Anna Zaks
d56c8794d3
[analyzer] Malloc checker: rework realloc handling:
...
1) Support the case when realloc fails to reduce False Positives. (We
essentially need to restore the state of the pointer being reallocated.)
2) Realloc behaves differently under special conditions (from pointer is
null, size is 0). When detecting these cases, we should consider
under-constrained states (size might or might not be 0). The
old version handled this in a very hacky way. The code did not
differentiate between definite and possible (no consideration for
under-constrained states). Further, after processing each special case,
the realloc processing function did not return but chained to the next
special case processing. So you could end up in an execution in which
you first see the states in which size is 0 and realloc ~ free(),
followed by the states corresponding to size is not 0 followed by the
evaluation of the regular realloc behavior.
llvm-svn: 150402
2012-02-13 18:05:39 +00:00
Anna Zaks
41b84847bf
[analyzer] Malloc Checker: reduce false negatives rate by assuming that
...
a pointer cannot escape through calls to system functions. Also, stop
after reporting the first use-after-free.
llvm-svn: 150315
2012-02-11 23:46:36 +00:00
Anna Zaks
3aa5225d5e
[analyzer] Malloc Checker: Report a leak when we are returning freed
...
memory.
(As per one test case, the existing checker thought that this could
cause a lot of false positives - not sure if that's valid, to be
verified.)
llvm-svn: 150313
2012-02-11 21:44:39 +00:00
Anna Zaks
d3571e5ad3
[analyzer] Malloc checker: Leak bugs should be suppressed by sinks.
...
Resolves a common false positive, where we were reporting a leak inside
asserts
llvm-svn: 150312
2012-02-11 21:02:40 +00:00
Anna Zaks
bb1ef9011d
[analyzer] MallocChecker: refactor/improve the symbol escape logic.
...
We use the same logic here as the RetainRelease checker.
llvm-svn: 150311
2012-02-11 21:02:35 +00:00
Anna Zaks
e963fd51a8
[analyzer] MallocChecker: add a list of false positives based on running
...
the checker over postgres and sqlite.
llvm-svn: 150216
2012-02-10 01:11:03 +00:00
Anna Zaks
3188686c55
[analyzer] MallocChecker Cleanup - harden against crashes, fix an error
...
(use of return instead of continue), wording.
llvm-svn: 150215
2012-02-10 01:11:00 +00:00
Anna Zaks
2b5bb97986
[analyzer] Add custom path diagnostic to the Malloc Checker.
...
Very simple so far - we just highlight every allocation and release
site.
llvm-svn: 150156
2012-02-09 06:25:51 +00:00
Anna Zaks
12259b443d
[analyzer] MallocChecker cleanup, more tests.
...
llvm-svn: 150155
2012-02-09 06:25:47 +00:00
Anna Zaks
a1b227b6a7
[analyzer] MallocChecker: implement pessimistic version of the checker,
...
which allows values to escape through unknown calls.
Assumes all calls but the malloc family are unknown.
Also, catch a use-after-free when a pointer is passed to a
function after a call to free (previously, you had to explicitly
dereference the pointer value).
llvm-svn: 150112
2012-02-08 23:16:56 +00:00
Zhongxing Xu
bfb8e2fe6e
If size was equal to 0, either NULL or a pointer suitable to be passed to
...
free() is returned by realloc(). Most code expect NULL.
And we only need to transfer one final ProgramState.
llvm-svn: 138937
2011-09-01 04:53:59 +00:00
Ted Kremenek
3f955e6d89
[analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
...
llvm-svn: 136835
2011-08-03 23:14:55 +00:00
Lenny Maiorani
005b5c1aee
More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.
...
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!
llvm-svn: 130303
2011-04-27 14:49:29 +00:00
Ted Kremenek
49c79790de
Rework checker "packages" and groups to be more hierarchical.
...
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
Argyrios Kyrtzidis
9eb02dfa89
[analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
...
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
Argyrios Kyrtzidis
098874a2f8
[analyzer] Migrate UndefinedAssignmentChecker to CheckerV2.
...
llvm-svn: 126617
2011-02-28 01:27:37 +00:00
Argyrios Kyrtzidis
21c9423ef4
[analyzer] Remove '-analyzer-experimental-checks' flag.
...
llvm-svn: 126607
2011-02-28 01:26:43 +00:00
Argyrios Kyrtzidis
183f0fb4cf
[analyzer] Migrate MallocChecker to CheckerV2.
...
llvm-svn: 126606
2011-02-28 01:26:35 +00:00
Argyrios Kyrtzidis
b388f77ad9
[analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't have any checkers associated with it anymore.
