Benjamin Kramer
435ef9b383
Remove unneeded includes.
...
llvm-svn: 90032
2009-11-28 09:41:31 +00:00
Kovarththanan Rajaratnam
65c6566b5b
lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespace
...
llvm-svn: 90028
2009-11-28 06:07:30 +00:00
Ted Kremenek
2350e0c3ba
Improve diagnostics in ReturnStackAddressChecker for returning a stack-allocated block. Implements the rest of <rdar://problem/7387385>.
...
llvm-svn: 89940
2009-11-26 07:14:50 +00:00
Ted Kremenek
f89dcdaf19
Add a PostVisitBlockExpr() method to RetainReleaseChecker to query for
...
the set of variables "captured" by a block. Until the analysis gets
more sophisticated, for now we stop the retain count tracking of any
objects (transitively) referenced by these variables.
llvm-svn: 89929
2009-11-26 02:38:19 +00:00
Ted Kremenek
94f8c4a7d5
Teach RegionStoreManager::RemoveDeadBindings() about BlockDataRegions. Any VarRegion for a "captured" variable should also be considered live.
...
llvm-svn: 89928
2009-11-26 02:35:42 +00:00
Ted Kremenek
3378b610ae
Add iterators to BlockDataRegion that allow clients to iterate over the VarRegions for "captured" variables for a block.
...
llvm-svn: 89927
2009-11-26 02:34:36 +00:00
Ted Kremenek
705fd953ef
Added batch versions of GRState::scanReachableSymbols() so that clients can scan a collection of SVals or MemRegions all at once.
...
llvm-svn: 89926
2009-11-26 02:32:19 +00:00
Ted Kremenek
0f5e6f8805
Enhance LiveVariables to understand that blocks can extend the liveness of a variable by "capturing" them in a BlockExpr.
...
This required two changes:
1) Added 'getReferencedgetReferencedBlockVars()' to AnalysisContext so
that clients can iterate over the "captured" variables in a block.
2) Modified LiveVariables to take an AnalysisContext& in its
constructor and to call getReferencedgetReferencedBlockVars() when it
processes a BlockExpr*.
llvm-svn: 89924
2009-11-26 02:31:33 +00:00
Ted Kremenek
1646cf6d05
Add missing case in switch statement.
...
llvm-svn: 89903
2009-11-25 23:58:21 +00:00
Ted Kremenek
b63ad7a6c1
Refine MemRegions for blocks. Add a new region called
...
'BlockDataRegion' to distinguish between the code associated with a
block (which is represented by 'BlockTextRegion') and an instance of a
block, which includes both code and data. 'BlockDataRegion' has an
associated LocationContext, which can be used to eventually model the
lifetime of a block object once LocationContexts can represent scopes
(and iterations around a loop, etc.).
llvm-svn: 89900
2009-11-25 23:53:07 +00:00
Ted Kremenek
80f70b54aa
Remove recently added FIXME. The appropriate FIXME is already in MemRegionManager::getVarRegion().
...
llvm-svn: 89897
2009-11-25 23:30:34 +00:00
Ted Kremenek
a3d6e62003
Add FIXME.
...
llvm-svn: 89892
2009-11-25 22:41:34 +00:00
Ted Kremenek
e6929ffc21
Add post-visit Checker support in GRExprEngine for BlockExpr.
...
llvm-svn: 89890
2009-11-25 22:23:25 +00:00
Ted Kremenek
70a8788368
Add a new RetainReleaseChecker class (that subclasses CheckerVisitor) to extend the functionality of the retain/release checker using the new Checker interface. Pieces of CFRefCount will gradually be migrated to this new class over time.
...
llvm-svn: 89889
2009-11-25 22:17:44 +00:00
Ted Kremenek
945422794b
Move RegisterChecks() to the end of the file. No functionality change.
...
llvm-svn: 89888
2009-11-25 22:08:49 +00:00
Ted Kremenek
d0fe8047dd
Make RegisterInternalChecks() part of GRExprEngine's private implementation by making it a static function within GRExprEngine.cpp.
...
llvm-svn: 89884
2009-11-25 21:51:20 +00:00
Ted Kremenek
efb5003f95
Register internal checks with GRExprEngine when it is constructed, not manually in AnalysisConsumer.cpp.
...
llvm-svn: 89883
2009-11-25 21:45:48 +00:00
Ted Kremenek
acdc817ed9
When dispatching to Checker objects in GRExprEngine::CheckerVisit(),
...
only stop processing the checkers after all the nodes for a current
check have been processed. This (I believe) handles the case where
PredSet (the input nodes) contains more than one node due to state
bifurcation. Zhongxing: can you review this?
llvm-svn: 89882
2009-11-25 21:40:22 +00:00
Ted Kremenek
e6a2780c96
Add really basic support for blocks in the retain/release checker. For now, anytime we pass a tracked object to a block call we stop tracking it.
...
llvm-svn: 89831
2009-11-25 01:35:18 +00:00
Ted Kremenek
470bfa47db
Allow building of CFGs for ASTs that contain BlockExprs.
...
llvm-svn: 89830
2009-11-25 01:34:30 +00:00
Ted Kremenek
cfe223f637
Add transfer function support for BlockExpr.
...
llvm-svn: 89829
2009-11-25 01:33:13 +00:00
Ted Kremenek
10a50e7371
Split CodeTextRegion into FunctionTextRegion and BlockTextRegion. This a precursor to having basic static analysis support for blocks.
...
llvm-svn: 89828
2009-11-25 01:32:22 +00:00
Ted Kremenek
1fc1f20efd
For the nil-receiver checker, take into account the behavioral changes that got introduced in Mac OS X 10.5 and later, notably return values of double, float, etc., will not be garbage. Fixes <rdar://problem/6829160>.
...
llvm-svn: 89809
2009-11-24 22:48:18 +00:00
Ted Kremenek
005e8a06f2
Cleanups and fixes to the nil-receiver checker, some of it fallout the
...
initial transition of the nil-receiver checker to the Checker
interface as done in r89745. Some important changes include:
1) We consolidate the BugType object used for nil receiver bug
reports, and don't include the type of the returned value in the
BugType (which would be wrong if a nil receiver bug was reported more
than once)
2) Added a new (temporary) flag to CheckerContext: DoneEvauating.
