://reviews.llvm.org/D50012

llvm-svn: 338312
2018-07-30 21:44:15 +00:00
Fangrui Song 6907ce2f8f Remove trailing space
sed -Ei 's/[[:space:]]+$//' include/**/*.{def,h,td} lib/**/*.{cpp,h}

llvm-svn: 338291
2018-07-30 19:24:48 +00:00
Reka Kovacs e48ea894c6 [analyzer] Add missing state transition in IteratorChecker.
After cleaning up program state maps in `checkDeadSymbols()`,
a transition should be added to generate the new state.

Differential Revision: https://reviews.llvm.org/D47417

llvm-svn: 338263
2018-07-30 16:14:59 +00:00
Reka Kovacs c74cfc4215 [analyzer] Add support for more invalidating functions in InnerPointerChecker.
According to the standard, pointers referring to the elements of a
`basic_string` may be invalidated if they are used as an argument to
any standard library function taking a reference to non-const
`basic_string` as an argument. This patch makes InnerPointerChecker warn
for these cases.

Differential Revision: https://reviews.llvm.org/D49656

llvm-svn: 338259
2018-07-30 15:43:45 +00:00
Adam Balogh a692120cb7 [Analyzer] Iterator Checker Hotfix: Defer deletion of container data until its last iterator is cleaned up
The analyzer may consider a container region as dead while it still has live
iterators. We must defer deletion of the data belonging to such containers
until all its iterators are dead as well to be able to compare the iterator
to the begin and the end of the container which is stored in the container
data.

Differential Revision: https://reviews.llvm.org/D48427

llvm-svn: 338234
2018-07-30 08:52:21 +00:00
George Karpenkov b293c6bb54 [analyzer] Extend NoStoreFuncVisitor to insert a note on IVars
The note is added in the following situation:

 - We are throwing a nullability-related warning on an IVar
 - The path goes through a method which *could have* (syntactically
   determined) written into that IVar, but did not

rdar://42444460

Differential Revision: https://reviews.llvm.org/D49689

llvm-svn: 338149
2018-07-27 18:26:40 +00:00
Mikhail R. Gadelha 127093129a [analyzer] Fixed method to get APSInt model
Summary:
This patch replaces the current method of getting an `APSInt` from Z3's model by calling generic API method `getBitvector` instead of `Z3_get_numeral_uint64`.

By calling `getBitvector`, there's no need to handle bitvectors with bit width == 128 separately.

And, as a bonus, clang now compiles correctly with Z3 4.7.1.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin

Differential Revision: https://reviews.llvm.org/D49818

llvm-svn: 338020
2018-07-26 11:17:13 +00:00
Mikhail R. Gadelha 3c94b65cb0 [analyzer] Update SMT API documentation and methods
Summary:
Update the documentation of all the classes introduced with the new generic SMT API, most of them were referencing Z3 and how previous operations were being done (like including the context as parameter in a few methods).

Renamed the following methods, so it's clear that the operate on bitvectors:
*`mkSignExt` -> `mkBVSignExt`
*`mkZeroExt` -> `mkBVZeroExt`
*`mkExtract` -> `mkBVExtract`
*`mkConcat` -> `mkBVConcat`

Removed the unecessary methods:
* `getDataExpr`: it was an one line method that called `fromData`
* `mkBitvector(const llvm::APSInt Int)`: it was not being used anywhere

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin

Differential Revision: https://reviews.llvm.org/D49799

llvm-svn: 337954
2018-07-25 19:34:48 +00:00
Mikhail R. Gadelha f142c965e4 [analyzer] Use the macro REGISTER_TRAIT_WITH_PROGRAMSTATE in the Z3 backend
Summary:
The macro was manually expanded in the Z3 backend and this patch adds it back.

Adding the expanded code is dangerous as the macro may change in the future and the expanded code might be left outdated.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin

Differential Revision: https://reviews.llvm.org/D49769

llvm-svn: 337923
2018-07-25 12:49:47 +00:00
Mikhail R. Gadelha 5c3d032e70 [analyzer] Removed API used by the Refutation Manager from SMTConstraintManager and replace by proper calls to SMTSolver
Summary:
Third patch in the refactoring series, to decouple the SMT Solver from the Refutation Manager (1st: D49668, 2nd: D49767).

The refutation API in the `SMTConstraintManager` was a hack to allow us to create an SMT solver and verify the constraints; it was conceptually wrong from the start. Now, we don't actually need to use the `SMTConstraintManager` and can create an SMT object directly, add the constraints and check them.

While updating the Falsification visitor, I inlined the two functions that were used to collect the constraints and add them to the solver.

As a result of this patch, we could move the SMT API elsewhere and as it's not really dependent on the CSA anymore. Maybe we can create a new dir (utils/smt) for Z3 and future solvers?

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin

Differential Revision: https://reviews.llvm.org/D49768

llvm-svn: 337922
2018-07-25 12:49:43 +00:00
Mikhail R. Gadelha 8628e2cd54 [analyzer] Moved code from SMTConstraintManager to SMTSolver
Summary:
This is the second part of D49668, and moves all the code that's not specific to a ConstraintManager to SMTSolver.

No functional change intended.

Reviewers: NoQ, george.karpenkov

Reviewed By: george.karpenkov

Subscribers: xazax.hun, szepet, a.sidorin

Differential Revision: https://reviews.llvm.org/D49767

llvm-svn: 337921
2018-07-25 12:49:37 +00:00