Commit Graph

62 Commits

Author SHA1 Message Date
Jordan Rose 28c06b268e [analyzer] Add a test for PR13927 "offsetof replacement flagged as null deref"
This seems to be legal according to C11 6.5.3.2.

No functionality change.

llvm-svn: 164959
2012-10-01 19:07:19 +00:00
Ted Kremenek 722398f1d4 Fix analyzer tests.
llvm-svn: 162588
2012-08-24 20:39:55 +00:00
Ted Kremenek a056d62961 Remove BasicConstraintManager. It hasn't been in active service for a while.
As part of this change, I discovered that a few of our tests were not testing
the RangeConstraintManager.  Luckily all of those passed when I moved them
over to use that constraint manager.

llvm-svn: 162384
2012-08-22 19:47:13 +00:00
Ted Kremenek 9bf9af92a4 Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:

- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.

- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer.  This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).

As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML.  This required some tests to be updated, but now
the tests have higher fidelity with what users will see.

There are some inefficiencies in this patch.  We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack.  There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers.  This is necessary to produce the diagnostics that a particular
consumer expects.

llvm-svn: 162028
2012-08-16 17:45:23 +00:00
Ted Kremenek 3f955e6d89 [analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
Ted Kremenek 73665188fc Really remove FlatStoreManager and BasicStoreManager, this time from the driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
llvm-svn: 136422
2011-07-28 23:08:16 +00:00
Argyrios Kyrtzidis 9eb02dfa89 [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
Argyrios Kyrtzidis a9215281de [analyzer] Use the new registration mechanism on some of the experimental internal checkers:
CastToStructChecker
  FixedAddressChecker
  PointerArithChecker
  PointerSubChecker

llvm-svn: 125612
2011-02-15 22:55:20 +00:00
Jordy Rose 23f0f4b7ae Move new test (that requires RegionStore) into its own file.
llvm-svn: 109736
2010-07-29 07:11:59 +00:00
Jordy Rose daa1c83413 Use a LazyCompoundVal to handle initialization with a string literal, rather than copying each character.
llvm-svn: 109734
2010-07-29 06:40:33 +00:00
Ted Kremenek 2f2692f8ca Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.
llvm-svn: 95348
2010-02-05 02:06:54 +00:00
Daniel Dunbar 8fbe78f6fc Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'.
- This is designed to make it obvious that %clang_cc1 is a "test variable"
   which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
   can be useful to redefine what gets run as 'clang -cc1' (for example, to set
   a default target).

llvm-svn: 91446
2009-12-15 20:14:24 +00:00
Zhongxing Xu 27f686f8ec Replace clang-cc with clang -cc1.
llvm-svn: 91272
2009-12-14 06:34:20 +00:00
Ted Kremenek 4ef13f8ac9 Add clang-cc option "--analyzer-experimental-internal-checks". This
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.

llvm-svn: 88671
2009-11-13 18:46:29 +00:00
Zhongxing Xu f06c684a33 Add checker for CWE-588: Attempt to Access Child of a Non-structure Pointer.
llvm-svn: 86529
2009-11-09 08:07:38 +00:00
Daniel Dunbar 8b57697954 Eliminate &&s in tests.
- 'for i in $(find . -type f); do sed -e 's#\(RUN:.*[^ ]\) *&& *$#\1#g' $i | FileUpdate $i; done', for the curious.

llvm-svn: 86430
2009-11-08 01:45:36 +00:00
John McCall fceb64bd04 Implement -Wconversion. Off by default, in the non-gcc group. There's
significant work left to be done to reduce the false-positive rate here.

llvm-svn: 86326
2009-11-07 03:30:10 +00:00
Anders Carlsson 499de4252d Add casts to avoid a bunch of unused expr warnings. (They aren't reported right now due to a bug that I intend to fix). Ted, please review.
llvm-svn: 77630
2009-07-30 22:37:41 +00:00
Ted Kremenek 4301526e8d Remove 'StoreManager::OldCastRegion()', TypedViewRegion (which only
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.

llvm-svn: 77509
2009-07-29 21:43:22 +00:00
Ted Kremenek c1986570ed Remove stale comment and fix RUN line.
llvm-svn: 76656
2009-07-21 21:48:25 +00:00
Ted Kremenek f66557978e Switch BasicStoreManager to use the new CastRegion implementation by default,
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.

llvm-svn: 75209
2009-07-10 00:41:58 +00:00
Ted Kremenek eea8c29aa3 Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line using '-analyzer-store=basic-new-cast'.
llvm-svn: 74865
2009-07-06 21:58:46 +00:00
Zhongxing Xu 4744d560b8 Invalidate the alloca region by setting its default value to conjured symbol.
llvm-svn: 74419
2009-06-29 06:43:40 +00:00
Zhongxing Xu 55e070031f Now this test case passes.
llvm-svn: 74410
2009-06-28 14:25:10 +00:00
Zhongxing Xu 6f610707cf Invalidate a field of struct type by setting its default value to conjured
symbol.

llvm-svn: 74408
2009-06-28 13:59:24 +00:00
Ted Kremenek 1642bdaaa5 Introduce a new concept to the static analyzer: SValuator.
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.

We now have one implementation of SValuator: SimpleSValuator.

SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.

