Commit Graph

488 Commits

Author SHA1 Message Date
Ted Kremenek bb7818b666 Enhance dead store checker to not flag preincrements to dead variables where the preincrement is a subexpression, e.g. foo(++x); This can cause false negatives, but will remove a whole class of false positives.
llvm-svn: 57554
2008-10-15 05:23:41 +00:00
Zhongxing Xu cc06b463f5 Check some cases for previous patch. Make the code more robust.
llvm-svn: 57317
2008-10-09 03:19:06 +00:00
Zhongxing Xu d9959aee34 This is the first step to implement a field-sensitive store model. Other things are simplified: no heap shape assumption, no parameter alias assumption, etc.
llvm-svn: 57285
2008-10-08 02:50:44 +00:00
Zhongxing Xu de7509f01a Added a function call case that generates sink nodes.
llvm-svn: 57240
2008-10-07 10:06:03 +00:00
Zhongxing Xu f5e7c90c46 Migrate MemRegionManager from StateManager to StoreManager.
llvm-svn: 57225
2008-10-07 01:31:04 +00:00
Ted Kremenek 4db44b62ad Don't use DeclStmt::getDecl(); this will eventually disappear. Just fetch the first decl using the DeclStmt::decl_iterator.
llvm-svn: 57194
2008-10-06 18:43:53 +00:00
Ted Kremenek fae8cb0736 Use DeclStmt::decl_iterator instead of using Decl::getDecl(). Soon DeclStmts will wrap group of Decls.
Added FIXME.

llvm-svn: 57189
2008-10-06 18:37:46 +00:00
Zhongxing Xu a4bbcd302e Fix typos.
llvm-svn: 57146
2008-10-06 03:03:33 +00:00
Zhongxing Xu 8c9771bdf0 Remove redundant parameter and rename StMgr to StateMgr.
llvm-svn: 57107
2008-10-05 12:12:48 +00:00
Ted Kremenek 5ca90a244f This is a big patch, but the functionality change is small and the rest of the patch consists of deltas due to API changes.
This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h.  This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses.  This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.  

The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls.  In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal.  Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.

There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.

The memory region abstraction also allows type-information to literally be affixed to a memory region.  This will allow the some now redundant logic to be removed from the retain/release checker.

llvm-svn: 57042
2008-10-04 05:50:14 +00:00
Ted Kremenek 3aa89a971d Enhance NSError** checking with analogous checking for CFErrorRef*.
Expand checking to include functions, not just methods.

llvm-svn: 56938
2008-10-01 23:24:09 +00:00
Ted Kremenek 8dcd40768e Use LVal::IsLValType(T) instead of checking to see if the type is an "lvalue" type directly.
llvm-svn: 56912
2008-10-01 05:02:13 +00:00
Ted Kremenek d331d09e2f Add a QualType to ConjuredSymbol to represent the type and size of the symbol.
Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.

llvm-svn: 56894
2008-10-01 00:21:14 +00:00
Ted Kremenek f1b299952a Revert last patch, but add a fixme
llvm-svn: 56832
2008-09-30 05:35:42 +00:00
Ted Kremenek 76bccf6221 Within the transfer function of UnaryOperatorExpr, handle implicit promotions
from the subexpression type to the expression type.

llvm-svn: 56831
2008-09-30 05:32:44 +00:00
Ted Kremenek 21c24f1785 Revert 56735. The old bug categories were more informative.
llvm-svn: 56755
2008-09-27 22:02:42 +00:00
Ted Kremenek 16a59fabec Change "leaks" to have the category "Performance".
llvm-svn: 56735
2008-09-27 00:45:27 +00:00
Ted Kremenek 61a625ff70 Move VLA processing logic from LiveVariables to CFG construction. This way all dataflow analyses "see" the VLA size expressions.
llvm-svn: 56655
2008-09-26 16:26:36 +00:00
Ted Kremenek 2ece64bbc4 Examine VLA size expressions when computing liveness information.
Fixes <rdar://problem/6248086>

