Ted Kremenek
04268232df
Per discussion with John McCall, don't add OpaqueValueExprs to the CFG.
...
llvm-svn: 143766
2011-11-05 00:10:15 +00:00
Anna Zaks
9e82c62222
[analyzer] Fix PR11282 - an assert in markAsSink
...
This is another fallout from the refactoring. We were
calling MarkAsSink on a cached out node.
(Fixes radar://10376675)
llvm-svn: 143516
2011-11-01 22:41:14 +00:00
Anna Zaks
6d319489df
[analyzer] BranchNodeBuilder should not generate autotransitions.
...
This fixes radar://10367606
llvm-svn: 143514
2011-11-01 22:41:06 +00:00
Ted Kremenek
a98358ea13
[analyzer] ObjC message sends to nil receivers that return structs are now okay (compiler zeroes out the data). Fixes <rdar://problem/9151319>.
...
llvm-svn: 143215
2011-10-28 19:05:10 +00:00
Ted Kremenek
0062e74961
Add source-level dominators analysis. Patch by Guoping Long!
...
llvm-svn: 142885
2011-10-25 00:25:24 +00:00
Ted Kremenek
81ce1c8a99
Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.
...
llvm-svn: 142782
2011-10-24 01:32:45 +00:00
Ted Kremenek
77a0eb20ab
Add test case for analyzer crash reported in <rdar://problem/10308201> (which is already fixed in mainline).
...
llvm-svn: 142606
2011-10-20 19:33:06 +00:00
Rafael Espindola
5450f218a6
Fix the signatures of vfork, __sigsetjmp and sigsetjmp.
...
Patch by Dimitry Andric.
llvm-svn: 142531
2011-10-19 14:50:34 +00:00
Richard Smith
9ca5c42582
Update all tests other than Driver/std.cpp to use -std=c++11 rather than
...
-std=c++0x. Patch by Ahmed Charles!
llvm-svn: 141900
2011-10-13 22:29:44 +00:00
Rafael Espindola
2d21ab024e
Add returns_twice to functions that are known to return twice. This implements
...
the same behavior of gcc by keeping the attribute out of the function type.
llvm-svn: 141803
2011-10-12 19:51:18 +00:00
Anna Zaks
fedf5dfc71
[analyzer] Warn about the use of insecure, deprecated vfork() function PR11053 ( http://llvm.org/bugs/show_bug.cgi?id=11053 ).
...
A patch by Graham Lee!
llvm-svn: 141643
2011-10-11 04:34:54 +00:00
Ted Kremenek
8f34b6999c
[analyzer] Teach the static analyzer about CXXForRangeStmt. Patch by Jim Goodnow II!
...
llvm-svn: 141587
2011-10-10 22:36:31 +00:00
Ted Kremenek
d79719b144
Provide basic static analyzer support for CXXTemporaryObjectExpr. Patch by Jim Goodnow II.
...
llvm-svn: 141433
2011-10-07 22:48:13 +00:00
Ted Kremenek
b7531d622d
[static analyzer] Fix crash in LiveVariables and Environment::getSVal() when analyzing C++ pointer-to-member calls. Fixes <rdar://problem/10243398>.
...
llvm-svn: 141312
2011-10-06 20:53:28 +00:00
Ted Kremenek
f3e3f6645e
Fix major regression in RetainCountChecker. DefaultSummaries were not being used when they were meant to be. Fixes <rdar://problem/10241614>.
...
llvm-svn: 141250
2011-10-05 23:54:29 +00:00
John McCall
9b0a7cea0f
Make -fobjc-nonfragile-abi the -cc1 default, since it's the
...
increasingly prevailing case to the point that new features
like ARC don't even support the fragile ABI anymore.
This required a little bit of reshuffling with exceptions
because a check was assuming that ObjCNonFragileABI was
only being set in ObjC mode, and that's actually a bit
obnoxious to do.
Most, though, it involved a perl script to translate a ton
of test cases.
Mostly no functionality change for driver users, although
there are corner cases with disabling language-specific
exceptions that we should handle more correctly now.
llvm-svn: 140957
2011-10-02 01:16:38 +00:00
Ted Kremenek
2a14c695eb
Fix LiveVariables analysis bug with MaterializeTemporaryExpr and fix handling in ExprEngine. Fixes <rdar://problem/10201666>.