This is used by GRExprEngine when evaluating message expressions to
not continue evaluating the message expression if this flag is set.
This flag is currently set by the nil receiver checker. This is an
intermediate solution to allow the nil-receiver checker to properly
work as a plug-in outside of GRExprEngine. Basically, this flag
indicates that the entire message expression has been evaluated, not
just a precondition (which is what the nil-receiver checker does).
This flag *should not* be repurposed for general use, but just to pull
more things out of GRExprEngine that already in there as we devise a
better interface in the Checker class.
3) Cleaned up the logic in the nil-receiver checker, making the
control-flow a lot easier to read.
llvm-svn: 89804
2009-11-24 21:41:28 +00:00
Zhongxing Xu
c2998766f0
We can remove this file now.
...
llvm-svn: 89751
2009-11-24 08:28:49 +00:00
Zhongxing Xu
c6123a1a3c
Refactor undefined result checker. This is the last one.
...
llvm-svn: 89750
2009-11-24 08:24:26 +00:00
Zhongxing Xu
9e200798c2
Refactor NilReceiverStructRet and NilReceiverLargerThanVoidPtrRet into
...
CallAndMessageChecker.
llvm-svn: 89745
2009-11-24 07:06:39 +00:00
Zhongxing Xu
72269ec8cb
rename UndefinedArgChecker to CallAndMessageChecker.
...
llvm-svn: 89735
2009-11-24 04:45:44 +00:00
Zhongxing Xu
da32375115
Rename: UndefinedArgChecker.cpp => CallAndMessageChecker.cpp
...
llvm-svn: 89734
2009-11-24 04:08:01 +00:00
Ted Kremenek
c0229557dd
Enhance null dereference diagnostics by indicating what variable (if any) was dereferenced. Addresses <rdar://problem/7039161>.
...
llvm-svn: 89726
2009-11-24 01:33:10 +00:00
Ted Kremenek
b0c0b08c71
After performing a bounds check in ArrayBoundChecker, record the fact that a bounds check succeeded by transitioning the ExplodedGraph.
...
llvm-svn: 89712
2009-11-23 23:23:26 +00:00
Ted Kremenek
f57351570e
Clean up the Checker API a little more, resolving some hidden bugs
...
along the way. Important changes:
1) To generate a sink node, use GenerateSink(); GenerateNode() is for
generating regular transitions. This makes the API clearer and also
allows us to use the 'bool' option to GenerateNode() for a different
purpose.
2) GenerateNode() now automatically adds the generated node to the
destination ExplodedNodeSet (autotransition) unless the client
specifies otherwise with a bool flag. Several checkers did not call
'addTransition()' after calling 'GenerateNode()', causing the
simulation path to be prematurely culled when a non-fail stop bug was
encountered.
3) Add variants of GenerateNode()/GenerateSink() that take neither a
Stmt* or a GRState*; most callers of GenerateNode() just pass in the
same Stmt* as provided when the CheckerContext object is created; we
can just use that the majority of the time. This cleanup also allows
us to potentially coelesce the APIs for evaluating branches and
end-of-paths (which currently directly use builders).
4) addTransition() no longer needs to be called except for a few
cases. We now have a variant of addTransition() that takes a
GRState*; this allows one to propagate the updated state without
caring about generating a new node explicitly. This nicely cleaned up
a bunch of cases that called autoTransition() with a bunch of
conditional logic surround the call (that common logic has now been
swallowed up by addTransition() itself).
llvm-svn: 89707
2009-11-23 22:22:01 +00:00
Ted Kremenek
b43737387b
Provide out-of-line definition for destructor of Checker.
...
llvm-svn: 89688
2009-11-23 18:53:03 +00:00
Ted Kremenek
02d6aca867
Tweak UndefBranchChecker to register the most nested "undefined" expression with bugreporter::registerTrackNullOrUndefValue instead of the condition itself.
...
llvm-svn: 89682
2009-11-23 18:12:03 +00:00
Ted Kremenek
d4dca6fde6
Cleanup title/description of "undefined branch" BugType and add some test cases for this check.
...
llvm-svn: 89679
2009-11-23 17:58:48 +00:00
Douglas Gregor
1c3feb5b25
Fix CMake build
...
llvm-svn: 89650
2009-11-23 12:03:50 +00:00
Zhongxing Xu
5f76620b53
UndefBranchChecker: more bug reporter helper information emit.
...
llvm-svn: 89643
2009-11-23 03:29:59 +00:00
Zhongxing Xu
56dd5f0f70
Initial refactor of UndefBranchChecker. We still use GRBranchNodeBuilder
...
in the checker directly. But I don't have a better approach for now.
llvm-svn: 89640
2009-11-23 03:20:54 +00:00
Ted Kremenek
12b64959ce
Change CheckDeadStores to use Expr::isNullPointerConstant, which will correctly determine whether an expression is a null pointer constant.
...
Patch by Kovarththanan Rajaratnam!
llvm-svn: 89621
2009-11-22 20:26:21 +00:00
Zhongxing Xu
014af28ce3
Undefined compound assignment result is checked in UndefinedAssignmentChecker. So this check is redundant.
...
llvm-svn: 89592
2009-11-22 13:36:20 +00:00
Zhongxing Xu
39638e133a
Remove invalid comments. The result is undefined only when operands are undefined.
...
llvm-svn: 89591
2009-11-22 13:30:10 +00:00
Zhongxing Xu
7f83e97b00
Save and restore the HasGen flag in MallocChecker.
...
llvm-svn: 89590
2009-11-22 13:22:34 +00:00
Benjamin Kramer
df58afae56
Don't include a dead header.
...
llvm-svn: 89587
2009-11-22 12:51:08 +00:00
Zhongxing Xu
f0b7fc8890
Remove UndefinedAssignmentChecker's header.
...
llvm-svn: 89585
2009-11-22 12:29:52 +00:00
Ted Kremenek
d354278b51
Make FixedAddressChecker and experimental check; it currently produces a ton of false positives when analyzing some projects (e.g., Wine).