llvm-svn: 56645
2008-09-26 05:52:45 +00:00
Ted Kremenek 76f79ba890 Change casing of bug type.
llvm-svn: 56405
2008-09-21 19:08:31 +00:00
Ted Kremenek 638e280c32 The checks in BasicObjCFoundationChecks now have a category: "API Misuse (Apple)"
llvm-svn: 56403
2008-09-21 19:01:39 +00:00
Ted Kremenek ba9781dcfc The "unused ivar" check now has a category: "Optimization"
llvm-svn: 56402
2008-09-21 18:58:22 +00:00
Ted Kremenek 1b6997ed5e Built-in checks now have a category: "Logic Errors"
llvm-svn: 56401
2008-09-21 18:57:28 +00:00
Ted Kremenek 33663885c3 Add a bug category for NSError** checks.
llvm-svn: 56394
2008-09-21 06:57:40 +00:00
Ted Kremenek de195e2100 Add "category" to BugTypes, allowing bugs to be grouped.
Changed casing of many bug names.  The convention will be to have bug names (mostly) lower cased, and categories use some capitalization.

llvm-svn: 56385
2008-09-20 04:23:38 +00:00
Ted Kremenek bc15d8539d Add PostStore, a new ProgramPoint to distinguish between 'stores' and other PostStmts.
GRExprEngine:
  Use PostStore in EvalStore.
  Use a second version of EvalStore in EvalBinaryOperator to associate the store with the expression on the LHS.

llvm-svn: 56383
2008-09-20 01:50:34 +00:00
Ted Kremenek 31a15f8ba2 Bug fix: for the base transfer function logic for casts, handle const casts as just propagating the value.
llvm-svn: 56368
2008-09-19 20:51:22 +00:00
Ted Kremenek 34bfd8a490 Fixed logic error in BasicConstraintManager pointed out by Zhongxing Xu.
For checking if a symbol >= value, we need to check if symbol == value || symbol
> value. When checking symbol > value and we know that symbol != value, the path
is infeasible only if value == maximum integer.

For checking if a symbol <= value, we need to check if symbol == value || symbol
< value. When checking symbol < value and we know that symbol != value, the path
is infeasible only if value == minimum integer.

Updated test case exercising this logic: we only prune paths if the values are
unsigned.

llvm-svn: 56354
2008-09-19 18:00:36 +00:00
Ted Kremenek a5bf9cb4be When we have a binary expression 'int operator symbol', properly rewrite this as
'symbol operator-reverse int'. This patch is a combination of code from
Zhongxing Xu and myself (Zhongxing noticed this bug for the cases of
relational operators).

llvm-svn: 56351
2008-09-19 17:31:13 +00:00
Zhongxing Xu a8e88ecda6 Add an omitted case for AssumeSymInt.
llvm-svn: 56334
2008-09-19 06:07:59 +00:00
Ted Kremenek a417c0e80a Add panic function "__assert_fail".
llvm-svn: 56327
2008-09-19 02:30:47 +00:00
Ted Kremenek 6a1a334b6c Register the implicit null-dereferenced object as a notable symbol.
llvm-svn: 56319
2008-09-18 23:23:19 +00:00
Ted Kremenek b42f482c91 Implement second part of PR 2600: NSError** parameter may be null, and should be checked before being dereferenced.
llvm-svn: 56318
2008-09-18 23:09:54 +00:00
Ted Kremenek f0673e4eb6 Change implementation of NSError** coding-style check to be invoked at the end of the retain/release analysis.
llvm-svn: 56312
2008-09-18 21:25:13 +00:00
Ted Kremenek fc3abeb1e5 Implemented one of the checks requested in PR 2600:
"Method accepting NSError** argument should have non-void return value to indicate that an error occurred."

Test case written, but the header needs to be delta-debugged reduced.  Will commit shortly.

llvm-svn: 56297
2008-09-18 06:33:41 +00:00
Ted Kremenek 8782716c4a Minor pass-sensitivity improvement:
if we know that 'len != 0' and know that 'i == 0' then we know that
  'i < len' must evaluate to true and cannot evaluate to false

llvm-svn: 56260
2008-09-16 23:24:45 +00:00
Ted Kremenek 0ecb53a421 ProgramPoint now takes the space of two pointers instead of one. This change was
motivated because it became clear that the number of subclasses of ProgramPoint
would expand and we ran out of bits to represent a pointer variant. As a plus of
this change, BlockEdge program points can now be represented explicitly without
using a cache of CFGBlock* pairs in CFG.