...
llvm-svn: 140956
2011-10-02 00:54:48 +00:00
Anna Zaks
79ada929b7
Address PR10616. The crash has already been fixed by Ted in r140725, so just refactor to use existing API + test case.
...
llvm-svn: 140932
2011-10-01 06:35:19 +00:00
John McCall
525f05597f
Tweak the interface for analyzing the CF conventions for a name
...
to take a FunctionDecl* instead of an llvm::StringRef. Eventually
we might push more logic in there, like using slightly different
conventions for C++ methods.
Also, fix a bug where 'copy' and 'create' were being caught in
non-camel-cased strings. We want copyFoo and CopyFoo and XCopy
but not Xcopy or xcopy.
llvm-svn: 140911
2011-10-01 00:48:56 +00:00
Ted Kremenek
afedc07a9b
Fix crash when analyzing C++ code involving constant enums and switch statements (<rdar://problem/10202899>).
...
llvm-svn: 140844
2011-09-30 03:51:54 +00:00
Anna Zaks
819b0d8619
[analyzer] Fix a bug in RetainReleaseChecker diagnostics. It gives more precise error message on the modified test case (and prevents duplicate diagnostics when we purge at block granularity).
...
llvm-svn: 140840
2011-09-30 02:19:19 +00:00
Anna Zaks
8d4c8e1498
[analyzer] Add -analyzer-purge option which can take on multiple values, remove -analyzer-purge=none. (Small refactor as well: move the work of constructing AnalysisManager from the callers to the class itself.)
...
llvm-svn: 140838
2011-09-30 02:03:00 +00:00
Anna Zaks
0070c6d4db
Fix a crash in MallocOverflowSecurityChecker. Patch by Lei Zhang.
...
llvm-svn: 140648
2011-09-27 22:25:01 +00:00
Anna Zaks
b9875a984c
[analyzer] Remove target triple from the malloc overflow test.
...
llvm-svn: 140635
2011-09-27 20:41:53 +00:00
Anna Zaks
15ca5e7a21
[analyzer] Fix a bug where PathDiagnosticLocation did not generate a valid range and add asserts to check validity of locations early on. Ignore invalid ranges in PathDiagnosticPiece (they could be added by checker writers).
...
Addresses radar://10124836 and radar://radar10102244.
llvm-svn: 140218
2011-09-21 00:35:58 +00:00
Anna Zaks
efd182d992
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 5 of ?):
...
- Get rid of PathDiagnosticLocation(SourceRange r,..) constructor by providing a bunch of create methods.
- The PathDiagnosticLocation(SourceLocation L,..), which is used by crate methods, will eventually become private.
- Test difference is in the case when the report starts at the beginning of the function. We used to represent that point as a range of the very first token in the first statement. Now, it's just a single location representing the first character of the first statement.
llvm-svn: 139932
2011-09-16 19:18:30 +00:00
Anna Zaks
207c68012a
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 4 of ?):
...
- The closing brace is always a single location, not a range.
- The test case previously had a location key 57:1 followed by a range [57:1 - 57:1].
llvm-svn: 139832
2011-09-15 20:06:34 +00:00
Anna Zaks
615e3a69c3
[analyzer] After CFG has been linearized, we can have a situation where an ExpoledNode has an invalid SourceLocation (which has no correspondence in the source code). This commit is the first step to solve this problem.
...
- It adds LocationContext to the PathDiagnosticLocation object and uses it to lookup the enclosing statement with a valid location.
- So far, the LocationContext is only available when the object is constructed from the ExplodedNode.
- Already found some subtle bugs(in plist-output-alternate.m) where the intermediate diagnostic steps were not previously shown.
llvm-svn: 139703
2011-09-14 17:48:01 +00:00
Anna Zaks
05dda473e6
[analyzer] Simplify the test, use generic/more descriptive names.
...
llvm-svn: 139516
2011-09-12 18:28:35 +00:00
Anna Zaks
79301b16f3
[analyzer] Fix a failure encountered while analyzing bind (radar://10105448).
...
llvm-svn: 139509
2011-09-12 18:07:30 +00:00
Anna Zaks
295208d744
[analyzer] Fix a new failure encountered while building Adium exposed as a result of r138196(radar://10087620). ObjectiveC property of type int has a value of type ObjCPropRef, which is a Loc.
...
llvm-svn: 139507
2011-09-12 17:56:08 +00:00
Anna Zaks
964c186ffe
[analyzer] Test for -analyze-function on ObjectiveC to accompany r139439.