...
llvm-svn: 126440
2011-02-24 21:43:08 +00:00
Argyrios Kyrtzidis
8b08906411
[analyzer] Migrate CastSizeChecker to CheckerV2.
...
llvm-svn: 126438
2011-02-24 21:42:49 +00:00
Argyrios Kyrtzidis
2d3905ffac
[analyzer] Use the new registration mechanism on some of the experimental checks. These are:
...
CStringChecker
ChrootChecker
MallocChecker
PthreadLockChecker
StreamChecker
UnreachableCodeChecker
MallocChecker creates implicit dependencies between checkers and needs to be handled differently.
llvm-svn: 125598
2011-02-15 21:25:03 +00:00
Ted Kremenek
d21139a34f
After a lengthy design discussion, add support for "ownership attributes" for malloc/free checking. Patch by Andrew McGregor!
...
llvm-svn: 109939
2010-07-31 01:52:11 +00:00
Tom Care
cba9f517ac
Added an path-sensitive unreachable code checker to the experimental analyzer checks.
...
- Created a new class to do post-analysis
- Updated several test cases with unreachable code to expect a warning
- Added some general tests
llvm-svn: 109286
2010-07-23 23:04:53 +00:00
Jordy Rose
2dd9b02cc8
Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.
...
llvm-svn: 106401
2010-06-20 04:30:57 +00:00
Zhongxing Xu
527ff6d1dc
Add support for calloc() in MallocChecker. Patch by Jordy Rose, with my
...
modification.
llvm-svn: 105264
2010-06-01 03:01:33 +00:00
Zhongxing Xu
658dd8b176
CastSizeChecker checks when casting a malloc'ed symbolic region to type T,
...
whether the size of the symbolic region is a multiple of the size of T.
Fixes PR6123 and PR7217.
llvm-svn: 104584
2010-05-25 04:59:19 +00:00
Zhongxing Xu
1bb6a1a593
Add use-after-free check to MallocChecker.
...
llvm-svn: 98136
2010-03-10 04:58:55 +00:00
Zhongxing Xu
be36ecbb60
Fix pr6293. If ptr is NULL, no operation is preformed.
...
llvm-svn: 96154
2010-02-14 06:49:48 +00:00
Ted Kremenek
2f2692f8ca
Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.
...
llvm-svn: 95348
2010-02-05 02:06:54 +00:00
Zhongxing Xu
5fcd99b10f
Add test case for pr6069.
...
llvm-svn: 93708
2010-01-18 04:01:40 +00:00
Zhongxing Xu
b0e15df36b
Let constraint manager inform checkers that some assumption logic has happend.
...
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
llvm-svn: 92342
2009-12-31 06:13:07 +00:00
Daniel Dunbar
8fbe78f6fc
Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'.
...
- This is designed to make it obvious that %clang_cc1 is a "test variable"
which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
can be useful to redefine what gets run as 'clang -cc1' (for example, to set
a default target).
llvm-svn: 91446
2009-12-15 20:14:24 +00:00
Zhongxing Xu
27f686f8ec
Replace clang-cc with clang -cc1.
...
llvm-svn: 91272
2009-12-14 06:34:20 +00:00
Zhongxing Xu
c0484fa611
Add initial support for realloc() in MallocChecker.
...
llvm-svn: 91216
2009-12-12 12:29:38 +00:00
Zhongxing Xu
23baa01af4
Add PreVisitReturn to Malloc checker. Now we can recognize returned memory
...
block.
llvm-svn: 89071
2009-11-17 08:58:18 +00:00
Zhongxing Xu
4668c7ed1c
Add EvalEndPath interface to Checker. Now we can check memory leaked at the
...
end of the path. Need to unify interfaces.
llvm-svn: 89063
2009-11-17 07:54:15 +00:00
Eli Friedman
b774685c08
Fix a couple of tests.
...
llvm-svn: 88756
2009-11-14 04:23:25 +00:00
Ted Kremenek
9430bf20ff
Remove test case's dependency on header file.
...
llvm-svn: 88685
2009-11-13 20:03:22 +00:00
Ted Kremenek
e5e977013c
Add two new test cases for the Malloc/Free checker. Both have to do with
...
storing malloc'ed memory to global storage.
llvm-svn: 88684
2009-11-13 20:00:28 +00:00
Ted Kremenek
c2675568a1
Add test case that shows a leak we don't catch.
...
llvm-svn: 88683
2009-11-13 19:53:32 +00:00
Ted Kremenek
4ef13f8ac9
Add clang-cc option "--analyzer-experimental-internal-checks". This
...
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
llvm-svn: 88671
2009-11-13 18:46:29 +00:00
Zhongxing Xu
c7460964ac
Malloc checker basically works now.
...
llvm-svn: 87094
2009-11-13 07:48:11 +00:00