...
llvm-svn: 89560
2009-11-21 17:55:24 +00:00
Ted Kremenek
9d6daf2cc4
Restructure DereferenceChecker slightly to handle caching out when we would report a null dereference more than once.
...
llvm-svn: 89526
2009-11-21 01:50:48 +00:00
Ted Kremenek
caf2c51fad
Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker also handled undefined receivers in message expressions.
...
llvm-svn: 89524
2009-11-21 01:25:37 +00:00
Ted Kremenek
f7adea43b4
More checker refactoring. Passing undefined values in a message expression is now handled by UndefinedArgChecker.
...
llvm-svn: 89519
2009-11-21 00:49:41 +00:00
Benjamin Kramer
7d875c7e7e
Fix typo GCC 4.3 warned about.
...
llvm-svn: 89453
2009-11-20 10:03:00 +00:00
Ted Kremenek
a4f7c180ae
Add simple static analyzer checker to check for sending 'release', 'retain', etc. directly to a class. Fixes <rdar://problem/7252064>.
...
llvm-svn: 89449
2009-11-20 05:27:05 +00:00
Ted Kremenek
c1f161c012
Unused ivar checker: ivars referenced by lexically nested functions should not be flagged as unused. Fixes <rdar://problem/7254495>.
...
llvm-svn: 89448
2009-11-20 04:31:57 +00:00
Zhongxing Xu
ab0ae2139a
Revert r89437 and add a comment.
...
llvm-svn: 89446
2009-11-20 03:50:46 +00:00
Zhongxing Xu
6d9a942174
It's unnecessary to check for unknown at this point.
...
llvm-svn: 89437
2009-11-20 01:56:48 +00:00
Ted Kremenek
dd2b2b23c8
Fix null dereference in NSAutoreleasePoolChecker when analyzing messages sent to blocks.
...
llvm-svn: 89413
2009-11-20 00:12:36 +00:00
Ted Kremenek
439a6d146c
Fix crash when using --analyzer-store=region when handling initializers with nested arrays/structs whose values are not explicitly specified. Fixes <rdar://problem/7403269>.
...
llvm-svn: 89384
2009-11-19 20:20:24 +00:00
Ted Kremenek
0c54d2da14
Remove printf statement.
...
llvm-svn: 89383
2009-11-19 20:01:53 +00:00
Ted Kremenek
4b35a2ed08
Only fetch the ASTContext object within the assertion.
...
llvm-svn: 89375
2009-11-19 19:04:08 +00:00
Daniel Dunbar
5d26212f6b
Silence -Asserts warning.
...
llvm-svn: 89373
2009-11-19 18:53:25 +00:00
Zhongxing Xu
23baa01af4
Add PreVisitReturn to Malloc checker. Now we can recognize returned memory
...
block.
llvm-svn: 89071
2009-11-17 08:58:18 +00:00
Zhongxing Xu
4668c7ed1c
Add EvalEndPath interface to Checker. Now we can check memory leaked at the
...
end of the path. Need to unify interfaces.
llvm-svn: 89063
2009-11-17 07:54:15 +00:00
Zhongxing Xu
f19f251523
Clear the dest set.
...
llvm-svn: 89060
2009-11-17 07:19:51 +00:00
Douglas Gregor
1b8fe5b716
First part of changes to eliminate problems with cv-qualifiers and
...
sugared types. The basic problem is that our qualifier accessors
(getQualifiers, getCVRQualifiers, isConstQualified, etc.) only look at
the current QualType and not at any qualifiers that come from sugared
types, meaning that we won't see these qualifiers through, e.g.,
typedefs:
typedef const int CInt;
typedef CInt Self;
Self.isConstQualified() currently returns false!
Various bugs (e.g., PR5383) have cropped up all over the front end due
to such problems. I'm addressing this problem by splitting each
qualifier accessor into two versions:
- the "local" version only returns qualifiers on this particular
QualType instance
- the "normal" version that will eventually combine qualifiers from this
QualType instance with the qualifiers on the canonical type to
produce the full set of qualifiers.
This commit adds the local versions and switches a few callers from
the "normal" version (e.g., isConstQualified) over to the "local"
version (e.g., isLocalConstQualified) when that is the right thing to
do, e.g., because we're printing or serializing the qualifiers. Also,
switch a bunch of
Context.getCanonicalType(T1).getUnqualifiedType() == Context.getCanonicalType(T2).getQualifiedType()
expressions over to
Context.hasSameUnqualifiedType(T1, T2)
llvm-svn: 88969
2009-11-16 21:35:15 +00:00
Zhongxing Xu
731f46264f
* Do the same thing to the basicstore as in r84163.
...
* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the
region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
we can let all Retrieve() methods simply return SVal.
llvm-svn: 88888
2009-11-16 04:49:44 +00:00
Zhongxing Xu
223f5119e1
Remove an unused parameter.
...
llvm-svn: 88882
2009-11-16 02:52:18 +00:00
Benjamin Kramer
f4c511b026
Change *BugReport constructors to take StringRefs.
...
- Eliminates many calls to std::string.c_str()
- Fixes an invalid read in ReturnStackAddressChecker due to an unsafe call to
StringRef.data() which doesn't guarantee null-termination.
llvm-svn: 88779
2009-11-14 12:08:24 +00:00
Ted Kremenek
1a0dd2e30b
Move definition of GRExprEngine::ProcessEndPath() out-of-line.
...
llvm-svn: 88729
2009-11-14 01:05:20 +00:00
Ted Kremenek
4ef13f8ac9
Add clang-cc option "--analyzer-experimental-internal-checks". This
...
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
llvm-svn: 88671
2009-11-13 18:46:29 +00:00
Zhongxing Xu
c7460964ac
Malloc checker basically works now.
...
llvm-svn: 87094
2009-11-13 07:48:11 +00:00
Zhongxing Xu
c4902a52a0
Hook up Malloc checker.
...
llvm-svn: 87093
2009-11-13 07:25:27 +00:00
Zhongxing Xu
a4276b091d
Check in a new interface of Checker, which will soon be used.