...
llvm-svn: 139506
2011-09-12 17:48:08 +00:00
Benjamin Kramer
e007e80fc0
Stop cluttering the test directory with temporary files.
...
llvm-svn: 139114
2011-09-05 07:19:32 +00:00
Jordy Rose
c49ec53e29
[analyzer] Move the knowledge of whether or not GC is enabled for the current analysis from CFRefCount to ExprEngine.
...
Remove TransferFuncs from ExprEngine and AnalysisConsumer.
Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly.
llvm-svn: 138998
2011-09-02 05:55:19 +00:00
Zhongxing Xu
bfb8e2fe6e
If size was equal to 0, either NULL or a pointer suitable to be passed to
...
free() is returned by realloc(). Most code expect NULL.
And we only need to transfer one final ProgramState.
llvm-svn: 138937
2011-09-01 04:53:59 +00:00
Anna Zaks
814adf7752
Fix: Bug 10798 - [analyzer] Crash when analyzing ICU. (A slight improvement on the previous commit.)
...
llvm-svn: 138762
2011-08-29 20:43:37 +00:00
Anna Zaks
cda129eb1c
Fix bug 10797: Crash: "cast<Ty>() argument of incompatible type!" assert when analyzing ICU.
...
Patch by Jean-Daniel Dupas. Thanks for spotting and fixing!
llvm-svn: 138757
2011-08-29 20:05:54 +00:00
Ted Kremenek
6eb83cfacd
[analyzer] Add test case for handling of __bridge_transfer that previously resulted in a 'stack address' warning (that was fixed in r138616). Fixes <rdar://problem/10018376>.
...
llvm-svn: 138710
2011-08-27 21:15:48 +00:00
Jeffrey Yasskin
0e9cdbbb06
Handle CXXTempObjectRegion in StackAddrEscapeChecker.
...
Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now
that it doesn't crash, and extract the stack-block test into another file since
it errors, and that prevents the analyzer from running.
llvm-svn: 138613
2011-08-26 00:41:31 +00:00
Anna Zaks
be460898bb
[analyzer] MacOSKeychainAPIChecker: Provide reacher diagnostic trace by pointing to the allocation site when reporting a leak.
...
llvm-svn: 138479
2011-08-24 20:52:46 +00:00
Anna Zaks
0897a23517
[analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.
...
llvm-svn: 138417
2011-08-24 00:06:27 +00:00
Ted Kremenek
ee9848e20d
Fix regression in -Wuninitialized involving VLAs. It turns out that we were modeling sizeof(VLAs)
...
incorrectly in the CFG, and also the static analyzer. This patch regresses the analyzer a bit, but
that needs to be followed up with a better solution.
Fixes <rdar://problem/10008112>.
llvm-svn: 138372
2011-08-23 20:30:50 +00:00
Anna Zaks
bd7972b49e
[analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.
...
llvm-svn: 138296
2011-08-22 23:18:12 +00:00
Jordy Rose
5a3c9ff3a3
[analyzer] Move handling of hardcoded noreturn ("panic") methods from CFRefCount to NoReturnFunctionChecker. No functionality change intended.
...
llvm-svn: 138210
2011-08-20 20:55:40 +00:00
Anna Zaks
3c06d7f442
Add a test for checking that custom diagnostic visitors are working.
...
llvm-svn: 137970
2011-08-18 19:02:46 +00:00
Ted Kremenek
e1962328f5
[analyzer] teach ExprEngine about loads from static C++ class fields. Fixes <rdar://problem/9948787>.
...
llvm-svn: 137760
2011-08-16 21:37:52 +00:00
Anna Zaks
a06421a02c
MacOSKeychainAPIChecker: Turn it on by default.
...
llvm-svn: 137740
2011-08-16 20:02:05 +00:00
Anna Zaks
01ae1e1197
MacOSKeychainAPIChecker: Do not report double allocation if first allocation returned an error.
...
llvm-svn: 137720
2011-08-16 16:30:24 +00:00
Anna Zaks
80319c1702
MacOSKeychainAPIChecker: Test all APIs.
...
llvm-svn: 137549
2011-08-13 02:10:15 +00:00
Anna Zaks
59d741fec6
MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.
...
llvm-svn: 137526
2011-08-12 22:47:22 +00:00
Anna Zaks
fdd0aca0a5
MacOSKeychainAPIChecker:
...
Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope.
Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.
llvm-svn: 137523
2011-08-12 21:56:43 +00:00
NAKAMURA Takumi
9f8a02d34e
De-Unicode-ify.
...
llvm-svn: 137430
2011-08-12 05:49:51 +00:00
Ted Kremenek
7765dda06a
[analyzer] add more buffer overflow tests to show we handle sizeof(VLA) in obstruse ways...
...
llvm-svn: 137007
2011-08-06 00:34:48 +00:00
Anna Zaks
c52bed1814
KeychainAPI checker: Generate an error on double allocation. Pull out getAsPointeeMemoryRegion so that it could be reused.
...
llvm-svn: 136952
2011-08-05 00:37:00 +00:00
Anna Zaks
680be29584
KeychainAPI checker: forgot to commit the test with r136930. This should fix the bot.
...
llvm-svn: 136938
2011-08-04 22:40:38 +00:00
Anna Zaks
388c18ec7f
KeychainAPI checker: Add basic diagnostics. Track MemoryRegion istead of SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.
...
llvm-svn: 136851
2011-08-04 00:26:57 +00:00
Ted Kremenek
3f955e6d89
[analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
...
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
Ted Kremenek
1c2fb270ce
[analyzer] Introduce MallocOverflowSecurityChecker, a simple flow-sensitive checker that may be useful for security auditing. This checker is currently too noisy to be on by default.
...
llvm-svn: 136804
2011-08-03 20:17:43 +00:00
Anna Zaks
9ab728bb05
KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)
...
llvm-svn: 136694
2011-08-02 17:11:03 +00:00
Anna Zaks
15f496c118
Add a skeleton for the Keychain Services API Checker. Register it as OSX experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting..
...
llvm-svn: 136659
2011-08-01 22:40:01 +00:00
Ted Kremenek
73665188fc
Really remove FlatStoreManager and BasicStoreManager, this time from the driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
...
llvm-svn: 136422
2011-07-28 23:08:16 +00:00
Ted Kremenek
7c7ce00265
Remove flat store tests.
...
llvm-svn: 136421
2011-07-28 23:08:04 +00:00
Ted Kremenek
e9fda1e48a
[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
...
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.
Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.
llvm-svn: 136419
2011-07-28 23:07:59 +00:00
Ted Kremenek
a644668193
[analyzer] fix handling of MaterializeTemporaryExpr by binding the result value to
...
the proper expression.
llvm-svn: 136412
2011-07-28 23:07:36 +00:00
Fariborz Jahanian
4ceec3f0d1
objc: clang should warn if redeclaration of methods
...
declared in protocol in the class qualified by the
protocol have type conflicts. To reduce amount of
noise, this is done when class is implemented.
// rdar://9352731
llvm-svn: 135890
2011-07-24 20:53:26 +00:00
John McCall
d2930c2100
In Objective-C, pull arbitrary attributes from overridden
...
methods, including indirectly overridden methods like those
declared in protocols and categories. There are mismatches
that we would like to diagnose but aren't yet, but this
is fine for now.
I looked at approaches that avoided doing this lookup
unless we needed it, but the infer-related-result-type
checks were doing it anyway, so I left it with the same
fast-path check for no previous declartions of that
selector.
llvm-svn: 135743
2011-07-22 02:45:48 +00:00
Jordy Rose
d9c522100e
[analysis] Add checks for double-locking and lock order reversal bugs for
...
pthread and XNU locks. Patch by Rui Paulo!
llvm-svn: 135515
2011-07-19 20:21:41 +00:00
Ted Kremenek
6dcbbe8547
[analyzer] Per discussions with the Cocoa team, extend CF naming conventions to extend to camel case functions instead of just title case functions. Fixes <rdar://problem/9732321>.
...
llvm-svn: 135350
2011-07-16 19:50:36 +00:00
Jordy Rose
5737d073bd
Update retain-release.m to match updated warnings from r135310
...
llvm-svn: 135317
2011-07-15 22:38:26 +00:00
Jordy Rose
43426f8fcb
Add tests for CFRefReport's path notes, and fix a few typos and non-standard terminology ('+0 retain counts') caught by the tests.
...
llvm-svn: 135310
2011-07-15 22:17:54 +00:00
Jordy Rose
b72bd53f7d
[analyzer] GNU __null is a pointer-sized integer, not a pointer. Fixes PR10372.