llvm-svn: 56245
2008-09-16 18:44:52 +00:00
Ted Kremenek 2d470fc0ba Patch by Csaba Hruska!
"Here is a patch what replaces std::ostream with llvm::raw_ostream. This patch
covers the AST library, but ignores Analysis lib."

llvm-svn: 56185
2008-09-13 05:16:45 +00:00
Ted Kremenek ef2b3a71bb Add missing spaces in path diagnostics.
llvm-svn: 56166
2008-09-12 18:17:46 +00:00
Ted Kremenek 1b9e10390b Store: (static analyzer)
- Change definition of store::Region and store::Binding (once again) to make
  them real classes that just wrap pointers. This makes them more strictly
  typed, and allows specific implementations of Regions/Bindings to just
  subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments

StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
  store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
  versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'

BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager

llvm-svn: 55688
2008-09-03 03:06:11 +00:00
Daniel Dunbar c62cf79290 Add newline at end of file.
llvm-svn: 55559
2008-08-30 02:06:22 +00:00
Zhongxing Xu 4c23963de8 Added LLVM comment header.
llvm-svn: 55537
2008-08-29 15:09:12 +00:00
Zhongxing Xu c1bd3a5f8b Migrate the rest symbolic analysis stuff to BasicConstraintManager.
llvm-svn: 55536
2008-08-29 14:52:36 +00:00
Ted Kremenek 5043680da4 Remove dead method.
llvm-svn: 55526
2008-08-29 03:55:31 +00:00
Ted Kremenek c83e755d78 Added "getBindings" and "BindingAsString" to GRStateManager and StoreManager.
Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).

llvm-svn: 55522
2008-08-29 00:47:32 +00:00
Ted Kremenek 5909059524 Remove BasicStore.h (migrated function prototype for CreateBasicStore() to Store.h)
llvm-svn: 55519
2008-08-28 23:39:42 +00:00
Ted Kremenek 75d2ac956f Remove Regions.h and Regions.cpp, since we are now using an even more abstract representation of "memory regions" in the static analyzer.
llvm-svn: 55515
2008-08-28 23:32:43 +00:00
Ted Kremenek e91874f71f Make store "Regions" and "Bindings" more abstract instead of concrete variants.
Their precise semantics will be implemented by a specific StoreManager.

Use function pointer to create the StoreManager in GRStateManager.  This matches how we create ConstraintsManager.

llvm-svn: 55514
2008-08-28 23:31:31 +00:00
Ted Kremenek f1b9209a34 Fixed analyzer caching bug involving the transfer function for loads.
llvm-svn: 55494
2008-08-28 18:43:46 +00:00
Ted Kremenek b45e6b91c6 Fixed analyzer caching bug in DeclStmt.
llvm-svn: 55487
2008-08-28 18:34:26 +00:00
Ted Kremenek b5ef37f28e Make the destructor of ConstraintManager virtual.
llvm-svn: 55448
2008-08-27 23:13:01 +00:00
Zhongxing Xu f71b5f39bb Refactor Assume logic into a separate class ConstraintManager.
llvm-svn: 55412
2008-08-27 14:03:33 +00:00
Ted Kremenek 912c28444f Added "Auditor" interface for auditing the construction of ExplodedGraphs.
llvm-svn: 55403
2008-08-27 01:56:11 +00:00
Ted Kremenek 6f7c419308 Make implementation of ExplodedNodeImpl::addPredecessor out-of-line.
llvm-svn: 55402
2008-08-27 01:27:52 +00:00
Ted Kremenek af665820e4 Remove default value for 'Pred' argument to GRCoreEngineImpl::GenerateNode().
llvm-svn: 55392
2008-08-26 22:34:23 +00:00
Ted Kremenek 2a2c875b9c Added 'extents' for Regions.
Added 'getExtent()' to StoreManager.
Implemented 'getExtent()' for BasicStoreManager.

llvm-svn: 55321
2008-08-25 19:33:03 +00:00
Chris Lattner a2e25e5e72 adjust to changes in various APIs from LLVM. We can't print
an APInt directly to an ostream now, so add some hacks.  It would
be better to switch all of the bugreport (and friends) stuff over
to raw_ostream.