...
llvm-svn: 87092
2009-11-13 06:53:04 +00:00
Zhongxing Xu
0320ad28c7
GRStateManager::CurrentStmt is not used. Remove it.
...
llvm-svn: 87091
2009-11-13 06:04:01 +00:00
Ted Kremenek
3c55718016
Pull static variable within function (for slightly faster startup time).
...
llvm-svn: 87065
2009-11-13 01:58:01 +00:00
Ted Kremenek
a2968e59e3
retain/release checker: refactor some of the summary lookup logic for instance method summaries. No real functionality change, but it paves the way for new enhancements.
...
llvm-svn: 87062
2009-11-13 01:54:21 +00:00
Ted Kremenek
aedb7434c8
Add clang-cc option "-analyzer-experimental-checks" to enable experimental path-sensitive checks. The idea is to separate "barely working" or "skunkworks" checks from ones that should always run. Later we need more fine-grain checker control.
...
llvm-svn: 87053
2009-11-13 01:15:47 +00:00
Benjamin Kramer
1eb8569bcb
Fix MSVC build.
...
llvm-svn: 86983
2009-11-12 12:30:05 +00:00
Zhongxing Xu
c6d9292197
update CMakefile
...
llvm-svn: 86979
2009-11-12 08:39:33 +00:00
Zhongxing Xu
88cca6b085
Add boilerplate logic for a malloc/free checker.
...
llvm-svn: 86978
2009-11-12 08:38:56 +00:00
Ted Kremenek
6c37c5c356
PthreadLockChecker doesn't need PreVisitCallExpr() yet. All the current logic should be done in PostVisitCallExpr()
...
llvm-svn: 86959
2009-11-12 06:26:58 +00:00
Ted Kremenek
d48568f641
Add most of the boilerplate logic for a simple pthread_mutux_lock() -> pthread_mutex_unlock() checker. We need to add a visitor method to Checker for handling dead symbols in order to detect locks that are not unlocked.
...
llvm-svn: 86958
2009-11-12 06:17:47 +00:00
Ted Kremenek
386a2a52d3
Remove obsolete 'struct NullDerefTag'.
...
llvm-svn: 86957
2009-11-12 06:16:18 +00:00
Ted Kremenek
a971afb90f
Enhance Checker class (and GRExprEngine) to support PostVisitation for CallExprs. No clients (yet).
...
llvm-svn: 86949
2009-11-12 04:35:08 +00:00
Ted Kremenek
8f6c4e8617
Remove GRExprEngine::EvalCall(). It had a single callsite in GRExprEngine, and was easily inlined.
...
llvm-svn: 86948
2009-11-12 04:16:35 +00:00
Zhongxing Xu
383c273966
Make StoreManager::getSizeInElements() always return DefinedOrUnknownSVal.
...
llvm-svn: 86932
2009-11-12 02:48:32 +00:00
Ted Kremenek
7cf8238291
Remove some stale ErrorNodes variables in GRExprEngine and the old buffer overflow logic in GRExprEngineInternalChecks.cpp.
...
llvm-svn: 86877
2009-11-11 20:16:36 +00:00
Chandler Carruth
062c291949
After drinking caffeine, add the two files missing from the previous submit.
...
Sorry about that.
llvm-svn: 86869
2009-11-11 19:43:37 +00:00
Chandler Carruth
5375309250
Move the ManagerRegistry to the Analysis library to resolve the layering violation.
...
llvm-svn: 86863
2009-11-11 19:10:59 +00:00
Zhongxing Xu
b166712d02
Add undefined array subscript checker.
...
llvm-svn: 86837
2009-11-11 13:42:54 +00:00
Zhongxing Xu
83c4374e72
Remove the old out-of-bound checking code.
...
llvm-svn: 86836
2009-11-11 12:52:39 +00:00
Zhongxing Xu
4f7759a339
Reimplement out-of-bound array access checker with the new checker interface.
...
Now only one test case is XFAIL'ed.
llvm-svn: 86834
2009-11-11 12:33:27 +00:00
Zhongxing Xu
3ef93badbe
ReturnPointerRangeChecker: use StripCasts() instead of checking for zero index
...
explicitly.
Fix 80-col violations.
llvm-svn: 86833
2009-11-11 11:55:54 +00:00
Daniel Dunbar
23ede2d9d1
Update CMake.
...
llvm-svn: 86822
2009-11-11 08:14:02 +00:00
Ted Kremenek
04552cbef0
CastToStructChecker: use 'isStructureType()' instead of 'isRecordType()' to determine if a pointer is casted to a struct pointer. This fixes an observed false positive when a value is casted to a union.
...
llvm-svn: 86813
2009-11-11 06:43:42 +00:00
Ted Kremenek
55d59bf785
Fix display of "ANALYZE" statements in AnalysisConsumer by correctly resetting the flag indicating that the current Decl* has not yet been displayed. Also move this out of AnalysisManager, since AnalysisManager should not handle text output to the user.
...
llvm-svn: 86812
2009-11-11 06:28:42 +00:00
Ted Kremenek
4325315935
Remove public headers for UndefinedArgChecker, AttrNonNullChecker, and BadCallChecker, making their implementations completely private.
...
llvm-svn: 86809
2009-11-11 05:50:44 +00:00
Ted Kremenek
5e1f78aeb1
Refactor DereferenceChecker to use only the new Checker API instead of
...
the old builder API. This percolated a bunch of changes up to the
Checker class (where CheckLocation has been renamed VisitLocation) and
GRExprEngine. ProgramPoint now has the notion of a "LocationCheck"
point (with PreLoad and PreStore respectively), and a bunch of the old
ProgramPoints that are no longer used have been removed.
llvm-svn: 86798
2009-11-11 03:26:34 +00:00
Zhongxing Xu
f9667229a1
Ignore parentheses when check the type of the expr.
...
llvm-svn: 86677
2009-11-10 08:33:44 +00:00
Zhongxing Xu
537db5d652
SizeofPointerChecker: Many false positives have the form 'sizeof *p'.
...
This is reasonable because people know what they are doing when they
intentionally dereference the pointer.
