Commit Graph

83 Commits

Author SHA1 Message Date
Ted Kremenek 2044a5183d Take first step to migrating handling of "stores" to values from GRExprEngine
to the plug-in GRTransferFuncs object.

llvm-svn: 49801
2008-04-16 18:21:25 +00:00
Ted Kremenek ed30e8da56 LiveVariables now updates the liveness state of block-level expressions that
are referenced by CFGBlock terminators.

llvm-svn: 49798
2008-04-16 17:07:59 +00:00
Ted Kremenek 08e562d3c8 In ExplodedGraphImpl::Trim, prioritize for paths that don't span loops by using
two worklists: for nodes whose locations are block edges with loop terminators
and another for nodes with all other locations.  We only dequeue from the loop
worklist when the other is empty.  Exploration of the graph is still in
reverse-BFS.

llvm-svn: 49791
2008-04-16 15:51:26 +00:00
Ted Kremenek 8cb96e92a1 Implemented toll-free bridging support for CF Reference count checker.
llvm-svn: 49771
2008-04-16 04:28:53 +00:00
Ted Kremenek e556f9e39c Simplify some code.
llvm-svn: 49763
2008-04-16 02:59:55 +00:00
Ted Kremenek 748c7ce4ba Added initial boilerplate to support toll-free bridging in the ref-count checker.
llvm-svn: 49756
2008-04-15 23:44:31 +00:00
Ted Kremenek 667cacb2ff Added some comments to GRExprEngine. Reorder some of the method definitions
to start logically organizing them.

Added initial plug-in transfer function support for Objective-C message expressions.

llvm-svn: 49752
2008-04-15 23:06:53 +00:00
Ted Kremenek 6204498aad Change "VisitBlockVarDecl" to "VisitVarDecl". UninitializedValues now works
as before r49748 (where BlockVarDecl was removed).

llvm-svn: 49749
2008-04-15 23:02:18 +00:00
Steve Naroff 08899ff85d Remove FileVarDecl and BlockVarDecl. They are replaced by VarDecl::isBlockVarDecl() and VarDecl::isFileVarDecl().
This is a fairly mechanical/large change. As a result, I avoided making any changes/simplifications that weren't directly related. I did break two Analysis tests. I also have a couple FIXME's in UninitializedValues.cpp. Ted, can you take a look? If the bug isn't obvious, I am happy to dig in and fix it (since I broke it).

llvm-svn: 49748
2008-04-15 22:42:06 +00:00
Ted Kremenek 82ff6d65bc Fix bug in terminator processing for uninitialized-values: simply ignore the terminator, don't reprocess it.
LiveVariables analysis now does a flow-insensitive analysis to determine what variables have their address taken; these variables are now always treated as being live.

The DataflowSolver now uses "SetTopValue()" when getting the initial value for the entry/exit block.

llvm-svn: 49734
2008-04-15 18:35:30 +00:00
Argyrios Kyrtzidis 45887902b6 Fix a compiler error on MSVC (variable name 'E' clash).
llvm-svn: 49727
2008-04-15 16:30:10 +00:00
Ted Kremenek 6d41b82ea4 Improve dead store diagnostic.
llvm-svn: 49711
2008-04-15 05:31:00 +00:00
Ted Kremenek 8adeebb274 Added initial support into the flow-sensitive dataflow solver to visit the Block-level expression
in a block's terminator.  This expression is visited within a block, but it is accessed by the
terminator.  This is important to observe because for live-variables analysis the block-level
expression is live between the terminator and where the expression occurs in the block.  So far
this hasn't been an issue to not observe this because the block-level expression used in the
terminator is always the last one in the block, and we have never queried the liveness information
about this point (but before the terminator).

llvm-svn: 49709
2008-04-15 04:39:08 +00:00
Ted Kremenek 66279073f7 Bug fix in dead stores: don't always check the liveness of the first decl
in a DeclStmt.

llvm-svn: 49708
2008-04-15 04:11:48 +00:00
Ted Kremenek cd76f95dd0 ++/-- makes a variable live since it is used; thus the liveness state is
"Alive" as opposed to staying the same.

llvm-svn: 49707
2008-04-15 04:08:54 +00:00
Ted Kremenek f4212bdbc3 Bug fix in LiveVariables: Operators ++/-- may kill a value, but the variable
is still live.

llvm-svn: 49705
2008-04-15 03:47:30 +00:00
Ted Kremenek 87bfc03f4a Don't flag dead stores that occur in macros.
llvm-svn: 49672
2008-04-14 18:28:25 +00:00
Ted Kremenek bae225d57a Have BugReporter::EmitWarning use the PathDiagnosticClient if it is available.
llvm-svn: 49668
2008-04-14 18:06:42 +00:00
Ted Kremenek 75ff623e2e Bug fix in dead-store checker when walking the Decls in a DeclStmt: don't
assume that DeclStmts only have VarDecls; they can have TypedefDecls.

llvm-svn: 49662
2008-04-14 17:52:13 +00:00
Ted Kremenek 12e721a728 Treat calls to unresolved functions in the CF-ref count checker as calls
to functions with NULL summaries.

llvm-svn: 49660
2008-04-14 17:45:13 +00:00
Ted Kremenek 7e15130dc9 Hooked up the dead-store checker to the BugReporter interface. Now dead-store
warnings are emitted as part of the warnings registered by GRSimpleVals.

llvm-svn: 49658
2008-04-14 17:39:48 +00:00
Ted Kremenek 8784a7c006 Add some boilerplate to report memory leaks at the end of an analyzed function.
Still need some boilerplate in BugReporter to report bugs at the end
of a function (not associated with a particular statement).

llvm-svn: 49564
2008-04-11 22:25:11 +00:00
Ted Kremenek 811c2b4edb Added "GREndPathNodeBuilder", a new node builder that will be used for
evaluating transfer functions at the end-of-path.

llvm-svn: 49561
2008-04-11 22:03:04 +00:00
Ted Kremenek 0a86fdb1ff Added FIXME
llvm-svn: 49558
2008-04-11 20:51:02 +00:00
Ted Kremenek 831f327568 Fix regression introduced by my last commit.
llvm-svn: 49556
2008-04-11 20:23:24 +00:00
Ted Kremenek a7c44113bc Changed behavior of how we handle "NULL" summaries: just call
GRSimpleVals::EvalCal(), and don't change reference counts.