llvm-svn: 55264
2008-08-23 22:23:37 +00:00
Ted Kremenek 4e7713c04d Simplify interface to Store::AddDecl
llvm-svn: 55213
2008-08-23 00:50:55 +00:00
Zhongxing Xu 614f6a060d Modify comments.
llvm-svn: 55150
2008-08-21 23:00:21 +00:00
Zhongxing Xu d95495f601 Move the handling of DeclStmt from GRExprEngine to BasicStoreManager.
llvm-svn: 55144
2008-08-21 22:34:01 +00:00
Ted Kremenek e5edbdd4ee Patch by Zhongxing Xu:
This patch moves some code in GRStateManager::RemoveDeadBindings() to EnvironmentManager::RemoveDeadBindings().

llvm-svn: 55064
2008-08-20 17:08:29 +00:00
Ted Kremenek eb38fde5e5 Patch by Zhongxing Xu: We should set back the modified ConstEq map.
llvm-svn: 55060
2008-08-20 16:59:15 +00:00
Ted Kremenek 19edd216f2 Move store pretty-printing logic inside of StoreManager (previously in GRState).
llvm-svn: 55013
2008-08-19 22:24:03 +00:00
Ted Kremenek 67102b281e Patch by Zhongxing Xu!
This patch extends BasicStoreManager::getInitialStore() to include code that symbolicates input variables.
It also removes redundant handling of ImplicitParamDecl, since it is a subclass of VarDecl.

llvm-svn: 54993
2008-08-19 16:51:45 +00:00
Argyrios Kyrtzidis 3bab3d21f9 Add ExplicitCastExpr to replace the current CastExpr, and have ImplicitCastExpr and ExplicitCastExpr derive from a common base class (CastExpr):
Expr
  -> CastExpr
     -> ExplicitCastExpr
     -> ImplicitCastExpr 

llvm-svn: 54955
2008-08-18 23:01:59 +00:00
Chris Lattner 5d1cfa1229 various updates to match r54873 on mainline.
llvm-svn: 54874
2008-08-17 07:19:51 +00:00
Ted Kremenek 87aab6c771 Migrate the retain/release checker to not manage the RefBindings::Factory object
directly, but instead have GRStateManager manage it.

llvm-svn: 54862
2008-08-17 03:20:02 +00:00
Ted Kremenek 90d488f724 Migrate GRState::ConstEqTy (map used from tracking constants for symbols) to use the generic data map instead.
llvm-svn: 54860
2008-08-17 03:10:22 +00:00
Ted Kremenek edd9a18050 Added GRStateTrait.h, which includes boilerplate code for creating specializations of GRStateTrait<>.
Modified GRStateTrait<ConstNotEq> in GRState to use the boilerplate in GRStateTrait<> for ImmutableMaps.

llvm-svn: 54859
2008-08-17 02:59:30 +00:00
Nick Lewycky 0fb45f60d5 It's spelt "uninitialized".
llvm-svn: 54848
2008-08-16 17:46:53 +00:00
Ted Kremenek ceba6ead45 GRState:
- Remove ConstNotEq from GRState/GRStateManager (!= tracking uses GDM instead).
- GRStateManager now can book-keep "contexts" (e.g., factory objects) for uses
  with data elements stored into the GDM.
- Refactor pretty-printing of states to use GRState::Printer objects
  exclusively. This removed a huge amount of pretty-printing logic from
  GRExprEngine.

CFRefCount
- Simplified some API calls based on refinements to the GDM api.

llvm-svn: 54835
2008-08-16 00:49:49 +00:00
Ted Kremenek c7138bb0a7 Default initialize only pointers and integer types (for now).
llvm-svn: 54798
2008-08-14 22:11:13 +00:00
Ted Kremenek db7dd9cd15 Migrated retain/release checker to use the Generic Data Map in GRState (instead
of using CheckerState).

Removed CheckerState from GRState.

Added class GRStateRef which wraps GRState* and GRStateManager*. This is handy
for generating new states with a single handle.