So now we only emit warning when a pointer variable is use literally.
llvm-svn: 86673
2009-11-10 07:52:53 +00:00
Zhongxing Xu
456706c205
Now we can safely use the argument expression's source range.
...
llvm-svn: 86663
2009-11-10 04:22:08 +00:00
Zhongxing Xu
9a7448ceef
SizeofPointerChecker: If an explicit type specifier is used, do not issue warnings.
...
llvm-svn: 86662
2009-11-10 04:20:20 +00:00
Zhongxing Xu
77c470e8c7
Use the source range of the whole sizeof expression, otherwise it crashes when
...
the argument is not an expression.
llvm-svn: 86660
2009-11-10 03:27:00 +00:00
Zhongxing Xu
80bbc6d138
Refine PointerSubChecker: compare the base region instead of the original
...
region, so that arithmetic within a memory chunk is allowed.
llvm-svn: 86652
2009-11-10 02:37:53 +00:00
Zhongxing Xu
f8f3f9ddbc
Rename: StripCasts describes what it does better.
...
getBaseRegion will be used in another method.
llvm-svn: 86649
2009-11-10 02:17:20 +00:00
Jeffrey Yasskin
612e38026a
Fix clang's use of DenseMap iterators after r86636 fixed their constness.
...
Patch by Victor Zverovich!
llvm-svn: 86638
2009-11-10 01:17:45 +00:00
Douglas Gregor
4ef1d400d9
Make sure that Type::getAs<ArrayType>() (or Type::getAs<subclass of
...
ArrayType>()) does not instantiate. Update all callers that used this
unsafe feature to use the appropriate ASTContext::getAs*ArrayType method.
llvm-svn: 86596
2009-11-09 22:08:55 +00:00
Ted Kremenek
dd51f7cca2
Remove stale FIXME.
...
llvm-svn: 86595
2009-11-09 21:56:44 +00:00
Zhongxing Xu
ab0e27ff0c
Add check for pointer arithmetic on non-array variables.
...
llvm-svn: 86538
2009-11-09 13:23:31 +00:00
Zhongxing Xu
d6e7f9d4b2
Add check for obsolete function call of getpw().
...
llvm-svn: 86537
2009-11-09 12:19:26 +00:00
Zhongxing Xu
d09b22aa5a
remove redundant file name in CMakeLists.txt.
...
llvm-svn: 86536
2009-11-09 09:35:41 +00:00
Zhongxing Xu
08670a89aa
update CMakeList.txt
...
llvm-svn: 86535
2009-11-09 09:32:38 +00:00
Daniel Dunbar
53272bbf40
Update CMake
...
llvm-svn: 86533
2009-11-09 08:13:45 +00:00
Zhongxing Xu
f69973c858
Add comments.
...
llvm-svn: 86532
2009-11-09 08:13:04 +00:00
Zhongxing Xu
f06c684a33
Add checker for CWE-588: Attempt to Access Child of a Non-structure Pointer.
...
llvm-svn: 86529
2009-11-09 08:07:38 +00:00
Daniel Dunbar
65c0db98ab
Update CMake
...
llvm-svn: 86528
2009-11-09 08:04:31 +00:00
Zhongxing Xu
85000203bb
Put all long strings in 80-col.
...
llvm-svn: 86527
2009-11-09 07:29:39 +00:00
Zhongxing Xu
6c306c8b89
Add checker for CWE-587: Assignment of a Fixed Address to a Pointer.
...
llvm-svn: 86523
2009-11-09 06:52:44 +00:00
Zhongxing Xu
86b1e01c13
Add checker for CWE-469: Use of Pointer Subtraction to Determine Size. This
...
checker does not build sink nodes. Because svaluator computes an unknown value
for the subtraction now.
llvm-svn: 86517
2009-11-09 05:34:10 +00:00
Zhongxing Xu
0f92ec6ebd
Add a test case for CWE-467, and simplify the wording of the warning.
...
llvm-svn: 86504
2009-11-09 02:28:12 +00:00
Benjamin Kramer
489232c466
Update CMake file.
...
llvm-svn: 86479
2009-11-08 18:30:42 +00:00
Zhongxing Xu
b0a05f7ca1
Add a checker for CWE-467: Use of sizeof() on a Pointer Type.
...
llvm-svn: 86464
2009-11-08 13:10:34 +00:00
Ted Kremenek
975a119f31
Use SaveAndRestore to simplify logic in LiveVariables::runOnAllBlocks(). Patch by Kovarththanan Rajaratnam!
...
llvm-svn: 86343
2009-11-07 05:57:35 +00:00
Ted Kremenek
ae3361de2d
Remove Checker::CheckType() (and instead using CheckerVisitor::PreVisitDeclStmt()), and refactor VLASizeChecker to have only one Checker subclass (not two) and to not use the node builders directly (and instead use the newer CheckerContext).
...
llvm-svn: 86329
2009-11-07 03:56:57 +00:00
Ted Kremenek
795c611cfa
Make the VLASizeChecker implementation private, and its creation only known to GRExprEngineInternalChecks.cpp.
...
llvm-svn: 86292
2009-11-06 21:51:50 +00:00
Ted Kremenek
53a70c055d
Make the implementation of DivZeroChecker private.
...
llvm-svn: 86288
2009-11-06 20:47:51 +00:00
Ted Kremenek
df9ca633b6
Sentence-case bug type, and pull tests from region-only-test.c into misc-ps-region.store.m (removing an extra unneeded test file). Also add a bunch of FIXME comments for future enhancements.
...
llvm-svn: 86282
2009-11-06 20:16:31 +00:00
Chris Lattner
45540e91d1
add some const qualifiers, patch by Kovarththanan Rajaratnam!
...
llvm-svn: 86260
2009-11-06 18:01:14 +00:00
Zhongxing Xu
167bce9cf1
Add a checker for CWE-466: Return of Pointer Value Outside of Expected Range.