...
llvm-svn: 135294
2011-07-15 20:29:02 +00:00
Douglas Gregor
5c70b06feb
Teach the static analyzer's interpretation of Cocoa conventions to
...
obey the objc_method_family attribute when provided. Fixes
<rdar://problem/9726279>.
llvm-svn: 134493
2011-07-06 16:00:34 +00:00
Jordy Rose
7770a8c6c5
[analyzer] strnlen isn't a builtin, don't test for it
...
llvm-svn: 133994
2011-06-28 05:34:40 +00:00
Jordy Rose
4d3c1511ac
[analyzer] Use UnknownVal when default-initializing arrays whose element types we don't model, to distinguish them from uninitialized arrays (PR10163).
...
llvm-svn: 133937
2011-06-27 20:36:38 +00:00
Jordy Rose
b41f7c55f5
[analyzer] Finish size argument checking for strncat (and strncpy).
...
llvm-svn: 133472
2011-06-20 21:55:40 +00:00
Jordy Rose
328deeed7f
[analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
...
llvm-svn: 133408
2011-06-20 03:49:16 +00:00
Jordy Rose
dceb0cf3f3
[analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
...
llvm-svn: 133406
2011-06-20 02:06:40 +00:00
Jordy Rose
c026370858
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
...
llvm-svn: 133154
2011-06-16 07:13:34 +00:00
John McCall
31168b077c
Automatic Reference Counting.
...
Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.
Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.
llvm-svn: 133103
2011-06-15 23:02:42 +00:00
Jordy Rose
634c12d23f
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
...
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
llvm-svn: 133046
2011-06-15 05:52:56 +00:00
Jordy Rose
bc7483f505
[analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.
...
llvm-svn: 132958
2011-06-14 01:40:43 +00:00
Jordy Rose
d359289669
[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.
...
llvm-svn: 132955
2011-06-14 01:15:31 +00:00
Douglas Gregor
c9224d6714
Eliminate the -f[no]objc-infer-related-result-type flags; there's no
...
reason to allow the user to control these semantics through a flag.
llvm-svn: 132919
2011-06-13 16:42:53 +00:00
Jordy Rose
1734737d9f
[analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary.
...
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.
llvm-svn: 132840
2011-06-10 08:49:37 +00:00
Jordy Rose
891d613289
[analyzer] Ignore parentheses around block-level expressions when computing liveness. Fixes the other half of PR8962.
...
llvm-svn: 132769
2011-06-09 05:44:04 +00:00
Jordy Rose
ab8a668849
[analyzer] Look through __extension__ expressions in a GRState's Environment. Fixes PR8962.
...
llvm-svn: 132762
2011-06-08 22:47:39 +00:00
Jordy Rose
097c5397a8
[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
...
llvm-svn: 132617
2011-06-04 01:47:27 +00:00
Jordy Rose
63b84be6cb
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
...
llvm-svn: 132607
2011-06-04 00:04:22 +00:00
Jordy Rose
aee7fb9e64
[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)
...
llvm-svn: 132605
2011-06-03 23:42:56 +00:00
Ted Kremenek
f230198f15
Tighen analyzer diagnostics w.r.t ObjC/CF leaks.
...
llvm-svn: 132130
2011-05-26 18:45:44 +00:00
Ted Kremenek
4c5d2888f4
static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen.
...
llvm-svn: 132100
2011-05-25 23:57:29 +00:00
Ted Kremenek
86d49ce20c
Teach analyzer about cf_returns_not_retained for C functions.
...
llvm-svn: 132049
2011-05-25 06:29:39 +00:00
Ted Kremenek
8e2c9b0180
Enhance retain/release checker to flag warnings when functions returning CG types do not follow the Core Foundation naming conventions.
...
llvm-svn: 132048
2011-05-25 06:19:45 +00:00
Ted Kremenek
3a60114085
Add explicit CFG support for ignoring static_asserts.
...
llvm-svn: 132001
2011-05-24 20:41:31 +00:00
Ted Kremenek
109b127e02
Fix regression in static analyzer's handling of prefix '--' operator. It was being treated as postfix '--' in C mode.
...
llvm-svn: 131770
2011-05-20 23:40:06 +00:00
Ted Kremenek
f377cb82f9
Teach RegionStore not to symbolic array values whose indices it cannot reason about.
...
llvm-svn: 131702
2011-05-19 23:37:58 +00:00
Ted Kremenek
5f06955aa0
Teach static analyzer to analyze Objective-C methods in category implementations.