As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.

llvm-svn: 74229
2009-06-26 00:05:51 +00:00
Zhongxing Xu 519a47d4bd Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the
comments for added test case for details.

llvm-svn: 73189
2009-06-11 09:11:27 +00:00
Zhongxing Xu 1075cc0b02 Treat AllocaRegion as SymbolicRegion in RegionStore::Retrieve().
llvm-svn: 72166
2009-05-20 09:18:48 +00:00
Zhongxing Xu 1f275ba1b4 Add comments to test case.
llvm-svn: 72165
2009-05-20 09:03:10 +00:00
Zhongxing Xu a7907608fb * API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
RegionStore needs to know the type of alloca region. 
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
  element region, as what is done to symbolic region.

llvm-svn: 72164
2009-05-20 09:00:16 +00:00
Zhongxing Xu 08a2ede018 Add logic for invalidating array region to CFRefCount.cpp. When invalidating
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.

Also fix some 80 columns violations.

llvm-svn: 71548
2009-05-12 10:10:00 +00:00
Ted Kremenek 02e508960c Per conversations with Zhongxing, add an 'element type' to
ElementRegion.  I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.

This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager.  Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
  'Line 159: Uninitialized or undefined return value returned to caller.'
  
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.

Zhongxing: When you get a chance, could you review this?  I could have
easily screwed up something basic in RegionStoreManager.

llvm-svn: 70830
2009-05-04 06:18:28 +00:00
Zhongxing Xu 3e3e69bbe7 region store: make Retrieve() can retrieve embedded array correctly. Also
simplify the retrieve logic.

llvm-svn: 70651
2009-05-03 00:27:40 +00:00
Daniel Dunbar a45cf5b6b0 Rename clang to clang-cc.
Tests and drivers updated, still need to shuffle dirs.

llvm-svn: 67602
2009-03-24 02:24:46 +00:00
Zhongxing Xu e40de828fc add test case.
llvm-svn: 67154
2009-03-18 02:07:30 +00:00
Zhongxing Xu 5b9223fcf2 add test case.
llvm-svn: 65036
2009-02-19 08:42:43 +00:00
Ted Kremenek 51189468ea Update several tests to explicitly use BasicConstraintManager as well as to use RangeConstraintManager with RegionStoreManager.
llvm-svn: 64854
2009-02-17 23:32:18 +00:00
Ted Kremenek b535181199 Static Analyzer driver/options (partial) cleanup:
- Move all analyzer options logic to AnalysisConsumer.cpp.
- Unified specification of stores/constraints/output to be:
   -analyzer-output=...
   -analyzer-store=...
   -analyzer-constraints=...
  instead of -analyzer-range-constraints, -analyzer-store-basic, etc.
- Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new
  interface
- Updated test cases to conform to new driver options

llvm-svn: 64737
2009-02-17 04:27:41 +00:00
Zhongxing Xu e37f9afb2e Implement retrieval of the default value of element and field regions.
llvm-svn: 62847
2009-01-23 11:22:12 +00:00
Zhongxing Xu b8365bd890 Add a test case for init expr of array and struct type.
llvm-svn: 62845
2009-01-23 10:23:13 +00:00
Ted Kremenek 92d48a71f5 Fix RegionStore::getLValueElement() to handle the case when the base region is not an ElementRegion (also do some cleanups of its core logic).
This gets array-struct.c to work with RegionStore.

llvm-svn: 62781
2009-01-22 20:27:48 +00:00
Daniel Dunbar 34fc92fdc2 Add -analyze action to run static analyzer, instead of inferring from
individual checker options.

llvm-svn: 62634
2009-01-20 23:17:32 +00:00
Zhongxing Xu cff637a568 Add KillStruct to region store.
- put the killed region in the kill set.
 - set its default value to unknown.
 - removes all bindings for its subregions.  

llvm-svn: 62138
2009-01-13 01:49:57 +00:00
Ted Kremenek b5670fd555 MemRegion:
- Overhauled the notion of "types" for TypedRegions.  We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()).  Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type.  We can add it back once there is a need for it and we can resolve its role with these concepts.

StoreManager:
- Overhauled StoreManager::CastRegion.  It expects an *lvalue* type for a region.  This is actually what motivated the overhaul to the MemRegion type mechanism.  It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts.  This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().

AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type.  This change was needed to work with the changes to StoreManager::CastRegion.

GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.

Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.

llvm-svn: 60995
2008-12-13 21:49:13 +00:00
Zhongxing Xu 9cc7cba848 remove a test case that causes compiler warning.
llvm-svn: 60282
2008-11-30 05:59:27 +00:00
Zhongxing Xu 5c75919093 Add test for initializing array with string literal.
llvm-svn: 60281
2008-11-30 05:51:19 +00:00
Zhongxing Xu f39268ae8c Add documentation for test.
llvm-svn: 60002
2008-11-25 01:45:11 +00:00
Zhongxing Xu 2939a50b67 Add no-warning to test case.
llvm-svn: 59995
2008-11-24 23:45:56 +00:00
Zhongxing Xu 60d6cd1940 Improve test case.
llvm-svn: 59902
2008-11-23 05:50:21 +00:00
Zhongxing Xu 19cad71552 Add test cast for struct array.
llvm-svn: 59522
2008-11-18 13:30:46 +00:00