...
llvm-svn: 86252
2009-11-06 13:30:44 +00:00
Ted Kremenek
bee01e5b61
static analyzer: refactor checking logic for returning the address of a stack variable or a garbage
...
value into their own respective subclasses of Checker (and put them in .cpp files where their
implementation details are hidden from GRExprEngine).
llvm-svn: 86215
2009-11-06 02:24:13 +00:00
Ted Kremenek
2980b975ee
Minor cleanup: use BuiltinBug (which will soon be renamed) for DeferenceChecker and friends so that they always report the same bug type.
...
llvm-svn: 86208
2009-11-06 00:44:32 +00:00
Ted Kremenek
c92ff053e9
Tweak wording and classifications of analyzer diagnostics.
...
llvm-svn: 86127
2009-11-05 08:30:12 +00:00
Ted Kremenek
209e31b883
Modify GRExprEngine::EvalBind() to take both a "store expression" and
...
an "assign expression", representing the expressions where the value
binding occurs and the assignment takes place respectively. These are
largely syntactic clues for better error reporting.
llvm-svn: 86084
2009-11-05 00:42:23 +00:00
Daniel Dunbar
0300bbcf80
Update CMake.
...
llvm-svn: 86015
2009-11-04 06:39:40 +00:00
Ted Kremenek
9346a56793
Add FIXME.
...
llvm-svn: 86004
2009-11-04 04:24:44 +00:00
Ted Kremenek
ef910047b2
Catch uses of undefined values when they are used in assignment, thus catching such bugs closer to the source.
...
llvm-svn: 86003
2009-11-04 04:24:16 +00:00
Zhongxing Xu
259d46407a
Merge ZeroSizedVLAChecker and UndefSizedVLAChecker.
...
llvm-svn: 85996
2009-11-04 01:43:07 +00:00
Ted Kremenek
b006b82daf
Refactor StoreManager::BindDecl() to take a VarRegion* instead of a VarDecl*, and modify GRExprEngine::EvalBind() to handle decl initialization as well. This paves the way for adding "checker" visitation in EvalBind().
...
llvm-svn: 85983
2009-11-04 00:09:15 +00:00
Ted Kremenek
0fbbb0877d
Change GRTransferFuncs::RegisterChecks() to take a GRExprEngine& instead of a BugReporter&. This paves the way for pulling some of the retain/release checker into a "Checker" class.
...
llvm-svn: 85971
2009-11-03 23:30:34 +00:00
Ted Kremenek
8d43a6ac3d
Merge NullDerefChecker.[h,cpp] and UndefDerefChecker.[h,cpp]. They are essentially two parts of the same check.
...
llvm-svn: 85911
2009-11-03 18:41:06 +00:00
Benjamin Kramer
8a712c7866
Update CMakeLists.
...
llvm-svn: 85898
2009-11-03 13:37:33 +00:00
Zhongxing Xu
27fee83ec4
Pull VLA size checker into its own files.
...
Split it to two checkers, one for undefined size,
the other for zero size, so that we don't need to query the size
when emitting the bug report.
llvm-svn: 85895
2009-11-03 12:13:38 +00:00
Ted Kremenek
18c7ceee16
Implement: <rdar://problem/6250216> Warn against using -[NSAutoreleasePool release] in GC mode
...
llvm-svn: 85887
2009-11-03 08:03:59 +00:00
Ted Kremenek
924316d7d7
Move 'static inline' functions GetNullarySelector() and GetUnarySelector() from CFRefCount.cpp to ASTContext.h. These functions are likely to be generally useful.
...
llvm-svn: 85886
2009-11-03 08:00:42 +00:00
Zhongxing Xu
9b9d731a8b
Pull AttrNonNullChecker into its own files.
...
llvm-svn: 85883
2009-11-03 07:35:33 +00:00
Zhongxing Xu
b42929d773
Update CMake file.
...
llvm-svn: 85879
2009-11-03 07:14:39 +00:00
Ted Kremenek
df8016aabb
Rename NSErrorCheck to NSErrorChecker.
...
llvm-svn: 85877
2009-11-03 06:59:59 +00:00
Ted Kremenek
3684c65ded
Update CMake file.
...
llvm-svn: 85876
2009-11-03 06:46:41 +00:00
Zhongxing Xu
ab162e1873
Pull UndefinedArgChecker into its own files.
...
llvm-svn: 85875
2009-11-03 06:46:03 +00:00
Zhongxing Xu
0deca3486e
Pull BadCallChecker into its own files.
...
llvm-svn: 85868
2009-11-03 05:48:04 +00:00
Ted Kremenek
43edaa8432
retain/release checker: CGBitmapContextCreateWithData() returns an owned object.
...
llvm-svn: 85867
2009-11-03 05:39:12 +00:00
Ted Kremenek
d1b67db2e8
retain/release checker: Add special handling of CGBitmapContextCreateWithData().
...
Fixes: <rdar://problem/7358899>
llvm-svn: 85864
2009-11-03 05:34:07 +00:00
Ted Kremenek
fac290d359
Remove GRExprEngine::CheckerVisitLocation(). It was only called in one place, so we inlined it in to GRExprEngine::EvalLocation().
...
llvm-svn: 85838
2009-11-02 23:19:29 +00:00
Benjamin Kramer
6b289a9cf6
Update CMake file.
...
llvm-svn: 85652
2009-10-31 12:15:23 +00:00
Zhongxing Xu
b1c24724dd
Move CheckDivZero into its own files.
...
llvm-svn: 85651
2009-10-31 10:02:37 +00:00
Zhongxing Xu
358ced08d0
Move UndefDerefChecker into its own file.
...
llvm-svn: 85645
2009-10-31 08:44:33 +00:00
Zhongxing Xu
5f5c954329
fix 80-col.
...
llvm-svn: 85642
2009-10-31 03:36:08 +00:00
Ted Kremenek
5c2040b182
Tighten computation of ExprVal using ?: expression. No functionality change.
...
llvm-svn: 85618
2009-10-30 22:01:29 +00:00
Ted Kremenek
6f2a705a24
Make checkers run in deterministic order.
...
llvm-svn: 85597
2009-10-30 17:47:32 +00:00
Ted Kremenek
89f5c189db
Move NullDerefChecker.h instead a 'Checkers' subdirectory.