Added member template set/get functions to GRStateRef/GRState/GRStateManager for
accessing the Generic Data Map.

llvm-svn: 54788
2008-08-14 21:16:54 +00:00
Ted Kremenek 16306107cf Renamed GRState::CheckerStatePrinter to GRState::Printer.
Updated checker state printer interface to allow transfer functions to return an arbitrary number of GRState::Printers.

llvm-svn: 54762
2008-08-13 21:24:49 +00:00
Ted Kremenek 0e7d96c370 Rename ValueState.h -> GRState.h
Rename ValueState.cpp -> GRState.cpp

llvm-svn: 54722
2008-08-13 04:28:02 +00:00
Ted Kremenek 5ab5a1b578 Rename ValueState -> GRState.
Rename ValueStateManager -> GRStateManager.

llvm-svn: 54721
2008-08-13 04:27:00 +00:00
Ted Kremenek dccd9883c4 Initialize tracked local variables to undefined.
llvm-svn: 54716
2008-08-13 03:28:04 +00:00
Ted Kremenek 3f91f037a7 Fix memory leak found by Sam Bishop: delete WList in the dstor of GRCoreEngineImpl.
llvm-svn: 54714
2008-08-13 03:10:52 +00:00
Ted Kremenek 27fb019038 Added GenericDataMap as a component of ValueState.
llvm-svn: 54704
2008-08-12 21:49:24 +00:00
Ted Kremenek 9551ab6c8c More cleanups. Add missing #include.
llvm-svn: 54699
2008-08-12 20:41:56 +00:00
Ted Kremenek 3f13f598ce More summary generation refactoring.
llvm-svn: 54696
2008-08-12 18:48:50 +00:00
Ted Kremenek 050b91cd28 Add variadic addInstMethSummary() and refactored addPanicSummary() to use this method. (code reduction).
Misc. cleanups.

llvm-svn: 54694
2008-08-12 18:30:56 +00:00
Daniel Dunbar 6e8aa537f8 More #include cleaning
- Drop {Decl.h,DeclObjC.h,IdentifierTable.h} from Expr.h
 - Moved Sema::getCurMethodDecl() out of line (dependent on
   ObjCMethodDecl via dyn_cast).

llvm-svn: 54629
2008-08-11 05:35:13 +00:00
Nico Weber 4c3116437c * Remove isInSystemHeader() from DiagClient, move it to SourceManager
* Move FormatError() from TextDiagnostic up to DiagClient, remove now  
  empty class TextDiagnostic
* Make DiagClient optional for Diagnostic

This fixes the following problems:

* -html-diags (and probably others) does now output the same set of  
  warnings as console clang does
* nothing crashes if one forgets to call setHeaderSearch() on  
  TextDiagnostic
* some code duplication is removed

llvm-svn: 54620
2008-08-10 19:59:06 +00:00
Chris Lattner 6307f19726 rename PreDefinedExpr -> PredefinedExpr
llvm-svn: 54605
2008-08-10 01:53:14 +00:00
Ted Kremenek 4455a9d378 Added FIXME.
llvm-svn: 54568
2008-08-09 00:41:45 +00:00
Ted Kremenek 0216b83d94 Don't use Expr::isIntegerConstantExpr just to check if a pointer value is initialize to NULL.
llvm-svn: 54563
2008-08-09 00:05:14 +00:00
Ted Kremenek 4b1327960d Added AssumeSymGT, AssumeSymGE, AssumeSymLT, AssumeSymLE to add some minor improvements to path-sensitivity. Right now we basically treat 'x > y' and 'x < y' as implying 'x != y', but this restriction will only inevitably apply to our must rudimentary value tracking component (we'll implement more advanced value reasoning later).
llvm-svn: 54493
2008-08-07 22:30:22 +00:00
Ted Kremenek 18391f432b Don't flag any dead stores for variables marked unused.
llvm-svn: 54492
2008-08-07 22:28:30 +00:00
Ted Kremenek 4f8792b616 Added decl_iterator to DeclStmt to provide an abstract interface to iterate over the ScopedDecls of a DeclStmt.
Updated a few clients of DeclStmt::getNextDeclarator() to use decl_iterator instead.  Will update other clients after additional testing.