Remove "getDoNothingSummary()", as a NULL summary does the same thing.

Added temporary hack for the "Get" rule for objects that return a pointer type:
treat them as non-owned CF objects.

Added test case to detect the release of a non-owned object.

llvm-svn: 49555
2008-04-11 20:11:19 +00:00
Ted Kremenek 988990f842 Use RangedBugReport to report better ranges for reference count errors.
llvm-svn: 49552
2008-04-11 18:40:51 +00:00
Ted Kremenek 6e38ffa517 Added "RangedBugReport".
llvm-svn: 49551
2008-04-11 18:40:29 +00:00
Ted Kremenek 4b77209694 Fixed some logic errors in the CF ref count checker; we now can detect simple
use-after-release errors.  Added test case.

llvm-svn: 49509
2008-04-10 23:44:06 +00:00
Ted Kremenek 3c03d52d6e Simplify CF ref. count checker state machine.
llvm-svn: 49505
2008-04-10 23:09:18 +00:00
Ted Kremenek 22bd628056 Fix some bonehead bugs in summary generation in CFRefCount.
llvm-svn: 49503
2008-04-10 22:58:08 +00:00
Ted Kremenek 4a78c3ae11 Refactored all logic to run the GRSimpleVals and CFRef checker into a common
code path in the clang driver.

Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.

llvm-svn: 49500
2008-04-10 22:16:52 +00:00
Ted Kremenek ea1bc3bec6 CFRefCount analysis now properly calls "EmitWarnings" after analyzing a function.
llvm-svn: 49488
2008-04-10 16:21:09 +00:00
Ted Kremenek 42d9db75f0 When not emitting path diagnostics in BugReporter::EmitWarning(), use the
BugReport-specific SourceRanges (when available).

llvm-svn: 49486
2008-04-10 16:12:38 +00:00
Ted Kremenek 83744ddbd9 Fixed regressions in error reporting due to copy-paste errors (using the "begin"
iterator instead of "end") and not implementing "getDescription()" for Nil
argument checks.

llvm-svn: 49485
2008-04-10 16:05:13 +00:00
Ted Kremenek c8bef6a076 Hooked up initial reference-count checks to the BugReporter interface.
llvm-svn: 49455
2008-04-09 23:49:11 +00:00
Ted Kremenek 7acc3a36ef Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter.
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.

GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.

ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.

llvm-svn: 49453
2008-04-09 21:41:14 +00:00
Ted Kremenek ce8e881dc3 Added some boilerplate for emitting warnings from the CF-reference count checker.
llvm-svn: 49414
2008-04-09 01:10:13 +00:00
Ted Kremenek 3cef454e2e Added new "BugReporterHelper" class which is used by BugReporter to emit
checker-specific diagnostics.

llvm-svn: 49412
2008-04-09 00:20:43 +00:00
Ted Kremenek e73006ee45 Improve BugReport diagnostics for loops and ? operator.
llvm-svn: 49356
2008-04-07 23:35:17 +00:00
Chris Lattner 1e830c07a2 templates can't be static.
llvm-svn: 49258
2008-04-06 04:22:39 +00:00
Ted Kremenek d1a2efadba Added investigate patch for an occasionally failing assertion (heisenbug?)
llvm-svn: 49193
2008-04-03 21:44:24 +00:00
Ted Kremenek 10569cdd87 Better range highlight for undefined-argument checks.
llvm-svn: 49184
2008-04-03 18:52:25 +00:00
Ted Kremenek 5f5592062b When reporting "bad receiver" warnings, highlight the receiver.
llvm-svn: 49183
2008-04-03 18:46:16 +00:00
Ted Kremenek 89575b7bcb Use "getRanges" in default implementation of "getEndPath" to determine
the ranges of highlighted elements in the source code.

llvm-svn: 49181
2008-04-03 18:00:37 +00:00
Ted Kremenek cb2dc8eca5 Hooked up GRSimpleAPICheck and the simple Objective-C Foundation checks to use
the new BugReporter interface.

llvm-svn: 49180
2008-04-03 17:57:38 +00:00
Ted Kremenek ca40664275 Handle the case when getEndPath() returns NULL.
llvm-svn: 49155
2008-04-03 07:33:55 +00:00
Ted Kremenek e4c029e7aa Add back bug name to PathDiagnostic.
llvm-svn: 49139
2008-04-03 05:23:19 +00:00
Ted Kremenek 4e9cc3f272 When creating PathDiagnostics, created a trimmed graph first and report the
BFS path to the root.  This also avoids problems with loops in the ExplodedGraph.

llvm-svn: 49133
2008-04-03 04:59:14 +00:00
Ted Kremenek 505a36afc6 Created new path-sensitive bug-reporting scheme based on the classes
"BugReporter" and "BugDescription".  BugDescription is used to describe
a bug and provide pieces of the PathDiagnostic, and BugReporter creates
the actual PathDiagnostic by crawling through the ExplodedGraph.

Migrated checks done by GRSimpleVals to be reported using the new BugReporter
mechanism.

llvm-svn: 49127
2008-04-03 04:42:52 +00:00