...
llvm-svn: 85596
2009-10-30 17:28:40 +00:00
Ted Kremenek
f613e89617
Move all logic for the null dereference checker from GRExprEngineInternalChecks.cpp to a separate .cpp file.
...
llvm-svn: 85595
2009-10-30 17:24:47 +00:00
Zhongxing Xu
b9eda67380
Fix PR5316: make assignment expressions can be visited as lvalue. Then we
...
can get the correct base lvalue.
Revert r85578.
llvm-svn: 85579
2009-10-30 07:19:39 +00:00
Ted Kremenek
e96a30a531
Handle loading of field values from LazyCompoundVals in GRExprEngine::VisitMemberExpr().
...
This fixes the crash reported in PR 5316.
llvm-svn: 85578
2009-10-30 05:48:30 +00:00
Zhongxing Xu
aa4121d062
Add an assertion to ensure NullDerefChecker exists.
...
llvm-svn: 85497
2009-10-29 05:56:54 +00:00
Ted Kremenek
1dbdbcc04c
Fix accidental use of CheckSVal instead of CheckLocation, and add a
...
small test case to show we handle dereferences of undefined values.
llvm-svn: 85492
2009-10-29 05:33:39 +00:00
Ted Kremenek
1f0a56e4c9
Fix an insidious bug in RegionStore::RemoveDeadBindings() pointed out
...
by Zhongxing Xu. RemoveDeadBindings() would falsely prune
SymbolicRegions from the store that wrapped derived symbols whose
liveness could only be determined after scanning the store.
llvm-svn: 85484
2009-10-29 05:14:17 +00:00
Zhongxing Xu
6b8bfb376b
Move NullDeref and UndefDeref into their own checker.
...
Add a CheckLocation() interface to Checker.
Now ImplicitNullDeref nodes are cached in NullDerefChecker.
More cleanups follow.
llvm-svn: 85471
2009-10-29 02:09:30 +00:00
Douglas Gregor
f7b87cb529
[llvm up]
...
Switch a few ugly switch-on-string-literal constructs to use the new
llvm::StringSwitch.
llvm-svn: 85461
2009-10-29 00:41:01 +00:00
Ted Kremenek
1c9401ec15
Unused ivars checker: also check methods in categories that are defined in the same translation unit. Fixes <rdar://problem/6260004>.
...
llvm-svn: 85442
2009-10-28 22:18:22 +00:00
Ted Kremenek
faba9fe5e4
Pull ivar scanning logic into another utility function. This refactoring will enable scanning
...
categories as well (WIP). No functionality change yet.
llvm-svn: 85423
2009-10-28 20:37:47 +00:00
Zhongxing Xu
cb131542f1
make CallGraph more flexible by letting it accept ASTContext instead of ASTUnit.
...
Patch by Simone Pellegrini.
llvm-svn: 85386
2009-10-28 12:23:03 +00:00
Zhongxing Xu
b7945461cb
'error' is usually used as a noreturn function. This can suppress some false
...
warnings. Eventually we need a way to import externally defined functions
summaries.
llvm-svn: 85092
2009-10-26 05:18:31 +00:00
Douglas Gregor
4bd90e53c2
Eliminate QualifiedDeclRefExpr, which captured the notion of a
...
qualified reference to a declaration that is not a non-static data
member or non-static member function, e.g.,
namespace N { int i; }
int j = N::i;
Instead, extend DeclRefExpr to optionally store the qualifier. Most
clients won't see or care about the difference (since
QualifierDeclRefExpr inherited DeclRefExpr). However, this reduces the
number of top-level expression types that clients need to cope with,
brings the implementation of DeclRefExpr into line with MemberExpr,
and simplifies and unifies our handling of declaration references.
Extended DeclRefExpr to (optionally) store explicitly-specified
template arguments. This occurs when naming a declaration via a
template-id (which will be stored in a TemplateIdRefExpr) that,
following template argument deduction and (possibly) overload
resolution, is replaced with a DeclRefExpr that refers to a template
specialization but maintains the template arguments as written.
llvm-svn: 84962
2009-10-23 18:54:35 +00:00
Zhongxing Xu
4611aee0ac
Rename: CheckBadDiv->CheckDivZero.
...
llvm-svn: 84824
2009-10-22 01:58:10 +00:00
Zhongxing Xu
2ebee13ff2
Simplify some code. No functionality change.
...
llvm-svn: 84757
2009-10-21 11:42:22 +00:00
Ted Kremenek
ab929bb352
Remove stale comment and tighten code.
...
llvm-svn: 84697
2009-10-20 23:59:28 +00:00
Ted Kremenek
8aed49000d
Use llvm::OwningPtr in CFGBuilder, fixing a leak on an error path.
...
llvm-svn: 84695
2009-10-20 23:46:25 +00:00
Ted Kremenek
d45ff6cced
Add destructor and cleanup code to LocationContext (fixing some leaks). Along the way, have
...
AnalysisManager periodically cleanup its AnalysisContextManager and LocationContextManager objects,
as they don't need to forever retain all the CFGs ever created when analyzing a file.
llvm-svn: 84684
2009-10-20 21:39:41 +00:00
Ted Kremenek
481c121ab5
RegionStore: Use the *default* binding (instead of the *direct* binding) of an Objective-C object
...
region when doing lazy value retrieval of an ivar.
This fixes: <rdar://problem/7312221>
llvm-svn: 84584
2009-10-20 01:20:57 +00:00
Ted Kremenek
90c953e98f
retain/release checker: allow 'new', 'copy', 'alloc', 'init' prefix to start before '_' when determining Cocoa fundamental rule.
...
Fixes: <rdar://problem/7265711>
llvm-svn: 84569
2009-10-20 00:13:00 +00:00
Daniel Dunbar
07d0785dbb
PR5218: Replace IdentifierInfo::getName with StringRef version, now that clients
...
are updated.
llvm-svn: 84447
2009-10-18 21:17:35 +00:00
Daniel Dunbar
70e7eadd15
Move misc clients to IdentifierInfo StringRef API.
...