llvm-svn: 54368
2008-08-05 20:46:55 +00:00
Ted Kremenek 9512c122fa Change 'dead store (++/--)' to 'dead increment'
llvm-svn: 54268
2008-08-02 18:19:48 +00:00
Ted Kremenek a7045d663d Enhanced path-sensitive return-of-stack-address check to print out the name of the variable whose address was returned.
llvm-svn: 54253
2008-07-31 20:31:27 +00:00
Ted Kremenek a8b8ce499a Add range highlighting for path-sensitive return-of-stack-address check.
llvm-svn: 54219
2008-07-30 17:49:12 +00:00
Chris Lattner 3f6cd0bc76 remove some unneeded calls to getCanonicalType
llvm-svn: 54106
2008-07-26 22:36:27 +00:00
Chris Lattner 574dee6cac change more instances of QualType::getCanonicalType to call
ASTContext::getCanonicalType instead (PR2189)

llvm-svn: 54105
2008-07-26 22:17:49 +00:00
Ted Kremenek d074ce47b6 Have the UnusedIvar check skip ivars with setters/getters created by @synthesize.
llvm-svn: 54050
2008-07-25 20:28:02 +00:00
Ted Kremenek 83ec24501e Remove call to isSEL and isSEL itself since the call is dead (isObjCObjectPointerType() will never return true for selectors).
llvm-svn: 54034
2008-07-25 18:17:35 +00:00
Ted Kremenek 2483730e3f Only warn about missing/incomplete -dealloc implementations when a class contains a non-SEL, non-IBOutlet ivar that references an ObjC object.
llvm-svn: 54024
2008-07-25 17:04:49 +00:00
Ted Kremenek 092ec76923 Don't emit 'dead initialization' warnings for variables marked 'unused'.
This fixes PR 2573: http://llvm.org/bugs/show_bug.cgi?id=2573

llvm-svn: 54009
2008-07-25 04:47:34 +00:00
Ted Kremenek 5eb536b74c Use ASTContext::isObjCObjectPointerType() to check if an ivar is a reference to an Objective-C object.
llvm-svn: 53999
2008-07-24 23:59:07 +00:00
Ted Kremenek 9e9afb552c Correctly handle NSAssertionHandle -handleFailureInMethod:object:file:lineNumber:description:
This fixes: http://llvm.org/bugs/show_bug.cgi?id=2593

llvm-svn: 53993
2008-07-24 18:47:16 +00:00
Ted Kremenek 0e60b7588a Don't issue a missing +dealloc warning for classes that just contain SEL ivars.
This fixes PR 2592: http://llvm.org/bugs/show_bug.cgi?id=2592

llvm-svn: 53987
2008-07-24 17:45:56 +00:00
Ted Kremenek 87b16f4258 Issue dead store warnings for preincrements involved in a subexpression.
llvm-svn: 53983
2008-07-24 17:01:17 +00:00
Ted Kremenek 9572cae92b Don't flag dead stores when the result of a preincrement/predecrement is used in an enclosing expression.
llvm-svn: 53964
2008-07-23 22:19:56 +00:00
Ted Kremenek ecc851bb6e Further refine dead store checking to distinguish between dead stores and dead increments.
llvm-svn: 53960
2008-07-23 21:16:38 +00:00
Ted Kremenek 46abc7db6b Properly skip IBOutlets when checking for unused ivars.
Refine the error message of unused ivars.
Added test case.

llvm-svn: 53957
2008-07-23 18:21:36 +00:00
Ted Kremenek 6b6a4b6446 Ivar access mode ObjCIvarDecl::None == ObjCIvarDecl::Protected, not private.
llvm-svn: 53953
2008-07-23 17:14:39 +00:00
Ted Kremenek 3b28f4911c Add prototype implementation of unused ivar check.
llvm-svn: 53942
2008-07-23 00:45:26 +00:00
Ted Kremenek 1f352db96a Moved registration of basic path-sensitive checks from GRSimpleVals.cpp to GRExprEngineInternalChecks.cpp.
llvm-svn: 53909
2008-07-22 16:21:24 +00:00
Ted Kremenek 6bb53303e1 Rename file.
llvm-svn: 53906
2008-07-22 14:41:47 +00:00
Ted Kremenek 98f6e582f2 Added path-sensitive checking for null pointer values passed to function arguments marked nonnull.
This implements <rdar://problem/6069935>

