Ted Kremenek
f52718899f
static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression.
...
llvm-svn: 129349
2011-04-12 05:12:39 +00:00
Ted Kremenek
57a4a152b2
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic.
...
llvm-svn: 129348
2011-04-12 03:49:37 +00:00
Ted Kremenek
4f939da02d
RegionStoreManager::invalidateRegions: treat classes the same as structs.
...
llvm-svn: 129333
2011-04-12 00:44:31 +00:00
Ted Kremenek
e0d2b8c58c
Teach GRState::getSValAsScalarOrLoc() about C++ references.
...
llvm-svn: 129329
2011-04-12 00:28:12 +00:00
Ted Kremenek
8ef59e5c03
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls.
...
llvm-svn: 129308
2011-04-11 22:22:05 +00:00
Ted Kremenek
f603f3afbd
Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs
...
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
llvm-svn: 129166
2011-04-08 22:42:35 +00:00
Ted Kremenek
40d16c0e75
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
...
recover some path-sensitivity by conjuring a symbol.
llvm-svn: 128612
2011-03-31 04:46:53 +00:00
Ted Kremenek
61a4f6682a
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
...
llvm-svn: 128611
2011-03-31 04:04:48 +00:00
Ted Kremenek
98a24e37c5
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
...
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
llvm-svn: 128557
2011-03-30 17:41:19 +00:00
Argyrios Kyrtzidis
9eb02dfa89
[analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
...
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
Argyrios Kyrtzidis
2c49ec7f1d
[analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
...
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.
llvm-svn: 126659
2011-02-28 17:36:18 +00:00
Argyrios Kyrtzidis
b388f77ad9
[analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't have any checkers associated with it anymore.
...
llvm-svn: 126440
2011-02-24 21:43:08 +00:00
Ted Kremenek
9909df3b3a
Handle 'UsingDirective' in CFGRecStmtDeclVisitor.
...
llvm-svn: 125491
2011-02-14 17:00:16 +00:00
Zhongxing Xu
6f8a8f92b8
If the unary operator is prefix and an lvalue (in C++), bind
...
the location (l-value) to it.
llvm-svn: 122396
2010-12-22 08:38:13 +00:00
Ted Kremenek
8219b82125
Start migration of static analyzer to using the
...
implicit lvalue-to-rvalue casts that John McCall
recently introduced. This causes a whole bunch
of logic in the analyzer for handling lvalues
to vanish. It does, however, raise a few issues
in the analyzer w.r.t to modeling various constructs
(e.g., field accesses to compound literals).
The .c/.m analysis test cases that fail are
due to a missing lvalue-to-rvalue cast that
will get introduced into the AST. The .cpp
failures were more than I could investigate in
one go, and the patch was already getting huge.
I have XFAILED some of these tests, and they
should obviously be further investigated.
Some highlights of this patch include:
- CFG no longer requires an lvalue bit for
CFGElements
- StackFrameContext doesn't need an 'asLValue'
flag
- The "VisitLValue" path from GRExprEngine has
been eliminated.
Besides the test case failures (XFAILed), there
are surely other bugs that are fallout from
this change.
llvm-svn: 121960
2010-12-16 07:46:53 +00:00
Zhanyong Wan
6dace61730
Fix PR8419. Reviewed by kremenek and xuzhongxing.
...
llvm-svn: 119960
2010-11-22 08:45:56 +00:00
Zhanyong Wan
e4f7df694d
Make Clang static analyzer skip function template definitions. This fixes Clang PR 8426, 8427, & 8433. Reviewed by Ted Kremenek and Doug Gregor.
...
llvm-svn: 117853
2010-10-31 04:22:34 +00:00
Ted Kremenek
128d04dfe8
Explicitly handle CXXOperatorCallExpr when building CFGs. We should treat it the same as CallExprs.
...
Fixes: <rdar://problem/8375510> [Boost] CFGBuilder crash in Boost.Graph
llvm-svn: 112618
2010-08-31 18:47:34 +00:00
Ted Kremenek
8bedb7dd3f
Teach GRExprEngine::VisitLValue() about FloatingLiteral, ImaginaryLiteral, and CharacterLiteral. Fixes an assertion failure reported in PR 7675.
...
llvm-svn: 109719
2010-07-29 01:31:59 +00:00
Ted Kremenek
2f2692f8ca
Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.
...
llvm-svn: 95348
2010-02-05 02:06:54 +00:00
Ted Kremenek
acd71a4562
Make static analysis support for C++ 'this' expression context-sensitive. Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
...
llvm-svn: 92675
2010-01-05 02:18:06 +00:00
Ted Kremenek
fd97ce6573
Add analyzer test case for 'ForStmt' with condition variable.
...
llvm-svn: 92120
2009-12-24 02:41:19 +00:00
Ted Kremenek
1ce53c4320
CFG tweak: in a WhileStmt, the condition variable initializer is evaluated every time the condition is checked.
...
llvm-svn: 92111
2009-12-24 01:34:10 +00:00
Ted Kremenek
09bc3b7df6
Teach GRExprEngine to handle the initialization of the condition variable of a WhileStmt.
...
llvm-svn: 92106
2009-12-24 00:54:56 +00:00
Ted Kremenek
589493227b
Teach GRExprEngine to handle the initialization of the condition variable of a SwitchStmt.
...
llvm-svn: 92102
2009-12-24 00:40:03 +00:00
Ted Kremenek
a7bcbde814
Add CFG support for the condition variable that can appear in IfStmts in C++ mode.
...
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.
llvm-svn: 91987
2009-12-23 04:49:01 +00:00
Ted Kremenek
343b51271d
Also treat the type of the subexpression as a pointer in GRExprEngine::VisitCast when the expression is handled as an lvalue.
...
llvm-svn: 91969
2009-12-23 01:19:20 +00:00
Ted Kremenek
22cc1a8438
Add basic support for analyzing CastExprs as lvalues.
...
llvm-svn: 91952
2009-12-23 00:26:16 +00:00
Zhongxing Xu
4794801e27
Use the FunctionDecl's result type to know exactly if it returns a reference.
...
llvm-svn: 91751
2009-12-19 03:17:55 +00:00
Ted Kremenek
af1bdd71af
Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
...
llvm-svn: 91710
2009-12-18 20:13:39 +00:00
Ted Kremenek
85bcc986d6
Add failing test case for C++ static analysis.
...
llvm-svn: 91578
2009-12-17 01:44:13 +00:00