- strcmp -> ==
- OS.write(II->getName() ...) -> OS << II->getNameStr()
- Avoid std::string concatenation
- Use getNameStr().str() when an std::string is really needed.
llvm-svn: 84437
2009-10-18 20:26:27 +00:00
Daniel Dunbar
2c422dc9ca
Move clients to use IdentifierInfo::getNameStart() instead of getName()
...
llvm-svn: 84436
2009-10-18 20:26:12 +00:00
Zhongxing Xu
775a2c08c8
use DenseSet instead of SmallSet.
...
llvm-svn: 84398
2009-10-18 04:15:47 +00:00
Daniel Dunbar
acb5a4b57c
Simplify more.
...
llvm-svn: 84342
2009-10-17 18:12:53 +00:00
Daniel Dunbar
9d9aa167e6
Simplify.
...
llvm-svn: 84341
2009-10-17 18:12:45 +00:00
Daniel Dunbar
e81a553162
Use raw_ostream instead of C stdio.
...
llvm-svn: 84340
2009-10-17 18:12:37 +00:00
Daniel Dunbar
403073e471
Simplify.
...
llvm-svn: 84338
2009-10-17 18:12:21 +00:00
Ted Kremenek
9f3a643bad
Minor cleanup: move typedef out of anonymous namespace (which now contains nothing) and into RemoveDeadBindings. No functionality change.
...
llvm-svn: 84335
2009-10-17 17:45:11 +00:00
Zhongxing Xu
c0c6508981
Per discussion with Ted, the 'FromSuper'/'FromSub' logic is invalid. Simplify
...
the code to standard worklist algorithm. Always add both sub and super
regions of live regions.
llvm-svn: 84323
2009-10-17 08:39:24 +00:00
Ted Kremenek
1baf407fbc
Fix another static analyzer crash due to a corner case in "folding" symbolic values that are constrained to be a constant.
...
llvm-svn: 84320
2009-10-17 07:39:35 +00:00
Zhongxing Xu
8b2f5d3929
Actually all regions whose super region is not MemSpaceRegion are of these 3
...
kinds. This means we are visiting all regions 'from super region'.
llvm-svn: 84319
2009-10-17 07:32:08 +00:00
Ted Kremenek
70bf6d6102
Fix static analyzer crash due to recently add symbolic-value constant folding. The issue was falsely
...
converting the constant value of the LHS of a '<<'/'>>' operation to the same APSInt value of the
RHS.
llvm-svn: 84269
2009-10-16 20:46:24 +00:00
Ted Kremenek
1eb68096a2
retain/release checker: Stop tracking reference counts for any symbols touched by StoreManager::InvalidateRegion().
...
This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.
llvm-svn: 84223
2009-10-16 00:30:49 +00:00
Ted Kremenek
4e45d80bfe
Educate the retain/release checker about [NSCursor dragCopyCursor].
...
This fixes <rdar://problem/7306898>
llvm-svn: 84213
2009-10-15 22:26:21 +00:00
Ted Kremenek
55adb821e8
retain/release checker: Use simpler utility method for creating class method summaries. No functionality change.
...
llvm-svn: 84210
2009-10-15 22:25:12 +00:00
Ted Kremenek
3abc41f45d
Per an astute observation from Zhongxing Xu, remove a "special case" logic in
...
RegionStoreManager::Retrieve() that was intended to handle conflated uses of pointers as integers.
It turns out this isn't needed, and resulted in inconsistent behavior when creating symbolic values on the following test case in 'tests/Analysis/misc-ps.m':
typedef struct _BStruct { void *grue; } BStruct;
void testB_aux(void *ptr);
void testB(BStruct *b) {
{
int *__gruep__ = ((int *)&((b)->grue));
int __gruev__ = *__gruep__;
testB_aux(__gruep__);
}
{
int *__gruep__ = ((int *)&((b)->grue));
int __gruev__ = *__gruep__;
if (~0 != __gruev__) {}
}
}
When the code was analyzed with '-arch x86_64', the value assigned to '__gruev__' be would be a
symbolic integer, but for '-arch i386' the value assigned to '__gruev__' would be a symbolic region
(a blob of memory). With this change the value created is always a symbolic integer.
Since the code being removed was added to support analysis of code calling
OSAtomicCompareAndSwapXXX(), I also modified 'test/Analysis/NSString.m' to analyze the code in both
'-arch i386' and '-arch x86_64', and also added some complementary test cases to test the presence
of leaks when using OSAtomicCompareAndSwap32Barrier()/OSAtomicCompareAndSwap64Barrier() instead of
just their absence. This code change reveals that previously both RegionStore and BasicStore were
handling these cases wrong, and would never cause the analyzer to emit a leak in these cases (false
negatives). Now RegionStore gets it right, but BasicStore still gets it wrong (and hence it has been
disabled temporarily for this test case).
llvm-svn: 84163
2009-10-15 01:40:34 +00:00
Ted Kremenek
8070b82d91
Remove stale comment.
...
llvm-svn: 84157
2009-10-14 23:58:34 +00:00
Zhongxing Xu
8679481408
Now StoreManager::CastRegion() takes a MemRegion, returns a MemRegion.
...
llvm-svn: 84081
2009-10-14 06:55:01 +00:00
Zhongxing Xu
9eb2706101
Remove dead code.
...
llvm-svn: 84073
2009-10-14 05:07:51 +00:00
Zhongxing Xu
7d6387bb24
* Remove unused GRState* parameter
...
* Make all Base value the last argument.
llvm-svn: 84071
2009-10-14 03:33:08 +00:00
Ted Kremenek
b4ec3fc42d
retain/release checker: Recognize that calls to
...
'CVPixelBufferCreateWithPlanarBytes()' and
'CVPixelBufferCreateWithBytes' (Core Video API) can indirectly release
a pixel buffer object via a callback.
This fixes <rdar://problem/7283567>.
llvm-svn: 84064
2009-10-14 00:27:24 +00:00
Ted Kremenek
80816acf9b
retain/release checker: retained objects passed to pthread_create (as
...
the data argument) should not be tracked further until we support full IPA.
(fixes <rdar://problem/7299394>)
llvm-svn: 84047
2009-10-13 22:55:33 +00:00