llvm-svn: 53891
2008-07-22 00:46:16 +00:00
Ted Kremenek f41b1c45fa "currentHandler" is a nullary selector
llvm-svn: 53763
2008-07-18 18:14:26 +00:00
Ted Kremenek f7faa42c6c Fix caching bug.
llvm-svn: 53759
2008-07-18 17:39:56 +00:00
Ted Kremenek 3b2294c7e6 Add panic support for NSAssertionHandler.
llvm-svn: 53758
2008-07-18 17:24:20 +00:00
Ted Kremenek d785465167 Add panic function.
llvm-svn: 53755
2008-07-18 16:28:33 +00:00
Ted Kremenek 36f6b04295 Fix 80 col violation
llvm-svn: 53754
2008-07-18 15:59:33 +00:00
Ted Kremenek b1c91bfc45 Fix regression by explicitly checking if we are negating a SymIntConstantVal.
llvm-svn: 53753
2008-07-18 15:54:51 +00:00
Ted Kremenek 6a62d908c3 Improve path-sensitivity when using the logical not operator.
llvm-svn: 53752
2008-07-18 15:46:06 +00:00
Ted Kremenek 91614e6fe6 Renamed deterministic EvalBinOp to DetermEvalBinOpNN. This name mangling is unfortunately needed because virtual methods with the same name can be hidden by subclasses.
llvm-svn: 53751
2008-07-18 15:27:58 +00:00
Ted Kremenek 8d6b42e096 Created ValueStateSet class to manage the creation of multiple states by a method.
Modified the new EvalBinOpNN to generate states instead of nodes.  This is a much simpler interface and is what clients will want to do.

llvm-svn: 53750
2008-07-18 05:53:58 +00:00
Ted Kremenek e330aacbed Update signature of EvalAssume.
llvm-svn: 53745
2008-07-17 23:33:10 +00:00
Ted Kremenek 9c32a1ecf5 Move GRTransferFunc* into ValueStateManager, and move the assumption logic there as well.
llvm-svn: 53743
2008-07-17 23:15:45 +00:00
Ted Kremenek a79d9a9c79 Remove redundant logic.
llvm-svn: 53740
2008-07-17 21:36:43 +00:00
Ted Kremenek bc9118b165 Begin major changes to EvalXXX methods in GRTransferFuncs. Currently some of the methods only return an RVal; we want them to be able to create an arbitrary number of states.
llvm-svn: 53739
2008-07-17 21:27:31 +00:00
Ted Kremenek 88a6b7fa80 Moved RemoveDeadBindings logic for the contents of 'Store' to a virtual RemoveDeadBindings method in StoreManager.
llvm-svn: 53726
2008-07-17 18:38:48 +00:00
Ted Kremenek ae543148bc Fix regression introduced by http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20080714/006514.html.
The regression was the casts from integers to pointers where not being handled: they would just return UnknownVal.  This would greatly decrease path-sensitivity.

llvm-svn: 53659
2008-07-16 00:23:49 +00:00
Ted Kremenek f46dddac5b Fix transfer function logic in GRSimpleVals for integer casts: only support casts from integers to integers.
This fixes a crash reported by Anders Carlsson!

llvm-svn: 53649
2008-07-15 23:17:54 +00:00
Ted Kremenek ed1f72b67c For the MissingDealloc check, don't treat IBOutlet ivars as being needed to be released
llvm-svn: 53647
2008-07-15 23:04:27 +00:00
Ted Kremenek 81bfc074c9 Distinguish between dead stores and dead initializations.
llvm-svn: 53628
2008-07-15 18:06:32 +00:00
Ted Kremenek 176e2c519d isRetain() and isRelease() now only returns true if "Retain"/"Release" appears in the suffix of a function's name.
llvm-svn: 53621
2008-07-15 17:43:41 +00:00
Ted Kremenek fa89e2f09c Support retain/release tracking for CoreGraphics (CGxxxRef) objects.
llvm-svn: 53617
2008-07-15 16:50:12 +00:00
Ted Kremenek c18255d80f Refactor Dead Stores error reporting to use the simplified BugReporter::EmitBasicReport interface.
llvm-svn: 53573
2008-07-14 20:56:04 +00:00
Ted Kremenek 0255531dd3 Added method "EmitBasicReport" to BugReporter to simplify the emission of simple bug diagnostics.
Refactored error reporting in CheckObjCDealloc and CheckObjCInstMethSignature to use this new bug reporting interface (major code simplification).