...
llvm-svn: 131614
2011-05-19 00:56:53 +00:00
Ted Kremenek
6878c36328
Elide __label__ declarations from the CFG. This resolves a crash in CFGRecStmtDeclVisitor (crash in static analyzer).
...
llvm-svn: 131141
2011-05-10 18:42:15 +00:00
Lenny Maiorani
5066858bcd
Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
...
llvm-svn: 130758
2011-05-03 16:34:26 +00:00
Ted Kremenek
e9f364f658
Tweak the retain/release checker to not stop tracking retained objects when calling C++ methods. This is a temporary solution to prune false positives until we have a general story using annotations.
...
llvm-svn: 130726
2011-05-02 21:21:42 +00:00
Ted Kremenek
aa181174e7
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.
...
llvm-svn: 130711
2011-05-02 19:42:42 +00:00
Lenny Maiorani
0b510279c6
Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
...
llvm-svn: 130708
2011-05-02 19:05:49 +00:00
Ted Kremenek
8067746554
Move the SelfInit checker to the 'cocoa.experimental' package.
...
llvm-svn: 130598
2011-04-30 06:46:45 +00:00
Ted Kremenek
e8e565ab81
Adjust test/Analysis/retain-release.m to also test the retain/release checker in Objective-C++ mode.
...
llvm-svn: 130559
2011-04-29 23:15:53 +00:00
Lenny Maiorani
4af23c8159
Implements strcasecmp() checker in Static Analyzer.
...
llvm-svn: 130398
2011-04-28 15:09:11 +00:00
Lenny Maiorani
005b5c1aee
More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.
...
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!
llvm-svn: 130303
2011-04-27 14:49:29 +00:00
Ted Kremenek
08b434f450
Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without
...
resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.
llvm-svn: 130292
2011-04-27 05:34:09 +00:00
Argyrios Kyrtzidis
a9b630e4d7
Emit a -Wnull-dereference warning for "*null" not just "*null = something". Addresses rdar://9269271.
...
llvm-svn: 130207
2011-04-26 17:41:22 +00:00
Lenny Maiorani
e553e40467
Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
...
llvm-svn: 130161
2011-04-25 22:21:00 +00:00
Ted Kremenek
11e5c8b31a
Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.
...
llvm-svn: 130003
2011-04-22 18:01:30 +00:00
Anders Carlsson
d1f65f61ee
Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746.
...
llvm-svn: 129741
2011-04-19 01:16:46 +00:00
Richard Smith
0c502d2a62
Fix PR9741. The implicit declarations created for range-based for loops weren't being added to the DeclContext (nor were they being marked as implicit). Also, the declarations were being emitted in the wrong order when building the CFG.
...
llvm-svn: 129700
2011-04-18 15:49:25 +00:00
Chris Lattner
57540c5be0
fix a bunch of comment typos found by codespell. Patch by
...
Luis Felipe Strano Moraes!
llvm-svn: 129559
2011-04-15 05:22:18 +00:00
Ted Kremenek
ced5feaec9
Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols.
...
llvm-svn: 129395
2011-04-12 21:47:05 +00:00
Ted Kremenek
8a4c760c20
ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset.
...
llvm-svn: 129366
2011-04-12 17:21:33 +00:00
Lenny Maiorani
f3539ad5c7
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
...
llvm-svn: 129364
2011-04-12 17:08:43 +00:00
Ted Kremenek
f52718899f
static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression.
...
llvm-svn: 129349
2011-04-12 05:12:39 +00:00
Ted Kremenek
57a4a152b2
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic.
...
llvm-svn: 129348
2011-04-12 03:49:37 +00:00
Ted Kremenek
4f939da02d
RegionStoreManager::invalidateRegions: treat classes the same as structs.
...
llvm-svn: 129333
2011-04-12 00:44:31 +00:00
Ted Kremenek
e0d2b8c58c
Teach GRState::getSValAsScalarOrLoc() about C++ references.
...
llvm-svn: 129329
2011-04-12 00:28:12 +00:00
Ted Kremenek
8ef59e5c03
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls.
...
llvm-svn: 129308
2011-04-11 22:22:05 +00:00
Lenny Maiorani
467dbd5f13
strcat() and strncat() model additions to CStringChecker.
...
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
llvm-svn: 129215
2011-04-09 15:12:58 +00:00
Ted Kremenek
f603f3afbd
Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs
...