llvm-svn: 53560
2008-07-14 17:40:50 +00:00
Ted Kremenek e5b5953672 Tidy up error message.
llvm-svn: 53493
2008-07-11 23:17:01 +00:00
Ted Kremenek 3bfb314c25 Add new check: -check-objc-methodsigs. This check scans methods in
ObjCImplementationDecls and sees if a ancestor class defines a method with the
same selector but with a different type signature. Right now it just compares
return types, and mainly looks at differences in primitive values. The checking
will be expanded in the future.

llvm-svn: 53482
2008-07-11 22:40:47 +00:00
Ted Kremenek aced3ad4b8 Fix comment.
llvm-svn: 53473
2008-07-11 20:53:14 +00:00
Ted Kremenek c50e1a196e Refactored auditor interface within GRExprEngine and GRCoreEngine to use a "batch auditor" to dispatch to specialized auditors instead of having a separate vector for each audited Expr*. This not only provides a much cleaner implementation, but also allows us to install auditors for any expression.
llvm-svn: 53464
2008-07-11 18:37:32 +00:00
Ted Kremenek a7b8ffb05b Refactored most of the "Store" piece of ValueState into a Store type. The
current store implementation is now encapsulated by BasicStore.

These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.

llvm-svn: 53423
2008-07-10 22:03:41 +00:00
Ted Kremenek 976d1e0ea8 Remove unused class AnnotatedPath.
llvm-svn: 53413
2008-07-10 17:25:03 +00:00
Ted Kremenek ad4a7e4a69 Move some environment methods from ValueState/ValueStateManager to Environment/EnvironmentManager.
llvm-svn: 53412
2008-07-10 17:19:18 +00:00
Ted Kremenek 5f996d5a06 Remove getParentMap() from GRExprEngine.
llvm-svn: 53343
2008-07-09 19:46:42 +00:00
Ted Kremenek ae529271e8 Fix PR2519: correctly handle CFDictionaryCreate.
llvm-svn: 53334
2008-07-09 18:11:16 +00:00
Ted Kremenek 852ed373aa Initial work on splitting the ValueState into an Environment, Store, and
Constraints. These concepts are already present in the current ValueState, but
the implementation is monolothic. Making ValueState more modular opens up new
design choices for customizing the analysis engine.

In the context of the analysis engine, the "Environment" is the binding between
Expr* (expressions) and intermediate symbolic values (RValues).

llvm-svn: 53252
2008-07-08 21:46:56 +00:00
Ted Kremenek 4963d1144f Updated clients of ImmutableMap::SlimFind to use ImmutableMap::lookup instead.
llvm-svn: 53172
2008-07-07 16:21:19 +00:00
Ted Kremenek 37a2c0d5d1 Do not emit a "missing -dealloc" warning if a class contains no ivars that are pointers.
This patch aims to address some of the concerns of PR 2517: http://llvm.org/bugs/show_bug.cgi?id=2517

llvm-svn: 53168
2008-07-07 06:36:08 +00:00
Ted Kremenek 4d85146e6d Use conjured symbols for variables whose values are invalidated when
passed-by-reference to a function. This allows us to build up constraints for
their new values and restore some lost path-sensitivity. This addresses a few
false positives since in Adium.

llvm-svn: 53125
2008-07-03 23:26:32 +00:00
Ted Kremenek 8044046efb Fix a bug in the dead stores checker reported in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-July/002157.html

Essentially the observer mechanism in LiveVariables was observing block-level
expressions multiple times, leading to a case where the dead store checker could
see a value as dead when it was really live.

llvm-svn: 53115
2008-07-03 22:25:27 +00:00
Ted Kremenek 68b117fca4 Skip the "-dealloc" check if a ObjC class contains no ivars.
llvm-svn: 53100
2008-07-03 15:37:02 +00:00
Ted Kremenek e66ca6f35a For the -dealloc checker, check the LangOptions to determine whether or not the code is compiled with GC.
llvm-svn: 53098
2008-07-03 14:35:01 +00:00
Ted Kremenek 1d3c797c90 Have BugReporter::getCFG and BugReporter::getLiveVariables returns pointers instead of references, because they can both fail
on functions we cannot construct full CFGs for yet.

llvm-svn: 53081
2008-07-03 05:26:14 +00:00