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
llvm-svn: 129166
2011-04-08 22:42:35 +00:00
John McCall
3337ca5f95
When updating the retain summary based on {cf,ns}_consumed attributes,
...
be sure to consume the argument index that actually had the attribute
rather than always the first. rdar://problem/9234108
llvm-svn: 128998
2011-04-06 09:02:12 +00:00
Lenny Maiorani
de909e4946
Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
...
Also, brings the security syntax checker more inline with coding standards.
llvm-svn: 128916
2011-04-05 20:18:46 +00:00
Ted Kremenek
378819342e
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
...
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
llvm-svn: 128858
2011-04-04 23:29:12 +00:00
Argyrios Kyrtzidis
3657c006cc
Change test/Analysis/idempotent-operations.c to output the .plist file in the test output directory.
...
llvm-svn: 128849
2011-04-04 22:30:01 +00:00
Ted Kremenek
850d35be16
Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.
...
llvm-svn: 128783
2011-04-03 04:09:15 +00:00
Ted Kremenek
8f89f7c893
Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.
...
llvm-svn: 128761
2011-04-02 02:56:23 +00:00
Lenny Maiorani
6ffe738f24
Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
...
llvm-svn: 128679
2011-03-31 22:09:14 +00:00
Lenny Maiorani
79d74141b1
Adding Static Analyzer checker for mempcpy().
...
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
llvm-svn: 128677
2011-03-31 21:36:53 +00:00
Ted Kremenek
40d16c0e75
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
...
recover some path-sensitivity by conjuring a symbol.
llvm-svn: 128612
2011-03-31 04:46:53 +00:00
Ted Kremenek
61a4f6682a
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
...
llvm-svn: 128611
2011-03-31 04:04:48 +00:00
Ted Kremenek
98a24e37c5
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
...
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
llvm-svn: 128557
2011-03-30 17:41:19 +00:00
Anders Carlsson
642b03413f
Don't add a symbolic region for 'this' if the member function is static.
...
llvm-svn: 128340
2011-03-26 14:30:44 +00:00
Ted Kremenek
49c79790de
Rework checker "packages" and groups to be more hierarchical.
...
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
Ted Kremenek
70727343cf
Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.
...
llvm-svn: 127798
2011-03-17 04:10:25 +00:00
Ted Kremenek
6fa1daede5
Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.
...
llvm-svn: 127797
2011-03-17 04:01:35 +00:00
Ted Kremenek
3e5ad5932e
Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without
...
invalidating the entire binding. Fixes PR 9455.
llvm-svn: 127796
2011-03-17 03:51:51 +00:00
Ted Kremenek
4ceebbf54d
VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.
...
llvm-svn: 127719
2011-03-16 00:22:51 +00:00
Ted Kremenek
cdb2ae587a
Remove bogus assertion in IdempotentOperationsChecker.
...
llvm-svn: 127687
2011-03-15 19:27:57 +00:00
Ted Kremenek
792798549f
Remove old UninitializedValues analysis.
...
llvm-svn: 127656
2011-03-15 03:17:01 +00:00
Ted Kremenek
066b226daa
Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.
...
Also add a test case showing that we correctly report multiple warnings for the same message expression.
llvm-svn: 127605
2011-03-14 19:50:37 +00:00
Anders Carlsson
d91d5f162f
Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.
...
Ted or Argiris, I'd appreciate a review!
llvm-svn: 127572
2011-03-13 20:35:21 +00:00
Ted Kremenek
53e6538fa8
Fix CFG assertion failure reported in PR 9467. This was due to recent changes in optimizing CFGs for switch statements.
...
llvm-svn: 127563
2011-03-13 03:48:04 +00:00
Jakob Stoklund Olesen
609e814a4a
XFAIL this on windows where <vector> contains surprises.
...
llvm-svn: 127559
2011-03-13 00:55:43 +00:00
Ted Kremenek
cd628393bb
Tweak test to hopefully appease FreeBSD buildbot.
...
llvm-svn: 127533
2011-03-12 08:19:43 +00:00
Ted Kremenek
9997656600
Remove stray output file.
...
llvm-svn: 127532
2011-03-12 06:15:01 +00:00
Ted Kremenek
a4a57c10da
Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.
...
llvm-svn: 127531
2011-03-12 06:14:28 +00:00
Ted Kremenek
f89710b936
Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators.
...
This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).
llvm-svn: 127525
2011-03-12 02:49:15 +00:00